last executing test programs: 16.779125219s ago: executing program 1 (id=358): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) r1 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0x7005, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000a40)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000200)={r2}) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) r3 = syz_open_dev$loop(&(0x7f0000000200), 0x7fffffffffffffff, 0x44000) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000240)={r4, 0x0, r0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000280)={r4}) 16.592943124s ago: executing program 1 (id=359): r0 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x20c) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='#\\\x00', &(0x7f0000000040)='#:\x00', 0x0) ftruncate(r0, 0x103f) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000340), 0x20000007d, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f0000000200)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) ftruncate(r4, 0xc17a) r5 = dup3(r2, r3, 0x0) read$FUSE(r5, &(0x7f0000002640)={0x2020}, 0x2020) getsockopt$inet_udp_int(r1, 0x11, 0xa, 0x0, &(0x7f0000000180)) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000013c0)=ANY=[@ANYBLOB="1c0000008100010700000000000000ff070000000000000004000b00be7ba1016c61740420da61b58a5fa68bb8ff4bd141000000005270d798e65931806f977565cdeabff86956dac782"], 0x1c}}, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="54099f0010000100000000001100000000000000", @ANYRES32=r10, @ANYBLOB="000000000000000034001280110001006272696467655f736c617665000000001c00058005001c000000000005001b000000000005001e0000000000"], 0x54}}, 0x0) r11 = openat(0xffffffffffffff9c, &(0x7f0000002100)='./file0\x00', 0x0, 0x0) getdents64(r11, &(0x7f0000000380)=""/4109, 0x18) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r12, 0x40045431, &(0x7f0000000100)={0xffffffff, 0x0, 0x0, 0xfffffffe, 0x0, "2af01c3d0040fbffffffffffffff00"}) r13 = syz_open_pts(r12, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000240)=0x13) ioctl$TCSETS(r13, 0x5402, &(0x7f00000002c0)={0xffff, 0x0, 0x0, 0x0, 0x0, "db2d416fbecfb84b5452b768e08ee2df361089"}) ioctl$TIOCSTI(r13, 0x5412, &(0x7f0000000140)=0xa) 16.276118276s ago: executing program 1 (id=360): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x4, 0x9) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e000000100000000000000000000000000000000000000000000ffff640101000000b153000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008400050000000000000000000000000000000000000000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000ef00"/244], 0x13c}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080), 0x18) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) socket(0x0, 0x803, 0x0) r6 = io_uring_setup(0x410f, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x255}) r7 = eventfd2(0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000000)=r7, 0x1) io_uring_register$IORING_REGISTER_BUFFERS2(r6, 0xf, &(0x7f0000001580)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/4096, 0x1000}], &(0x7f0000001540)=[0x0, 0x0, 0x4]}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, 0x0, 0x0) r8 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r10 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) io_setup(0x2, &(0x7f00000004c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9"], 0x0) sendmmsg$unix(r3, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f40)=ANY=[@ANYBLOB="1c000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32], 0x70, 0x8005}}, {{&(0x7f0000002fc0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000032c0), 0x0, &(0x7f0000003440)=[@cred={{0x1c}}], 0x20, 0x44000}}, {{0x0, 0x0, &(0x7f0000003540)=[{&(0x7f0000003480)="8cd7f4c21dbe980b1dd0481d285ebd3e24461ce7d48febf7a501c8d48aa3de2e573a1286a606030512a0cdfb42e4db234430278d2c833937c1a79ae3cea090e4858924e9cc47521590ea2bd007d2ed75fe22bae03a8441fd2398e8f4f8a08050491f73441e0e0399618c422d6d29136b0a26e707306140f72235d5644f157785750e1d2e816a80bf66893251fad0a85fd010cd6314dc63b681d13dc45da9dfdafd60fdee8654bccb34f0e5dbb1e7e22140f1e2d5ddaf6e40fc30003e32b255", 0xbf}], 0x1, 0x0, 0x0, 0x48}}, {{&(0x7f0000003580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004b00)=[{0x0}, {&(0x7f00000036c0)="4898055557a8e48f56e89e2a8d2b7f7410aa1ef8379bbd7d67581ef60babb140ffca0a5816ec775759134c00df475ee099ad8ce489153107b9d4b89d47a5094ab47149608f17d984bcb20c467b89d1309b9a604f2a20a619d5", 0x59}, {&(0x7f0000003740)="7ce9a544c88f9179ad1d5529d9ce2d0ce5c77a49fd", 0x15}, {&(0x7f0000003780)="baa5e2254a6428693c395f6e55729a3cb97a51106e2c0742323d2e5adc66ac703244ee840ce7902b36f9583d44780a6c9ee106e019609f556df577ac1dbe5c066b1fdf689ede02decef7d3e1522a6eedcadeb77278efd88c3ea26593a8ac66a2a2eb96dc6b6ab8360d08e626", 0x6c}, {&(0x7f0000003800)="17064631f490a0d642904c62b371fee452d29aaab44f186e1072e438eac470f0addfb3aa4df99b2c73299988cf72bbda22d6eb35c56343b03a037dc1c0a64aaeab3387f5d78148d2b77f5638a65791dd55", 0x51}, {&(0x7f0000001780)="3053d8392edc2ea9897525c7d852ffd4e836b8dd85b56bb6fee0b51df20369b05e3590b011e5c4393ed59a4071cd7c051cf63f9837f14abeebb83eb631e48eb7053fa7a6b1db701ba2d0ac9e21f39e2c3e6c8d8fbba05a9e166b45064e35b7db7ffc730e1c6f98980bdab4a4c479e5bafb8da28e9bd89c77e52a59d19771ffe13d52489db1a62a314a547a0a", 0x8c}, {&(0x7f0000003900)="d5d9d722ca8fa934b87a4ea730d95b6e2fe6f6bdfa5e5d051c518d", 0x1b}, {0x0}, {&(0x7f0000004a00)="efe1f4595da70a588c0d60f5c4c5610c8ef3ca98bb549c155fb1254c856699362fceb227a5d84698b10c6216a1eaf6302cd44b64800b6e5363e9ba85bab87c820ba23b3bae176f5b6c72b55f8db15b7400dac809eec963cca5d0cae08a710e3a49f309e7f117c7496cfc99c846bce5ee7c81022312aab46230b04dd41528711b3ce6a74f30e88cea27dd707c9b00d192e442274453b35c697b68b2ab4c8abe8eaf83d62c314acf8f73d30dcd1e171614", 0xb0}], 0x9, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, r2, r9, r10]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r8, r3, r5, r5, r2]}}, @rights={{0x10}}, @cred={{0x1c}}], 0xa0, 0x28000801}}], 0x4, 0x40004) 14.265459924s ago: executing program 1 (id=365): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004200)="2e749e8cc85e6b0ee5df5723d688df544b556c55827971aac8755cf20fb368f051592f0f11cded477b6e2cccf88f63b6b9a785545c9ad2e3f802634ea9be5a9422a3e3a4fb5a31f9f1370b9b2ed84de8ed3434130a8e4a2a43da16c9ccb794ef54d69b6bbbc22f760968086c5015f2ea4a3c2b3ffb6c6f496728caf07383f8c92c266b5fd8737820d4109bb0d222215bba6ff978da9da26b0e58e3ebc39d3e4240585581b5ef46c07d31f59fddc66bcac21c633bf2d4a2035b29a8a7b5e88007827579c3abb9db30a25cd264de86a793d03c9e3fdfd8f30342d07764a52991a8280925eee8c387df8b3e0bb1d19110937271822237540ac0a56c940e966a21059bed07f4f72e2d39a9d660ec5825a14da750cbeee159dbef9449abdcc021df8e64785e78b41eb0ab9d7498cb2d5fa800d9fc0f44a6fe0be3a024d48cda95fddbcee3e5f6289cc2b184cf80b714a13922545dd9c14fc771f6ce08557b9ca99a4de6193155cda1164752707b78fa0e241dcdc7a70debb7ef136279e5e5aff42ed8eac8c46ac4471a056508b6bbe70d05530c906206780901bf45aa23d128956397d35329370cd248693285f86ffa28495721c1bfc49916c6e8daf36c18307f1997e7061e9763b79115f433bab381a84bf99031dca8d3f6354cbb6ef7de9609f36a41eff8894ce84a4baa53a1a75727005e1004f21cf6fce6f36821a10dc53fafb17a8be2d7f856b3bf746c8f3d0807c3f526f533fc5ccb7632f77e5652153477c120b2b93fef9b387a6bcd13f8805ffdb4112820a864188dfcbe67028caf8d267dae2c479ffd0415ce9756d268902c8f41c23734cdce58fbabcbefd7673f678c6796f2eaa21fbad557d5262b2b037cfde6a3536eb3cf3f4bdebcae638a2c63fe7677fcd7b8dbd9fe6b828f46dd7513abe880701c2005972b1208c8575f7a42a227f7ef355e61aa03f2f6514552aa767e50cb086633c556fd8c43494fc5278e179d2ebc2d7a86c88dd051e360bc2e226a64d412451904d301f93ebf232e367972781ffc91b51b4b160a5c571fca00b764add93a67d227ef5359a38d3e6444956940b66586a80b3dbd63255dc07ed3300a71cedec6d5ab9a5a0fe81c134426890f456a9fb9deb638fc188ec9e235d8bdc848febff19817e29f7a4be331b822110725bd3617096becf7193bc918d31dc02198ef314e7ff408c5bb3a2c6469d2b2312b2eca2b2bfbfc92a5822bdb308de0b533b762e1ccfcfbaa69a08102eb4de20b625f01cb22d27febe953547990ead464d87286407db7e7bc9e8f561c217273ee7acc656645bdc749afe289806c01b365f685d1b18425d3a0d1fa4ccce2fb44c46469fd5d34d4db9d4ffdbfc249d34cabe564d5ca193276dcf04a36c90fb15dfa552c987c0a611ed96602f47a0b3c3bcd7e0981020abf1c0b5cb48029485f644f3801037173a46f5886de9cfd388c8dec8a02762a1fbfd22698579176f1feecc8f177ed762a8d3daf4f43a3cf94ec7282a07747478cd5eb84b88786a8793fcc270937f6483e80612d4acdec8a88df226f172aaf530d0552df5f3adcd6dd13cc719c24d20847d6a7c73927c9696c7095a7582062c688f7712e8924d97df16405a2d5e571a1d06734761537b479824b4b961c8a7fa92f3a5f7ca95155e1291e10521204ba253e82ccb553f562bead4d02b5b1b10132349eb973149eb9f0bfd48d1bfce86f73d13ffa2b76f72677cf5ef92b67b8d8b02d7320ba5afe6049eeacd2c223e13c8ea5f231e25e8090143e235c457bc549b981a18c30e12f5954f54ede63c56e3edf63b4c20f01aefad3d3bfddb41b40673636caa2fc9ccf2e6124c7a32a1b472ff1b0e74da2777bb84ea51468519d03bd077afd8e36ed0e67d1060e5feba19c09fc63d8ecf5e10fa650a931a47a00439fc96f2ed4bad1d70c50cf1d4963267db0585e4ac3b605bdfa5aa90e1d3e407beba7b4e131b6af563b0e90f57fdb11f7da417cc0f38abd53060f56ae2d4da094d709b9b207aec1f9686c9c9352705453a189151c3278b7736929ffe93fa94143533919464888f08059cb915f7f2ee37bdc2c2d30305ef6407aea7d9f89c0d35ec93c6fcce964cbf7f912c5b2695b8a6983fa83ac5e0a0eaf78f134c211aa34a922b9458cafd072b49cb187b211d612e02b8f7749eb3b136bafc655a8b3d4e9961fc3043754930a4e7bdcce1883421e189e9c0b1268f1f95b9177347073898ff011482427c43decad44c8ff020fbe7d3680c76898d7f538e189720d42dbdef4229e13bb7fe448aa6238eeaf0d81dc7b03b5136edf865a996ed545dc5c0ad4659da7d01731705b0d9733ec5996d70eb62ef11534f19080f95226d0fa02771f53583f67166845ab1143fc804e23d6368597dd168a1ae0517cad84f04bbf036a9a04a7af8f67fb91b2934a473ccc5bdcce134c9a10c10d81afbaeac63c2706d74e464164249f5fba82d0be6b4e82415ea644009aa4a443fe9b80717b5d104986e60a13b335e228085b6390a110451523aeefcf603b124202c5d47349ff8a67c3871312602e30bd00dacd5b6e9ae2c4afbd590af002ff62cb8a30c64a3bc843ebfaf6c9cb102ccdc2f05aa57f240632966bcc7fb73b550922bd7dc183eb5b488a83c7ef0269f4c9b92592357ec0eca5a14c330202c87d8fe6f7a4350bad8dc29d1de33aecdd10dc2329c7cff90c8087251b948f58b864d4e7d6c5e5d800c2e7741273356b13c3277e8f60242cde5aee19bc5c55a240025e26bbb893a5b2f39dd77a24604d445ed5b22988fe530e952229e84b5c05f9521e014eadeef4565a0a9c57b9bb007b4177bdd8ebc87abcbc0317cf2988be2518291c0d89e0141a7cd0e2f37e4db94cab5204f804ec0d0fb0819dda879328cf675be07cc58d8f8b50ee56670229e8a7839a33831ea005a87eb84b3e644040915e8eb44055b7d90e23a3970e87957abceb632ec284438bfda423cd547ef14d786f36db71684cda4235b067408d85c544ea257bd75a2e4935fd325a6aaf57664c5430dd24d4588b2774c08f376bf606391d1199347281042431d0e1b6bb7f46fe4502d67ebb3f0469800a17162dddb37f7ca2c1951b8de5da108065aa933a9e04eab95f6018d3326fba38e33b5a701022244b0888f4a643b333cf18db2f37cf2dcbb86f20fecddbaf186987c7901b74376aad2b99829a478a2d68c0ca48cfeff10cc27110febbc37d33db56700f909e266ac33b60090a2f38f0b3557ad094d7d42dfdcfb27cf538cc121b1ca181362290cbf90e73c60cca5ce62cbd6ab49c39aab5054aee6de4dc2caf56079180c964dff0191185fec1065c508249db0e21391e00eaffae3300a19c462b09d76831262fa177923f02095c1f57595f560feec1d786edea504ba32dd39dc0b96d7d0f859709540baa8043f26deb237ee8425bf8069be89bcafabdbccc671ccad77f878f73cc08f230243a640a9c1675e395e41908899e5f3e579f7940239a042d9a95a392cea4def19696941e155b84163e5d398eb10a43adbd0054d175d0ecfc151c15df09eee236f0f8da5c373e851c56e8d3d80b5284f17f5a9b0a72a27a3400b4e2b3188a51d2352b991d6b4d97b3c6b2d0a184907ff3f4afbc22d5c72d79db1dd936a9df2757b1cf03cdef3c0367fe873074aecd48bc62ba63246682837625b4187b2273de35b6e7a0982fc62630193eee7c090d279b6513db822c3375c829c86ee57104e2049a410f521de405916b90018e8b81f457cd9294ac0eaec1627ff8954572ba7009f0504cac8be8fe1eaebda0e426be956061595216108332067ebc18e46ac9aa200d85ba60f0357148c9cdfffea9a7795a7dfe7d99bb045602685a28032e0475b96da0d576737e05b38401e1f8c3abc8b34a21bd08dfa492ef0d4496569f4a3eb52fc12486a15786a87b5c1b5ae2df6d9d75f4615a664e54b2fa0968507acde7a07f6435ab8bd84d0e6e9eb8cd6c78ea69a6679a53564f88f224d7d4f4ec8d19739a3863f0f1eea35db1aa4ba4ef180025258c7f1c377603948372be9a22da66ca56a945908c274dcc4515a6253d9383dcf17a65d474863735c1b8655840446d31a5954bcc3581ad465d019c9ce240b75ff9d20e226d398687c78d21cc8899f5ba6397ee7bd8cb1875feb9a24b4abca8ddeecc7dfb03927a7fe7129d91fd3743932167b5a2995a5e4128b7db18cf6978de20af22018cfa0dd97af0fca0763be77b64d91dd5f31b5a65f12a32aef11954c05d9a7372362cec82c30a98eb4dce5548f73d8fa92c5e8dd44b054b323e3b153872eb8e8ba36c2f062f0bcfe762d41091d8dafffe71db31e9961312f1eeda0c3f3ff8a558468f05e8a3123086714b6980003a85afaeda65c6505d6586fe2f3ad773ef09d8c0deeab879c6895492d14ff01dffe8b65abc935a7c574acaeda6cbe624f1b4b733075b4d8028c9bfaf8f66b8078b98d1210c3afee89159e9e9c03861e062b7219462fb88643637467c0998682ffca0fd5f71a1840ef802d09ad0555774c7bb54fe5c413e2a1734c4be29f25fc58f65adc22ac294bed58fa69e24d3a9a6fce9e2d60f238809979d4c1db26d121f2f013fe5918b786a7b7f88226b92b40df9852b83b47dda5e876fa46961224511a947ff5b354a9a4064eebea9e22eb7a24953a02c5f640b9163eab5fce85b23be2d4c7ec014b5f8d32e0a798fdc2f8e905673bb02c7dd9a44be1741f6649379df146f18d64b428ae9840bf3323afeb3a2be43645341ca720be7b305d13de56a999875ab304786661594216c34ff6fc5e47f5a4e05ae6f8d64e5a7c598d4464b4a5a9d3f908015caeb39f635379af90c20a2dfee20aaff5ed5bc8646770333d29a4352a90f37c0ad33afda265f7c2fbdf4ae19d774620525f6cd9324aa009aac01ba58487c4b298753d03c72584205e3d92b64d933fa5f844d242ed0eb0b55793ef2c91e6483558089a533808dd41167e52e526f786b1953068c4807211725f64bfc745ef79c2a7c9400d2ba61113f10118fa54a91d6b531adddf5ecf6ec764f1e58ecedfa8ba08dc36c7cb91f74c77bd2e02ed878cdee30e8d0cf81b476589367ae2b67d65d2dcec5776d095a4b25f1145387a545c2ce0694827058c18783f6f0316770c2e01615785719f140e6765855272318175f4eb572e47c83404591489fe37ecb29379805a176d7969fa4148644f0b3e3ce9669b9dd1cc06881a11bf947a5518dc985714fbb3b428576b2daa7c1a31c1388faf03a73bd046df8ae6c4dbddd65739407bd827c419880cb76e7bf9db5718b50d899a9b01c8fec01befb0d6e72fc86e56df84716a70e1790246d36dbf6135d815f0cbab6c1ecaf89253d4063852cb1e11aef274b085ce2d7776e9abe075072bb39da5494c8c490e3547005a0763c6774546a73073d849310ca961c4c083ac2fc1e13a92460b8996b8d87e6abd420146a044658ac6859f2ec472b668dedd9af1b54388b55341bd66b7c90379a5b52e2db905d0e6a8341193af03f254044d194cf27eca879630c16da9c093586a1a6e42dcd5722e47c5e0c6070d3229e139e809307d2ddc4b9b7cdfb331df49ab3098a2e1121523ee810f2a28055beb88b0aa5cf93f87d366f4013c35c1c743f374e4c5b0e6005cf9429386d687450cd172b6a22049521682407315511c1311a3af4020c66a385e3a652c787fbcb1baf4e611d31e4cccd049cee851ac4f6077a2e9f2395420c3f6991e84b2cb9e331ef7d5da014e73fe6f5de2d07e372236f541650cdbee4c02d25d03b1cd3e9384a3004507061d4d8b897350d709f6643d40f16279e46529e9d4f58e0466e7df46c15fd43997f83574ce4f46f