last executing test programs: 19.682097815s ago: executing program 2 (id=365): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x38}}, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x3, 0xcc80) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x8008551d, &(0x7f0000000080)={0x8d11, 0x1e, [{0x9}, {0x8}, {0x4}, {0xa}, {0x6}, {0x6, 0x1}, {0xe}, {0x1, 0x1}, {0xf}, {0xf, 0x1}, {0xf}, {0x9}, {0x5}, {0xd}, {0x8}, {0x9, 0x1}, {0x9}, {0x4}, {0x1}, {0x9, 0x1}, {0xf}, {0xf, 0x1}, {0xb, 0x1}, {0x1}, {0xd}, {0xd, 0x1}, {}, {0x4, 0x1}, {0xb}, {0x8, 0x1}]}) 16.904797844s ago: executing program 0 (id=376): r0 = socket(0x15, 0x5, 0xffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYRES8], 0x48}}, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x12}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x6d}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @meta={{0x9}, @void}}]}], {0x14, 0x10}}, 0xa8}}, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) close(r3) getsockopt(r0, 0x200000000114, 0x2711, 0x0, 0x0) 6.023306027s ago: executing program 4 (id=413): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cgroup.max.depth\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r1, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xf0, 0x30}, 0xc) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000bc0)="6e6babea2e48c0fc91006be4e9b6aa5b734be3617a6fe59f3a0d627c73d1fb925cffe741976ee0a809b28a7e452096707a999d9c578d4b1e29d57f2a09c87edd58bf2713462f4bdecb99a59c56ccd76bf50c3c6a3e60ad442d52b7c8152f3279f73f02ff0a828a42ff377d33da2303377faac3af4352700a9556ba94a46bd041c3bb77213cea1055450fb1c90b8cdca729e78f777bc8fdbbdc12f3bb029d9b4f4db5ad9ac3c62c3784c0858ac7b71086379a85f6181aaf02ae30465fffc58901e87d929b994c9449db7e3513cb9372f5579387d984cd933dea38565548678f6c16240b23858f20a3e48b0d7a0b6f1627344ec3333a0000809035115ceae8ba44c2f4f804f749812432c550579316c7d90927cb2c89afc84e481f41e93dc02683d465d7863e573d9fdca24de185e2e42a6c1b57d356994be06c638e6cfd5485f575e78d582813d96a1b703992ebe62c71ac9bddbe74a25911c7938dcb6145a641737763cd4c1b9a0a599a27d6c841b5b146711efcb1a77383f69398dc39c744ddeedcda476c55b29fd4bf6d6fee10402cd8d1db249c32d391479d46df633cecf02f2c74775d82dd66b8e0d8c5a1d1404ed265c7ece8ea4910337c78e33b13bdaff6f9caa6f5c760", 0x1c7, 0x8051, 0x0, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000340)='\t', 0x1}], 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500fe0800570080"], 0x2c}}, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f0000000940)="17000000020001000003be8c5ee1568812003c000203000a0292000098fc5ad90a00bb6a880000d6c8db0000dba67e06020000e28900000200df018002000000fc0607bdff59100ac45761547a681f009cee4a5a2d8f89814bc6c252674f00c88ebb01005033bf79ac2dfc060115003901000000000000ea0000000000000800b59bd2b8e50ce5af649a702202ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5a1b47b68055d8799b", 0xb8) sendto$inet6(r3, &(0x7f0000000040)="93", 0x34000, 0x0, 0x0, 0x44) setsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000002140)=0x7ff, 0x4) 5.631458842s ago: executing program 4 (id=415): r0 = socket$inet_sctp(0x2, 0x1, 0x84) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x338, 0xffffffff, 0xdc, 0x1c8, 0x1c8, 0xffffffff, 0xffffffff, 0x2a4, 0x2a4, 0x2a4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@ttl={{0x24}, {0x3, 0x5}}, @common=@icmp={{0x24}, {0xd, "043e"}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}, {{@ip={@broadcast, @private=0xa010102, 0x0, 0xff000000, 'syzkaller1\x00', 'batadv0\x00', {0xff}, {}, 0x6c, 0x3, 0x4}, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@ah={{0x2c}, {[0x0, 0x8], 0x1}}, @common=@addrtype={{0x2c}, {0x1, 0x12, 0x0, 0x1}}]}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@unspec=@ipvs={{0x48}, {@ipv6=@mcast2, [0xffffffff, 0xffffffff, 0xffffffff], 0x4e22, 0x88, 0x3, 0x4e23, 0x8, 0x4}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x394) mknod(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000500)={"9f1ebe1fd61c70d701fa97b3f9ccd8a20ae2812dec6c55279cf5ac9b48753534b0eae9119543a19da15f7e7f61d6573e48fd36b87b8e663173bf62bee9e8cb277e1f4ae0f76eb5c5a8a28cc56c1b485bb98ec7b152b4c02fa55d2289258842d265c4f85c6332a2ec56746214f90b8316f928e4086df04a33591bcb2570c754309e43e51a24459e508d4f99e4b374d7ce2cb85dcfb747cf0d2abb7fe39e380b8e5f22ae0422fb4733c0f01c5bbdc882d70e2122d4a9a87b68a112651af397c7575764be162a4540d3dae680b7a65d7c26b420560a19ab7d9426d70bdeefc88af77d7c39947f264b1201c706abe3460655d7f3188696866366f6b84421775a226ec4e54b01b31df9ab3d7fc8a796f8e6fef5d7295ace0b51b706159c13e3e7a31ae6071f26aeeab8b21fc7f73d84bc356c7c6b5bfaaed4163d1219723964acc97608b6e01582e6447ea2a09bbb82b182f10ee9fdede7da857b04758b1363cbfa5b316797cfa2783f10f8bc009f97c35f0eb5fc0342d18f9fd689d88e7de5935a806807a2f10920894cb5e1d6842571f4874a6c134ecf2e887c0ab67dad93206ed2f29620fec980ebd7a7b10693cbb34d22db7bf95b086fabb7583273c1730287d62da7df531354db7c11e21968ba0ebce5f155c3a746928fc0c23647afae37e5d80b1bd1272ed90c16617669200c253671e64c1140fe5f4564760ee3e262bc7102f4f7dd0db51b7fd661fa2255ca4948bc36f4af650d173ae9c4290853edd41e06c9cf3b2dadf8ddca2c48f80a3ba17de1ecc9464f9a665eb4e11697093b24d455b4ef8eb49795cf3e890cdbfa15be9530202fc9aa8861d7bd6011d926c8774f220fcd08d40a57b287759b2884e03c6e043eb395843cf7a0db05a4584915cdf710f89f0d9885732d40350757ef543dd1a37e9fbf1e807051fd0c17a0bf6cf19873a6944d0abd84f4301e967be9c9dc7b2860ba4772b28aaf9035ca3a2c1b0e86b3e6d3d75c8daa5c022bba476ccdf61880ff12af4c435e873497dd078a2f0e3e5a28d770e8ede5e21d105b1bfb238505129069ea896efee636d1e059075917b395949450343b459205549369a1abe593802316cc86b6308420e9c71515ec92a0a021f50bdaab4eeb14d045e1afb06afbd22720d954d82b8c03a23727e8d3c698fb5d265dc576e6785f7be8c27a4f417aac48cd76253bfafcc6f6ce2e5354382d5a156c317dc7820d143d28b96f1faf7644f93927d7df5b0eb89c11af0b6c8456540c5eda446ef4aabfa3fce2dc054a3a747c549abc6d9cb03f59a841bb9b1db3da595eb44204c5eef39da7d22271efe3a75da48234e542fff8a6a9aadeb5c338ad90f789e9ebf29aa84d366ad2ef7a1c3bafe916a8ec2c80e5daba382cff27778188a103b96ccdaa3c166e612dfb239588c73c263f167561ecd38d09af1b9258f8"}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe42863480747c0a7ddb9361bbb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd25479024a676b21b3adc5e463c9effbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953584db11b05000000000000008cebd6882a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56f335e2373b2cde5692db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf41d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8b03fe4798e5750d4dbbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a69151fccaefc6e9b770c9ac124da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_ttl={{0x18, 0x0, 0x2, 0x7}}], 0x18}, 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)=@known='security.apparmor\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)='m ', 0x2}], 0x1}, 0x4000005) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$sndseq(r8, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result={0x1}}], 0x1c) recvmsg$unix(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) 5.247372502s ago: executing program 1 (id=416): io_setup(0xfb, &(0x7f0000000140)=0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x100, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000600)="137edb5b7d8a1bf7592dd0e953ba01000100867d7d17a54284edab17c5d6a9da0ce0e65486c39583eab4cb42b5bd64d75b7651a9243c874f46023d2fa46a77709da86e693b625c4c9ef37ce0d0b73fc28ecdd567a7e7b96ce122274042e77066cd7169645ed74a65d6ae8cbcf81402a98951b3e2a9f101ef93192cc2ec34f0d3a35cd5dd960b6cc46cd59ad46b52d1c6be76d56176bfcff749993d017d182e6fd2394490666c91f8f07697f10a16938c4fc4b6163074c832ec98994cb3f6ad38ea4fc638c12ae259", 0xc8}]) 4.240201786s ago: executing program 2 (id=366): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r2, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) shutdown(r0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x6}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc8}, 0x1, 0x0, 0x0, 0x5090}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000140)) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0684113, &(0x7f0000000380)={0x1, 0xa, 0x0, 0x1001, 0x8000, 0x0, 0xffffffed, 0xb, 0x0, 0x0, 0xfffffff9, 0x1}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r6, 0x400c4150, &(0x7f0000000000)={0x0, &(0x7f0000000240)="85", 0x1}) 4.166295303s ago: executing program 0 (id=377): r0 = socket$l2tp(0x2, 0x2, 0x73) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050033000100000008000300", @ANYRES32=r3], 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x56, 0xffffffd5}}, &(0x7f0000000000)='GPL\x00', 0x5, 0x13, &(0x7f0000000200)=""/208, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MAC_ACL(r7, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x88, r8, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAC_ADDRS={0x64, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}, {0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x84}, 0x4044000) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 4.165712754s ago: executing program 1 (id=418): socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x543, 0xe621, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) io_setup(0x81, &(0x7f0000001440)) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) read(r0, &(0x7f0000000040)=""/148, 0xffffff96) r1 = syz_io_uring_setup(0x543c, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x3, 0x10a5, 0x3, 0x0, 0x0) io_uring_enter(r1, 0x81e, 0xfffffff9, 0x1, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x9801) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r3, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "df1d00", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x13, 0xa}]}}}}}}}}, 0x0) 3.939949738s ago: executing program 2 (id=420): socket$inet6(0xa, 0x3, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000001200)={0x1d, r1, 0x0, {0x2, 0x0, 0x1}, 0x2}, 0x18) connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x2}}, 0x18) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) readv(r2, &(0x7f0000000240)=[{&(0x7f0000000180)=""/172, 0xac}], 0x1) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000140)=[{&(0x7f000001a880)=""/102384, 0x18ff0}], 0x1, 0x0, 0x0) r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000080)=0x100) ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0) write$binfmt_elf32(r5, &(0x7f0000000040)=ANY=[], 0x69) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)='./file1\x00') execve(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000000)={0x2, 0x0, 0x81, 0x10001, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2b}, @remote}, 0x10) setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, 0x0, 0x0) setsockopt$MRT_ADD_MFC(r7, 0x0, 0xcc, 0x0, 0x0) ioctl$TIOCSPGRP(r5, 0x5410, 0x0) execve(&(0x7f00000002c0)='./file1\x00', 0x0, 0x0) 3.690473234s ago: executing program 4 (id=421): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0xfffffffd}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x100042}, 0x10) close(r0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9f4d}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) io_uring_enter(r2, 0x47f6, 0xb643, 0x0, 0x0, 0x0) 3.487290216s ago: executing program 0 (id=423): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, ')'}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="fa6eb500e38b14497c64b3ac5ebc41e13ac53ce10d62297fa1835ce2be6c12a862e65d3b31ecd2297262d18926a982d7c88976268ba2bb633763486ef3fdc7166ba4083b1e93dfe6d195f7854eebb1495d8d820ca5f7f6f25af8e35c4126a5050d34f2215946367b67497aff769b9e16336f73f5f33c8ec50b29d0961e21c667f6a0c1fcb40735c4214401f450732a43e5f38ede62af433aa800953fce445ba46fdf72c41fd158a6d1b5cfef1af3a7e573d67403bb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000140)={0x0, 0x7fffffff, 0x4, 0x80000, 0xffffffffffffffff}) fchmod(r1, 0x1) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x18, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x19, "1c2eeda9d3e1a08f4081e3aebd6da5bb2297aea9bdd4d5affb"}, 0x0}) 3.449992567s ago: executing program 2 (id=425): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0x2) userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$kcm(0x10, 0x400000002, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[], 0x0) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES32=0x0, @ANYBLOB="e4"], 0x20) 3.326353089s ago: executing program 4 (id=426): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x300) (fail_nth: 3) 2.946417557s ago: executing program 3 (id=427): r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='gid_map\x00') pwritev2(r1, 0x0, 0x0, 0x1, 0xc58, 0x4) sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_spirange={0x2, 0x10, 0x0, 0xffffffff}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 2.759491449s ago: executing program 3 (id=428): io_setup(0xfb, &(0x7f0000000140)=0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x100, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000600)="137edb5b7d8a1bf7592dd0e953ba01000100867d7d17a54284edab17c5d6a9da0ce0e65486c39583eab4cb42b5bd64d75b7651a9243c874f46023d2fa46a77709da86e693b625c4c9ef37ce0d0b73fc28ecdd567a7e7b96ce122274042e77066cd7169645ed74a65d6ae8cbcf81402a98951b3e2a9f101ef93192cc2ec34f0d3a35cd5dd960b6cc46cd59ad46b52d1c6be76d56176bfcff749993d017d182e6fd2394490666c91f8f07697f10a16938c4fc4b6163074c832ec98994cb3f6ad38ea4fc638c12ae259", 0xc8}]) 2.759204812s ago: executing program 4 (id=429): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002222000000962313060100033b228bea47e7e043042a9000b3"], 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0xee01}, {}, {}, 0x0, 0x10000}, {{@in6=@mcast1, 0x0, 0x6c}}}, 0xe4) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x34}, 0x1, 0x0, 0x0, 0xa9f4cdab949eefee}, 0x4000000) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0x4000, 0x1000, &(0x7f0000090000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) r9 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_SEND_PRIO(r9, 0x6b, 0x3, 0x0, &(0x7f00000000c0)) sendto$inet6(r8, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r8, &(0x7f0000000080)='D', 0x1, 0x8000, 0x0, 0x0) splice(r8, 0x0, r7, 0x0, 0x406f413, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f0000000040)={0x1}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r10 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000080)=0xb0000) 2.601848483s ago: executing program 3 (id=430): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r2, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) shutdown(r0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x6}) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000140)) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0684113, &(0x7f0000000380)={0x1, 0xa, 0x0, 0x1001, 0x8000, 0x0, 0xffffffed, 0xb, 0x0, 0x0, 0xfffffff9, 0x1}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r6, 0x400c4150, &(0x7f0000000000)={0x0, &(0x7f0000000240)="85", 0x1}) 1.94817763s ago: executing program 3 (id=431): r0 = socket$inet_sctp(0x2, 0x1, 0x84) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x338, 0xffffffff, 0xdc, 0x1c8, 0x1c8, 0xffffffff, 0xffffffff, 0x2a4, 0x2a4, 0x2a4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@ttl={{0x24}, {0x3, 0x5}}, @common=@icmp={{0x24}, {0xd, "043e"}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}, {{@ip={@broadcast, @private=0xa010102, 0x0, 0xff000000, 'syzkaller1\x00', 'batadv0\x00', {0xff}, {}, 0x6c, 0x3, 0x4}, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@ah={{0x2c}, {[0x0, 0x8], 0x1}}, @common=@addrtype={{0x2c}, {0x1, 0x12, 0x0, 0x1}}]}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@unspec=@ipvs={{0x48}, {@ipv6=@mcast2, [0xffffffff, 0xffffffff, 0xffffffff], 0x4e22, 0x88, 0x3, 0x4e23, 0x8, 0x4}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x394) mknod(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000500)={"9f1ebe1fd61c70d701fa97b3f9ccd8a20ae2812dec6c55279cf5ac9b48753534b0eae9119543a19da15f7e7f61d6573e48fd36b87b8e663173bf62bee9e8cb277e1f4ae0f76eb5c5a8a28cc56c1b485bb98ec7b152b4c02fa55d2289258842d265c4f85c6332a2ec56746214f90b8316f928e4086df04a33591bcb2570c754309e43e51a24459e508d4f99e4b374d7ce2cb85dcfb747cf0d2abb7fe39e380b8e5f22ae0422fb4733c0f01c5bbdc882d70e2122d4a9a87b68a112651af397c7575764be162a4540d3dae680b7a65d7c26b420560a19ab7d9426d70bdeefc88af77d7c39947f264b1201c706abe3460655d7f3188696866366f6b84421775a226ec4e54b01b31df9ab3d7fc8a796f8e6fef5d7295ace0b51b706159c13e3e7a31ae6071f26aeeab8b21fc7f73d84bc356c7c6b5bfaaed4163d1219723964acc97608b6e01582e6447ea2a09bbb82b182f10ee9fdede7da857b04758b1363cbfa5b316797cfa2783f10f8bc009f97c35f0eb5fc0342d18f9fd689d88e7de5935a806807a2f10920894cb5e1d6842571f4874a6c134ecf2e887c0ab67dad93206ed2f29620fec980ebd7a7b10693cbb34d22db7bf95b086fabb7583273c1730287d62da7df531354db7c11e21968ba0ebce5f155c3a746928fc0c23647afae37e5d80b1bd1272ed90c16617669200c253671e64c1140fe5f4564760ee3e262bc7102f4f7dd0db51b7fd661fa2255ca4948bc36f4af650d173ae9c4290853edd41e06c9cf3b2dadf8ddca2c48f80a3ba17de1ecc9464f9a665eb4e11697093b24d455b4ef8eb49795cf3e890cdbfa15be9530202fc9aa8861d7bd6011d926c8774f220fcd08d40a57b287759b2884e03c6e043eb395843cf7a0db05a4584915cdf710f89f0d9885732d40350757ef543dd1a37e9fbf1e807051fd0c17a0bf6cf19873a6944d0abd84f4301e967be9c9dc7b2860ba4772b28aaf9035ca3a2c1b0e86b3e6d3d75c8daa5c022bba476ccdf61880ff12af4c435e873497dd078a2f0e3e5a28d770e8ede5e21d105b1bfb238505129069ea896efee636d1e059075917b395949450343b459205549369a1abe593802316cc86b6308420e9c71515ec92a0a021f50bdaab4eeb14d045e1afb06afbd22720d954d82b8c03a23727e8d3c698fb5d265dc576e6785f7be8c27a4f417aac48cd76253bfafcc6f6ce2e5354382d5a156c317dc7820d143d28b96f1faf7644f93927d7df5b0eb89c11af0b6c8456540c5eda446ef4aabfa3fce2dc054a3a747c549abc6d9cb03f59a841bb9b1db3da595eb44204c5eef39da7d22271efe3a75da48234e542fff8a6a9aadeb5c338ad90f789e9ebf29aa84d366ad2ef7a1c3bafe916a8ec2c80e5daba382cff27778188a103b96ccdaa3c166e612dfb239588c73c263f167561ecd38d09af1b9258f8"}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe42863480747c0a7ddb9361bbb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd25479024a676b21b3adc5e463c9effbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953584db11b05000000000000008cebd6882a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56f335e2373b2cde5692db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf41d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8b03fe4798e5750d4dbbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a69151fccaefc6e9b770c9ac124da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_ttl={{0x18, 0x0, 0x2, 0x7}}], 0x18}, 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)=@known='security.apparmor\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)='m ', 0x2}], 0x1}, 0x4000005) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$sndseq(r8, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result={0x1}}], 0x1c) recvmsg$unix(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) 1.727190255s ago: executing program 1 (id=432): r0 = socket$nl_rdma(0x10, 0x3, 0x14) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000040)=0x4, 0x4) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000240), 