7a09123e7762014bd14b45d1cc8b28ef7de8aa8da2c63fa6e4b990c10aec5f6f3806b03f5e7d2c32cc206fb4af14f61c2b8ba117db15b57a1fb21bfd40f3b4fe1383b8043bd0ca7a75ddc0d6975432c211192024314722584e4dfd17b5d5ae40d27a257646ef20fbcd86e6a970d4506181f939b4719c634f66aba9c4d3ea4b18697dffb113344be354a1ba0a37973fbba6d569980522cd1dc398751f80a1a30ed368a2f513c101dc2aa3a233880847226437f56bb8ab9642281d867c80fc6dffe1f99807a00e55f0f2a8d16abb288e5ff87dca32c024c6a1a0a5588e704ab4bc3ddbcef6a7bc2d8a35de5a1cee5fa64d9e940d9c1fca2273a9fe520c555e3b076a6bacbe58f241ae24b36faba35541d747f277acfc7fb374070a259a659550b9d2d158b02d1902a71b382304c94771f380029ccd8c66b8ef2eea3319d810cd9088b81288c2af36c9e423f974a9a84ca6ea5aae1e9128aa7996ca154c2bcb70082d8eaa57bf8d9a0534deaa0b823916c87bc2b94bb68bc1b4cbf4728e23d4e1663c1d036e3a1342477d3303cba94f495778da51214f26d3cb765c7398cef04f0db6daf25d33b92b574cd4b9c85d69b296b153be60ad9ecba6abbd9b206af7495be5c1536aabeffae39d377e8b4c1425a66c496de9d4b83abf12f63ef2d2e02fbfb40a3ffc4cfb19c8ae0649dd71179c7c4338a6eaa6f51d4abb1aaa27218b4d2b68638b15174e6a4509eb0b9275e7468633244fddaed550e1c20cf256a0828348bbb915e70113cf8033ebca53bf35d06c8cbb09a3e1326a7209f011dc9cff55e192e64670dca28e57358089d06830f113fe06ac7f9dc0f3cf49687b45599d18c6affd99268192747bc4dc9be2d854baedf0d81b4d1eff347fbec4a0b4f8e2a94ece2c0217c9e3bd8dd43ba922a219f00cf2de35de84ef8e62fa983044bf5d4e5cdb31de8cf11aa148a936320bec00b26127d7ff24a555117aa449ec6f9d0ba98410d7ca0450cd99992d92670cf5ba59cb551f76c5060e3f618f46fb5176982d8f246cfa811d209b8f61cd00758a129bd6941da2451f1a19dd612425c97f152570e4e62db9aba7d148ed5e4e333068aeb2625ecf43c0ad9092638f688b8ee3e62780cc2befec03c5428a9376ae7e2ee17bc585ecd60cc8b46f268b793b9d74f20d475ab1b05f0ebda051630d003b424cf376a083663bff163756888dde2fa3385c7faac40472de6e1882b9131f9b9a755fb827a996a534077b85ea760077280d8dbf4988496720a64fb8e2c96afb69d529516bfa8f7e81d2eb780854823370a979c50566f88ebab97385f30ddaed0b0438b689506fb49c943713bf835ed75d09dfefd12ebeb2405a46594f556fa8b3d32547c922808f1182658ea0208ae0d62095e9588db1d94956bc959212a5a1bff0a669758d4aa8f1eb11ebd566cf65d92051b1877bd6fe4b7266b21bec833331abd7c4a347da57774e7c05897fb82b7ac39473b6c87a33bb912dc9e11bb5a0b4895371eeb500a827c3d839c885488faeee9586058238d2259163756f69eb533af03646ee4558a67d5978bafb8b2e8c896db55601b59ab4a5451f23611a02c6752a6c80ce8872dac2c03024750fb4a11ee23018ce0faba974b43a67503d353647959948c9ec697cd193b040c9be6569514b681097dcd6310dd9086c01d9bcb22483a880728504b8818902db0139667805d1b43550afd10229175813aea15bb2924afab70b1e4dbde6bf180bf9034e515102a25149e1eb634c9e56a037c2c3a3d1e213731e3611a167ab5155c6d7d103ef1ccbd748017f65493a95481de052d0183a4728b0ac202b10c517b09e8a8a8fdcb6bbae8fa797a8f1107b0f6d957472844518b3ea7cce89731c2074c533924dce44adbf6b6fd32044b624a63a3e0f5b2a8482b3294aa153eb03f2879b39e80078abd51d73a7f0ff77c546d7092ebb973a3bd013254576484538a8af8ceda9e6ac9daa38acbd7576a0054bc49a248ee2839aa8b604a41b735ee3dbc6e08cdaa92955dcf4fa7a4c783971e4134dcaf9a8b644c20894fd17d648452f90f9e00860eb8102534477f7e3279a0cbcee20d500ed648adcdfe6540509a49d438aaf1884bf1f0a434055866e643577fad463ffb8267b530d4bd8606d3638165ff4b9f6334c4ba818da17c5cc5ada304462a0c4dc0728d25428b7b61bf9804d54cc7bb7b0daf82a19576e5e6085561e66050e333e6302fd85d00f36a82a569e1b2ff7764a931a2e70409b5517df2fb1b3876ad4523d74ae224db617c40c55a2fa0c0aa3e97b7c350a2eff49ecc551b50d741f6c1aac4f6f78644eff674df4cbcf56c259355bceaf87dca07931d973018aca418e5e6f000e98eead669c39783e144ae3b43cd01920ad383d774105c1594a2fccdf159a5f9bcb395220cad1b22ce09e7c5683166b9bc4bd2fb2bd1b676890abfca67d8a5702d0dcb751b9a457be82cba2c2f3e31e7d59eb8b8fc8ba440bed80bfe560195968d430a9d15701147541b83acd50038f8beae9220a6e473ea41838b16c1bb6f5cb1a9dded046565db6327ec818c9aebc5e2304f9bae0325294fbf6282e49fad4af3538a52c44209e611869535f854005534767bc73834780f6d6ddf29b472da78d4ca7523cbcc33085778a596dc46e084cf624cc1b61fea19ebfdb5fdabc24c3a5e6b64f2a59b1dc015398feae49d167fdfe1ffcf6f078c8033965ca34de7a74819903aa29ec4efae8c7bd5d8e5da21cc07a08c1cdaa535e1f79525a3fdfc153cc4af8d9906244f749f58418cd58c06f7d0f722a52978f1889350f5a1390bee67ec1093377f7f5c417f47e54e2531a3590ae8e512df1beef1c58a75985468e8cd481fe07ffeeac960bec795a690eb6f64d634e7c220ac8e628c30bb2e28395c69720e801f952b376cf9ef84011589cb9480f9194c2f7e06319a45253c9052e39983e0a59ffc484d0951eaa0eaced690518f08abe1390799799367c690c860193139f20c82aaabb5ee0eb8fd426e792d5bf68646c1e9697f375e7184f3675ec415d74aedbe814e24bf66a3b930fb4b44edcfd5414afb0b0d0420762cc3c124bceedce0e56a5204717e33230db15c8f8a9e5c23458c2091bffad6f3292afccd1513f0d302086da00f5582c83f643ba5bf75dfb4941c656b4f905be14f13379a830e7e15e71919f8b5be8e0f769906e5f6e6e5a618365516af74ee2360db3525329cd7e5cf4ee666afd04663c5b96565fae390cbf754804af05e03bb9596f036e52c187b66e46f3bcf4c7c73f6135f8ee308a544f9abe14ba1b077a9b9ebe9cb09e8924c7e24e664f9fe5e5471546ad23ab9384c99921ba0990bd15de906fc647d1d9489a5c1515a5efd8517049b910158c7efdc22a3671e86076189cfcefdddd5def5c4634b374f34d25f3b03018e5324b64626e69bb1b667647ec926add0a89648414a28058d04f12e9ac5bc2527d189f16558a82daeca13eedc125cb23436f86f68c147015853aa07738c99f571dd51e4864da4c81857c9fb5338c5eb2677d01dd134a749b7832b64d9ebcc33a04e1a62f07de55620a688e944daa2c480be3e00871058a6fb34b52bf0c3fc46a556f13a3d6402a9f42c48a7756c07b3a58aa2cf932e650d88dfcf9fa655386b13073eb6134b10806d60b4529d72153f2f4df6df19488c792b4d8d11086cf7ef2d9d1404d1876f4d30d566bf88d3fcd5bd439f82d918bc988cd50147d3770489e25bd953428c5bc66ddfbcdb2e40452cd4fd6adac67febb7de9e8b8ff6f59ad548b96256d80f1092c94d70df278477a36461fca896ebb6d2d40ebfb95f2fb3f584610a1540fd2b511d267e8486615674853112b3f371db52d954b81297d954bb3b5182fee5af93307ad79af888f87ff15445e3292f640c26063d17209f1c79c1267b55afe3228fa254c4875beaf6bf9d586d3ce743d5e8376aa214bc1c529c0f440b4c8a33dcac8938bb2f8c2f19fee903ba7af21d3f6c7049f371db6fa4d0436964f07274274ada68c8601b70f56860059605bcdc0a643a79132f3252141b2c151634dc85217ed18fdac27b3479382d045029fbfa90d655b3e0b5ad134e8d524ba837304ec07d3cd37d3314f3690e04c0c777f1cea960baf23d2c394f245394bbb7f6101fc02bdcf3705ef329a0e1749042a204a3463406f7b34bdf23a8d8e2759f1b24f5308dc2736d1a81173826b059f18eae9ee6be8cab6c24039b8afcf775ee08f290161532715f6c19ac57985299013088c358fada7fbfb9fa339bf9fe5478fc394005ffcddc7da185f9c5ba4a79bcb3a6fa1b280ca745e32211971bd76ed26e923ffc0387017e80e0de6904c0364c7aa54b7aee04ece2c2a318b91f60c6559ef13fb1f774c803fed514358ff6bb4972d1b71b71025d943d4a074d2918be1008f63ab15094d1020c641d04d89bda5326bbfcedd86a064506b33f20bfdd83f59a57500d4aca720c882b192b0232ecee67da5eb3cdf61c931ce96a3bd4210bff8d9b3cef39de2bb68fc9bb645382e2a2971f58ac39471a8091676011900f01a457838c129374dc6e72c4a3107e96361511e44da1c90aa784b4ee081bc2090c3344d12aeabd1c6c68475243e0b7c1e4e0b8df728bcdf3d0fcef630f372ce11bfb680897d3ebb427f08ee18ebb3f5e604121831506e8d3cc9c3700a5bdcb3ebb73d1f494257c353325ca7983781ba108819652041b5edcebb99118ba33244011c93b5044eeab58ec77eb4b9b88ba63a6b98ece554be80db1df349de18df6b66210e965f436cdc5c6e4e01840b6da8175eb074cdc22f8bb36f5ce18c6a9142ca726dd5a889967112535d125cd2e19c397fee7a786cc7d84cdf3d7e7cfe96e6b97ed50ec01a98e36ce7cbe8dded29bd9b701bc59a5a119b2f14af8e1ddc6907899178f1c40d78db921ed0bc5d0984e945f2ba0422452685755820b86133072ba4e6d4560b4baee9c87ea99a857061082d08425038a8ba5bf4988a19676a7757389eaf0d89f9e58c1642ff00913f0abcd23cdf01b5ecbdae37763dfb28a679db4fd8b7616b3a2d96c30e71d4e48dc6e25203a1260eb42a217a157296604806f919f11842668294dc03c57c33d605285bd5142420eb94fc92b1896722ee795871eec92e2dec45509c47b63653e539bc8607325b7d3712c43651bba0701bf6c8e4963d48d4748dfa9fa39c7d69c81cb794a7911cc18d576ae43f3e7d8e9eedc9ed02936e027698e413598bcc8ec1d5fd029b51abf080772abebdafbc6b5db07fb49e9bff7e71af635fab4fdbf15f6a6526acbcfc37bfa294183fe28903af69075c299f972f05f6f2cea53ddad14b115635fa8a637a42482b0fb3fa4c403d43b272c726e1f51f2b469c165d9525d0ada2a582610fa4974c8e57351f587502aa3ffad717b418c2de230b741ea3872d308fdc3ca1f7fb3c87cbd70e0e5d5255a0ae56a58650b3d5b986f0e8fe8b97d46bc52447247e0f6a2361d1ebd1bbad2649d33a1b8c95ad9d294f3e12ba777f0da16f3e7501e2607d5ad28d650b2641aec2eca83e4452a4bf8ed51768ad6238a79cb0d96dafa36915297bc95a3cad090dfb61b8b13b462110780df8acbdf337462a9403599b7f54563418bf314dd4aaa7a1406423a9e70b34ec54872c0cb14077cb5996134f10cd40a13b17cf0731675cf0ad2f981992a5c15613a66c9cf5e6d6910540dc17", 0x2000, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x78}, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) lseek(r1, 0x0, 0x2) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8931, &(0x7f0000000000)={'veth0_to_team\x00', @link_local}) r3 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x3d, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xfd4}}) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b00010100000009040000030206"], 0x0) 12.511895431s ago: executing program 4 (id=371): r0 = socket$inet6(0xa, 0x3, 0x8) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/zoneinfo\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000001640)={0x2020}, 0x2020) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x2c, r4, 0x1, 0x0, 0x0, {0xf}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0) quotactl_fd$Q_GETFMT(r1, 0xffffffff80000401, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e21, 0x0, @private2, 0x1}, 0x1c) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000240)="8eae83f82e82be4cf37fe0f3883d90e68ec51414a6e5c977de1213ffb7455e4ce4378c5699d166c130e36b63e7150107fe89bcb51027441b60e2aa56ec3dcd8d73939dc64af0036b92992f60041019035225cbe4d855d402960644df9dd6536978d2709812e6a155af7246489213b6523ffacf7053ded10832e8a1db2f3f2eef1c10c3d6a5d2c0562b2772a37fa6355ae2a91cb2285d877afae4326012f720e1", 0xa0}, {&(0x7f0000000140)="924a0649a8b4a00f98dd6be3f07ca9292606879679d2d5accc0557f16147d742b5478b936a148dac10dcd1ca7440fb9c3bb1f4bb1d5d168a421e57cdf1c1d4a28f7aa37b65a25b1037f3c679b14c7862bbf26f7bebf0089e5a39f12f7d8848d6ac2bdc8948e83a7416fc11377f99898e5882472ad723f1bc7c7b7c9356656bf47fd88805f92f572078c2fc9b9a9069bb9cc670c4203bc6d5ec0715c56cd39676aa340d5ab8e9bb794b634cc849bfeb9d4da824303e3dae05e14dbb78d2bc8440616b2fb88fb486ed0fc961ceab821cda74ef49311994cb24c2e0df4a0f8eb2d8b5ecf69e0e64c47fa1351e0b9bac5063034ce42a78", 0xf5}], 0x2, 0x64, 0x205) 12.340373801s ago: executing program 4 (id=373): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r4}]}}}]}, 0x40}}, 0x0) (fail_nth: 13) 11.752651313s ago: executing program 4 (id=374): socket$kcm(0xa, 0x922000000003, 0x11) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00') lseek(r0, 0xc1e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x13, &(0x7f0000000140)=@ringbuf={{}, {}, {}, [@jmp, @kfunc, @map_idx_val], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r4, &(0x7f0000000400)=""/218, 0xda) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r4, 0x404c534a, &(0x7f0000000980)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0xc08c5334, 0x0) tkill(r3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) mount_setattr(0xffffffffffffffff, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000001dc0)={0xb}, 0x20) 11.001266365s ago: executing program 4 (id=378): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10) setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000fee000), 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000002200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000dfa6b6f0000010570000004c31f1f8ffed0cf00da325a113cc2b81cb067133c1e9145d46ea932ece3b62494e600a8e63c4f42ba63087eef32146eda04f1cb1789d1302ab2a8ad5610cee92111352442aacfff4f7918729377e07047dd7cc60c75c657230a04d4d8504050f6d02d1c770c2f3f06be7224b465bdb318666f4", @ANYRES32=r4, @ANYBLOB="06009500ff7f0000"], 0x24}, 0x1, 0x0, 0x0, 0x40408c0}, 0x8080) r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) sendmsg$NL80211_CMD_START_AP(r5, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="301cf453fc3d0543451334d7971277b4000000", @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf250f0000000c009900000000007d00000008000d000b0f000008000c0064000000"], 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x24004011) write$sndseq(r5, &(0x7f0000000280)=[{0x0, 0x0, 0xd2, 0x8, @time={0x4, 0x7b937080}, {0x1, 0x9e}, {0x7f, 0x1}, @ext={0xcf, &(0x7f00000000c0)="9d65264300a25d8e96a6e0bc28a481495f7ffc1d9480d63913499ec2a87dba410fd22910b4f2b12c8f6e089d1ae2bea40cbc00f3ba3f767d4f48ab5d26ff75fbc7d1437bf39a7fc68018b6fe1396dcc20429edd1100222686f71a002cd1ed7b22bca685d68343b6a19c495a902a4fc87e22507cb56cc24f04f51f13ae9fd3b371717329868e172d21d7c1c0d10a9d553ac17e7d60668252fc5ec20bdaf8ddf8642f2509abf27c0163434e2eb67d954066cdc8df72d046a55d1e49c2764bda7cb05dbd70dd90914f249d838552739b8"}}, {0x8, 0x1, 0xff, 0x3, @tick=0x5354, {0x0, 0x3}, {0x6, 0x8}, @result={0xfffffffe, 0x8ccd}}, {0x1, 0x1, 0x4, 0x9e, @tick=0x4, {0x11, 0x4}, {0x0, 0x8}, @control={0x0, 0x7ff, 0x9}}, {0x22, 0x4, 0x2, 0xcf, @tick=0x7, {0x9, 0x3}, {0x6, 0x36}, @note={0x1, 0xe, 0xb, 0x2, 0x7}}, {0x8, 0x0, 0x4, 0xb, @time={0xb3, 0xade9}, {0x7, 0x9}, {0x3, 0x5}, @time=@time={0x2171, 0x800}}, {0x1, 0x3, 0x4d, 0x6, @tick=0x100, {0x7, 0xa}, {0xa, 0x2}, @raw8={"57dbc8df8facba81f3f9b8f3"}}, {0x5, 0x9, 0x6, 0x7, @tick=0xcb6f, {0x0, 0x9}, {0x4, 0x8}, @queue={0x9, {0x0, 0x1b0}}}, {0xf6, 0x6, 0x8, 0x1, @time={0x7, 0x2}, {0x3, 0x7}, {0x5, 0xe0}, @raw8={"e965ec448f0fbebd7d00"}}, {0x4d, 0x88, 0x2, 0x7f, @tick=0xafc, {0x1, 0x6}, {0x83, 0x4}, @result={0xffff, 0x8a}}, {0x7f, 0x5, 0x40, 0xff, @time={0x19d2, 0x114802c}, {0x3, 0x2}, {0x4, 0x5}, @time=@time={0x8, 0x9}}], 0x118) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00') read(r7, &(0x7f0000001180)=""/4096, 0x1000) pread64(r7, &(0x7f0000000080)=""/220, 0xdc, 0x4009) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101141, 0x0) pwritev(r8, &(0x7f00000000c0)=[{&(0x7f00000001c0)="a4", 0x1}], 0x1, 0x8800000, 0x0) read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) sendmsg$rds(r5, &(0x7f0000000e80)={&(0x7f0000000900)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000680), 0x0, &(0x7f0000000e00)=[@rdma_args={0x48, 0x114, 0x1, {{0x1, 0xf93}, {&(0x7f0000000ec0)=""/218, 0xda}, &(0x7f0000000d80)=[{&(0x7f0000000700)=""/111, 0x6f}, {&(0x7f0000000780)=""/167, 0xa7}, {&(0x7f0000000940)=""/201, 0xc9}, {&(0x7f0000000a40)=""/115, 0x73}, {&(0x7f0000000ac0)=""/167, 0xa7}, {&(0x7f0000000b80)=""/74, 0x4a}, {&(0x7f0000000c00)=""/255, 0xff}, {&(0x7f0000000d00)=""/89, 0x59}], 0x8, 0xc, 0xdfeb}}], 0x48, 0x48080}, 0x40) write$FUSE_INIT(r6, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r6, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) poll(&(0x7f0000000240)=[{r10}], 