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000004000000080009000800000200000000851e63e16adcde85f501582d8e80993fccf58b336592a0a41c9603f1a44c24e313b283a8d139286a0fcd7dc46fd28179c6be7bdb415ed9079e555eaa9b45e3b839f7f8624b9bae4ef9310c74c25c31a2bb9b04e8f04c86321f97a5dbbf076a033c3c282a8cd391fa387a9f4b3a489090d1e81280041b87", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xa}}]}, 0x40}}, 0x0) timer_create(0x7, &(0x7f0000000840)={0x0, 0x2, 0x1}, &(0x7f0000000880)=0x0) timer_gettime(r6, &(0x7f00000008c0)) openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) timer_gettime(r6, &(0x7f00000000c0)) quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000801, 0xee00, 0x0) io_setup(0x1, &(0x7f00000005c0)=0x0) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_OFF(r9, 0x7006) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r12, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x1a8000, 0xa, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, 0x7f}, {0x0, 0x10000, 0x1, 0x9, 0x0, 0xfd}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x9, 0x2, 0x3}, {0x0, 0xeeee8000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4}, {}, {}, 0x5df8ffdb, 0x0, 0x0, 0x140030, 0x80000a, 0x8000, 0x3000, [0x800000000, 0x0, 0x1a7ff4f4]}) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x8140aecc, &(0x7f0000000140)) io_submit(r8, 0x1, &(0x7f0000001a40)=[&(0x7f00000017c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) msgget$private(0x0, 0x2) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r13, 0x0) 1.151425335s ago: executing program 1 (id=433): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)={0x20, 0x15, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) r1 = openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x200, 0x0) fchdir(r1) 919.228829ms ago: executing program 3 (id=434): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000140)={0x20000000, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_spirange={0x2, 0x10, 0x0, 0xffffffff}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 830.178635ms ago: executing program 3 (id=435): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x105, 0x100006, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8010, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) gettid() timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) read$FUSE(r3, &(0x7f00000002c0)={0x2020}, 0x2020) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r5}, 0x18) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r6, 0x26, &(0x7f0000000000)) fcntl$lock(r6, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x4004}) fcntl$lock(r6, 0x24, &(0x7f00000002c0)={0x2, 0x0, 0xffffffff}) connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r5}, 0x18) getpeername$l2tp6(0xffffffffffffffff, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x9a03, 0x0, 0x90, [0x20001100, 0x20001130], 0x10d, 0x0, &(0x7f0000001100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, {}, {}]}, 0xe0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002f0c81087f180002ad6b0102030109022400010000000009040000023c7f98000905030200000000000905ba"], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000200)}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) 775.375981ms ago: executing program 1 (id=436): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioprio_get$pid(0x2, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000d7beff673e199912516ff4a10facf77ce92c44b00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = dup3(r2, r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x8, 0x2, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x8}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xc}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r4}, {}, {0x16, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x10}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="05"], 0x9) getresuid(&(0x7f0000000080), &(0x7f0000000100)=0x0, &(0x7f0000000180)) setuid(r5) sendto$inet6(r1, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000400)={0x0, 0x5, 0x1, "c5"}, 0x9) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000340)={{0xfffe, 0x4, 0x7, 0xffef}, 'syz0\x00', 0x1a}) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x3) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r6, 0x5501) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r7 = accept4(r0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'dvmrp0\x00'}) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 601.088904ms ago: executing program 1 (id=437): r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x16a042, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_io_uring_setup(0xd2, &(0x7f00000003c0), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {0x0, @remote}, 0x9, {0x2, 0x200, @dev={0xac, 0x14, 0x14, 0x12}}, 'team0\x00'}) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x655e, 0x4) r2 = dup2(r1, r1) setsockopt$inet6_int(r2, 0x29, 0x4a, &(0x7f0000000580)=0x7ff, 0x4) write$tun(r2, &(0x7f0000000040)=ANY=[], 0x46) recvmmsg(r2, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x41, &(0x7f0000000100)=r5, 0x8) setsockopt$sock_attach_bpf(r4, 0x1, 0x25, &(0x7f0000000100)=r3, 0x4) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="8c759903e22c8854b52c3323befb2a1986dd1d86e6ca7613a29e64221f3174952f514f547dbd6338e7df504d891462aeac41ec8b08667740a580f247d2ed8636de020d2b8aee3bfd1af8c4224b9180b1f5eb5c895949fa9c1ddf3321b1eec90cec9ecb349a1cef8c3203f2f760e52f70625e70e009ee8abacbba9cb8704b290038e14eb82bb2fe1dc4985668b633536c1ea5ef807a30a86b3f40cc7c2870eac1f385bd464e2f20b333735f9e162e667b7b9f97a1f57a41b4c81897c8579c5b0733ca29d5e35d499baffb23c30f0b0ac549e3fadc139027", 0xd7}], 0x1, 0x0, 0x0, 0xfe) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000140)={&(0x7f0000000580)=[0x200, 0xfffffff8, 0x40, 0x2, 0x0, 0x10001, 0x1, 0x9, 0x2, 0x5, 0x6, 0x9, 0x1, 0x9, 0x0, 0x4, 0x962c, 0x7, 0xe, 0x1, 0x3, 0x1, 0x101, 0x4, 0x1, 0xf, 0x7, 0x6, 0x3, 0x629, 0xd01, 0x5, 0x80000001, 0xfff, 0x10, 0x3, 0x9, 0x5, 0xa, 0x3, 0x7f, 0x40, 0x6, 0x3, 0x7, 0x80, 0xa, 0xffff, 0xc17, 0xc, 0x0, 0x7, 0x2, 0x7, 0x3, 0x3ff, 0x6, 0x9, 0xc09, 0x0, 0x3, 0xf, 0x2, 0x4, 0xe91a, 0x9, 0x0, 0x7, 0x7, 0x4, 0x2, 0xea000000, 0x99, 0x80000001, 0x103, 0x4, 0x7f8000, 0x9, 0x2, 0x1000, 0x1, 0x7ed, 0x5, 0x9, 0x1, 0x1, 0x6c, 0xb, 0x6, 0x4, 0x9, 0xb, 0x7fff, 0x8000, 0x6, 0x4f1, 0x8, 0xecea, 0x1, 0xede40000, 0x1000, 0x0, 0xfff, 0x81, 0x3, 0x9, 0x0, 0xb, 0x3, 0x3, 0x5, 0x800, 0xffff8001, 0x3, 0x9, 0x7fff, 0x9, 0x6ed01b87, 0x1, 0x0, 0x1, 0x0, 0x8, 0xd, 0xc394, 0xd, 0xfffffff9, 0x774971d8, 0x1, 0x2, 0x9, 0x6, 0x480, 0x7fffffff, 0x600, 0x0, 0x4, 0xffff, 0x9, 0xbe9, 0x3, 0x2, 0xffffffa5, 0x1, 0x6, 0x7, 0x9, 0x1, 0x3b, 0x9, 0x2fac00, 0x2, 0xb, 0x3, 0x0, 0x0, 0xfffffffa, 0xfffffffa, 0x800, 0x4, 0xfff, 0x80, 0xea, 0xd, 0x7, 0x9d59, 0x2a3, 0x6, 0x9, 0x4, 0x4, 0x81, 0x241a, 0x8, 0x7, 0xf36, 0x5, 0x8, 0x9, 0x80000001, 0x80000001, 0x5, 0x1, 0x6, 0x0, 0x2686, 0xffffff49, 0x0, 0x261, 0x1000, 0x2, 0x61, 0x6b, 0xfffffffa, 0x41fb, 0x9, 0x101, 0x1, 0xa38, 0x37aa, 0x4, 0x2, 0x8, 0x3, 0x10000000, 0x1, 0x4020, 0xff, 0x8, 0xd4, 0x7, 0x7, 0x8, 0x400, 0x1ff, 0x3, 0x45, 0xf, 0x69, 0x80000001, 0x1, 0x4, 0x6, 0x9, 0x6, 0x10000, 0x6, 0x2, 0x0, 0x8, 0xbf, 0x0, 0x9, 0x9469, 0x6, 0x6, 0x3, 0x5, 0x0, 0x9, 0x2, 0xfff, 0x9, 0x8, 0x500, 0x3, 0xfffffe01, 0x1, 0x101, 0xcf85, 0x3, 0x4, 0x6dc69554, 0x81, 0x80000001, 0xd780, 0x81, 0x7, 0x0, 0x0, 0x5, 0xfd00, 0x7, 0x1, 0x3, 0x1, 0xb353, 0x0, 0x1000, 0x80000000, 0x0, 0x40, 0xfffffff7, 0x80, 0x6, 0x81, 0x1a0000, 0x3, 0x7c, 0x1, 0x4, 0x7, 0x6, 0x3, 0x1, 0xd, 0xca, 0x4, 0x3, 0x9, 0x10000, 0xeb1, 0x2, 0x3, 0xd, 0x9, 0xffff8001, 0x8001, 0x9, 0x836c, 0x4, 0x6, 0x0, 0x3, 0x4, 0xffffff7f, 0x3af, 0x7, 0x8000, 0xd2bf, 0xfffffff5, 0x1, 0x10, 0x3, 0x4, 0x7, 0xffffffff, 0x80000000, 0x3, 0x0, 0x0, 0x0, 0x7fffffff, 0x66, 0x3045, 0x8, 0xcfe1, 0x9, 0xfffffff7, 0x7, 0x3, 0x9, 0x2, 0x6, 0x3, 0x100, 0x400, 0x101, 0x100000, 0x400, 0x3, 0xcc18, 0x3, 0xfffffff2, 0x0, 0xe, 0x7, 0x6, 0x8, 0x9a, 0x5, 0x4, 0x6, 0x6, 0x6, 0x101, 0x2, 0x0, 0x2, 0x4, 0x4, 0x3, 0x1, 0x1, 0x7, 0xff, 0xdfc2, 0x5, 0x7fffffff, 0x0, 0x4, 0x6, 0x8, 0x2, 0xfffffffb, 0x9, 0xe65, 0x7, 0x5, 0xffffffff, 0xaa, 0x7, 0x4, 0x7, 0x1, 0x100000, 0xb71, 0x800000, 0x5, 0x9, 0x7, 0xffffffff, 0x2, 0x3, 0x7f, 0x0, 0x40, 0x9, 0x81, 0xc, 0x0, 0x9, 0x9, 0x0, 0xa, 0x2, 0x8001, 0x0, 0xe, 0x9, 0xffffff82, 0x10001, 0x3c0cdea8, 0xfffffffe, 0x3b5, 0x6, 0x56, 0x60695b2a, 0x7, 0x3, 0xff, 0x3, 0x2, 0x0, 0x5, 0x7fffffff, 0x800, 0x310c, 0x7, 0x1, 0x2, 0x2, 0x8, 0x10001, 0x0, 0xca05, 0x9f, 0x8, 0x0, 0x7f, 0x7, 0x1, 0x5, 0x6, 0x9, 0x2, 0x7fffffff, 0x48, 0x4, 0x6, 0x80000001, 0x6, 0x80000000, 0xfffffffe, 0x4, 0x10000, 0x8, 0x10, 0xbfa7, 0x9, 0x401, 0x5, 0x1, 0x1, 0xd6d1, 0x0, 0x8, 0x7fffffff, 0x8, 0x80000001, 0xff, 0x401, 0x7f, 0x0, 0x3, 0x8, 0x8, 0xaffe, 0x7, 0xfffffffa, 0x3, 0xfffffffc, 0x6, 0xfffffffe, 0x10001, 0x7, 0x5, 0x3, 0x1886, 0x4, 0x3, 0x5, 0x200, 0x4, 0x68, 0x133, 0x2, 0x7, 0xffff0000, 0x3, 0xfffffffe, 0x3000000, 0x9e, 0x4, 0xfffffffa, 0x4, 0x10000, 0x0, 0xb, 0xda7, 0x3, 0x3, 0x8, 0x40, 0x9fa2, 0x4, 0x6, 0x100, 0x1000, 0x0, 0x3, 0xffffffff, 0x10001, 0xffff, 0x3615, 0x31, 0x6, 0x10, 0x5, 0x200, 0x6, 0x7fff, 0x6, 0x8, 0x2, 0x3, 0x1, 0xf, 0x7ff, 0x7, 0x5, 0x5, 0x3, 0xeb88, 0x8, 0xffffff09, 0x10001, 0x80000001, 0x3, 0xcf9, 0x100, 0x7fffffff, 0x9, 0xcf, 0xcfbd, 0x3, 0x6, 0x5, 0xe4, 0x7, 0x3ff, 0x43, 0x1, 0x0, 0xfffffff8, 0x7, 0xd, 0x8, 0x5, 0x101, 0x6, 0x80, 0xa6d, 0xc8, 0x81, 0xc, 0x81, 0x3, 0x4, 0x3ff, 0x9, 0x1ff, 0x6, 0x101, 0x2, 0x6, 0xff, 0x3, 0xfffffffa, 0xfffffffd, 0x6, 0x0, 0x9, 0x5, 0x40, 0x9, 0x0, 0x6, 0x1, 0x9, 0x1, 0x3ff0000, 0x3, 0x9, 0x8, 0x4, 0x6, 0x9, 0x1, 0x8, 0xa6cc, 0x80000000, 0x80000001, 0x4, 0xa, 0x3ff, 0x0, 0x0, 0x402, 0x0, 0x9937, 0xf, 0x9, 0x6, 0x2, 0x7, 0x9, 0x5, 0x4, 0x3, 0x80, 0xc025, 0xd9, 0x7cd, 0x2f2, 0x7, 0x9, 0x3, 0x1, 0x2, 0x6, 0x5, 0x8f4, 0x6, 0xb6fe, 0xd4ce, 0x9, 0x1, 0xc, 0x9, 0xe, 0x94c, 0x401, 0x3, 0x7, 0x2, 0x7, 0x8, 0x9, 0x1, 0xfffffff8, 0x97e, 0x4d63ff73, 0x8, 0x9, 0x6, 0x5, 0xc, 0x7, 0x4, 0x2, 0x56f16531, 0x3, 0xa, 0x200, 0x2d93, 0x0, 0x4, 0x0, 0x4c, 0x3, 0x4, 0x3, 0x9, 0x1, 0x4, 0x7, 0x8, 0x100, 0x5, 0x0, 0x2, 0x9, 0x8, 0x1800000, 0x8, 0x99, 0x0, 0x8, 0xfffffe01, 0x0, 0x3, 0x0, 0x6, 0x3, 0x8, 0x7, 0xfffffff8, 0x5, 0xc4c9, 0x25000000, 0x8, 0x9, 0x7ff, 0x3, 0x2, 0x9, 0x9, 0xffffd291, 0xb, 0x4, 0x6, 0x7, 0x6, 0x1, 0x4, 0x4, 0x1c00000, 0x4, 0x9, 0x5, 0x5, 0x9, 0xfff, 0xa, 0xb, 0x80000001, 0x7, 0xf59, 0x4, 0x2, 0x2, 0x87, 0x536, 0x5, 0x6, 0x4, 0x1, 0x1, 0x6, 0x0, 0x5, 0xfffffffc, 0xa, 0x2, 0x7, 0x6, 0x7, 0xb, 0x5, 0x10001, 0x3, 0xd6fb, 0x8, 0x8, 0x2, 0x8, 0x3, 0x7, 0x8, 0x80000000, 0x33, 0x8, 0x9, 0x3, 0x81, 0x10, 0x4, 0x1fd5, 0x400, 0xa1a, 0x4, 0x7, 0x7, 0x3, 0x80, 0x7, 0x20, 0x7, 0x4, 0x6e2, 0x9, 0x3, 0x8af4, 0x2, 0xa, 0x0, 0x40, 0x4, 0x7, 0x7, 0xb2d, 0xe, 0x7fffffff, 0x0, 0x5, 0x9, 0x1e, 0x7, 0xbb6, 0x6, 0x8, 0x7, 0x1, 0x0, 0x6, 0x9, 0x6, 0x4, 0x5566, 0x3, 0x200, 0x7ff, 0x2, 0x9, 0x9, 0x6caa, 0x6, 0x4, 0x8, 0x7, 0x200, 0x1, 0x0, 0x98b, 0x5, 0xc5, 0x7, 0x8, 0x7, 0x6, 0x1, 0x1, 0x3b09, 0x2, 0x5, 0x9, 0x40, 0x8, 0x0, 0x10000, 0x200, 0x731, 0x81, 0x5, 0xffffff7f, 0x4, 0x9a85f35, 0x8, 0x5a584aaf, 0x8001, 0x7f, 0x8, 0x7fff, 0xb560, 0x5, 0x8000, 0x7, 0x40, 0x0, 0x1f20, 0x0, 0x6, 0x101, 0x8, 0x3, 0x9, 0x0, 0xfffffffe, 0x7, 0x41, 0x1, 0x8, 0x3, 0x2, 0x7, 0x400, 0x692, 0x40, 0x6, 0x80, 0x3, 0xa00, 0x800, 0x4db, 0x2, 0x6, 0x4, 0xb33d, 0x8001, 0xd, 0xffffffff, 0x929c, 0xfffffff7, 0x4, 0x1, 0x8, 0xac, 0x8001, 0x20a, 0x80, 0x5, 0x0, 0x0, 0x80, 0x5, 0x4, 0xc8e, 0xffff, 0xbf, 0x1, 0x4, 0x4, 0x1, 0x7, 0x37, 0xd1, 0x200, 0xfffffff8, 0x9, 0xd, 0x7, 0x1, 0x1, 0xf50e05b8, 0x5, 0xb, 0x4, 0x9, 0x2, 0x0, 0xb2d4, 0xa, 0x8, 0x6, 0xdf51, 0x1919, 0xa, 0x180000, 0x22, 0x5, 0x9, 0x9, 0x4c69, 0x6, 0x6, 0xff, 0x7, 0x7, 0x7, 0x5609ad93, 0x3, 0x0, 0xb, 0x0, 0x6, 0x10001, 0x5, 0x7fff, 0x9f, 0x6, 0x80000000, 0x101, 0x8, 0x4, 0x5, 0x6, 0x5, 0x9, 0x7fff, 0x1, 0x6, 0x4, 0xb514, 0x2, 0x6, 0x2, 0x6d11, 0x9, 0x200, 0xffffffff, 0xfffffffa, 0xffffffff, 0x5, 0x918, 0x4091, 0x4, 0x0, 0xac2, 0x401, 0x7, 0x0, 0x8cfa, 0x1, 0xfffffffc, 0x9, 0x100, 0xfff, 0x401, 0x5, 0xffffffff, 0x1000, 0x19f, 0x0, 0x8, 0x5, 0x200, 0x5, 0x80000000, 0x6, 0xe, 0x10063448, 0x9, 0x5], 0x6, 0x400, 0x9d2}) syz_usb_control_io$uac1(r6, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="40000600000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$inet6(0xa, 0x3, 0x81) connect$pppoe(r0, &(0x7f0000000280)={0x18, 0x0, {0x0, @multicast, 'veth0_vlan\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850f0000d1000000d5000000020000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x9, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x40, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x6a, &(0x7f0000000080)=ANY=[@ANYBLOB="aa8c5d7ed021aaaaaaaaaaa17cb94e92b308004500005c0000000000019078ac1e0001ac1414aa05009078ac1414aa400000490e00000000000000ffffffffffffffff891b00ac14ff00ac0d0001e0000001ffffffffe0000001ac141400440c000000000000000180000002000000e06722c802682a4ff1390b2e16e7ded4ad81abf81644b272c2b8495782961eea19466d03f2748af5c135cf39582889"], 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000820000008200b7cb8a63a2db76"], 0x0, 0x0, 0x0, 0x0}, 0x0) 377.781058ms ago: executing program 4 (id=438): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESHEX], 0xfe33) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000002640)=""/4116, 0x1014}, {&(0x7f0000000d40)=""/191, 0xbf}, {&(0x7f0000000bc0)=""/166, 0xa6}, {&(0x7f0000001600)=""/4090, 0x1002}, {&(0x7f0000000480)=""/163, 0xa3}], 0x5, 0x0, 0x5}, 0x40012000) openat$vicodec0(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) 275.339157ms ago: executing program 0 (id=439): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="c400000010000100"/20, @ANYRES32=r3, @ANYBLOB="20000000000000009c001680980001800c000700ff070000050000000c000400090000000200000014000a00010400000000000000000000100000000c0004c027428991e16166000c000900070000000600000040000c8014000100000000c08b040000f800000081000000140001000700000052070000306c000088a8000014000100e75b0c091c080000000000008100000010030600080000000d00000048060000080028"], 0xc4}}, 0x0) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) r5 = socket$l2tp(0x2, 0x2, 0x73) recvmmsg(r5, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}, 0x120}], 0x1, 0x2142, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x704, 0x1, 0x9, 0x1000, {{0x23, 0x4, 0x3, 0x5, 0x8c, 0x68, 0x0, 0x6, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x39}, {[@timestamp_addr={0x44, 0x4, 0x2f, 0x1, 0x5}, @cipso={0x86, 0x37, 0x0, [{0x7, 0x8, "093a65ba7593"}, {0x0, 0x8, "d8af1696b030"}, {0x7, 0xf, "82a4fff97e2e3f27deebb1083a"}, {0x7, 0x4, '\aS'}, {0x2, 0x2}, {0x0, 0xc, "2a13064bb981f22435bf"}]}, @rr={0x7, 0x7, 0xf6, [@remote]}, @timestamp_addr={0x44, 0x34, 0xb1, 0x1, 0x0, [{@rand_addr=0x64010102, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x101}, {@remote, 0x10000}, {@broadcast, 0x80000000}, {@private=0xa010100, 0x2}, {@empty, 0x2}]}]}}}}}) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2, 0x7000000}, @TCA_FQ_FLOW_REFILL_DELAY={0x1027, 0x9, 0x3}]}}]}, 0xa2}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x10}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00'}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r9}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}]}, 0x88}, 0x1, 0x0, 0x0, 0x4008815}, 0x10) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)={0x24, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0xc, 0x2b, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @fd}]}]}, 0x24}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) 275.132268ms ago: executing program 2 (id=440): io_setup(0xfb, &(0x7f0000000140)=0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) io_submit(r0, 0x0, 0x0) 130.409572ms ago: executing program 0 (id=441): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r2, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) shutdown(r0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x6}) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000140)) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0684113, &(0x7f0000000380)={0x1, 0xa, 0x0, 0x1001, 0x8000, 0x0, 0xffffffed, 0xb, 0x0, 0x0, 0xfffffff9, 0x1}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r6, 0x400c4150, &(0x7f0000000000)={0x0, &(0x7f0000000240)="85", 0x1}) 72.348794ms ago: executing program 2 (id=442): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0300000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32, @ANYBLOB="08006a97172615fde3c05a5754c0922ba2a44d14e9e126140c85f0d92b4ac5459344a01747f78e9db74966812cea1e1db142685ba51a8d22d462a2dd59dc630c518767005197ec6d91d6ac0e4a123c12bd858d448ae619b5ae017fa895bcae877e39d2bfd092b60ce5e297d715448b70ccd409b9facfd55fe5b6c5f542efe778f828f896f4a2c5b3d75fc0a719d150978057472fe7aa5a769674cd063bac08d100"/170, @ANYRES32, @ANYBLOB], 0x54}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x2f, 0xc0, 0x2, 0x9, 0x0, @empty, @mcast2, 0x8000, 0x7800, 0x81, 0xfff}}) syz_emit_ethernet(0xa2, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60ee527e006c3c0000000000000000000000000000000000ff020000000000000000000000000001000300000000000005020000c910ff01"], 0x0) (fail_nth: 5) 0s ago: executing program 0 (id=443): recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/60, 0x3c}, {&(0x7f0000000080)=""/160, 0xa0}, {&(0x7f0000000140)=""/27, 0x1b}, {&(0x7f0000000180)=""/188, 0xbc}, {&(0x7f0000000240)=""/77, 0x4d}], 0x5, &(0x7f0000000300)=""/18, 0x12}, 0x40012022) openat$vcs(0xffffff9c, &(0x7f0000000380), 0x0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rpc\x00') getdents64(r0, &(0x7f0000002f40)=""/4098, 0x1002) syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000021275710570bbd2bcce70102030109021b0001000000000904000001031d02000905bb03"], 0x0) kernel console output (not intermixed with test programs): roblems! [ 161.480571][ T6625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.501689][ T6625] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.511281][ T6625] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.522844][ T6625] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.531580][ T6625] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.625834][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 161.706164][ T6652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.766220][ T51] hsr_slave_0: left promiscuous mode [ 161.784173][ T51] hsr_slave_1: left promiscuous mode [ 161.793314][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.800772][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.824726][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.832189][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.891633][ T51] veth1_macvtap: left promiscuous mode [ 161.898460][ T51] veth0_macvtap: left promiscuous mode [ 161.923348][ T51] veth1_vlan: left promiscuous mode [ 161.931078][ T51] veth0_vlan: left promiscuous mode [ 162.159026][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 162.170418][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 162.178787][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 162.199082][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 162.207963][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 162.215591][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 162.578714][ T51] team0 (unregistering): Port device team_slave_1 removed [ 162.621935][ T51] team0 (unregistering): Port device team_slave_0 removed [ 162.803674][ T5231] Bluetooth: hci0: command tx timeout [ 163.135069][ T2581] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.143573][ T2581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.249320][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.256998][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.265880][ T6867] bridge_slave_0: entered allmulticast mode [ 163.273235][ T6867] bridge_slave_0: entered promiscuous mode [ 163.281566][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.289598][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.297192][ T6867] bridge_slave_1: entered allmulticast mode [ 163.304666][ T6867] bridge_slave_1: entered promiscuous mode [ 163.330592][ T2581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.345489][ T2581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.370889][ T6652] veth0_vlan: entered promiscuous mode [ 163.386628][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.409791][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.507991][ T6867] team0: Port device team_slave_0 added [ 163.545089][ T6867] team0: Port device team_slave_1 added [ 163.574258][ T6652] veth1_vlan: entered promiscuous mode [ 163.673644][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.686652][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.714215][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.727373][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.734828][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.760922][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.818202][ T6652] veth0_macvtap: entered promiscuous mode [ 163.908799][ T6652] veth1_macvtap: entered promiscuous mode [ 163.926397][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.943558][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.973258][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.990002][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.000405][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.011964][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.025074][ T6652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.045413][ T6945] chnl_net:caif_netlink_parms(): no params data found [ 164.102949][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.113606][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.125036][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.135564][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.146071][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.156566][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.168291][ T6652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.203049][ T5280] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 164.243053][ T5231] Bluetooth: hci2: command tx timeout [ 164.266010][ T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.335396][ T6652] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.353290][ T6652] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.366654][ T6652] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.380572][ T6652] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.382860][ T5280] usb 1-1: Using ep0 maxpacket: 8 [ 164.399751][ T5280] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 164.410604][ T5280] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 164.420616][ T5280] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 164.430920][ T5280] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 164.434087][ T6867] hsr_slave_0: entered promiscuous mode [ 164.450609][ T5280] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 164.463697][ T5280] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 164.465173][ T6867] hsr_slave_1: entered promiscuous mode [ 164.472731][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.503238][ T6867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.510873][ T6867] Cannot create hsr debugfs directory [ 164.579848][ T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.686357][ T5239] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 164.697466][ T5280] usb 1-1: usb_control_msg returned -32 [ 164.706910][ T5280] usbtmc 1-1:16.0: can't read capabilities [ 164.713098][ T5239] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 164.722032][ T6945] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.730298][ T5239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 164.732396][ T6945] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.746003][ T6945] bridge_slave_0: entered allmulticast mode [ 164.752558][ T5239] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 164.764166][ T6945] bridge_slave_0: entered promiscuous mode [ 164.770218][ T5239] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 164.780667][ T5239] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 164.831282][ T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.852660][ T6945] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.861244][ T6945] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.871564][ T6945] bridge_slave_1: entered allmulticast mode [ 164.878794][ T6945] bridge_slave_1: entered promiscuous mode [ 164.884838][ T5239] Bluetooth: hci0: command tx timeout [ 164.936084][ T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.980194][ T6945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.998161][ T6945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.082632][ T6945] team0: Port device team_slave_0 added [ 165.097220][ T6945] team0: Port device team_slave_1 added [ 165.124383][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.137487][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.304786][ T5484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.312658][ T5484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.321311][ T6945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.336650][ T6945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.378390][ T6945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.622373][ T6945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.631281][ T6945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.665716][ T6945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.696011][ T51] bridge_slave_1: left allmulticast mode [ 165.701696][ T51] bridge_slave_1: left promiscuous mode [ 165.712767][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.735704][ T51] bridge_slave_0: left allmulticast mode [ 165.743000][ T51] bridge_slave_0: left promiscuous mode [ 165.748693][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.866945][ T7011] x_tables: duplicate underflow at hook 2 [ 166.323124][ T5239] Bluetooth: hci2: command tx timeout [ 166.747262][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.768835][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.779178][ T7015] FAULT_INJECTION: forcing a failure. [ 166.779178][ T7015] name failslab, interval 1, probability 0, space 0, times 0 [ 166.796042][ T7015] CPU: 1 UID: 0 PID: 7015 Comm: syz.3.287 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 166.806664][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 166.816718][ T7015] Call Trace: [ 166.820003][ T7015] [ 166.822928][ T7015] dump_stack_lvl+0x241/0x360 [ 166.827602][ T7015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.832805][ T7015] ? __pfx__printk+0x10/0x10 [ 166.837395][ T7015] ? fs_reclaim_acquire+0x93/0x130 [ 166.842497][ T7015] ? __pfx___might_resched+0x10/0x10 [ 166.843352][ T5239] Bluetooth: hci4: command tx timeout [ 166.847768][ T7015] should_fail_ex+0x3b0/0x4e0 [ 166.847812][ T7015] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 166.863766][ T7015] should_failslab+0xac/0x100 [ 166.868488][ T7015] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 166.874225][ T7015] __kmalloc_noprof+0xd8/0x400 [ 166.878987][ T7015] tomoyo_realpath_from_path+0xcf/0x5e0 [ 166.884554][ T7015] tomoyo_path_number_perm+0x23a/0x880 [ 166.890029][ T7015] ? tomoyo_path_number_perm+0x208/0x880 [ 166.895669][ T7015] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 166.901668][ T7015] ? __pfx_lock_acquire+0x10/0x10 [ 166.906718][ T7015] ? __fget_files+0x29/0x470 [ 166.911300][ T7015] ? __fget_files+0x3f3/0x470 [ 166.915967][ T7015] security_file_ioctl_compat+0xc6/0x2a0 [ 166.921592][ T7015] __se_compat_sys_ioctl+0xd6/0xc90 [ 166.926781][ T7015] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 166.932581][ T7015] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.938574][ T7015] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.944922][ T7015] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 166.951528][ T7015] ? lockdep_hardirqs_on+0x99/0x150 [ 166.956758][ T7015] __do_fast_syscall_32+0xb4/0x110 [ 166.961898][ T7015] ? exc_page_fault+0x590/0x8c0 [ 166.966791][ T7015] do_fast_syscall_32+0x34/0x80 [ 166.971663][ T7015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 166.978015][ T7015] RIP: 0023:0xf7f9f579 [ 166.982107][ T7015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 166.993165][ T5239] Bluetooth: hci0: command tx timeout [ 167.001715][ T7015] RSP: 002b:00000000f572656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 167.001744][ T7015] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004020aed2 [ 167.001758][ T7015] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.031530][ T7015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.039502][ T7015] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 167.047495][ T7015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.055485][ T7015] [ 167.066637][ T51] bond0 (unregistering): Released all slaves [ 167.078074][ T7015] ERROR: Out of memory at tomoyo_realpath_from_path. [ 167.094283][ T5283] usb 1-1: USB disconnect, device number 12 [ 167.309342][ T7021] fuse: Unknown parameter 'gP‰ [ 167.309342][ T7021] [é1|†oup' [ 167.323565][ T6945] hsr_slave_0: entered promiscuous mode [ 167.340294][ T6945] hsr_slave_1: entered promiscuous mode [ 167.347179][ T6945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.355967][ T6945] Cannot create hsr debugfs directory [ 167.419962][ T7022] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 167.430519][ T7025] fuse: Bad value for 'fd' [ 167.552221][ T7028] FAULT_INJECTION: forcing a failure. [ 167.552221][ T7028] name failslab, interval 1, probability 0, space 0, times 0 [ 167.565460][ T7028] CPU: 0 UID: 0 PID: 7028 Comm: syz.0.291 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 167.576079][ T7028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 167.586143][ T7028] Call Trace: [ 167.589439][ T7028] [ 167.592375][ T7028] dump_stack_lvl+0x241/0x360 [ 167.597078][ T7028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.602290][ T7028] ? __pfx__printk+0x10/0x10 [ 167.606888][ T7028] ? __kmalloc_node_noprof+0xb7/0x440 [ 167.612275][ T7028] ? __pfx___might_resched+0x10/0x10 [ 167.617556][ T7028] should_fail_ex+0x3b0/0x4e0 [ 167.622241][ T7028] should_failslab+0xac/0x100 [ 167.626924][ T7028] __kmalloc_node_noprof+0xdf/0x440 [ 167.632143][ T7028] ? qdisc_alloc+0x9a/0xa80 [ 167.636663][ T7028] qdisc_alloc+0x9a/0xa80 [ 167.640986][ T7028] qdisc_create_dflt+0x62/0x4b0 [ 167.645841][ T7028] taprio_init+0x424/0xc80 [ 167.650274][ T7028] ? ____sys_sendmsg+0x52a/0x7e0 [ 167.655206][ T7028] ? __sys_sendmsg+0x292/0x380 [ 167.659963][ T7028] ? __do_fast_syscall_32+0xb4/0x110 [ 167.665265][ T7028] ? __pfx_taprio_init+0x10/0x10 [ 167.670213][ T7028] ? lockdep_rtnl_is_held+0x26/0x40 [ 167.675411][ T7028] ? qdisc_lookup+0x350/0x6b0 [ 167.680079][ T7028] ? __pfx_taprio_init+0x10/0x10 [ 167.685017][ T7028] qdisc_create+0x9d4/0x11a0 [ 167.689641][ T7028] ? __pfx_qdisc_create+0x10/0x10 [ 167.694699][ T7028] tc_modify_qdisc+0xa26/0x1e40 [ 167.699582][ T7028] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 167.704876][ T7028] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 167.710154][ T7028] rtnetlink_rcv_msg+0x73f/0xcf0 [ 167.715094][ T7028] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 167.720221][ T7028] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 167.725687][ T7028] ? ref_tracker_free+0x643/0x7e0 [ 167.730705][ T7028] netlink_rcv_skb+0x1e3/0x430 [ 167.735472][ T7028] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 167.740946][ T7028] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.746231][ T7028] ? netlink_deliver_tap+0x2e/0x1b0 [ 167.751421][ T7028] netlink_unicast+0x7f6/0x990 [ 167.756198][ T7028] ? __pfx_netlink_unicast+0x10/0x10 [ 167.761497][ T7028] ? __virt_addr_valid+0x183/0x530 [ 167.766603][ T7028] ? __check_object_size+0x48e/0x900 [ 167.771889][ T7028] netlink_sendmsg+0x8e4/0xcb0 [ 167.776673][ T7028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.781980][ T7028] ? __pfx_lock_release+0x10/0x10 [ 167.787032][ T7028] ? aa_sock_msg_perm+0x91/0x160 [ 167.791967][ T7028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.797256][ T7028] __sock_sendmsg+0x221/0x270 [ 167.801949][ T7028] ____sys_sendmsg+0x52a/0x7e0 [ 167.806710][ T7028] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.812008][ T7028] __sys_sendmsg+0x292/0x380 [ 167.816628][ T7028] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.821760][ T7028] ? __pfx_vfs_write+0x10/0x10 [ 167.826534][ T7028] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 167.833137][ T7028] ? lockdep_hardirqs_on+0x99/0x150 [ 167.838354][ T7028] __do_fast_syscall_32+0xb4/0x110 [ 167.843473][ T7028] ? exc_page_fault+0x590/0x8c0 [ 167.848336][ T7028] do_fast_syscall_32+0x34/0x80 [ 167.853191][ T7028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 167.859529][ T7028] RIP: 0023:0xf7f43579 [ 167.863589][ T7028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 167.883202][ T7028] RSP: 002b:00000000f56c656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 167.891634][ T7028] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200007c0 [ 167.899603][ T7028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.907589][ T7028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.915566][ T7028] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 167.923546][ T7028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 167.931518][ T7028] [ 168.021414][ T51] hsr_slave_0: left promiscuous mode [ 168.035342][ T51] hsr_slave_1: left promiscuous mode [ 168.044263][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.051701][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.065320][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.078025][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.096132][ T51] veth1_macvtap: left promiscuous mode [ 168.101668][ T51] veth0_macvtap: left promiscuous mode [ 168.114380][ T51] veth1_vlan: left promiscuous mode [ 168.119761][ T51] veth0_vlan: left promiscuous mode [ 168.327473][ T5281] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 168.413078][ T5239] Bluetooth: hci2: command tx timeout [ 168.512941][ T7031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.537496][ T7031] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.557411][ T5281] usb 1-1: unable to get BOS descriptor or descriptor too short [ 168.569995][ T5281] usb 1-1: no configurations [ 168.570416][ T51] team0 (unregistering): Port device team_slave_1 removed [ 168.580831][ T5281] usb 1-1: can't read configurations, error -22 [ 168.620101][ T51] team0 (unregistering): Port device team_slave_0 removed [ 168.892884][ T5239] Bluetooth: hci4: command tx timeout [ 169.024679][ T6986] chnl_net:caif_netlink_parms(): no params data found [ 169.152218][ T7033] netlink: 60 bytes leftover after parsing attributes in process `syz.0.294'. [ 169.172718][ T6867] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 169.233971][ T6867] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 169.328990][ T6986] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.346776][ T6986] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.364217][ T6986] bridge_slave_0: entered allmulticast mode [ 169.380506][ T6986] bridge_slave_0: entered promiscuous mode [ 169.410092][ T6867] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 169.431008][ T6867] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 169.618302][ T6986] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.649543][ T6986] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.658723][ T6986] bridge_slave_1: entered allmulticast mode [ 169.666138][ T6986] bridge_slave_1: entered promiscuous mode [ 169.712868][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 169.731901][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 169.740226][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 169.748580][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 169.759610][ T6986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.772526][ T6986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.793053][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 169.804496][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 169.958332][ T7053] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 169.976211][ T6986] team0: Port device team_slave_0 added [ 170.037689][ T6986] team0: Port device team_slave_1 added [ 170.204520][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.258247][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.269618][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.295546][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.310640][ T6986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.324708][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.331790][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.359107][ T6986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.413067][ T5282] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 170.454394][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.482934][ T5239] Bluetooth: hci2: command tx timeout [ 170.489255][ T6945] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 170.511547][ T6945] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.529590][ T6945] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.572543][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.590397][ T6945] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 170.611618][ T7062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.632437][ T7062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.638001][ T6986] hsr_slave_0: entered promiscuous mode [ 170.648898][ T6986] hsr_slave_1: entered promiscuous mode [ 170.657760][ T5282] usb 1-1: unable to get BOS descriptor or descriptor too short [ 170.665742][ T6986] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.666098][ T5282] usb 1-1: no configurations [ 170.678994][ T5282] usb 1-1: can't read configurations, error -22 [ 170.679618][ T6986] Cannot create hsr debugfs directory [ 170.714353][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.728833][ T7049] chnl_net:caif_netlink_parms(): no params data found [ 170.879589][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.963252][ T5239] Bluetooth: hci4: command tx timeout [ 171.066722][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.119034][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.152410][ T7049] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.160076][ T7049] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.167388][ T7049] bridge_slave_0: entered allmulticast mode [ 171.174606][ T7049] bridge_slave_0: entered promiscuous mode [ 171.182661][ T7049] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.199959][ T7049] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.209831][ T7049] bridge_slave_1: entered allmulticast mode [ 171.232452][ T7049] bridge_slave_1: entered promiscuous mode [ 171.303919][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.338142][ T7049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.357901][ T7049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.395725][ T7091] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.302'. [ 171.415335][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.466161][ T5484] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.473326][ T5484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.504777][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.536408][ T6320] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.543593][ T6320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.582764][ T7049] team0: Port device team_slave_0 added [ 171.599384][ T7049] team0: Port device team_slave_1 added [ 171.632142][ T7094] netlink: 8 bytes leftover after parsing attributes in process `syz.0.303'. [ 171.692397][ T7049] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.722281][ T7049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.748310][ C1] vkms_vblank_simulate: vblank timer overrun [ 171.754961][ T7049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 171.783464][ T7049] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 171.790456][ T7049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.816375][ C1] vkms_vblank_simulate: vblank timer overrun [ 171.833527][ T7049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.853222][ T5239] Bluetooth: hci3: command tx timeout [ 171.915707][ T6945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.018432][ T6945] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.044813][ T51] bridge_slave_1: left allmulticast mode [ 172.050560][ T51] bridge_slave_1: left promiscuous mode [ 172.057689][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.067695][ T51] bridge_slave_0: left allmulticast mode [ 172.078334][ T51] bridge_slave_0: left promiscuous mode [ 172.087836][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.100326][ T51] bridge_slave_1: left allmulticast mode [ 172.113029][ T51] bridge_slave_1: left promiscuous mode [ 172.118814][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.129062][ T51] bridge_slave_0: left allmulticast mode [ 172.143606][ T51] bridge_slave_0: left promiscuous mode [ 172.149331][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.832465][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.847298][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.858208][ T51] bond0 (unregistering): Released all slaves [ 172.964702][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.976530][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.991420][ T51] bond0 (unregistering): Released all slaves [ 173.034257][ T7049] hsr_slave_0: entered promiscuous mode [ 173.041098][ T7049] hsr_slave_1: entered promiscuous mode [ 173.050663][ T5239] Bluetooth: hci4: command tx timeout [ 173.059359][ T7049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 173.068309][ T7049] Cannot create hsr debugfs directory [ 173.141234][ T6604] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.148398][ T6604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.279245][ T6320] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.286462][ T6320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.321954][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.671347][ T6945] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.709401][ T6945] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 173.824456][ T6867] veth0_vlan: entered promiscuous mode [ 173.927884][ T5239] Bluetooth: hci3: command tx timeout [ 173.942111][ T6945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.981498][ T6867] veth1_vlan: entered promiscuous mode [ 174.013737][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 174.025402][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 174.037753][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 174.057939][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 174.067035][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 174.074842][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 174.208278][ T6986] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 174.237567][ T6867] veth0_macvtap: entered promiscuous mode [ 174.319352][ T6986] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 174.341199][ T51] hsr_slave_0: left promiscuous mode [ 174.353433][ T51] hsr_slave_1: left promiscuous mode [ 174.367079][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.376307][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.384471][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.391896][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.411492][ T51] hsr_slave_0: left promiscuous mode [ 174.418410][ T51] hsr_slave_1: left promiscuous mode [ 174.433602][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.441030][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.450291][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.466260][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.528860][ T51] veth1_macvtap: left promiscuous mode [ 174.538885][ T51] veth0_macvtap: left promiscuous mode [ 174.548766][ T51] veth1_vlan: left promiscuous mode [ 174.558864][ T51] veth0_vlan: left promiscuous mode [ 174.569383][ T51] veth1_macvtap: left promiscuous mode [ 174.579368][ T51] veth0_macvtap: left promiscuous mode [ 174.588875][ T51] veth1_vlan: left promiscuous mode [ 174.599439][ T51] veth0_vlan: left promiscuous mode [ 175.299011][ T51] team0 (unregistering): Port device team_slave_1 removed [ 175.337850][ T51] team0 (unregistering): Port device team_slave_0 removed [ 175.986888][ T51] team0 (unregistering): Port device team_slave_1 removed [ 176.005686][ T5231] Bluetooth: hci3: command tx timeout [ 176.039079][ T51] team0 (unregistering): Port device team_slave_0 removed [ 176.163044][ T5231] Bluetooth: hci1: command tx timeout [ 176.412159][ T6986] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 176.421969][ T6867] veth1_macvtap: entered promiscuous mode [ 176.496248][ T6986] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 176.566102][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.577172][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.595320][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.660833][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.679302][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.690841][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.714025][ T6945] veth0_vlan: entered promiscuous mode [ 176.825221][ T6867] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.853353][ T6867] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.862088][ T6867] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.871392][ T6867] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.896289][ T6945] veth1_vlan: entered promiscuous mode [ 177.091453][ T7049] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 177.112716][ T7049] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 177.135752][ T7049] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 177.170419][ T7049] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 177.213982][ T7132] chnl_net:caif_netlink_parms(): no params data found [ 177.262168][ T6945] veth0_macvtap: entered promiscuous mode [ 177.307812][ T6945] veth1_macvtap: entered promiscuous mode [ 177.330307][ T6945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.341073][ T6945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.351017][ T6945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 177.361808][ T6945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.374262][ T6945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.433319][ T6945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.446460][ T6945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.456418][ T6945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.467029][ T6945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.478111][ T6945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.495738][ T6986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.512282][ T7132] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.520461][ T7132] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.529586][ T7132] bridge_slave_0: entered allmulticast mode [ 177.538546][ T7132] bridge_slave_0: entered promiscuous mode [ 177.544451][ T6604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.544472][ T6604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.581567][ T7132] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.589071][ T7132] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.597008][ T7132] bridge_slave_1: entered allmulticast mode [ 177.604790][ T7132] bridge_slave_1: entered promiscuous mode [ 177.628386][ T6945] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.637494][ T6945] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.646686][ T6945] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.655737][ T6945] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.685557][ T7132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.708203][ T6986] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.741694][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.767733][ T6320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.781691][ T7132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.783083][ T6320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.834676][ T6604] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.841840][ T6604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.851475][ T6604] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.858649][ T6604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.908451][ T7132] team0: Port device team_slave_0 added [ 177.933367][ T7132] team0: Port device team_slave_1 added [ 177.962663][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.063850][ T7049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.083758][ T5231] Bluetooth: hci3: command tx timeout [ 178.097573][ T7196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.309'. [ 178.128441][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.141795][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.152074][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.180828][ T7132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.221463][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.242617][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.268627][ T5231] Bluetooth: hci1: command tx timeout [ 178.307010][ T7132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.380844][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.415780][ T7049] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.464113][ T6320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.471945][ T6320] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.496082][ T6320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 178.519374][ T7203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'. [ 178.529929][ T6320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 178.545551][ T7203] mac80211_hwsim hwsim33 wlan0: entered promiscuous mode [ 178.560358][ T7203] macsec1: entered promiscuous mode [ 178.568308][ T7203] mac80211_hwsim hwsim33 wlan0: left promiscuous mode [ 178.600640][ T7132] hsr_slave_0: entered promiscuous mode [ 178.607045][ T7132] hsr_slave_1: entered promiscuous mode [ 178.640344][ T2581] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.647508][ T2581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.743356][ T2581] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.750479][ T2581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.034529][ T7049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.041945][ T51] bridge_slave_1: left allmulticast mode [ 179.057468][ T51] bridge_slave_1: left promiscuous mode [ 179.067853][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.081881][ T51] bridge_slave_0: left allmulticast mode [ 179.089703][ T51] bridge_slave_0: left promiscuous mode [ 179.098955][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.510719][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.521748][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.535026][ T51] bond0 (unregistering): Released all slaves [ 179.621220][ T6986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.822261][ T7049] veth0_vlan: entered promiscuous mode [ 179.870272][ T7049] veth1_vlan: entered promiscuous mode [ 180.332970][ T5231] Bluetooth: hci1: command tx timeout [ 180.462399][ T7250] netlink: 'syz.1.319': attribute type 32 has an invalid length. [ 180.526970][ T7250] netlink: 4 bytes leftover after parsing attributes in process `syz.1.319'. [ 180.613608][ T7250] netlink: 'syz.1.319': attribute type 32 has an invalid length. [ 180.630830][ T6986] veth0_vlan: entered promiscuous mode [ 180.696753][ T51] hsr_slave_0: left promiscuous mode [ 180.719077][ T51] hsr_slave_1: left promiscuous mode [ 180.744857][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.825894][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.862104][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.885717][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.920137][ T51] veth1_macvtap: left promiscuous mode [ 180.929404][ T51] veth0_macvtap: left promiscuous mode [ 180.947767][ T51] veth1_vlan: left promiscuous mode [ 180.963033][ T51] veth0_vlan: left promiscuous mode [ 181.235990][ T7279] x_tables: duplicate underflow at hook 2 [ 182.171867][ T51] team0 (unregistering): Port device team_slave_1 removed [ 182.322749][ T51] team0 (unregistering): Port device team_slave_0 removed [ 182.405800][ T5231] Bluetooth: hci1: command tx timeout [ 183.055174][ T7049] veth0_macvtap: entered promiscuous mode [ 183.107102][ T6986] veth1_vlan: entered promiscuous mode [ 183.145101][ T7049] veth1_macvtap: entered promiscuous mode [ 183.171278][ T7049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.188509][ T7049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.198622][ T7049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.219575][ T7049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.258505][ T7049] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.399352][ T7049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.489320][ T7049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.530313][ T7049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.548930][ T7049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.578436][ T7049] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.715901][ T7299] bond0: (slave caif0): Error: Device type is different from other slaves [ 183.745942][ T7049] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.755307][ T7049] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.816444][ T7049] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.836503][ T7049] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.862236][ T7132] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 183.921686][ T7132] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.994812][ T6986] veth0_macvtap: entered promiscuous mode [ 184.032514][ T7132] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 184.051122][ T7132] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 184.107115][ T6986] veth1_macvtap: entered promiscuous mode [ 184.205501][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.216244][ T5282] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 184.230906][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.256330][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.268433][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.286754][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.310827][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.322633][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.356510][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.373050][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.404152][ T5282] usb 2-1: Using ep0 maxpacket: 32 [ 184.409943][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.429628][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.429724][ T5282] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 184.439698][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.454202][ T5282] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 184.461074][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.481157][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.518794][ T5282] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 151, changing to 11 [ 184.527642][ T6986] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.543363][ T5282] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 17729, setting to 1024 [ 184.547241][ T6986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.555642][ T5282] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 184.570644][ T6986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.578499][ T5282] usb 2-1: config 0 interface 0 has no altsetting 0 [ 184.592003][ T6986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.595662][ T5282] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 184.628710][ T5282] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 184.638742][ T5282] usb 2-1: Product: syz [ 184.643166][ T5282] usb 2-1: Manufacturer: syz [ 184.647960][ T5282] usb 2-1: SerialNumber: syz [ 184.655752][ T5282] usb 2-1: config 0 descriptor?? [ 184.662674][ T7304] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 184.677171][ T5282] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 184.683441][ T5283] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 184.689661][ T5282] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 184.720998][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.738682][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.799026][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.808912][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.836238][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.850506][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.863077][ T5283] usb 3-1: Using ep0 maxpacket: 16 [ 184.879503][ T7132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.880077][ T5283] usb 3-1: config 253 has an invalid interface number: 157 but max is 3 [ 184.930456][ T5484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.938717][ T5283] usb 3-1: config 253 contains an unexpected descriptor of type 0x2, skipping [ 184.950028][ T5484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.970778][ T5283] usb 3-1: config 253 has an invalid interface number: 213 but max is 3 [ 184.992841][ T5283] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 184.997113][ T7132] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.013272][ T5283] usb 3-1: config 253 has 2 interfaces, different from the descriptor's value: 4 [ 185.030937][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.038137][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.045068][ T7304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.053556][ T5283] usb 3-1: config 253 has no interface number 0 [ 185.059996][ T5283] usb 3-1: config 253 has no interface number 1 [ 185.073840][ T7304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.089605][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.096803][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.114480][ T5283] usb 3-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 185.124584][ T7304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.145333][ T5283] usb 3-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 185.193399][ T7304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.198338][ T5283] usb 3-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 185.218722][ T941] usb 2-1: USB disconnect, device number 13 [ 185.244555][ T941] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 185.281920][ T5283] usb 3-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 185.309230][ T5283] usb 3-1: config 253 interface 157 has no altsetting 0 [ 185.318569][ T5283] usb 3-1: config 253 interface 213 has no altsetting 0 [ 185.322587][ T7132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.328596][ T5283] usb 3-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57 [ 185.343388][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.352470][ T5283] usb 3-1: Product: syz [ 185.360261][ T5283] usb 3-1: Manufacturer: syz [ 185.376600][ T5283] usb 3-1: SerialNumber: syz [ 185.419911][ T7132] veth0_vlan: entered promiscuous mode [ 185.433475][ T5291] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 185.435912][ T7132] veth1_vlan: entered promiscuous mode [ 185.486778][ T7132] veth0_macvtap: entered promiscuous mode [ 185.498493][ T7132] veth1_macvtap: entered promiscuous mode [ 185.519232][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.545799][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.562273][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.573113][ T5291] usb 4-1: device descriptor read/64, error -71 [ 185.579873][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.589978][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.613109][ T7321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.621913][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.642838][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.659624][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.672305][ T7321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.674293][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.692403][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.711502][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.731411][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.743937][ T5283] r8712u: register rtl8712_netdev_ops to netdev_ops [ 185.750570][ T5283] usb 3-1: r8712u: USB_SPEED_HIGH with 4 endpoints [ 185.760019][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.771710][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.782453][ T5283] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 185.789377][ T5283] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 185.797220][ T5283] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 185.805029][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.815402][ T5291] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 185.827867][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.840653][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.850977][ T5283] usb 3-1: Found UVC 0.00 device syz (0b05:1791) [ 185.859375][ T5283] usb 3-1: No valid video chain found. [ 185.866966][ T5283] r8712u: register rtl8712_netdev_ops to netdev_ops [ 185.874461][ T5283] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 185.887309][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.895961][ T5283] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 185.902575][ T5283] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 185.922288][ T7132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.933348][ T5283] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 185.941633][ T7132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.959365][ T5283] usb 3-1: USB disconnect, device number 21 [ 185.965561][ T5291] usb 4-1: device descriptor read/64, error -71 [ 185.978791][ T7132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.008000][ T7132] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.097557][ T5291] usb usb4-port1: attempt power cycle [ 186.301008][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.323421][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.430657][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.462462][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.473948][ T5291] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 186.508567][ T5291] usb 4-1: device descriptor read/8, error -71 [ 186.763575][ T5291] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 186.875162][ T5291] usb 4-1: device descriptor read/8, error -71 [ 186.983234][ T5291] usb usb4-port1: unable to enumerate USB device [ 187.413090][ T5282] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 187.571744][ T7366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.593899][ T8] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 187.596192][ T7380] FAULT_INJECTION: forcing a failure. [ 187.596192][ T7380] name failslab, interval 1, probability 0, space 0, times 0 [ 187.628095][ T7380] CPU: 1 UID: 0 PID: 7380 Comm: syz.4.343 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 187.638748][ T7380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 187.648830][ T7380] Call Trace: [ 187.652133][ T7380] [ 187.655089][ T7380] dump_stack_lvl+0x241/0x360 [ 187.659801][ T7380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.665027][ T7380] ? __pfx__printk+0x10/0x10 [ 187.669644][ T7380] ? ref_tracker_alloc+0x332/0x490 [ 187.674775][ T7380] should_fail_ex+0x3b0/0x4e0 [ 187.679484][ T7380] ? skb_clone+0x20c/0x390 [ 187.683927][ T7380] should_failslab+0xac/0x100 [ 187.688628][ T7380] ? skb_clone+0x20c/0x390 [ 187.693074][ T7380] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 187.698477][ T7380] skb_clone+0x20c/0x390 [ 187.702746][ T7380] __netlink_deliver_tap+0x3cc/0x7c0 [ 187.708069][ T7380] ? netlink_deliver_tap+0x2e/0x1b0 [ 187.713298][ T7380] netlink_deliver_tap+0x19d/0x1b0 [ 187.718432][ T7380] netlink_unicast+0x7c4/0x990 [ 187.723233][ T7380] ? __pfx_netlink_unicast+0x10/0x10 [ 187.728547][ T7380] ? __virt_addr_valid+0x183/0x530 [ 187.733692][ T7380] ? __check_object_size+0x48e/0x900 [ 187.739007][ T7380] netlink_sendmsg+0x8e4/0xcb0 [ 187.743793][ T7380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 187.749100][ T7380] ? __pfx_lock_release+0x10/0x10 [ 187.754158][ T7380] ? aa_sock_msg_perm+0x91/0x160 [ 187.759162][ T7380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 187.764470][ T7380] __sock_sendmsg+0x221/0x270 [ 187.765728][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.769159][ T7380] ____sys_sendmsg+0x52a/0x7e0 [ 187.769198][ T7380] ? __pfx_____sys_sendmsg+0x10/0x10 [ 187.790096][ T7380] __sys_sendmsg+0x292/0x380 [ 187.794245][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.794695][ T7380] ? __pfx___sys_sendmsg+0x10/0x10 [ 187.794734][ T7380] ? __pfx_vfs_write+0x10/0x10 [ 187.814330][ T7380] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 187.816554][ T8] usb 3-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00 [ 187.820925][ T7380] ? lockdep_hardirqs_on+0x99/0x150 [ 187.820956][ T7380] __do_fast_syscall_32+0xb4/0x110 [ 187.839362][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.840240][ T7380] ? exc_page_fault+0x590/0x8c0 [ 187.853114][ T7380] do_fast_syscall_32+0x34/0x80 [ 187.857992][ T7380] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 187.863712][ T8] usb 3-1: config 0 descriptor?? [ 187.864360][ T7380] RIP: 0023:0xf7ff7579 [ 187.864384][ T7380] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 187.864403][ T7380] RSP: 002b:00000000f575556c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 187.901624][ T7380] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 187.909623][ T7380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 187.917630][ T7380] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 187.925628][ T7380] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 187.933626][ T7380] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 187.941644][ T7380] [ 187.980229][ T7366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.095958][ T5282] usb 1-1: unable to get BOS descriptor or descriptor too short [ 188.140201][ T5282] usb 1-1: no configurations [ 188.156503][ T5282] usb 1-1: can't read configurations, error -22 [ 188.224167][ T29] kauditd_printk_skb: 51 callbacks suppressed [ 188.224186][ T29] audit: type=1326 audit(1729223657.097:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.1.347" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x0 [ 188.443723][ T5285] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 188.489062][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.349'. [ 188.615793][ T5285] usb 5-1: Using ep0 maxpacket: 8 [ 188.641505][ T5285] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 213, changing to 11 [ 188.669481][ T5285] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50025, setting to 1024 [ 188.681510][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 188.696530][ T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 188.708071][ T5285] usb 5-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 188.732197][ T8] usb 3-1: USB disconnect, device number 22 [ 188.742573][ T5285] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.781764][ T5285] usb 5-1: config 0 descriptor?? [ 188.828936][ T5285] usbhid 5-1:0.0: can't add hid device: -22 [ 188.851507][ T5285] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 188.886971][ T7420] all: renamed from bridge_slave_0 (while UP) [ 189.183243][ T5291] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 189.206787][ T7431] netlink: 'syz.0.356': attribute type 10 has an invalid length. [ 189.222006][ T7431] batman_adv: batadv0: Adding interface: team0 [ 189.228487][ T7431] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.253846][ T7431] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 189.258216][ T7432] FAULT_INJECTION: forcing a failure. [ 189.258216][ T7432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.282094][ T7432] CPU: 1 UID: 0 PID: 7432 Comm: syz.0.356 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 189.292795][ T7432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 189.302872][ T7432] Call Trace: [ 189.306167][ T7432] [ 189.309098][ T7432] dump_stack_lvl+0x241/0x360 [ 189.313789][ T7432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.318991][ T7432] ? __pfx__printk+0x10/0x10 [ 189.323578][ T7432] ? __pfx_lock_release+0x10/0x10 [ 189.328613][ T7432] should_fail_ex+0x3b0/0x4e0 [ 189.333297][ T7432] _copy_from_user+0x2f/0xe0 [ 189.337887][ T7432] get_compat_msghdr+0xae/0x730 [ 189.342738][ T7432] ? __fget_files+0x29/0x470 [ 189.347332][ T7432] ? __pfx_get_compat_msghdr+0x10/0x10 [ 189.352789][ T7432] ? __fget_files+0x3f3/0x470 [ 189.357513][ T7432] __sys_sendmsg+0x25d/0x380 [ 189.362111][ T7432] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.367241][ T7432] ? __pfx_vfs_write+0x10/0x10 [ 189.372153][ T7432] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 189.378738][ T7432] ? lockdep_hardirqs_on+0x99/0x150 [ 189.383938][ T7432] __do_fast_syscall_32+0xb4/0x110 [ 189.389046][ T7432] ? exc_page_fault+0x590/0x8c0 [ 189.394076][ T7432] do_fast_syscall_32+0x34/0x80 [ 189.398921][ T7432] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 189.405252][ T7432] RIP: 0023:0xf7fa1579 [ 189.409318][ T7432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 189.428933][ T7432] RSP: 002b:00000000f570556c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 189.437356][ T7432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 189.445329][ T7432] RDX: 0000000021000880 RSI: 0000000000000000 RDI: 0000000000000000 [ 189.453313][ T7432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 189.461278][ T7432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 189.469247][ T7432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 189.477229][ T7432] [ 189.489250][ T5280] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 189.541799][ T5291] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 189.557390][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.563998][ T5282] usb 5-1: USB disconnect, device number 16 [ 189.575517][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.642949][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 189.695695][ T5280] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 189.708944][ T7440] netlink: 12 bytes leftover after parsing attributes in process `syz.0.359'. [ 189.716229][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.726063][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.741229][ T5280] usb 2-1: Product: syz [ 189.747291][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.762864][ T5280] usb 2-1: Manufacturer: syz [ 189.767485][ T5280] usb 2-1: SerialNumber: syz [ 189.772606][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.784751][ T5280] usb 2-1: config 0 descriptor?? [ 189.798640][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 189.833290][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.846995][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.857985][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.869888][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 189.881602][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.890303][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.899419][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.912018][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 189.923893][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.935808][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.944878][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.956209][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 189.968223][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.976564][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 189.983031][ T8] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 189.986837][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 189.993421][ T5282] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 190.005015][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 190.025902][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 190.034937][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.049199][ T7427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.354'. [ 190.058193][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.071806][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 190.091889][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 190.099595][ T5291] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 190.108934][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 190.120533][ T5291] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 190.138640][ T5291] usb 4-1: config 0 interface 0 has no altsetting 0 [ 190.148503][ T5291] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 190.161210][ T5291] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 190.172457][ T5291] usb 4-1: Product: syz [ 190.178454][ T5291] usb 4-1: Manufacturer: syz [ 190.186763][ T5291] usb 4-1: SerialNumber: syz [ 190.200230][ T5291] usb 4-1: config 0 descriptor?? [ 190.205597][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 190.218315][ T5282] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 190.226323][ T7420] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 190.248493][ T8] usb 1-1: config 0 has an invalid interface number: 111 but max is 1 [ 190.252605][ T5291] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 190.281049][ T8] usb 1-1: config 0 has no interface number 1 [ 190.303427][ T5282] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 190.320016][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 190.332743][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.349395][ T8] usb 1-1: Product: syz [ 190.353779][ T8] usb 1-1: Manufacturer: syz [ 190.358515][ T8] usb 1-1: SerialNumber: syz [ 190.374154][ T8] usb 1-1: config 0 descriptor?? [ 190.393275][ T5282] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 190.402392][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 190.410517][ T5282] usb 5-1: SerialNumber: syz [ 190.531335][ T5291] usb 4-1: USB disconnect, device number 20 [ 190.541764][ T5291] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 190.619354][ T8] snd-usb-6fire 1-1:0.111: unable to receive device firmware state. [ 190.629810][ T8] snd-usb-6fire 1-1:0.111: probe with driver snd-usb-6fire failed with error -71 [ 190.650851][ T8] usb 1-1: USB disconnect, device number 19 [ 190.660137][ T5282] usb 5-1: 0:2 : does not exist [ 190.712676][ T5282] usb 5-1: USB disconnect, device number 17 [ 190.912630][ T6105] udevd[6105]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 191.218519][ T7449] FAULT_INJECTION: forcing a failure. [ 191.218519][ T7449] name failslab, interval 1, probability 0, space 0, times 0 [ 191.253147][ T7449] CPU: 0 UID: 0 PID: 7449 Comm: syz.4.363 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 191.263808][ T7449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 191.273884][ T7449] Call Trace: [ 191.277170][ T7449] [ 191.280095][ T7449] dump_stack_lvl+0x241/0x360 [ 191.284766][ T7449] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.289976][ T7449] ? __pfx__printk+0x10/0x10 [ 191.294573][ T7449] ? ref_tracker_alloc+0x332/0x490 [ 191.299677][ T7449] should_fail_ex+0x3b0/0x4e0 [ 191.304369][ T7449] ? skb_clone+0x20c/0x390 [ 191.308780][ T7449] should_failslab+0xac/0x100 [ 191.313462][ T7449] ? skb_clone+0x20c/0x390 [ 191.317887][ T7449] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 191.323276][ T7449] skb_clone+0x20c/0x390 [ 191.327524][ T7449] __netlink_deliver_tap+0x3cc/0x7c0 [ 191.332835][ T7449] ? netlink_deliver_tap+0x2e/0x1b0 [ 191.338313][ T7449] netlink_deliver_tap+0x19d/0x1b0 [ 191.343441][ T7449] netlink_unicast+0x7c4/0x990 [ 191.348251][ T7449] ? __pfx_netlink_unicast+0x10/0x10 [ 191.353566][ T7449] ? __virt_addr_valid+0x183/0x530 [ 191.358698][ T7449] ? __check_object_size+0x48e/0x900 [ 191.364025][ T7449] netlink_sendmsg+0x8e4/0xcb0 [ 191.368823][ T7449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.374128][ T7449] ? __pfx_lock_release+0x10/0x10 [ 191.379245][ T7449] ? aa_sock_msg_perm+0x91/0x160 [ 191.384209][ T7449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.389488][ T7449] __sock_sendmsg+0x221/0x270 [ 191.394188][ T7449] ____sys_sendmsg+0x52a/0x7e0 [ 191.398983][ T7449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.404284][ T7449] __sys_sendmsg+0x292/0x380 [ 191.408877][ T7449] ? __pfx___sys_sendmsg+0x10/0x10 [ 191.414003][ T7449] ? __pfx_vfs_write+0x10/0x10 [ 191.418812][ T7449] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 191.425413][ T7449] ? lockdep_hardirqs_on+0x99/0x150 [ 191.430618][ T7449] __do_fast_syscall_32+0xb4/0x110 [ 191.435728][ T7449] ? exc_page_fault+0x590/0x8c0 [ 191.440598][ T7449] do_fast_syscall_32+0x34/0x80 [ 191.445451][ T7449] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 191.451821][ T7449] RIP: 0023:0xf7ff7579 [ 191.455880][ T7449] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 191.475516][ T7449] RSP: 002b:00000000f577656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 191.483940][ T7449] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000200 [ 191.491917][ T7449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 191.499907][ T7449] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.507897][ T7449] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 191.515880][ T7449] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.523877][ T7449] [ 191.526915][ C0] vkms_vblank_simulate: vblank timer overrun [ 191.544777][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.4.363'. [ 191.592475][ T7449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 191.641527][ T7449] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 191.710468][ T7449] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.770602][ T7449] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.088030][ T5280] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 192.094232][ T5484] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.098588][ T5280] asix 2-1:0.0: probe with driver asix failed with error -71 [ 192.163953][ T5280] usb 2-1: USB disconnect, device number 14 [ 192.339177][ T5484] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.538662][ T5484] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.622995][ T5484] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.672065][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 192.699606][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 192.706823][ T5280] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 192.720576][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 192.729452][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 192.731234][ T7477] all: renamed from bridge_slave_0 (while UP) [ 192.744477][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 192.752160][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 192.803076][ T5282] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 192.883827][ T5280] usb 2-1: Using ep0 maxpacket: 16 [ 192.892159][ T5280] usb 2-1: config 253 has an invalid interface number: 157 but max is 3 [ 192.906927][ T5484] bridge_slave_1: left allmulticast mode [ 192.907987][ T5280] usb 2-1: config 253 contains an unexpected descriptor of type 0x2, skipping [ 192.918348][ T5484] bridge_slave_1: left promiscuous mode [ 192.924540][ T5280] usb 2-1: config 253 has an invalid interface number: 213 but max is 3 [ 192.936628][ T5280] usb 2-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 192.937430][ T5484] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.947926][ T5280] usb 2-1: config 253 has 2 interfaces, different from the descriptor's value: 4 [ 192.964158][ T5280] usb 2-1: config 253 has no interface number 0 [ 192.971250][ T5280] usb 2-1: config 253 has no interface number 1 [ 192.971978][ T5484] bridge_slave_0: left allmulticast mode [ 192.973259][ T5282] usb 5-1: Using ep0 maxpacket: 16 [ 192.979268][ T5484] bridge_slave_0: left promiscuous mode [ 192.995337][ T5280] usb 2-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 193.007959][ T5280] usb 2-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 193.018044][ T5282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 193.019837][ T5484] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.037278][ T5280] usb 2-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 193.049013][ T5280] usb 2-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 193.054871][ T5282] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 193.065171][ T5280] usb 2-1: config 253 interface 157 has no altsetting 0 [ 193.077089][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.083004][ T5280] usb 2-1: config 253 interface 213 has no altsetting 0 [ 193.102895][ T5282] usb 5-1: Product: syz [ 193.109824][ T5280] usb 2-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57 [ 193.113028][ T5284] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 193.128790][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.132455][ T5282] usb 5-1: Manufacturer: syz [ 193.150655][ T5280] usb 2-1: Product: syz [ 193.161939][ T5282] usb 5-1: SerialNumber: syz [ 193.168009][ T5280] usb 2-1: Manufacturer: syz [ 193.177757][ T5282] usb 5-1: config 0 descriptor?? [ 193.187189][ T5282] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 193.196888][ T5280] usb 2-1: SerialNumber: syz [ 193.199137][ T5282] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 193.319730][ T5284] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 193.330169][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.363158][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.384616][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.427396][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.454031][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.468715][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.471705][ T7468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.490730][ T7468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.522472][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.539363][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 193.541617][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.563215][ T5280] usb 2-1: r8712u: USB_SPEED_HIGH with 4 endpoints [ 193.576498][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.590809][ T5280] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 193.595429][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.600238][ T5280] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 193.632035][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.637472][ T5280] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 193.659973][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.674360][ T5280] usb 2-1: Found UVC 0.00 device syz (0b05:1791) [ 193.680757][ T5280] usb 2-1: No valid video chain found. [ 193.691317][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.701138][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 193.721913][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.722841][ T5280] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 193.743486][ T5280] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 193.750328][ T5280] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 193.751161][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.757995][ T5280] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 193.779338][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.789469][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.791642][ T5280] usb 2-1: USB disconnect, device number 15 [ 193.804684][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.829808][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.841047][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.848199][ T5282] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 193.868461][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.887625][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.898811][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.910130][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.919325][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.930199][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.941207][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.952494][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 193.960907][ T5284] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 193.970009][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 193.981045][ T5284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 1414, setting to 1024 [ 193.992276][ T5284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 194.010413][ T5284] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 194.019581][ T5284] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 194.029273][ T5284] usb 4-1: Product: syz [ 194.033763][ T5284] usb 4-1: Manufacturer: syz [ 194.038415][ T5284] usb 4-1: SerialNumber: syz [ 194.050547][ T5484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.050818][ T5284] usb 4-1: config 0 descriptor?? [ 194.065867][ T7477] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 194.077741][ T5284] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 194.088890][ T5484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 194.115822][ T5484] bond0 (unregistering): Released all slaves [ 194.340391][ T5285] usb 4-1: USB disconnect, device number 21 [ 194.349648][ T5285] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 194.541390][ T5282] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 194.573990][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.580449][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.580774][ T5282] em28xx 5-1:0.0: board has no eeprom [ 194.671912][ T5280] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 194.682962][ T5282] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 194.690994][ T5282] em28xx 5-1:0.0: dvb set to bulk mode. [ 194.697086][ T5285] em28xx 5-1:0.0: Binding DVB extension [ 194.723208][ T5282] usb 5-1: USB disconnect, device number 18 [ 194.730919][ T5282] em28xx 5-1:0.0: Disconnecting em28xx [ 194.765137][ T5285] em28xx 5-1:0.0: Registering input extension [ 194.772951][ T5484] hsr_slave_0: left promiscuous mode [ 194.795306][ T5282] em28xx 5-1:0.0: Closing input extension [ 194.803266][ T5239] Bluetooth: hci2: command tx timeout [ 194.836460][ T5484] hsr_slave_1: left promiscuous mode [ 194.883762][ T5282] em28xx 5-1:0.0: Freeing device [ 194.903990][ T7495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.933375][ T5484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.945121][ T7495] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.983088][ T5484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.027507][ T5484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.028873][ T5280] usb 2-1: unable to get BOS descriptor or descriptor too short [ 195.048809][ T5484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.083001][ T5280] usb 2-1: no configurations [ 195.087686][ T5280] usb 2-1: can't read configurations, error -22 [ 195.135872][ T5484] veth1_macvtap: left promiscuous mode [ 195.163519][ T5484] veth0_macvtap: left promiscuous mode [ 195.169191][ T5484] veth1_vlan: left promiscuous mode [ 195.209110][ T5484] veth0_vlan: left promiscuous mode [ 195.279102][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 195.290074][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 195.302758][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 195.312146][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 195.319998][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 195.327621][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 195.735749][ T5282] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 195.884453][ T5282] usb 5-1: device descriptor read/64, error -71 [ 195.991757][ T5484] team0 (unregistering): Port device team_slave_1 removed [ 196.040814][ T5484] team0 (unregistering): Port device team_slave_0 removed [ 196.132984][ T5282] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 196.202901][ T5280] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 196.284247][ T5282] usb 5-1: device descriptor read/64, error -71 [ 196.365538][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 196.397355][ T5282] usb usb5-port1: attempt power cycle [ 196.403905][ T5280] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76 [ 196.427857][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.436112][ T5280] usb 2-1: Product: syz [ 196.448169][ T5280] usb 2-1: Manufacturer: syz [ 196.452755][ T5280] usb 2-1: SerialNumber: syz [ 196.474744][ T5280] usb 2-1: config 0 descriptor?? [ 196.487058][ T5280] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 196.501289][ T7514] netlink: 28 bytes leftover after parsing attributes in process `syz.3.378'. [ 196.650941][ T7478] chnl_net:caif_netlink_parms(): no params data found [ 196.748211][ T5282] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 196.800769][ T5282] usb 5-1: device descriptor read/8, error -71 [ 196.879652][ T7540] FAULT_INJECTION: forcing a failure. [ 196.879652][ T7540] name failslab, interval 1, probability 0, space 0, times 0 [ 196.884021][ T5231] Bluetooth: hci2: command tx timeout [ 196.924441][ T7478] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.932587][ T5280] gspca_m5602: Failed to find a sensor [ 196.951973][ T5280] ALi m5602 2-1:0.0: ALi m5602 webcam failed [ 196.958370][ T7540] CPU: 1 UID: 0 PID: 7540 Comm: syz.3.384 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 196.968984][ T7540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 196.973011][ T7478] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.979034][ T7540] Call Trace: [ 196.979047][ T7540] [ 196.992238][ T7478] bridge_slave_0: entered allmulticast mode [ 196.993664][ T7478] bridge_slave_0: entered promiscuous mode [ 196.998125][ T7540] dump_stack_lvl+0x241/0x360 [ 197.006306][ T7478] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.008595][ T7540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.016530][ T7478] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.020784][ T7540] ? __pfx__printk+0x10/0x10 [ 197.020815][ T7540] ? __kmalloc_noprof+0xb0/0x400 [ 197.028677][ T7478] bridge_slave_1: entered allmulticast mode [ 197.032408][ T7540] ? __pfx___might_resched+0x10/0x10 [ 197.038970][ T7478] bridge_slave_1: entered promiscuous mode [ 197.043206][ T7540] should_fail_ex+0x3b0/0x4e0 [ 197.043242][ T7540] ? ethnl_default_start+0x13e/0x560 [ 197.043263][ T7540] should_failslab+0xac/0x100 [ 197.043287][ T7540] ? ethnl_default_start+0x13e/0x560 [ 197.043305][ T7540] __kmalloc_noprof+0xd8/0x400 [ 197.043333][ T7540] ethnl_default_start+0x13e/0x560 [ 197.048683][ T5282] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 197.054406][ T7540] genl_start+0x4d6/0x6d0 [ 197.054444][ T7540] __netlink_dump_start+0x45c/0x790 [ 197.085841][ T5282] usb 5-1: device descriptor read/8, error -71 [ 197.091710][ T7540] genl_rcv_msg+0x88c/0xec0 [ 197.091743][ T7540] ? mark_lock+0x9a/0x360 [ 197.116250][ T7540] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.121275][ T7540] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 197.127175][ T7540] ? __pfx_genl_start+0x10/0x10 [ 197.132024][ T7540] ? __pfx_genl_dumpit+0x10/0x10 [ 197.136971][ T7540] ? __pfx_genl_done+0x10/0x10 [ 197.141777][ T7540] ? __pfx_lock_acquire+0x10/0x10 [ 197.146834][ T7540] ? __pfx_ethnl_default_start+0x10/0x10 [ 197.152498][ T7540] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 197.158255][ T7540] ? __pfx_ethnl_default_done+0x10/0x10 [ 197.163834][ T7540] ? __pfx___might_resched+0x10/0x10 [ 197.169164][ T7540] netlink_rcv_skb+0x1e3/0x430 [ 197.173955][ T7540] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.179017][ T7540] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.184344][ T7540] ? __netlink_deliver_tap+0x77e/0x7c0 [ 197.189840][ T7540] genl_rcv+0x28/0x40 [ 197.193849][ T7540] netlink_unicast+0x7f6/0x990 [ 197.198654][ T7540] ? __pfx_netlink_unicast+0x10/0x10 [ 197.203967][ T7540] ? __virt_addr_valid+0x183/0x530 [ 197.209104][ T7540] ? __check_object_size+0x48e/0x900 [ 197.209701][ T5282] usb usb5-port1: unable to enumerate USB device [ 197.214452][ T7540] netlink_sendmsg+0x8e4/0xcb0 [ 197.214492][ T7540] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.214515][ T7540] ? __pfx_lock_release+0x10/0x10 [ 197.214539][ T7540] ? aa_sock_msg_perm+0x91/0x160 [ 197.214565][ T7540] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.214582][ T7540] __sock_sendmsg+0x221/0x270 [ 197.250983][ T7540] ____sys_sendmsg+0x52a/0x7e0 [ 197.255800][ T7540] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.261141][ T7540] __sys_sendmsg+0x292/0x380 [ 197.265773][ T7540] ? __pfx___sys_sendmsg+0x10/0x10 [ 197.270933][ T7540] ? __pfx_vfs_write+0x10/0x10 [ 197.275753][ T7540] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 197.282370][ T7540] ? lockdep_hardirqs_on+0x99/0x150 [ 197.287596][ T7540] __do_fast_syscall_32+0xb4/0x110 [ 197.292738][ T7540] ? exc_page_fault+0x590/0x8c0 [ 197.297625][ T7540] do_fast_syscall_32+0x34/0x80 [ 197.302504][ T7540] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 197.308869][ T7540] RIP: 0023:0xf745d579 [ 197.312964][ T7540] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 197.332611][ T7540] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 197.341030][ T7540] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001ac0 [ 197.349036][ T7540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.357013][ T7540] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 197.363065][ T5231] Bluetooth: hci1: command tx timeout [ 197.364968][ T7540] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 197.364984][ T7540] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 197.386530][ T7540] [ 197.415627][ T5280] usb 2-1: USB disconnect, device number 17 [ 197.509523][ T7478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.574658][ T7552] all: renamed from bridge_slave_0 (while UP) [ 197.624200][ T7478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.653671][ T7520] chnl_net:caif_netlink_parms(): no params data found [ 197.749434][ T7478] team0: Port device team_slave_0 added [ 197.799619][ T7478] team0: Port device team_slave_1 added [ 197.801742][ T7558] input: syz0 as /devices/virtual/input/input11 [ 197.877849][ T5484] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.045492][ T7520] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.063032][ T7520] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.074481][ T7520] bridge_slave_0: entered allmulticast mode [ 198.095930][ T7520] bridge_slave_0: entered promiscuous mode [ 198.143688][ T5484] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.163289][ T5285] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 198.179083][ T7478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.190074][ T7478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.242954][ T7478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.257685][ T7520] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.266684][ T7520] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.275003][ T7520] bridge_slave_1: entered allmulticast mode [ 198.282351][ T7520] bridge_slave_1: entered promiscuous mode [ 198.316287][ T5484] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.336759][ T7566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.370009][ T7566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.393209][ T7478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.400293][ T7478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.441429][ T5285] usb 4-1: unable to get BOS descriptor or descriptor too short [ 198.445857][ T7478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.460165][ T5285] usb 4-1: no configurations [ 198.472442][ T5285] usb 4-1: can't read configurations, error -22 [ 198.523888][ T5484] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.581363][ T7520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.610409][ T7478] hsr_slave_0: entered promiscuous mode [ 198.617274][ T7478] hsr_slave_1: entered promiscuous mode [ 198.623689][ T7478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.631853][ T7478] Cannot create hsr debugfs directory [ 198.645201][ T7520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.696411][ T7520] team0: Port device team_slave_0 added [ 198.717394][ T7520] team0: Port device team_slave_1 added [ 198.723255][ T5284] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 198.770110][ T7520] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.778420][ T7520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.806199][ T7520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.837140][ T7520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.844216][ T7520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.870629][ T5284] usb 2-1: device descriptor read/64, error -71 [ 198.871040][ T7520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.963003][ T5231] Bluetooth: hci2: command tx timeout [ 199.031571][ T7520] hsr_slave_0: entered promiscuous mode [ 199.053058][ T5280] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 199.061434][ T7520] hsr_slave_1: entered promiscuous mode [ 199.068787][ T7520] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.076697][ T7520] Cannot create hsr debugfs directory [ 199.089067][ T5484] bridge_slave_1: left allmulticast mode [ 199.094998][ T5484] bridge_slave_1: left promiscuous mode [ 199.100725][ T5484] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.112967][ T5284] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 199.113446][ T5484] bridge_slave_0: left allmulticast mode [ 199.142032][ T5484] bridge_slave_0: left promiscuous mode [ 199.148986][ T5484] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.230554][ T5280] usb 5-1: Using ep0 maxpacket: 16 [ 199.243503][ T5284] usb 2-1: device descriptor read/64, error -71 [ 199.249556][ T5280] usb 5-1: config 253 has an invalid interface number: 157 but max is 3 [ 199.267765][ T5280] usb 5-1: config 253 contains an unexpected descriptor of type 0x2, skipping [ 199.277214][ T5280] usb 5-1: config 253 has an invalid interface number: 213 but max is 3 [ 199.298329][ T5280] usb 5-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 199.318973][ T5280] usb 5-1: config 253 has 2 interfaces, different from the descriptor's value: 4 [ 199.339583][ T5280] usb 5-1: config 253 has no interface number 0 [ 199.347355][ T5280] usb 5-1: config 253 has no interface number 1 [ 199.363332][ T5284] usb usb2-port1: attempt power cycle [ 199.364499][ T5280] usb 5-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 199.379908][ T5280] usb 5-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 199.410630][ T5280] usb 5-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 199.433860][ T5280] usb 5-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 199.447213][ T5231] Bluetooth: hci1: command tx timeout [ 199.466571][ T5280] usb 5-1: config 253 interface 157 has no altsetting 0 [ 199.476078][ T5280] usb 5-1: config 253 interface 213 has no altsetting 0 [ 199.485777][ T5280] usb 5-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57 [ 199.495712][ T5280] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.503828][ T5280] usb 5-1: Product: syz [ 199.508100][ T5280] usb 5-1: Manufacturer: syz [ 199.512703][ T5280] usb 5-1: SerialNumber: syz [ 199.644068][ T5484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.662431][ T5484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.674320][ T5484] bond0 (unregistering): Released all slaves [ 199.686061][ T7598] all: renamed from bridge_slave_0 (while UP) [ 199.703038][ T5284] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 199.747298][ T7595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.793326][ T5284] usb 2-1: device descriptor read/8, error -71 [ 199.811674][ T7595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.862221][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 199.876305][ T5280] usb 5-1: r8712u: USB_SPEED_HIGH with 4 endpoints [ 199.890225][ T5280] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 199.913605][ T5280] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 199.927599][ T5280] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 199.954592][ T5280] usb 5-1: Found UVC 0.00 device syz (0b05:1791) [ 199.961741][ T5280] usb 5-1: No valid video chain found. [ 199.975463][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 199.979612][ T7604] input: syz0 as /devices/virtual/input/input12 [ 199.988999][ T5280] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 199.998719][ T5280] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 200.016130][ T5280] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 200.025002][ T5280] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 200.033398][ T5284] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 200.039691][ T5280] usb 5-1: USB disconnect, device number 23 [ 200.076075][ T5284] usb 2-1: device descriptor read/8, error -71 [ 200.183758][ T5284] usb usb2-port1: unable to enumerate USB device [ 200.337253][ T7610] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 200.474926][ T5484] hsr_slave_0: left promiscuous mode [ 200.497353][ T5484] hsr_slave_1: left promiscuous mode [ 200.512655][ T5484] batman_adv: batadv0: Removing interface: team0 [ 200.522548][ T5484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.533278][ T5484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.541816][ T5484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.553829][ T5484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.590025][ T5484] veth1_macvtap: left promiscuous mode [ 200.600139][ T5484] veth0_macvtap: left promiscuous mode [ 200.606425][ T5484] veth1_vlan: left promiscuous mode [ 200.611858][ T5484] veth0_vlan: left promiscuous mode [ 200.650793][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.4.402'. [ 201.043050][ T5231] Bluetooth: hci2: command tx timeout [ 201.115154][ T5484] team0 (unregistering): Port device team_slave_1 removed [ 201.156664][ T5484] team0 (unregistering): Port device team_slave_0 removed [ 201.523946][ T5231] Bluetooth: hci1: command tx timeout [ 201.667733][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.401'. [ 201.689387][ T7609] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.778725][ T7636] x_tables: duplicate underflow at hook 2 [ 202.022945][ T5285] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 202.332724][ T7635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.439455][ T7635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.513924][ T5285] usb 4-1: unable to get BOS descriptor or descriptor too short [ 202.570852][ T5285] usb 4-1: no configurations [ 202.599354][ T5285] usb 4-1: can't read configurations, error -22 [ 202.652544][ T7644] all: renamed from bridge_slave_0 (while UP) [ 202.837940][ T7478] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 202.859777][ T7478] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 202.871469][ T7478] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 202.890876][ T7478] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 202.981700][ T7520] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 203.001189][ T7661] input: syz0 as /devices/virtual/input/input13 [ 203.016424][ T7520] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 203.060755][ T7520] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 203.062909][ T5282] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 203.106434][ T7520] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 203.217832][ T7670] hsr0: entered promiscuous mode [ 203.235916][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.257065][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 203.270171][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 203.284559][ T7672] netlink: 'syz.4.411': attribute type 1 has an invalid length. [ 203.287520][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 203.310767][ T5282] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 203.323321][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.340824][ T7478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.341639][ T5282] usb 2-1: config 0 descriptor?? [ 203.413502][ T7478] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.443970][ T7676] openvswitch: netlink: Missing key (keys=40, expected=100) [ 203.465016][ T7520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.483529][ T7520] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.494674][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.501786][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.516183][ T5484] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.523368][ T5484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.560720][ T5484] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.567946][ T5484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.579499][ T5484] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.586639][ T5484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.603195][ T5231] Bluetooth: hci1: command tx timeout [ 203.653320][ T5285] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 203.723045][ T5283] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 203.774008][ T7659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.795465][ T7659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.819628][ T7478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.828000][ T5285] usb 4-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 203.831258][ T7520] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.847407][ T5285] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.868379][ T5285] usb 4-1: Product: syz [ 203.881039][ T5285] usb 4-1: Manufacturer: syz [ 203.891932][ T5285] usb 4-1: SerialNumber: syz [ 203.898757][ T5283] usb 5-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=21.1f [ 203.912137][ T5283] usb 5-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3 [ 203.913574][ T5285] usb 4-1: config 0 descriptor?? [ 203.952509][ T5283] usb 5-1: Product: syz [ 203.955988][ T7478] veth0_vlan: entered promiscuous mode [ 203.971260][ T5283] usb 5-1: Manufacturer: syz [ 203.987887][ T5283] usb 5-1: SerialNumber: syz [ 203.996509][ T7478] veth1_vlan: entered promiscuous mode [ 204.014128][ T5283] usb 5-1: config 0 descriptor?? [ 204.030960][ T7520] veth0_vlan: entered promiscuous mode [ 204.041088][ T5283] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 204.076922][ T7520] veth1_vlan: entered promiscuous mode [ 204.094321][ T7478] veth0_macvtap: entered promiscuous mode [ 204.120419][ T7478] veth1_macvtap: entered promiscuous mode [ 204.160123][ T7668] netlink: 8 bytes leftover after parsing attributes in process `syz.3.410'. [ 204.221276][ T7659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.226140][ T7520] veth0_macvtap: entered promiscuous mode [ 204.251579][ T7478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.263521][ T7478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.275426][ T7478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.286539][ T7478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.324577][ T7659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.325843][ T7478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.347870][ T7659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.400492][ T7659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.404233][ T7520] veth1_macvtap: entered promiscuous mode [ 204.442972][ T7478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.483086][ T7478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.504852][ T5283] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 204.524622][ T7478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.546853][ T5283] pac7311 5-1:0.0: probe with driver pac7311 failed with error -71 [ 204.583117][ T7478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.586994][ T5283] usb 5-1: USB disconnect, device number 24 [ 204.611522][ T5282] usbhid 2-1:0.0: can't add hid device: -71 [ 204.646615][ T5282] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 204.664970][ T7478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.681771][ T5282] usb 2-1: USB disconnect, device number 22 [ 204.748086][ T7478] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.791209][ T7478] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.860657][ T7478] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.883157][ T7478] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.914628][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.960683][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.995891][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.022304][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.051408][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.089575][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.132259][ T7520] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.232504][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.279871][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.355776][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.403158][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.428677][ T7520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.510526][ T7520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.524256][ T7520] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.579478][ T7520] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.632963][ T7520] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.656940][ T7520] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.690224][ T7520] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.992210][ T7723] x_tables: duplicate underflow at hook 2 [ 206.036661][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.104522][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.220116][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.319516][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.376490][ T5285] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 206.433992][ T5285] asix 4-1:0.0: probe with driver asix failed with error -71 [ 206.541085][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.554223][ T5285] usb 4-1: USB disconnect, device number 25 [ 206.575267][ T6604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.590734][ T7734] FAULT_INJECTION: forcing a failure. [ 206.590734][ T7734] name failslab, interval 1, probability 0, space 0, times 0 [ 206.591482][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.633139][ T6604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.655673][ T7734] CPU: 0 UID: 0 PID: 7734 Comm: syz.3.417 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 206.666312][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 206.676356][ T7734] Call Trace: [ 206.679618][ T7734] [ 206.682560][ T7734] dump_stack_lvl+0x241/0x360 [ 206.687229][ T7734] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.692412][ T7734] ? __pfx__printk+0x10/0x10 [ 206.696988][ T7734] ? __kmalloc_node_noprof+0xb7/0x440 [ 206.702351][ T7734] ? __pfx___might_resched+0x10/0x10 [ 206.707637][ T7734] ? __asan_memset+0x23/0x50 [ 206.712255][ T7734] should_fail_ex+0x3b0/0x4e0 [ 206.716973][ T7734] should_failslab+0xac/0x100 [ 206.721686][ T7734] __kmalloc_node_noprof+0xdf/0x440 [ 206.726998][ T7734] ? __kvmalloc_node_noprof+0x72/0x190 [ 206.732485][ T7734] __kvmalloc_node_noprof+0x72/0x190 [ 206.737787][ T7734] rhashtable_init_noprof+0x534/0xa60 [ 206.743182][ T7734] rhltable_init_noprof+0x1c/0x60 [ 206.748227][ T7734] nf_tables_newtable+0x7e8/0x1e10 [ 206.753387][ T7734] ? nfnl_pernet+0x23/0x240 [ 206.757923][ T7734] ? __pfx_nf_tables_newtable+0x10/0x10 [ 206.763510][ T7734] ? __nla_parse+0x40/0x60 [ 206.767919][ T7734] nfnetlink_rcv+0x14dc/0x2ab0 [ 206.772683][ T7734] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 206.777802][ T7734] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.782984][ T7734] ? skb_clone+0x240/0x390 [ 206.787401][ T7734] ? __pfx_lock_release+0x10/0x10 [ 206.792423][ T7734] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.797604][ T7734] netlink_unicast+0x7f6/0x990 [ 206.802368][ T7734] ? __pfx_netlink_unicast+0x10/0x10 [ 206.807664][ T7734] ? __virt_addr_valid+0x183/0x530 [ 206.812802][ T7734] ? __check_object_size+0x48e/0x900 [ 206.818208][ T7734] netlink_sendmsg+0x8e4/0xcb0 [ 206.823012][ T7734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.828321][ T7734] ? __pfx_lock_release+0x10/0x10 [ 206.833340][ T7734] ? aa_sock_msg_perm+0x91/0x160 [ 206.838266][ T7734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.843538][ T7734] __sock_sendmsg+0x221/0x270 [ 206.848207][ T7734] ____sys_sendmsg+0x52a/0x7e0 [ 206.852975][ T7734] ? __pfx_____sys_sendmsg+0x10/0x10 [ 206.858303][ T7734] __sys_sendmsg+0x292/0x380 [ 206.862915][ T7734] ? __pfx___sys_sendmsg+0x10/0x10 [ 206.868092][ T7734] ? __pfx_vfs_write+0x10/0x10 [ 206.872902][ T7734] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 206.879504][ T7734] ? lockdep_hardirqs_on+0x99/0x150 [ 206.884712][ T7734] __do_fast_syscall_32+0xb4/0x110 [ 206.889840][ T7734] ? exc_page_fault+0x590/0x8c0 [ 206.894719][ T7734] do_fast_syscall_32+0x34/0x80 [ 206.899582][ T7734] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.905927][ T7734] RIP: 0023:0xf745d579 [ 206.910014][ T7734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 206.929657][ T7734] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 206.938100][ T7734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002000c2c0 [ 206.946088][ T7734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.954129][ T7734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.962129][ T7734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 206.970139][ T7734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.978144][ T7734] [ 207.212633][ T7743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.377'. [ 207.221787][ T7743] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 207.230685][ T7743] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 207.318463][ T7743] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 207.330279][ T7743] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.412928][ T5283] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 207.550081][ T7747] process 'syz.2.420' launched './file0' with NULL argv: empty string added [ 207.640256][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.694028][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.737330][ T5283] usb 2-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00 [ 207.776967][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.810422][ T5283] usb 2-1: config 0 descriptor?? [ 208.024325][ T7769] FAULT_INJECTION: forcing a failure. [ 208.024325][ T7769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.038428][ T7769] CPU: 0 UID: 0 PID: 7769 Comm: syz.4.426 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 208.049069][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 208.059161][ T7769] Call Trace: [ 208.062469][ T7769] [ 208.065419][ T7769] dump_stack_lvl+0x241/0x360 [ 208.070125][ T7769] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.075374][ T7769] ? __pfx__printk+0x10/0x10 [ 208.079996][ T7769] ? snprintf+0xda/0x120 [ 208.084269][ T7769] should_fail_ex+0x3b0/0x4e0 [ 208.088980][ T7769] _copy_to_user+0x2f/0xb0 [ 208.093434][ T7769] simple_read_from_buffer+0xca/0x150 [ 208.098840][ T7769] proc_fail_nth_read+0x1e9/0x250 [ 208.103907][ T7769] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.109492][ T7769] ? rw_verify_area+0x55e/0x6f0 [ 208.114379][ T7769] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.119963][ T7769] vfs_read+0x201/0xbc0 [ 208.124154][ T7769] ? __pfx_lock_release+0x10/0x10 [ 208.129229][ T7769] ? __pfx_vfs_read+0x10/0x10 [ 208.133948][ T7769] ? __fget_files+0x3f3/0x470 [ 208.138662][ T7769] ? fdget_pos+0x24e/0x320 [ 208.143102][ T7769] ksys_read+0x183/0x2b0 [ 208.147379][ T7769] ? __pfx_ksys_read+0x10/0x10 [ 208.152170][ T7769] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 208.158794][ T7769] ? lockdep_hardirqs_on+0x99/0x150 [ 208.163999][ T7769] __do_fast_syscall_32+0xb4/0x110 [ 208.169129][ T7769] ? exc_page_fault+0x590/0x8c0 [ 208.173987][ T7769] do_fast_syscall_32+0x34/0x80 [ 208.178836][ T7769] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 208.185166][ T7769] RIP: 0023:0xf7ff7579 [ 208.189239][ T7769] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 208.208847][ T7769] RSP: 002b:00000000f57765a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 208.217270][ T7769] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5776620 [ 208.225238][ T7769] RDX: 000000000000000f RSI: 00000000f747bff4 RDI: 0000000000000000 [ 208.233205][ T7769] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 208.241184][ T7769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 208.249153][ T7769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 208.257148][ T7769] [ 208.332940][ T5284] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 208.340705][ T5285] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 208.513110][ T5284] usb 3-1: device descriptor read/64, error -71 [ 208.535044][ T5285] usb 1-1: Using ep0 maxpacket: 32 [ 208.543560][ T5285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.554845][ T5285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.573693][ T5285] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 208.583025][ T5285] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.620750][ T5285] usb 1-1: config 0 descriptor?? [ 208.737035][ T5283] usbhid 2-1:0.0: can't add hid device: -71 [ 208.745565][ T5283] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 208.757519][ T5283] usb 2-1: USB disconnect, device number 23 [ 208.773553][ T5284] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 208.823745][ T5282] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 208.913704][ T5284] usb 3-1: device descriptor read/64, error -71 [ 208.992972][ T5282] usb 5-1: Using ep0 maxpacket: 16 [ 209.002215][ T5282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.018415][ T5282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.030954][ T5284] usb usb3-port1: attempt power cycle [ 209.038898][ T5282] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 209.067591][ T5285] ft260 0003:0403:6030.0003: unknown main item tag 0x0 [ 209.084458][ T5282] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 209.097575][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.110330][ T5282] usb 5-1: config 0 descriptor?? [ 209.263047][ T5285] ft260 0003:0403:6030.0003: failed to retrieve chip version [ 209.286203][ T5285] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -5 [ 209.393028][ T5284] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 209.436114][ T5284] usb 3-1: device descriptor read/8, error -71 [ 209.539350][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.602432][ T7821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.432'. [ 209.622374][ T7828] x_tables: duplicate underflow at hook 2 [ 209.631379][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.646779][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.670435][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.689536][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.709101][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.722951][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.730460][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.740007][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.747491][ T5284] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 209.756300][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.764275][ T5282] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 209.773871][ T5284] usb 3-1: device descriptor read/8, error -71 [ 209.783161][ T5282] microsoft 0003:045E:07DA.0004: No inputs registered, leaving [ 209.801252][ T5282] microsoft 0003:045E:07DA.0004: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 209.882517][ T5282] microsoft 0003:045E:07DA.0004: no inputs found [ 209.889469][ T5284] usb usb3-port1: unable to enumerate USB device [ 209.897157][ T5282] microsoft 0003:045E:07DA.0004: could not initialize ff, continuing anyway [ 210.308335][ T7843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.433'. [ 210.334445][ T5283] usb 5-1: USB disconnect, device number 25 [ 210.540228][ T7853] input: syz0 as /devices/virtual/input/input14 [ 210.853034][ T5280] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 210.908708][ T5284] usb 1-1: USB disconnect, device number 20 [ 210.963932][ T5283] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 211.007862][ T7872] netlink: 16 bytes leftover after parsing attributes in process `syz.0.439'. [ 211.016932][ T5280] usb 4-1: Using ep0 maxpacket: 8 [ 211.027679][ T7872] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 211.056176][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 211.068371][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.439'. [ 211.077344][ T5280] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 211.089131][ T7872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.439'. [ 211.089208][ T5280] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 211.115452][ T5280] usb 4-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 211.135185][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.154562][ T5283] usb 2-1: Using ep0 maxpacket: 8 [ 211.163237][ T5280] usb 4-1: Product: syz [ 211.171258][ T5280] usb 4-1: Manufacturer: syz [ 211.183293][ T5280] usb 4-1: SerialNumber: syz [ 211.188391][ T5283] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 211.206989][ T5283] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 211.224765][ T5280] usb 4-1: config 0 descriptor?? [ 211.231254][ T5283] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 211.254620][ T5280] smsusb:smsusb_probe: board id=2, interface number 0 [ 211.265373][ T5283] usb 2-1: Product: syz [ 211.269711][ T5283] usb 2-1: Manufacturer: syz [ 211.290395][ T5283] usb 2-1: SerialNumber: syz [ 211.296785][ T5280] smsusb:siano_media_device_register: media controller created [ 211.310753][ T5280] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed [ 211.318633][ T5280] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed [ 211.336616][ T5280] ------------[ cut here ]------------ [ 211.342169][ T5280] WARNING: CPU: 1 PID: 5280 at mm/slub.c:4689 free_large_kmalloc+0x38/0x1c0 [ 211.351101][ T5280] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 211.355199][ T5280] CPU: 1 UID: 0 PID: 5280 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 211.366601][ T5280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 211.377154][ T5280] Workqueue: usb_hub_wq hub_event [ 211.382283][ T5280] RIP: 0010:free_large_kmalloc+0x38/0x1c0 [ 211.388249][ T5280] Code: 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 78 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 40 00 00 00 75 27 90 <0f> 0b 90 31 db 80 3d 6c 04 14 0e 00 75 21 c6 05 63 04 14 0e 01 48 [ 211.408092][ T5280] RSP: 0018:ffffc900042bead0 EFLAGS: 00010246 [ 211.414278][ T5280] RAX: 0000000000000000 RBX: ffffffff8737dd42 RCX: ffffea0000000000 [ 211.422351][ T5280] RDX: ffffc9001478c000 RSI: ffff888078f62000 RDI: ffffea0001e3d880 [ 211.431323][ T5280] RBP: ffff888066663760 R08: ffffffff8142fe9c R09: 1ffff1100cccc6e0 [ 211.440070][ T5280] R10: dffffc0000000000 R11: ffffed100cccc6e1 R12: ffff88823bf96000 [ 211.448378][ T5280] R13: ffff888078f62000 R14: ffff888078f62000 R15: ffffea0001e3d880 [ 211.456500][ T5280] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 211.465562][ T5280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.472229][ T5280] CR2: 000000005680697c CR3: 000000000e734000 CR4: 00000000003526f0 [ 211.480464][ T5280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 211.488603][ T5280] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 211.496719][ T5280] Call Trace: [ 211.500060][ T5280] [ 211.503162][ T5280] ? __warn+0x168/0x4e0 [ 211.507410][ T5280] ? free_large_kmalloc+0x38/0x1c0 [ 211.512606][ T5280] ? report_bug+0x2b3/0x500 [ 211.517285][ T5280] ? free_large_kmalloc+0x38/0x1c0 [ 211.522499][ T5280] ? handle_bug+0x60/0x90 [ 211.527454][ T5280] ? exc_invalid_op+0x1a/0x50 [ 211.534003][ T5280] ? asm_exc_invalid_op+0x1a/0x20 [ 211.539135][ T5280] ? usb_free_urb+0xd2/0x120 [ 211.543850][ T5280] ? __phys_addr+0xac/0x170 [ 211.548418][ T5280] ? free_large_kmalloc+0x38/0x1c0 [ 211.553654][ T5280] ? usb_free_urb+0xd2/0x120 [ 211.558367][ T5280] kfree+0x21c/0x440 [ 211.562264][ T5280] ? smscore_unregister_device+0x616/0x6e0 [ 211.568186][ T5280] usb_free_urb+0xd2/0x120 [ 211.572626][ T5280] smsusb_term_device+0x1d3/0x3c0 [ 211.577673][ T5280] smsusb_probe+0x1d00/0x2410 [ 211.582360][ T5280] ? __pfx_smsusb_probe+0x10/0x10 [ 211.587433][ T5280] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 211.593033][ T5280] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 211.598992][ T5280] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 211.605548][ T5280] ? __pm_runtime_set_status+0x6c1/0xa10 [ 211.611187][ T5280] usb_probe_interface+0x645/0xbb0 [ 211.616441][ T5280] ? __pfx_usb_probe_interface+0x10/0x10 [ 211.622089][ T5280] really_probe+0x2b8/0xad0 [ 211.626701][ T5280] __driver_probe_device+0x1a2/0x390 [ 211.631982][ T5280] driver_probe_device+0x50/0x430 [ 211.637451][ T5280] __device_attach_driver+0x2d6/0x530 [ 211.643503][ T5280] bus_for_each_drv+0x24e/0x2e0 [ 211.648402][ T5280] ? __pfx___device_attach_driver+0x10/0x10 [ 211.654402][ T5280] ? __pfx_bus_for_each_drv+0x10/0x10 [ 211.659775][ T5280] __device_attach+0x333/0x520 [ 211.664574][ T5280] ? __pfx_lock_release+0x10/0x10 [ 211.669625][ T5280] ? __pfx___device_attach+0x10/0x10 [ 211.674939][ T5280] ? do_raw_spin_unlock+0x13c/0x8b0 [ 211.680159][ T5280] bus_probe_device+0x189/0x260 [ 211.685083][ T5280] device_add+0x856/0xbf0 [ 211.689461][ T5280] usb_set_configuration+0x1976/0x1fb0 [ 211.694978][ T5280] usb_generic_driver_probe+0x88/0x140 [ 211.700436][ T5280] usb_probe_device+0x1b8/0x380 [ 211.705334][ T5280] ? __pfx_usb_probe_device+0x10/0x10 [ 211.710694][ T5280] really_probe+0x2b8/0xad0 [ 211.715241][ T5280] __driver_probe_device+0x1a2/0x390 [ 211.720557][ T5280] driver_probe_device+0x50/0x430 [ 211.725635][ T5280] __device_attach_driver+0x2d6/0x530 [ 211.730999][ T5280] bus_for_each_drv+0x24e/0x2e0 [ 211.736390][ T5280] ? __pfx___device_attach_driver+0x10/0x10 [ 211.742283][ T5280] ? __pfx_bus_for_each_drv+0x10/0x10 [ 211.748111][ T5280] __device_attach+0x333/0x520 [ 211.753014][ T5280] ? __pfx___device_attach+0x10/0x10 [ 211.758298][ T5280] bus_probe_device+0x189/0x260 [ 211.763415][ T5280] device_add+0x856/0xbf0 [ 211.767749][ T5280] usb_new_device+0x104a/0x19a0 [ 211.772856][ T5280] ? __pfx_usb_new_device+0x10/0x10 [ 211.778069][ T5280] ? _raw_spin_unlock_irq+0x23/0x50 [ 211.783382][ T5280] ? lockdep_hardirqs_on+0x99/0x150 [ 211.788598][ T5280] hub_event+0x2d6d/0x5150 [ 211.793057][ T5280] ? __pfx_hub_event+0x10/0x10 [ 211.797814][ T5280] ? __pfx_lock_acquire+0x10/0x10 [ 211.802924][ T5280] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 211.808921][ T5280] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 211.815320][ T5280] ? process_scheduled_works+0x976/0x1850 [ 211.821057][ T5280] process_scheduled_works+0xa63/0x1850 [ 211.826655][ T5280] ? __pfx_process_scheduled_works+0x10/0x10 [ 211.832659][ T5280] ? assign_work+0x364/0x3d0 [ 211.837279][ T5280] worker_thread+0x870/0xd30 [ 211.842283][ T5280] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 211.848695][ T5280] ? __kthread_parkme+0x169/0x1d0 [ 211.853775][ T5280] ? __pfx_worker_thread+0x10/0x10 [ 211.858880][ T5280] kthread+0x2f0/0x390 [ 211.863003][ T5280] ? __pfx_worker_thread+0x10/0x10 [ 211.868109][ T5280] ? __pfx_kthread+0x10/0x10 [ 211.872707][ T5280] ret_from_fork+0x4b/0x80 [ 211.877251][ T5280] ? __pfx_kthread+0x10/0x10 [ 211.881833][ T5280] ret_from_fork_asm+0x1a/0x30 [ 211.886658][ T5280] [ 211.889675][ T5280] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 211.896938][ T5280] CPU: 1 UID: 0 PID: 5280 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 211.907680][ T5280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 211.917723][ T5280] Workqueue: usb_hub_wq hub_event [ 211.922744][ T5280] Call Trace: [ 211.926011][ T5280] [ 211.928929][ T5280] dump_stack_lvl+0x241/0x360 [ 211.933595][ T5280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.938866][ T5280] ? __pfx__printk+0x10/0x10 [ 211.943463][ T5280] ? _printk+0xd5/0x120 [ 211.947651][ T5280] ? __init_begin+0x41000/0x41000 [ 211.952676][ T5280] ? vscnprintf+0x5d/0x90 [ 211.957000][ T5280] panic+0x349/0x880 [ 211.960928][ T5280] ? __warn+0x177/0x4e0 [ 211.965092][ T5280] ? __pfx_panic+0x10/0x10 [ 211.969512][ T5280] ? show_trace_log_lvl+0x3b2/0x410 [ 211.974718][ T5280] ? ret_from_fork_asm+0x1a/0x30 [ 211.979659][ T5280] __warn+0x34b/0x4e0 [ 211.983640][ T5280] ? free_large_kmalloc+0x38/0x1c0 [ 211.988757][ T5280] report_bug+0x2b3/0x500 [ 211.993099][ T5280] ? free_large_kmalloc+0x38/0x1c0 [ 211.998211][ T5280] handle_bug+0x60/0x90 [ 212.002373][ T5280] exc_invalid_op+0x1a/0x50 [ 212.006879][ T5280] asm_exc_invalid_op+0x1a/0x20 [ 212.011735][ T5280] RIP: 0010:free_large_kmalloc+0x38/0x1c0 [ 212.017462][ T5280] Code: 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 78 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 40 00 00 00 75 27 90 <0f> 0b 90 31 db 80 3d 6c 04 14 0e 00 75 21 c6 05 63 04 14 0e 01 48 [ 212.037091][ T5280] RSP: 0018:ffffc900042bead0 EFLAGS: 00010246 [ 212.043159][ T5280] RAX: 0000000000000000 RBX: ffffffff8737dd42 RCX: ffffea0000000000 [ 212.051127][ T5280] RDX: ffffc9001478c000 RSI: ffff888078f62000 RDI: ffffea0001e3d880 [ 212.059094][ T5280] RBP: ffff888066663760 R08: ffffffff8142fe9c R09: 1ffff1100cccc6e0 [ 212.067059][ T5280] R10: dffffc0000000000 R11: ffffed100cccc6e1 R12: ffff88823bf96000 [ 212.075021][ T5280] R13: ffff888078f62000 R14: ffff888078f62000 R15: ffffea0001e3d880 [ 212.082994][ T5280] ? usb_free_urb+0xd2/0x120 [ 212.087577][ T5280] ? __phys_addr+0xac/0x170 [ 212.092083][ T5280] ? usb_free_urb+0xd2/0x120 [ 212.096660][ T5280] kfree+0x21c/0x440 [ 212.100675][ T5280] ? smscore_unregister_device+0x616/0x6e0 [ 212.106473][ T5280] usb_free_urb+0xd2/0x120 [ 212.110879][ T5280] smsusb_term_device+0x1d3/0x3c0 [ 212.115896][ T5280] smsusb_probe+0x1d00/0x2410 [ 212.120571][ T5280] ? __pfx_smsusb_probe+0x10/0x10 [ 212.125584][ T5280] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 212.131118][ T5280] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 212.137035][ T5280] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.143375][ T5280] ? __pm_runtime_set_status+0x6c1/0xa10 [ 212.149023][ T5280] usb_probe_interface+0x645/0xbb0 [ 212.154135][ T5280] ? __pfx_usb_probe_interface+0x10/0x10 [ 212.159838][ T5280] really_probe+0x2b8/0xad0 [ 212.164340][ T5280] __driver_probe_device+0x1a2/0x390 [ 212.169613][ T5280] driver_probe_device+0x50/0x430 [ 212.174625][ T5280] __device_attach_driver+0x2d6/0x530 [ 212.180090][ T5280] bus_for_each_drv+0x24e/0x2e0 [ 212.184931][ T5280] ? __pfx___device_attach_driver+0x10/0x10 [ 212.190808][ T5280] ? __pfx_bus_for_each_drv+0x10/0x10 [ 212.196175][ T5280] __device_attach+0x333/0x520 [ 212.200929][ T5280] ? __pfx_lock_release+0x10/0x10 [ 212.205948][ T5280] ? __pfx___device_attach+0x10/0x10 [ 212.211230][ T5280] ? do_raw_spin_unlock+0x13c/0x8b0 [ 212.216424][ T5280] bus_probe_device+0x189/0x260 [ 212.221288][ T5280] device_add+0x856/0xbf0 [ 212.225614][ T5280] usb_set_configuration+0x1976/0x1fb0 [ 212.231077][ T5280] usb_generic_driver_probe+0x88/0x140 [ 212.236524][ T5280] usb_probe_device+0x1b8/0x380 [ 212.241360][ T5280] ? __pfx_usb_probe_device+0x10/0x10 [ 212.246717][ T5280] really_probe+0x2b8/0xad0 [ 212.251230][ T5280] __driver_probe_device+0x1a2/0x390 [ 212.256512][ T5280] driver_probe_device+0x50/0x430 [ 212.261525][ T5280] __device_attach_driver+0x2d6/0x530 [ 212.266884][ T5280] bus_for_each_drv+0x24e/0x2e0 [ 212.271726][ T5280] ? __pfx___device_attach_driver+0x10/0x10 [ 212.277604][ T5280] ? __pfx_bus_for_each_drv+0x10/0x10 [ 212.282973][ T5280] __device_attach+0x333/0x520 [ 212.287724][ T5280] ? __pfx___device_attach+0x10/0x10 [ 212.293017][ T5280] bus_probe_device+0x189/0x260 [ 212.297858][ T5280] device_add+0x856/0xbf0 [ 212.302183][ T5280] usb_new_device+0x104a/0x19a0 [ 212.307035][ T5280] ? __pfx_usb_new_device+0x10/0x10 [ 212.312222][ T5280] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.317408][ T5280] ? lockdep_hardirqs_on+0x99/0x150 [ 212.322592][ T5280] hub_event+0x2d6d/0x5150 [ 212.327027][ T5280] ? __pfx_hub_event+0x10/0x10 [ 212.331782][ T5280] ? __pfx_lock_acquire+0x10/0x10 [ 212.336796][ T5280] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 212.342771][ T5280] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 212.349111][ T5280] ? process_scheduled_works+0x976/0x1850 [ 212.354825][ T5280] process_scheduled_works+0xa63/0x1850 [ 212.360381][ T5280] ? __pfx_process_scheduled_works+0x10/0x10 [ 212.366356][ T5280] ? assign_work+0x364/0x3d0 [ 212.371315][ T5280] worker_thread+0x870/0xd30 [ 212.375902][ T5280] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 212.381789][ T5280] ? __kthread_parkme+0x169/0x1d0 [ 212.386806][ T5280] ? __pfx_worker_thread+0x10/0x10 [ 212.391925][ T5280] kthread+0x2f0/0x390 [ 212.395983][ T5280] ? __pfx_worker_thread+0x10/0x10 [ 212.401085][ T5280] ? __pfx_kthread+0x10/0x10 [ 212.405661][ T5280] ret_from_fork+0x4b/0x80 [ 212.410085][ T5280] ? __pfx_kthread+0x10/0x10 [ 212.414666][ T5280] ret_from_fork_asm+0x1a/0x30 [ 212.419427][ T5280] [ 212.422584][ T5280] Kernel Offset: disabled [ 212.426949][ T5280] Rebooting in 86400 seconds..