0x1, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x12, r11, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), r10) 10.918574417s ago: executing program 1 (id=379): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000140)=0x5, 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.654850415s ago: executing program 1 (id=381): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x9) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) uname(&(0x7f0000000240)=""/190) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 9.242055397s ago: executing program 2 (id=386): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c) syz_io_uring_setup(0x5804, &(0x7f0000000380)={0x0, 0x1, 0x10100, 0x200}, &(0x7f0000000100), &(0x7f00000000c0)) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}}, 0x0) 7.876055756s ago: executing program 2 (id=392): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x9) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) uname(&(0x7f0000000240)=""/190) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.258954803s ago: executing program 4 (id=394): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x57, 0xac, 0x19, 0x20, 0x2639, 0x2, 0x5bc2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x56, 0xdf, 0x8e}}]}}]}}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000080000040"]) 5.692692264s ago: executing program 2 (id=396): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000000180c200000008004900002a004000000000907800000000ffffffff0000000001"], 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 5.382637735s ago: executing program 2 (id=397): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac05]}]]}, 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x64, r3, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000010) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@bridge_dellink={0x20, 0x13, 0x1}, 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfe, 0x40000000}, 0xc) 4.341954659s ago: executing program 3 (id=399): socket$kcm(0xa, 0x922000000003, 0x11) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00') lseek(r0, 0xc1e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x13, &(0x7f0000000140)=@ringbuf={{}, {}, {}, [@jmp, @kfunc, @map_idx_val], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r4, &(0x7f0000000400)=""/218, 0xda) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r4, 0x404c534a, &(0x7f0000000980)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0xc08c5334, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x80000001}) tkill(r3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mount_setattr(0xffffffffffffffff, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000001dc0)={0xb}, 0x20) 3.871179129s ago: executing program 3 (id=400): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.869326965s ago: executing program 2 (id=401): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x9) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) uname(&(0x7f0000000240)=""/190) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000200)={0x14, &(0x7f0000000100)={0x20, 0x1d, 0xad, {0xad, 0xc, "ff9109b59f64088b2da85af1f1d4a49dc0a6d91ac64d712a29427974b4e33a059d686b88f7a7a4ad306e4f5745f4a57b23c4fbea8dbd93801985c1e8a9a8ba24352bc60204379fa1dff974cbe06f88845e6afcd8066df7a13157cad6d16b3d44299410604d20934ad2501085867a70bd992fd03fac2135a2a3e7cf81af4ac81eebb27367ab296683964546b8c5c23dd468a72c6caf595adbd7738751b175e856e2424b3da357c39e0ff08e"}}, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000240)={0x0, 0xd, 0x2e, "332eec293cf9fe89c6c9830bfb326d60a56f8ce866495a8a55bd0ae6dc699155ab7b3e9477ea3ec5552a1a0ec553"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, 0x0}) socket$xdp(0x2c, 0x3, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001dc0)={0x20, 0x1, 0x2, 'q+'}, 0x0}) 3.832200612s ago: executing program 0 (id=402): r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001f00)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x1000, &(0x7f000001af00)=""/4096, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000680)=[r1, r1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x1000, @void, @value}, 0x94) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, 0x0}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) preadv(r8, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r12, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x5, r11}) ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x1, r3, r11, 0x3, 0x3, 0x2}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='asymmetric\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', 0x0, 0xa}) 3.60708805s ago: executing program 4 (id=403): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x27fe}}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}, {}], &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x2, 0x5}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000340)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[{}, {}], 0x0, 0x0, '\x00', 0x2, 0x2}) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xffff) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240), 0x10000287, 0x0, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x11, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$TIOCSTI(r3, 0x5423, &(0x7f0000000080)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x0) ioctl$EVIOCSREP(r6, 0x40084503, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6069a25000282100fc020000000000000000000000000000fe8000000000000000000000000000aa0002000000000000fc01000000000000000000000000000000000000040190780500d55d00eb358b"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="640100001a0001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000006c000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024000900000000000000000000000000000000000000000000000000000000000000000008000c00000000000c6badf959ce3ca39f"], 0x164}}, 0x0) 3.023873853s ago: executing program 0 (id=405): set_mempolicy(0x2, &(0x7f0000000040)=0x471, 0x6) getpid() prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540), 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r1, 0x5501) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x100000001) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xe) recvmmsg(r3, &(0x7f0000004300), 0x3a4, 0x4000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 3.02149537s ago: executing program 3 (id=406): r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001f00)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x1000, &(0x7f000001af00)=""/4096, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000680)=[r1, r1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x1000, @void, @value}, 0x94) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, 0x0}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) preadv(r8, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r12, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x5, r11}) ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x1, r3, r11, 0x3, 0x3, 0x2}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='asymmetric\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', 0x0, 0xa}) add_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ae", 0x1, r0) 2.336894765s ago: executing program 3 (id=407): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)={0xffffff1f, 0x844, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d015d48f126de17910da6b6d6db83da5f30b7ba8d8d599b92370931f6720dcbfc3acf07fff2873e9c557e080d3ee193bfbb811a7b47acb7d51c00d6f9a9fa54e"}}, 0x38}}, 0x0) 2.070921699s ago: executing program 3 (id=408): syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) io_uring_setup(0x5237, &(0x7f00000002c0)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)) 1.965919992s ago: executing program 0 (id=409): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0x6}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x20) 1.257724677s ago: executing program 0 (id=410): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x2, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x1000002, 'lblcr\x00', 0x0, 0x0, 0x28}, 0x2c) syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r4, 0x0, 0xfffffffffffffffc}) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x0, "540bf55c4d009205d565c6e2199f73fd5043434326868d0dda212e0980e37df6"}) getuid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0xa, 0x1, 0x0, "093d4a3b5b7bc69a21cfb7f5eaac460300000000000000a667693addcb249341"}) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000800)=""/102400, 0x19000}], 0x1000000000000109, 0xfffffffe, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000007c0)="1400000035000b63525a80643d66b7d809f2e2ff", 0x14}], 0x1}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="6d00330080000000ffffffffffff08021100000050505050505000000000000010000000000020840100050c426df820897d7e36e4cd79461e72d725030000002a01002d1a00081502000000000000000004720603030303030371070001fe3fe03e9cf8ff00021600000000"], 0x8c}}, 0x0) 868.171691ms ago: executing program 3 (id=411): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x800, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0x4004ae8b, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xeffffdff, 0x0, [{}, {0x0, 0x5}, {0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}, {}, {}, {}, {0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x10}]}}) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x8, {0x0, 0x0, [0xffff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) 494.984792ms ago: executing program 2 (id=412): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="7f0000010000000000000000000000000000000033000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c0014"], 0x144}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', 0x0, 0x700, 0x8, 0x8001, 0x2, {{0x2e, 0x4, 0x3, 0x17, 0xb8, 0x68, 0x0, 0x5, 0x4, 0x0, @empty, @loopback, {[@timestamp_prespec={0x44, 0x24, 0xe0, 0x3, 0x7, [{@rand_addr=0x64010100, 0x80000000}, {@loopback, 0x3c6}, {@multicast2, 0x4}, {@rand_addr=0x64010100, 0x72cb00}]}, @rr={0x7, 0x27, 0x78, [@rand_addr=0x64010101, @rand_addr=0x64010102, @remote, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @rr={0x7, 0x13, 0xe6, [@private=0xa010102, @multicast2, @dev={0xac, 0x14, 0x14, 0x19}, @multicast1]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0xc, 0x76, 0x0, 0x3, [0x80000001, 0x5]}, @lsrr={0x83, 0xb, 0x77, [@empty, @multicast1]}, @generic={0x83, 0x8, "62b5df8ef9ba"}, @timestamp_prespec={0x44, 0xc, 0x7b, 0x3, 0xf, [{@rand_addr=0x64010100}]}, @rr={0x7, 0x17, 0x48, [@dev={0xac, 0x14, 0x14, 0x33}, @multicast2, @loopback, @remote, @broadcast]}]}}}}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_OIF={0x8, 0x4, r3}]}, 0x2c}}, 0x40810) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r5) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f000001f4c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @private1}, r7}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, r8}}, 0x48) 399.311284ms ago: executing program 0 (id=413): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) removexattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)=@known='security.apparmor\x00') 0s ago: executing program 0 (id=414): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x27fe}}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}, {}], &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x2, 0x5}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000340)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[{}, {}], 0x0, 0x0, '\x00', 0x2, 0x2}) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xffff) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240), 0x10000287, 0x0, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x11, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$TIOCSTI(r3, 0x5423, &(0x7f0000000080)=0x7) io_uring_setup(0x6ff7, &(0x7f00000001c0)={0x0, 0x4, 0x400, 0xfffffffc, 0x2ed, 0x0, r2}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x0) ioctl$EVIOCSREP(r6, 0x40084503, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6069a25000282100fc020000000000000000000000000000fe8000000000000000000000000000aa0002000000000000fc01000000000000000000000000000000000000040190780500d55d00eb358b"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="640100001a0001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000006c000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024000900000000000000000000000000000000000000000000000000000000000000000008000c00000000000c6badf959ce3ca39f"], 0x164}}, 0x0) kernel console output (not intermixed with test programs): ainder of the config [ 114.416889][ T1179] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 114.446547][ T1179] usb 1-1: config 1 has no interface number 0 [ 114.462957][ T1179] usb 1-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 114.486703][ T1179] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 114.521593][ T5280] usb 2-1: USB disconnect, device number 11 [ 114.545883][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.578321][ T1179] usb 1-1: Product: syz [ 114.592414][ T1179] usb 1-1: Manufacturer: syz [ 114.602995][ T1179] usb 1-1: SerialNumber: syz [ 114.646416][ T1179] cdc_wdm 1-1:1.128: skipping garbage [ 114.663735][ T1179] cdc_wdm 1-1:1.128: probe with driver cdc_wdm failed with error -22 [ 114.766431][ T61] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 114.958077][ T5791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.015061][ T5791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.850862][ T5815] fuse: Bad value for 'user_id' [ 115.858334][ T5815] fuse: Bad value for 'user_id' [ 115.936305][ T5282] usb 4-1: USB disconnect, device number 9 [ 115.986589][ T1179] IPVS: starting estimator thread 0... [ 116.128759][ T5818] IPVS: using max 16 ests per chain, 38400 per kthread [ 116.693038][ T51] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 116.862183][ T51] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 116.896531][ T51] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 117.011961][ T51] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 117.027619][ T51] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 117.031458][ T5280] usb 1-1: USB disconnect, device number 11 [ 117.054147][ T51] usb 3-1: Manufacturer: syz [ 117.068316][ T51] usb 3-1: SerialNumber: syz [ 117.189004][ T5282] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 117.351479][ T5282] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 117.374176][ T5282] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 117.416987][ T5282] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 117.429430][ T5282] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 117.441608][ T5282] usb 2-1: Manufacturer: syz [ 117.454425][ T5282] usb 2-1: SerialNumber: syz [ 117.578858][ T1179] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 117.792247][ T1179] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 117.856555][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.876083][ T1179] usb 1-1: Product: syz [ 117.886555][ T1179] usb 1-1: Manufacturer: syz [ 117.896671][ T1179] usb 1-1: SerialNumber: syz [ 117.916801][ T1179] usb 1-1: config 0 descriptor?? [ 118.392212][ T5847] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 118.689199][ T1179] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 119.051997][ T412] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.335227][ T412] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.416310][ T51] usbhid 3-1:36.0: couldn't find an input interrupt endpoint [ 119.443469][ T51] usb 3-1: USB disconnect, device number 18 [ 119.529551][ T5281] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 119.553666][ T412] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.688139][ T5282] usbhid 2-1:36.0: couldn't find an input interrupt endpoint [ 119.718734][ T5281] usb 4-1: Using ep0 maxpacket: 8 [ 119.732083][ T5281] usb 4-1: config 1 has an invalid interface number: 128 but max is 1 [ 119.750494][ T412] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.762468][ T5282] usb 2-1: USB disconnect, device number 12 [ 119.769092][ T5281] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 119.803044][ T5281] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 119.819915][ T5280] IPVS: starting estimator thread 0... [ 119.840196][ T5281] usb 4-1: config 1 has no interface number 0 [ 119.862242][ T5281] usb 4-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 119.899269][ T5281] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.918130][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.936884][ T5862] IPVS: using max 25 ests per chain, 60000 per kthread [ 119.958289][ T5281] usb 4-1: Product: syz [ 119.967485][ T5281] usb 4-1: Manufacturer: syz [ 119.983231][ T5281] usb 4-1: SerialNumber: syz [ 120.005426][ T5281] cdc_wdm 4-1:1.128: skipping garbage [ 120.014949][ T5281] cdc_wdm 4-1:1.128: probe with driver cdc_wdm failed with error -22 [ 120.015280][ T5231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 120.091930][ T5231] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 120.113968][ T5231] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 120.158801][ T5231] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 120.169220][ T5231] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 120.176579][ T5231] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 120.224807][ T5858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.260009][ T5280] usb 1-1: USB disconnect, device number 12 [ 120.336920][ T5858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.433279][ T412] bridge_slave_1: left allmulticast mode [ 120.462009][ T412] bridge_slave_1: left promiscuous mode [ 120.475799][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.581847][ T412] bridge_slave_0: left allmulticast mode [ 120.587561][ T412] bridge_slave_0: left promiscuous mode [ 120.594440][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.968819][ T51] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 121.009191][ T5878] loop2: detected capacity change from 0 to 7 [ 121.051964][ T5878] Dev loop2: unable to read RDB block 7 [ 121.078040][ T5878] loop2: unable to read partition table [ 121.125754][ T5878] loop2: partition table beyond EOD, truncated [ 121.148750][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 121.154041][ T5878] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 121.179627][ T51] usb 1-1: no configurations [ 121.189719][ T51] usb 1-1: can't read configurations, error -22 [ 121.349980][ T51] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 121.528931][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 121.535881][ T51] usb 1-1: no configurations [ 121.556605][ T51] usb 1-1: can't read configurations, error -22 [ 121.590344][ T51] usb usb1-port1: attempt power cycle [ 121.772350][ T412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.817538][ T412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.841723][ T412] bond0 (unregistering): Released all slaves [ 121.894136][ T5874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.176'. [ 121.930016][ T5874] netlink: 20 bytes leftover after parsing attributes in process `syz.2.176'. [ 121.962853][ T51] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 122.015136][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 122.031840][ T5882] netlink: 'syz.1.178': attribute type 29 has an invalid length. [ 122.063124][ T51] usb 1-1: no configurations [ 122.067790][ T51] usb 1-1: can't read configurations, error -22 [ 122.090247][ T5883] netlink: 'syz.1.178': attribute type 29 has an invalid length. [ 122.114604][ T5884] netlink: 'syz.1.178': attribute type 29 has an invalid length. [ 122.238758][ T51] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 122.260761][ T5236] Bluetooth: hci0: command tx timeout [ 122.283844][ T3130] usb 4-1: USB disconnect, device number 10 [ 122.303566][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 122.310555][ T51] usb 1-1: no configurations [ 122.315411][ T51] usb 1-1: can't read configurations, error -22 [ 122.323812][ T51] usb usb1-port1: unable to enumerate USB device [ 122.465375][ T5885] netlink: 'syz.1.178': attribute type 29 has an invalid length. [ 122.637468][ T5906] misc userio: The device must be registered before sending interrupts [ 122.984510][ T412] hsr_slave_0: left promiscuous mode [ 123.005226][ T412] hsr_slave_1: left promiscuous mode [ 123.017198][ T412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.031314][ T412] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.045631][ T412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.057194][ T412] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.157909][ T412] veth1_macvtap: left promiscuous mode [ 123.181677][ T412] veth0_macvtap: left promiscuous mode [ 123.216193][ T412] veth1_vlan: left promiscuous mode [ 123.229154][ T412] veth0_vlan: left promiscuous mode [ 123.541369][ T51] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 123.701485][ T51] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 123.731070][ T51] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 123.763257][ T51] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 123.804045][ T51] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 123.814815][ T51] usb 2-1: Manufacturer: syz [ 123.821026][ T51] usb 2-1: SerialNumber: syz [ 124.019755][ T5281] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 124.224426][ T5281] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 124.240500][ T5281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.256548][ T5281] usb 3-1: Product: syz [ 124.262574][ T5281] usb 3-1: Manufacturer: syz [ 124.267517][ T5281] usb 3-1: SerialNumber: syz [ 124.288092][ T5281] usb 3-1: config 0 descriptor?? [ 124.345649][ T5236] Bluetooth: hci0: command tx timeout [ 124.482302][ T412] team0 (unregistering): Port device team_slave_1 removed [ 124.590455][ T412] team0 (unregistering): Port device team_slave_0 removed [ 124.764114][ T5927] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 125.050835][ T5281] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 125.769965][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 126.152774][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.206501][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.296789][ T5868] bridge_slave_0: entered allmulticast mode [ 126.368856][ T5868] bridge_slave_0: entered promiscuous mode [ 126.419171][ T5236] Bluetooth: hci0: command tx timeout [ 126.623531][ T51] usbhid 2-1:36.0: couldn't find an input interrupt endpoint [ 126.644465][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.680759][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.683289][ T51] usb 2-1: USB disconnect, device number 13 [ 126.727450][ T5868] bridge_slave_1: entered allmulticast mode [ 126.746411][ T5281] usb 3-1: USB disconnect, device number 19 [ 126.777723][ T5868] bridge_slave_1: entered promiscuous mode [ 127.041075][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.105957][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.232072][ T5281] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 127.261753][ T5868] team0: Port device team_slave_0 added [ 127.297996][ T5868] team0: Port device team_slave_1 added [ 127.431387][ T5281] usb 2-1: Using ep0 maxpacket: 8 [ 127.462307][ T5281] usb 2-1: config 1 has an invalid interface number: 128 but max is 1 [ 127.494696][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.501750][ T5971] FAULT_INJECTION: forcing a failure. [ 127.501750][ T5971] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.501791][ T5971] CPU: 1 UID: 0 PID: 5971 Comm: syz.2.193 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 127.501818][ T5971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 127.501843][ T5971] Call Trace: [ 127.501853][ T5971] [ 127.501863][ T5971] dump_stack_lvl+0x241/0x360 [ 127.501903][ T5971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.501934][ T5971] ? __pfx__printk+0x10/0x10 [ 127.501969][ T5971] ? snprintf+0xda/0x120 [ 127.559458][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.560699][ T5971] should_fail_ex+0x3b0/0x4e0 [ 127.591389][ T5971] _copy_to_user+0x2f/0xb0 [ 127.595967][ T5971] simple_read_from_buffer+0xca/0x150 [ 127.601606][ T5971] proc_fail_nth_read+0x1e9/0x250 [ 127.606721][ T5971] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.612333][ T5971] ? rw_verify_area+0x55e/0x6f0 [ 127.617266][ T5971] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.620755][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.622963][ T5971] vfs_read+0x201/0xbc0 [ 127.637802][ T5971] ? __pfx_lock_release+0x10/0x10 [ 127.642930][ T5971] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 127.648556][ T5971] ? __pfx_vfs_read+0x10/0x10 [ 127.650590][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.653268][ T5971] ? __fget_files+0x3f3/0x470 [ 127.653310][ T5971] ? __fdget_pos+0x24e/0x320 [ 127.669586][ T5971] ksys_read+0x1a0/0x2c0 [ 127.670697][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.674062][ T5971] ? __pfx_ksys_read+0x10/0x10 [ 127.704868][ T5971] ? do_syscall_64+0x100/0x230 [ 127.709724][ T5971] ? do_syscall_64+0xb6/0x230 [ 127.714517][ T5971] do_syscall_64+0xf3/0x230 [ 127.719096][ T5971] ? clear_bhb_loop+0x35/0x90 [ 127.723859][ T5971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.725441][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.729797][ T5971] RIP: 0033:0x7fcdd8f7c93c [ 127.729839][ T5971] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 127.729857][ T5971] RSP: 002b:00007fcdd9d95030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 127.729882][ T5971] RAX: ffffffffffffffda RBX: 00007fcdd9135f80 RCX: 00007fcdd8f7c93c [ 127.729899][ T5971] RDX: 000000000000000f RSI: 00007fcdd9d950a0 RDI: 0000000000000003 [ 127.729913][ T5971] RBP: 00007fcdd9d95090 R08: 0000000000000000 R09: 0000000000000000 [ 127.729929][ T5971] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001 [ 127.729943][ T5971] R13: 0000000000000001 R14: 00007fcdd9135f80 R15: 00007fcdd925fa28 [ 127.729971][ T5971] [ 127.742003][ T5281] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 127.742034][ T5281] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 127.742060][ T5281] usb 2-1: config 1 has no interface number 0 [ 127.849835][ T5281] usb 2-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 127.871891][ T5281] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.881497][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.889624][ T5281] usb 2-1: Product: syz [ 127.895854][ T5281] usb 2-1: Manufacturer: syz [ 127.900817][ T5281] usb 2-1: SerialNumber: syz [ 127.922934][ T5281] cdc_wdm 2-1:1.128: skipping garbage [ 127.928842][ T5281] cdc_wdm 2-1:1.128: probe with driver cdc_wdm failed with error -22 [ 127.975576][ T5975] FAULT_INJECTION: forcing a failure. [ 127.975576][ T5975] name failslab, interval 1, probability 0, space 0, times 0 [ 127.990254][ T5975] CPU: 1 UID: 0 PID: 5975 Comm: syz.2.195 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 128.000730][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 128.010829][ T5975] Call Trace: [ 128.014149][ T5975] [ 128.017201][ T5975] dump_stack_lvl+0x241/0x360 [ 128.021934][ T5975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.027280][ T5975] ? __pfx__printk+0x10/0x10 [ 128.031933][ T5975] ? fs_reclaim_acquire+0x93/0x140 [ 128.037111][ T5975] ? __pfx___might_resched+0x10/0x10 [ 128.042582][ T5975] should_fail_ex+0x3b0/0x4e0 [ 128.047351][ T5975] ? tomoyo_encode+0x26f/0x540 [ 128.052272][ T5975] should_failslab+0xac/0x100 [ 128.057091][ T5975] ? tomoyo_encode+0x26f/0x540 [ 128.061885][ T5975] __kmalloc_noprof+0xd8/0x400 [ 128.066681][ T5975] tomoyo_encode+0x26f/0x540 [ 128.071298][ T5975] tomoyo_realpath_from_path+0x59e/0x5e0 [ 128.076959][ T5975] tomoyo_path_number_perm+0x23a/0x880 [ 128.082443][ T5975] ? tomoyo_path_number_perm+0x208/0x880 [ 128.088091][ T5975] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.094111][ T5975] ? __fget_files+0x29/0x470 [ 128.098724][ T5975] ? __fget_files+0x3f3/0x470 [ 128.103436][ T5975] security_file_ioctl+0xc6/0x2a0 [ 128.108558][ T5975] __se_sys_ioctl+0x47/0x170 [ 128.113180][ T5975] do_syscall_64+0xf3/0x230 [ 128.117700][ T5975] ? clear_bhb_loop+0x35/0x90 [ 128.122397][ T5975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.128304][ T5975] RIP: 0033:0x7fcdd8f7def9 [ 128.132736][ T5975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.152354][ T5975] RSP: 002b:00007fcdd9d95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.160885][ T5975] RAX: ffffffffffffffda RBX: 00007fcdd9135f80 RCX: 00007fcdd8f7def9 [ 128.168869][ T5975] RDX: 00000000200000c0 RSI: 0000000000005405 RDI: 0000000000000003 [ 128.176855][ T5975] RBP: 00007fcdd9d95090 R08: 0000000000000000 R09: 0000000000000000 [ 128.184871][ T5975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.192856][ T5975] R13: 0000000000000000 R14: 00007fcdd9135f80 R15: 00007fcdd925fa28 [ 128.200855][ T5975] [ 128.219286][ T5975] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.366921][ T5959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.378955][ T5280] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 128.430219][ T5959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.496982][ T5868] hsr_slave_0: entered promiscuous mode [ 128.500096][ T5236] Bluetooth: hci0: command tx timeout [ 128.509935][ T5868] hsr_slave_1: entered promiscuous mode [ 128.516068][ T5868] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.525111][ T5868] Cannot create hsr debugfs directory [ 128.649395][ T5280] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 128.659794][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.668444][ T5280] usb 1-1: Product: syz [ 128.672899][ T5280] usb 1-1: Manufacturer: syz [ 128.677634][ T5280] usb 1-1: SerialNumber: syz [ 128.731340][ T5280] usb 1-1: config 0 descriptor?? [ 129.185985][ T5973] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 129.288786][ T1179] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 129.448980][ T1179] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 129.463697][ T1179] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 129.483340][ T1179] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 129.493223][ T1179] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 129.509414][ T5280] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 129.550795][ T1179] usb 3-1: Manufacturer: syz [ 129.575469][ T1179] usb 3-1: SerialNumber: syz [ 129.671994][ T5868] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 129.740486][ T5868] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 129.772271][ T5868] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 129.798164][ T5868] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 129.952781][ T5283] usb 2-1: USB disconnect, device number 14 [ 130.049203][ T5281] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 130.136565][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.226869][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.244958][ T5281] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 130.269239][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.277851][ T5281] usb 4-1: Product: syz [ 130.285840][ T1046] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.293083][ T1046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.305177][ T5281] usb 4-1: Manufacturer: syz [ 130.325516][ T5281] usb 4-1: SerialNumber: syz [ 130.334523][ T5281] usb 4-1: config 0 descriptor?? [ 130.376043][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.383594][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.439780][ T5283] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 130.636776][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.675950][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.719887][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.762287][ T5283] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 130.781676][ T6005] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 130.801720][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.828482][ T5283] usb 2-1: config 0 descriptor?? [ 130.950149][ T5868] veth0_vlan: entered promiscuous mode [ 131.037032][ T5868] veth1_vlan: entered promiscuous mode [ 131.091129][ T5868] veth0_macvtap: entered promiscuous mode [ 131.106830][ T3130] usb 1-1: USB disconnect, device number 17 [ 131.111028][ T5868] veth1_macvtap: entered promiscuous mode [ 131.166901][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.179780][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.189837][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.201677][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.211863][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.213285][ T6009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.223981][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.224357][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.224380][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.227933][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.350464][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.361116][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.371201][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.381814][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.391837][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.402506][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.412701][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.423283][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.434661][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.445061][ T5868] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.454629][ T5868] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.463468][ T5868] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.472895][ T5868] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.496813][ T5281] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 131.682859][ T6009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.800582][ T6017] netlink: 24 bytes leftover after parsing attributes in process `syz.0.201'. [ 131.927710][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.960516][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.020957][ T5283] usbhid 2-1:0.0: can't add hid device: -71 [ 132.032861][ T1179] usbhid 3-1:36.0: couldn't find an input interrupt endpoint [ 132.072456][ T5283] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 132.097086][ T1179] usb 3-1: USB disconnect, device number 20 [ 132.125535][ T5283] usb 2-1: USB disconnect, device number 15 [ 132.135281][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.204858][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.545215][ T6037] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 132.758780][ T1179] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 132.811016][ T25] usb 4-1: USB disconnect, device number 11 [ 132.820828][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length. [ 132.888087][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length. [ 132.908287][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length. [ 132.917016][ T5280] IPVS: starting estimator thread 0... [ 132.944411][ T1179] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.976237][ T1179] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 133.025505][ T6053] netlink: 112 bytes leftover after parsing attributes in process `syz.3.208'. [ 133.034858][ T1179] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 133.049829][ T6048] IPVS: using max 21 ests per chain, 50400 per kthread [ 133.067430][ T1179] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.142622][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.149278][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.193800][ T1179] usb 5-1: config 0 descriptor?? [ 133.287811][ T6065] netlink: 'syz.1.205': attribute type 1 has an invalid length. [ 133.307612][ T6065] netlink: 40 bytes leftover after parsing attributes in process `syz.1.205'. [ 133.319954][ T5283] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 133.341074][ T6066] netlink: 'syz.1.205': attribute type 29 has an invalid length. [ 133.493634][ T5283] usb 3-1: Using ep0 maxpacket: 32 [ 133.514669][ T6070] FAULT_INJECTION: forcing a failure. [ 133.514669][ T6070] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.547009][ T6070] CPU: 0 UID: 0 PID: 6070 Comm: syz.3.211 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 133.548359][ T5283] usb 3-1: config 0 has an invalid interface number: 202 but max is 0 [ 133.557740][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 133.557763][ T6070] Call Trace: [ 133.557773][ T6070] [ 133.557783][ T6070] dump_stack_lvl+0x241/0x360 [ 133.557822][ T6070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.557852][ T6070] ? __pfx__printk+0x10/0x10 [ 133.557881][ T6070] ? __pfx_lock_release+0x10/0x10 [ 133.557922][ T6070] should_fail_ex+0x3b0/0x4e0 [ 133.557960][ T6070] _copy_to_iter+0x1ed/0x1d60 [ 133.557999][ T6070] ? __pfx__copy_to_iter+0x10/0x10 [ 133.588550][ T5283] usb 3-1: config 0 has no interface number 0 [ 133.592449][ T6070] ? __pfx_aa_file_perm+0x10/0x10 [ 133.597110][ T5283] usb 3-1: config 0 interface 202 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 133.602118][ T6070] get_random_bytes_user+0x1e5/0x420 [ 133.602165][ T6070] ? __pfx_get_random_bytes_user+0x10/0x10 [ 133.602196][ T6070] ? end_current_label_crit_section+0x151/0x180 [ 133.602239][ T6070] vfs_read+0x9bb/0xbc0 [ 133.602272][ T6070] ? __pfx_lock_release+0x10/0x10 [ 133.602318][ T6070] ? __pfx_vfs_read+0x10/0x10 [ 133.602362][ T6070] ? __fdget_pos+0x19a/0x320 [ 133.602389][ T6070] ksys_read+0x1a0/0x2c0 [ 133.602426][ T6070] ? __pfx_ksys_read+0x10/0x10 [ 133.602459][ T6070] ? do_syscall_64+0x100/0x230 [ 133.602491][ T6070] ? do_syscall_64+0xb6/0x230 [ 133.602524][ T6070] do_syscall_64+0xf3/0x230 [ 133.602554][ T6070] ? clear_bhb_loop+0x35/0x90 [ 133.602586][ T6070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.602614][ T6070] RIP: 0033:0x7fb91e37def9 [ 133.602636][ T6070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.602656][ T6070] RSP: 002b:00007fb91f1ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 133.602683][ T6070] RAX: ffffffffffffffda RBX: 00007fb91e535f80 RCX: 00007fb91e37def9 [ 133.602701][ T6070] RDX: 0000000000002000 RSI: 0000000020000000 RDI: 0000000000000003 [ 133.602716][ T6070] RBP: 00007fb91f1ba090 R08: 0000000000000000 R09: 0000000000000000 [ 133.602732][ T6070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 133.602745][ T6070] R13: 0000000000000000 R14: 00007fb91e535f80 R15: 00007fb91e65fa28 [ 133.602777][ T6070] [ 133.811747][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 133.833944][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 133.848758][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 133.856927][ T1179] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 133.913200][ T3130] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 133.962027][ T1179] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 133.979138][ T1179] usb 5-1: USB disconnect, device number 12 [ 134.029521][ T5283] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 134.040842][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.050345][ T5283] usb 3-1: Product: syz [ 134.055019][ T5283] usb 3-1: Manufacturer: syz [ 134.060467][ T5283] usb 3-1: SerialNumber: syz [ 134.069657][ T5280] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 134.076319][ T5283] usb 3-1: config 0 descriptor?? [ 134.100490][ T3130] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 134.128881][ T3130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.140673][ T3130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.150606][ T3130] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 134.163971][ T3130] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 134.173272][ T3130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.205067][ T3130] usb 2-1: config 0 descriptor?? [ 134.289593][ T5283] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 134.309579][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 134.323099][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 134.346944][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 134.358365][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 134.367591][ T5280] usb 1-1: Manufacturer: syz [ 134.377295][ T5280] usb 1-1: SerialNumber: syz [ 134.616551][ T3130] kye 0003:0458:5015.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 134.685782][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 134.783373][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 134.823281][ T6074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.844362][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 134.906844][ T6098] veth1_macvtap: left promiscuous mode [ 134.918238][ T6074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.929899][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 135.017799][ T6099] veth1_macvtap: entered promiscuous mode [ 135.041950][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 135.067758][ T6099] macsec0: entered allmulticast mode [ 135.084746][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0 [ 135.107255][ T3130] kye 0003:0458:5015.0007: item fetching failed at offset 6/7 [ 135.126950][ T6099] veth1_macvtap: entered allmulticast mode [ 135.191626][ T3130] kye 0003:0458:5015.0007: parse failed [ 135.237933][ T3130] kye 0003:0458:5015.0007: probe with driver kye failed with error -22 [ 135.314887][ T3130] usb 2-1: USB disconnect, device number 16 [ 135.389972][ T1046] usb 3-1: Failed to submit usb control message: -110 [ 135.457271][ T1046] usb 3-1: unable to send the bmi data to the device: -110 [ 135.502918][ T1046] usb 3-1: unable to get target info from device [ 135.560828][ T1046] usb 3-1: could not get target info (-110) [ 135.598103][ T1046] usb 3-1: could not probe fw (-110) [ 136.058784][ T5283] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 136.225479][ T5283] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 136.267479][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.305120][ T5283] usb 4-1: Product: syz [ 136.324347][ T5283] usb 4-1: Manufacturer: syz [ 136.363496][ T5283] usb 4-1: SerialNumber: syz [ 136.425133][ T5283] usb 4-1: config 0 descriptor?? [ 136.727074][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint [ 136.784311][ T5280] usb 1-1: USB disconnect, device number 18 [ 136.863138][ T6118] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 137.066349][ T5282] usb 3-1: USB disconnect, device number 21 [ 137.175836][ T5283] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 137.598828][ T5282] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 137.758849][ T5282] usb 3-1: Using ep0 maxpacket: 32 [ 137.781243][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.838970][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.882909][ T5282] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 137.921735][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.954887][ T5282] usb 3-1: config 0 descriptor?? [ 137.996484][ T5282] hub 3-1:0.0: USB hub found [ 138.053097][ T6137] raw_sendmsg: syz.4.223 forgot to set AF_INET. Fix it! [ 138.206177][ T5282] hub 3-1:0.0: 1 port detected [ 138.378995][ T5283] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 138.408077][ T5282] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 138.420951][ T6171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'. [ 138.434922][ T5282] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 138.460369][ T5282] usbhid 3-1:0.0: can't add hid device: -71 [ 138.477793][ T5282] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 138.546100][ T5282] usb 3-1: USB disconnect, device number 22 [ 138.578837][ T5283] usb 5-1: Using ep0 maxpacket: 8 [ 138.590737][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 138.643602][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 138.689654][ T5280] usb 4-1: USB disconnect, device number 12 [ 138.694902][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 138.754080][ T5283] usb 5-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5 [ 138.786077][ T5283] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.815911][ T5283] usb 5-1: Product: syz [ 138.844153][ T5283] usb 5-1: Manufacturer: syz [ 138.859263][ T5283] usb 5-1: SerialNumber: syz [ 138.886185][ T5283] usb 5-1: config 0 descriptor?? [ 138.920531][ T5283] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected. [ 139.239176][ T6189] syz.3.232 uses obsolete (PF_INET,SOCK_PACKET) [ 139.323219][ T5283] pwc: Failed to set LED on/off time (-71) [ 139.353581][ T5283] pwc: send_video_command error -71 [ 139.374914][ T5283] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 139.403802][ T5283] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 139.458253][ T52] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 139.465352][ T5283] usb 5-1: USB disconnect, device number 13 [ 139.590463][ T6199] netlink: 'syz.3.235': attribute type 1 has an invalid length. [ 139.598177][ T6199] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.235'. [ 139.679083][ T6199] netlink: 1 bytes leftover after parsing attributes in process `syz.3.235'. [ 139.970345][ T5283] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 140.026665][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 140.131006][ T5283] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 140.177067][ T5283] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 140.221316][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.233125][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.244580][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 140.261638][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 140.274459][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.314447][ T5283] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 140.355403][ T5283] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 140.358045][ T9] usb 3-1: config 0 descriptor?? [ 140.384531][ T5283] usb 2-1: Manufacturer: syz [ 140.397583][ T5283] usb 2-1: SerialNumber: syz [ 140.763943][ T6221] mmap: syz.4.240 (6221) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.937323][ T6206] kvm: kvm [6205]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x580 [ 140.961797][ T6206] kvm: kvm [6205]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 141.161067][ T9] logitech-hidpp-device 0003:046D:C262.0008: collection stack underflow [ 141.174457][ T9] logitech-hidpp-device 0003:046D:C262.0008: item 0 2 0 12 parsing failed [ 141.201750][ T9] logitech-hidpp-device 0003:046D:C262.0008: hidpp_probe:parse failed [ 141.226761][ T9] logitech-hidpp-device 0003:046D:C262.0008: probe with driver logitech-hidpp-device failed with error -22 [ 141.439677][ T1179] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 141.558768][ T3130] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 141.633019][ T1179] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 141.650517][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.663931][ T1179] usb 1-1: Product: syz [ 141.668487][ T1179] usb 1-1: Manufacturer: syz [ 141.678791][ T1179] usb 1-1: SerialNumber: syz [ 141.706778][ T1179] usb 1-1: config 0 descriptor?? [ 141.934109][ T3130] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 141.944583][ T3130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.953132][ T3130] usb 4-1: Product: syz [ 141.958295][ T3130] usb 4-1: Manufacturer: syz [ 141.963135][ T3130] usb 4-1: SerialNumber: syz [ 141.973163][ T3130] usb 4-1: config 0 descriptor?? [ 142.141377][ T6228] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 142.439561][ T1179] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 142.546059][ T5283] usbhid 2-1:36.0: couldn't find an input interrupt endpoint [ 142.593076][ T5283] usb 2-1: USB disconnect, device number 17 [ 142.766033][ T6227] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 142.924216][ T3130] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 142.938370][ T5283] usb 3-1: USB disconnect, device number 23 [ 143.074349][ T6243] syzkaller0: entered promiscuous mode [ 143.080048][ T6243] syzkaller0: entered allmulticast mode [ 143.227729][ T1179] usb 4-1: USB disconnect, device number 13 [ 143.548853][ T5283] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 143.710798][ T5283] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 143.719951][ T5283] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.741310][ T5283] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 143.774295][ T5283] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.824627][ T5283] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 143.849947][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 143.891281][ T5283] usb 3-1: Product: syz [ 143.904147][ T5283] usb 3-1: Manufacturer: syz [ 143.938247][ T5283] cdc_wdm 3-1:1.0: skipping garbage [ 143.947161][ T5283] cdc_wdm 3-1:1.0: skipping garbage [ 143.971481][ T5283] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 143.978416][ T5283] cdc_wdm 3-1:1.0: Unknown control protocol [ 144.244077][ T9] usb 1-1: USB disconnect, device number 19 [ 144.272274][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 144.279157][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 144.283823][ T5283] usb 3-1: USB disconnect, device number 24 [ 144.285256][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 145.088727][ T5280] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 145.266197][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 145.283641][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 145.357089][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 145.366570][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 145.393193][ T5280] usb 1-1: Manufacturer: syz [ 145.400343][ T5280] usb 1-1: SerialNumber: syz [ 145.670897][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint [ 145.697131][ T5280] usb 1-1: USB disconnect, device number 20 [ 146.584244][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 146.584263][ T29] audit: type=1326 audit(1727090405.653:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000 [ 146.615747][ T29] audit: type=1326 audit(1727090405.683:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000 [ 146.638148][ T29] audit: type=1326 audit(1727090405.683:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000 [ 146.661338][ T29] audit: type=1326 audit(1727090405.683:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000 [ 146.683845][ T29] audit: type=1326 audit(1727090405.683:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1b0b97c890 code=0x7ffc0000 [ 146.706329][ T29] audit: type=1326 audit(1727090405.683:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000 [ 146.730843][ T29] audit: type=1326 audit(1727090405.683:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000 [ 146.753312][ T29] audit: type=1326 audit(1727090405.713:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000 [ 146.775840][ T29] audit: type=1326 audit(1727090405.713:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000 [ 146.798538][ T29] audit: type=1326 audit(1727090405.793:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000 [ 146.852925][ T5283] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 147.010906][ T5283] usb 1-1: Using ep0 maxpacket: 8 [ 147.027382][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 147.050683][ T5283] usb 1-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46 [ 147.060181][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.069137][ T5283] usb 1-1: Product: syz [ 147.073352][ T5283] usb 1-1: Manufacturer: syz [ 147.078016][ T5283] usb 1-1: SerialNumber: syz [ 147.095897][ T5283] usb 1-1: config 0 descriptor?? [ 147.109819][ T5283] radio-si470x 1-1:0.0: could not find interrupt in endpoint [ 147.130386][ T5283] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 147.140022][ T5283] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 147.208413][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.251'. [ 147.218862][ T6274] netlink: 28 bytes leftover after parsing attributes in process `syz.2.257'. [ 147.232263][ T6284] netlink: 'syz.4.260': attribute type 29 has an invalid length. [ 147.404675][ T5280] usb 1-1: USB disconnect, device number 21 [ 147.728734][ T1179] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 147.748793][ T5283] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 147.893611][ T1179] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 147.918798][ T1179] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.933366][ T1179] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 147.946154][ T1179] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.958203][ T5283] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 147.969276][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.978490][ T5283] usb 3-1: Product: syz [ 147.979634][ T1179] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 147.993924][ T5283] usb 3-1: Manufacturer: syz [ 148.007934][ T5283] usb 3-1: SerialNumber: syz [ 148.016767][ T5283] usb 3-1: config 0 descriptor?? [ 148.022154][ T1179] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 148.033304][ T1179] usb 4-1: Product: syz [ 148.046385][ T1179] usb 4-1: Manufacturer: syz [ 148.058728][ T5282] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 148.084524][ T1179] cdc_wdm 4-1:1.0: skipping garbage [ 148.093217][ T1179] cdc_wdm 4-1:1.0: skipping garbage [ 148.102758][ T1179] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 148.113963][ T1179] cdc_wdm 4-1:1.0: Unknown control protocol [ 148.249343][ T5282] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice= 0.00 [ 148.259031][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.273417][ T5282] usb 5-1: config 0 descriptor?? [ 148.287485][ T6296] tmpfs: Unknown parameter 'f' [ 148.370939][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 148.372417][ T1179] usb 4-1: USB disconnect, device number 14 [ 148.377765][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 148.377788][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 148.504861][ T6305] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 148.690429][ T5282] gs_usb 5-1:0.0: Couldn't get device config: (err=-121) [ 148.739260][ T5282] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -121 [ 148.783555][ T5283] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 148.901612][ T3130] usb 5-1: USB disconnect, device number 14 [ 149.038894][ T5283] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 149.118870][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 149.211006][ T5283] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 149.224307][ T5283] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 149.237137][ T5283] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 149.251440][ T5283] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 149.260965][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.276159][ T6318] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.330221][ T9] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 149.348692][ T9] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 149.374349][ T9] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 149.394472][ T9] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 149.405286][ T9] usb 1-1: Manufacturer: syz [ 149.414751][ T9] usb 1-1: SerialNumber: syz [ 149.498373][ T412] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.682727][ T9] usbhid 1-1:36.0: couldn't find an input interrupt endpoint [ 149.733572][ T412] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.808915][ T9] usb 1-1: USB disconnect, device number 22 [ 149.821172][ T5224] syz-executor (5224) used greatest stack depth: 18192 bytes left [ 149.939183][ T412] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.061340][ T412] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.295955][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 150.313783][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 150.327041][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 150.337626][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 150.349104][ T412] bridge_slave_1: left allmulticast mode [ 150.358714][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 150.368853][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 150.390482][ T412] bridge_slave_1: left promiscuous mode [ 150.426780][ T6332] loop0: detected capacity change from 0 to 7 [ 150.449930][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.472868][ T412] bridge_slave_0: left allmulticast mode [ 150.478676][ T412] bridge_slave_0: left promiscuous mode [ 150.486494][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.505868][ T6332] Dev loop0: unable to read RDB block 7 [ 150.513871][ T6332] loop0: unable to read partition table [ 150.533216][ T6332] loop0: partition table beyond EOD, truncated [ 150.552930][ T6332] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 150.552930][ T6332] ) failed (rc=-5) [ 150.581556][ T5282] usb 3-1: USB disconnect, device number 25 [ 150.613340][ T4680] Dev loop0: unable to read RDB block 7 [ 150.628450][ T4680] loop0: unable to read partition table [ 150.646566][ T4680] loop0: partition table beyond EOD, truncated [ 150.653310][ T3130] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 150.665026][ T5283] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 150.677062][ T5283] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input20 [ 150.829780][ T3130] usb 5-1: Using ep0 maxpacket: 16 [ 150.839284][ T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 150.866991][ T3130] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.888124][ T5283] usb 2-1: USB disconnect, device number 18 [ 150.893802][ T3130] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 150.894244][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 150.937326][ T3130] usb 5-1: too many endpoints for config 1 interface 1 altsetting 128: 204, using maximum allowed: 30 [ 150.977157][ T3130] usb 5-1: config 1 interface 1 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 204 [ 150.991047][ T3130] usb 5-1: config 1 interface 1 has no altsetting 0 [ 151.017753][ T3130] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 151.023677][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 151.030787][ T3130] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.037885][ T25] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 151.047317][ T3130] usb 5-1: Product: syz [ 151.054823][ T3130] usb 5-1: Manufacturer: syz [ 151.074094][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.083068][ T3130] usb 5-1: SerialNumber: syz [ 151.084385][ T25] usb 1-1: Product: syz [ 151.109322][ T25] usb 1-1: Manufacturer: syz [ 151.136475][ T25] usb 1-1: SerialNumber: syz [ 151.161171][ T25] usb 1-1: config 0 descriptor?? [ 151.321579][ T3130] usb 5-1: 0:2 : does not exist [ 151.364869][ T3130] usb 5-1: USB disconnect, device number 15 [ 151.401136][ T25] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 151.448710][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 151.482185][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 151.665401][ T412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 151.681951][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 151.692697][ T9] usb 3-1: config 1 has an invalid interface number: 128 but max is 1 [ 151.701751][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.714558][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 151.734927][ T412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.741273][ T9] usb 3-1: config 1 has no interface number 0 [ 151.751469][ T9] usb 3-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 151.771165][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.784971][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.789354][ T412] bond0 (unregistering): Released all slaves [ 151.793956][ T9] usb 3-1: Product: syz [ 151.809562][ T9] usb 3-1: Manufacturer: syz [ 151.816371][ T9] usb 3-1: SerialNumber: syz [ 151.895835][ T9] cdc_wdm 3-1:1.128: skipping garbage [ 151.964442][ T9] cdc_wdm 3-1:1.128: probe with driver cdc_wdm failed with error -22 [ 152.141492][ T6344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.154925][ T6344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.418928][ T5231] Bluetooth: hci2: command tx timeout [ 152.575543][ T412] hsr_slave_0: left promiscuous mode [ 152.595585][ T412] hsr_slave_1: left promiscuous mode [ 152.606910][ T412] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.625576][ T412] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.754088][ T412] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.771568][ T412] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.865193][ T412] veth1_macvtap: left promiscuous mode [ 152.871569][ T412] veth0_macvtap: left promiscuous mode [ 152.913866][ T412] veth1_vlan: left promiscuous mode [ 152.920084][ T412] veth0_vlan: left promiscuous mode [ 153.063964][ T25] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 153.128049][ T25] usb 1-1: USB disconnect, device number 23 [ 153.419236][ T1179] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 153.589849][ T1179] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 153.603693][ T1179] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 153.663443][ T1179] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 153.726284][ T1179] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 153.754450][ T1179] usb 5-1: Manufacturer: syz [ 153.762230][ T1179] usb 5-1: SerialNumber: syz [ 154.038910][ T1179] usbhid 5-1:36.0: couldn't find an input interrupt endpoint [ 154.065261][ T1179] usb 5-1: USB disconnect, device number 16 [ 154.078767][ T5283] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 154.201427][ T9] usb 3-1: USB disconnect, device number 26 [ 154.273047][ T5283] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 154.303301][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.324051][ T5283] usb 1-1: Product: syz [ 154.346950][ T5283] usb 1-1: Manufacturer: syz [ 154.354610][ T5283] usb 1-1: SerialNumber: syz [ 154.382530][ T5283] usb 1-1: config 0 descriptor?? [ 154.499082][ T5231] Bluetooth: hci2: command tx timeout [ 154.529757][ T412] team0 (unregistering): Port device team_slave_1 removed [ 154.640980][ T412] team0 (unregistering): Port device team_slave_0 removed [ 154.840775][ T6381] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 155.139330][ T5283] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 155.587268][ T6388] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.967752][ T6397] netlink: 12 bytes leftover after parsing attributes in process `syz.2.292'. [ 156.078754][ T1179] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 156.228739][ T1179] usb 5-1: Using ep0 maxpacket: 32 [ 156.255151][ T1179] usb 5-1: config 0 has an invalid interface number: 144 but max is 0 [ 156.278647][ T1179] usb 5-1: config 0 has no interface number 0 [ 156.302121][ T6335] chnl_net:caif_netlink_parms(): no params data found [ 156.355055][ T1179] usb 5-1: New USB device found, idVendor=0923, idProduct=010f, bcdDevice=a0.fe [ 156.364756][ T1179] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.374108][ T1179] usb 5-1: Product: syz [ 156.379268][ T1179] usb 5-1: Manufacturer: syz [ 156.384631][ T1179] usb 5-1: SerialNumber: syz [ 156.396703][ T1179] usb 5-1: config 0 descriptor?? [ 156.414736][ T1179] gspca_main: tv8532-2.14.0 probing 0923:010f [ 156.578764][ T5231] Bluetooth: hci2: command tx timeout [ 156.888388][ T9] usb 1-1: USB disconnect, device number 24 [ 157.176318][ T6335] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.183949][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.191580][ T6335] bridge_slave_0: entered allmulticast mode [ 157.202528][ T6335] bridge_slave_0: entered promiscuous mode [ 157.212991][ T6335] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.221322][ T6335] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.236031][ T6335] bridge_slave_1: entered allmulticast mode [ 157.245923][ T6335] bridge_slave_1: entered promiscuous mode [ 157.267981][ T9] usb 5-1: USB disconnect, device number 17 [ 157.268521][ T412] IPVS: stop unused estimator thread 0... [ 157.441492][ T6335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.501843][ T6335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.518991][ T3130] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 157.586381][ T6335] team0: Port device team_slave_0 added [ 157.616710][ T6335] team0: Port device team_slave_1 added [ 157.645285][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xfe00000000 [ 157.660462][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x27e00000080 [ 157.691401][ T3130] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 157.699747][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.707591][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x3ef00000000 [ 157.727752][ T3130] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.744685][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.756159][ T3130] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 157.801799][ T3130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.811413][ T6335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.823250][ T3130] usb 1-1: config 0 descriptor?? [ 157.840559][ T3130] hub 1-1:0.0: USB hub found [ 157.884173][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.941200][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.026797][ T6335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.389503][ T6335] hsr_slave_0: entered promiscuous mode [ 158.413361][ T6335] hsr_slave_1: entered promiscuous mode [ 158.496386][ T6335] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.508678][ T6335] Cannot create hsr debugfs directory [ 158.668872][ T5231] Bluetooth: hci2: command tx timeout [ 158.989301][ T5280] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 159.217819][ T5280] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 159.259601][ T5280] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 159.336328][ T5280] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 159.374528][ T5280] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 159.449669][ T5280] usb 3-1: Manufacturer: syz [ 159.500399][ T5280] usb 3-1: SerialNumber: syz [ 159.776889][ T5280] usbhid 3-1:36.0: couldn't find an input interrupt endpoint [ 159.884660][ T5280] usb 3-1: USB disconnect, device number 27 [ 160.295009][ T6474] loop2: detected capacity change from 0 to 7 [ 160.303478][ T6474] Dev loop2: unable to read RDB block 7 [ 160.324913][ T6474] loop2: unable to read partition table [ 160.372666][ T6474] loop2: partition table beyond EOD, truncated [ 160.423046][ T6474] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 161.013509][ T3130] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 161.034576][ T3130] usbhid 1-1:0.0: can't add hid device: -71 [ 161.078107][ T3130] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 161.170472][ T3130] usb 1-1: USB disconnect, device number 25 [ 161.200742][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.304'. [ 161.664919][ T6335] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 161.820753][ T6335] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 161.910347][ T6335] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 161.990042][ T6335] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 162.203951][ T6515] loop2: detected capacity change from 0 to 7 [ 162.222955][ T6515] Dev loop2: unable to read RDB block 7 [ 162.223074][ T6515] loop2: unable to read partition table [ 162.223333][ T6515] loop2: partition table beyond EOD, truncated [ 162.223358][ T6515] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 162.269565][ T1179] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 162.424003][ T1179] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 162.424079][ T1179] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 162.433382][ T1179] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 162.433454][ T1179] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 162.433504][ T1179] usb 5-1: Manufacturer: syz [ 162.433524][ T1179] usb 5-1: SerialNumber: syz [ 162.611310][ T6335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.706560][ T6335] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.738139][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.738268][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.741718][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.741819][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.743188][ T1179] usbhid 5-1:36.0: couldn't find an input interrupt endpoint [ 162.790641][ T1179] usb 5-1: USB disconnect, device number 18 [ 163.058931][ T6335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.266190][ T6335] veth0_vlan: entered promiscuous mode [ 163.375209][ T6335] veth1_vlan: entered promiscuous mode [ 163.570250][ T6335] veth0_macvtap: entered promiscuous mode [ 163.876964][ T6335] veth1_macvtap: entered promiscuous mode [ 164.100378][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.126192][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.151423][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.201144][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.245211][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.278021][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.323069][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.377581][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.484008][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.642678][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.702265][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.735446][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.767003][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.829203][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.882365][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.896812][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.917971][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.990646][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.119776][ T6335] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.171370][ T6335] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.201838][ T6335] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.249052][ T6335] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.530036][ T6545] syz.4.317: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 165.549762][ T6545] CPU: 0 UID: 0 PID: 6545 Comm: syz.4.317 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 165.560180][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 165.570301][ T6545] Call Trace: [ 165.573814][ T6545] [ 165.576886][ T6545] dump_stack_lvl+0x241/0x360 [ 165.581647][ T6545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.586919][ T6545] ? __pfx__printk+0x10/0x10 [ 165.591583][ T6545] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 165.598096][ T6545] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 165.604778][ T6545] warn_alloc+0x278/0x410 [ 165.609244][ T6545] ? __pfx_warn_alloc+0x10/0x10 [ 165.614151][ T6545] ? translate_table+0x174/0x2330 [ 165.619203][ T6545] ? __get_vm_area_node+0x23d/0x270 [ 165.624451][ T6545] __vmalloc_node_range_noprof+0x691/0x13f0 [ 165.630401][ T6545] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 165.636168][ T6545] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 165.642539][ T6545] ? rcu_is_watching+0x15/0xb0 [ 165.647332][ T6545] ? trace_kmalloc+0x1f/0xd0 [ 165.651967][ T6545] ? __kmalloc_node_noprof+0x247/0x440 [ 165.657488][ T6545] ? __kvmalloc_node_noprof+0x72/0x190 [ 165.663020][ T6545] __kvmalloc_node_noprof+0x142/0x190 [ 165.668547][ T6545] ? translate_table+0x174/0x2330 [ 165.673609][ T6545] translate_table+0x174/0x2330 [ 165.678536][ T6545] ? __pfx_translate_table+0x10/0x10 [ 165.683901][ T6545] ? __might_fault+0xaa/0x120 [ 165.688630][ T6545] ? __pfx_lock_release+0x10/0x10 [ 165.693722][ T6545] ? __might_fault+0xaa/0x120 [ 165.698625][ T6545] ? __might_fault+0xc6/0x120 [ 165.703354][ T6545] ? _copy_from_user+0xa6/0xe0 [ 165.708153][ T6545] ? copy_from_sockptr_offset+0x6b/0xb0 [ 165.713749][ T6545] do_ip6t_set_ctl+0xe4c/0x1270 [ 165.718660][ T6545] ? __pfx___might_resched+0x10/0x10 [ 165.724083][ T6545] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 165.729496][ T6545] ? __pfx_lock_release+0x10/0x10 [ 165.734586][ T6545] ? __mutex_unlock_slowpath+0x21d/0x750 [ 165.740617][ T6545] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 165.746722][ T6545] ? aa_sk_perm+0x96d/0xab0 [ 165.751438][ T6545] ? __pfx_aa_sk_perm+0x10/0x10 [ 165.756335][ T6545] nf_setsockopt+0x295/0x2c0 [ 165.761003][ T6545] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 165.766930][ T6545] do_sock_setsockopt+0x3af/0x720 [ 165.771998][ T6545] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 165.777583][ T6545] ? __fget_files+0x29/0x470 [ 165.782227][ T6545] ? __fget_files+0x3f3/0x470 [ 165.786953][ T6545] ? __fget_files+0x29/0x470 [ 165.791779][ T6545] __sys_setsockopt+0x1a8/0x250 [ 165.796691][ T6545] __x64_sys_setsockopt+0xb5/0xd0 [ 165.801847][ T6545] do_syscall_64+0xf3/0x230 [ 165.806472][ T6545] ? clear_bhb_loop+0x35/0x90 [ 165.811284][ T6545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.817214][ T6545] RIP: 0033:0x7f3d1337def9 [ 165.821661][ T6545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.841308][ T6545] RSP: 002b:00007f3d14111038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 165.849856][ T6545] RAX: ffffffffffffffda RBX: 00007f3d13535f80 RCX: 00007f3d1337def9 [ 165.857960][ T6545] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 165.865967][ T6545] RBP: 00007f3d133f0b76 R08: 0000000000000388 R09: 0000000000000000 [ 165.873986][ T6545] R10: 0000000020000ac0 R11: 0000000000000246 R12: 0000000000000000 [ 165.882098][ T6545] R13: 0000000000000000 R14: 00007f3d13535f80 R15: 00007f3d1365fa28 [ 165.890167][ T6545] [ 165.913818][ T6545] Mem-Info: [ 165.917245][ T6545] active_anon:4457 inactive_anon:0 isolated_anon:0 [ 165.917245][ T6545] active_file:1765 inactive_file:38229 isolated_file:0 [ 165.917245][ T6545] unevictable:768 dirty:145 writeback:0 [ 165.917245][ T6545] slab_reclaimable:8768 slab_unreclaimable:92634 [ 165.917245][ T6545] mapped:21887 shmem:1253 pagetables:805 [ 165.917245][ T6545] sec_pagetables:0 bounce:0 [ 165.917245][ T6545] kernel_misc_reclaimable:0 [ 165.917245][ T6545] free:1351347 free_pcp:2202 free_cma:0 [ 165.949136][ T5282] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 165.965254][ T6545] Node 0 active_anon:17828kB inactive_anon:0kB active_file:7004kB inactive_file:152840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:87528kB dirty:560kB writeback:0kB shmem:3476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10120kB pagetables:3220kB sec_pagetables:0kB all_unreclaimable? no [ 166.019570][ T6545] Node 1 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 166.109861][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 166.126240][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 166.128955][ T6545] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 166.161198][ C1] vkms_vblank_simulate: vblank timer overrun [ 166.175437][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 166.196428][ T6545] lowmem_reserve[]: 0 2465 2466 0 0 [ 166.202110][ T5236] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 166.209873][ T6545] Node 0 DMA32 free:1464404kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:17840kB inactive_anon:0kB active_file:7004kB inactive_file:152016kB unevictable:1536kB writepending:612kB present:3129332kB managed:2552492kB mlocked:0kB bounce:0kB free_pcp:1772kB local_pcp:1024kB free_cma:0kB [ 166.243352][ T6545] lowmem_reserve[]: 0 0 0 0 0 [ 166.248239][ T5236] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 166.256623][ T5282] usb 1-1: Using ep0 maxpacket: 8 [ 166.256687][ T6545] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 166.288992][ T5282] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 166.289080][ T5282] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 166.289134][ T5282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 166.289191][ T5282] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 5664, setting to 1024 [ 166.289247][ T5282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 166.289276][ T5282] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 166.289347][ T5282] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 166.289401][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.378698][ T5236] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 166.388293][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.389814][ T6569] loop2: detected capacity change from 0 to 7 [ 166.408630][ T6569] Dev loop2: unable to read RDB block 7 [ 166.415693][ T6569] loop2: unable to read partition table [ 166.422232][ T6569] loop2: partition table beyond EOD, truncated [ 166.428770][ T6569] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 166.468760][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.479123][ T6545] lowmem_reserve[]: 0 0 0 0 0 [ 166.483954][ T6545] Node 1 Normal free:3925496kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:76kB unevictable:1536kB writepending:20kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6580kB local_pcp:0kB free_cma:0kB [ 166.541858][ T6545] lowmem_reserve[]: 0 0 0 0 0 [ 166.547554][ T6545] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 166.567178][ T6545] Node 0 DMA32: 79*4kB (UME) 105*8kB (UME) 113*16kB (UME) 94*32kB (UME) 48*64kB (UME) 25*128kB (ME) 12*256kB (ME) 8*512kB (ME) 28*1024kB (UME) 15*2048kB (UME) 338*4096kB (UM) = 1463252kB [ 166.586619][ C1] vkms_vblank_simulate: vblank timer overrun [ 166.599299][ T6545] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 166.614471][ T6545] Node 1 Normal: 165*4kB (UME) 51*8kB (UME) 44*16kB (UME) 174*32kB (UME) 80*64kB (UME) 35*128kB (UME) 12*256kB (UME) 8*512kB (UM) 2*1024kB (UE) 4*2048kB (UME) 950*4096kB (M) = 3925548kB [ 166.647853][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.656494][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.671384][ T6545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 166.708886][ T6545] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 166.719505][ T6545] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 166.783211][ T6577] xt_limit: Overflow, try lower: 0/0 [ 166.799450][ T6545] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 166.818286][ T6545] 41248 total pagecache pages [ 166.824122][ T6545] 0 pages in swap cache [ 166.829000][ T6545] Free swap = 124516kB [ 166.833795][ T6545] Total swap = 124996kB [ 166.839623][ T5282] usb 1-1: usb_control_msg returned -71 [ 166.846721][ T5282] usbtmc 1-1:16.0: can't read capabilities [ 166.913856][ T6545] 2097051 pages RAM [ 166.918344][ T6545] 0 pages HighMem/MovableOnly [ 166.939194][ T5282] usb 1-1: USB disconnect, device number 26 [ 166.970335][ T6545] 427078 pages reserved [ 166.980650][ T6545] 0 pages cma reserved [ 167.103539][ T6571] chnl_net:caif_netlink_parms(): no params data found [ 167.944839][ T6571] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.984103][ T6571] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.127536][ T6571] bridge_slave_0: entered allmulticast mode [ 168.209079][ T6571] bridge_slave_0: entered promiscuous mode [ 168.280074][ T6571] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.287260][ T6571] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.350661][ T6571] bridge_slave_1: entered allmulticast mode [ 168.369884][ T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 168.419525][ T6571] bridge_slave_1: entered promiscuous mode [ 168.498852][ T5231] Bluetooth: hci1: command tx timeout [ 168.561380][ T9] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 168.606225][ T9] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 168.679914][ T9] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 168.720787][ T9] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 168.795018][ T9] usb 5-1: Manufacturer: syz [ 168.814225][ T9] usb 5-1: SerialNumber: syz [ 168.857418][ T6571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.877738][ T6571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.076715][ T9] usbhid 5-1:36.0: couldn't find an input interrupt endpoint [ 169.090745][ T6571] team0: Port device team_slave_0 added [ 169.145424][ T6571] team0: Port device team_slave_1 added [ 169.176606][ T9] usb 5-1: USB disconnect, device number 19 [ 169.455814][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.518805][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.520591][ T6626] netlink: 92 bytes leftover after parsing attributes in process `syz.3.329'. [ 169.554157][ T6571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.571976][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.579077][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.605977][ T6571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.776302][ T6633] loop2: detected capacity change from 0 to 7 [ 169.788052][ T6633] Dev loop2: unable to read RDB block 7 [ 169.794570][ T6633] loop2: unable to read partition table [ 169.802173][ T6633] loop2: partition table beyond EOD, truncated [ 169.825721][ T6633] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 169.844947][ T6571] hsr_slave_0: entered promiscuous mode [ 169.910563][ T6571] hsr_slave_1: entered promiscuous mode [ 169.947004][ T6571] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.988131][ T6571] Cannot create hsr debugfs directory [ 170.308768][ T5283] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 170.484568][ T5283] usb 5-1: Using ep0 maxpacket: 16 [ 170.502846][ T5283] usb 5-1: config 0 interface 0 altsetting 44 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 170.527747][ T5283] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 170.550559][ T5283] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 170.574839][ T6571] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.588658][ T5231] Bluetooth: hci1: command tx timeout [ 170.618900][ T5283] usb 5-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 170.643200][ T5283] usb 5-1: config 0 interface 0 has no altsetting 0 [ 170.700408][ T5283] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 170.719698][ T5283] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.739151][ T5283] usb 5-1: Product: syz [ 170.743884][ T5283] usb 5-1: Manufacturer: syz [ 170.749238][ T5283] usb 5-1: SerialNumber: syz [ 170.767281][ T5283] usb 5-1: config 0 descriptor?? [ 170.794012][ T6637] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 170.809851][ T5283] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input21 [ 170.858460][ T6571] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.978872][ T3130] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 171.085591][ T6571] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.166938][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.332'. [ 171.187612][ T6637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 171.187766][ T3130] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 171.214683][ T6637] batadv1: entered promiscuous mode [ 171.220645][ T3130] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 171.267321][ T3130] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 171.286192][ T3130] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 171.303186][ T6571] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.317487][ T3130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.370122][ T6652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 171.570900][ T6571] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.593810][ T6571] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.611587][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 171.611635][ T29] audit: type=1326 audit(1727090430.683:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 171.656283][ T6571] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.668052][ T6571] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.675534][ T29] audit: type=1326 audit(1727090430.713:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 171.761924][ T29] audit: type=1326 audit(1727090430.713:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 171.848174][ T29] audit: type=1326 audit(1727090430.713:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 171.903436][ T29] audit: type=1326 audit(1727090430.713:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 171.949453][ T6571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.963400][ T29] audit: type=1326 audit(1727090430.713:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000 [ 171.996383][ T6571] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.046591][ T1046] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.054014][ T1046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.069659][ T29] audit: type=1326 audit(1727090430.713:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000 [ 172.128362][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.132373][ T29] audit: type=1326 audit(1727090430.723:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1eda5affe5 code=0x7ffc0000 [ 172.136445][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.169373][ T29] audit: type=1326 audit(1727090430.943:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000 [ 172.279894][ T29] audit: type=1326 audit(1727090430.943:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000 [ 172.280950][ T3130] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 172.396168][ T3130] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input22 [ 172.430979][ T6571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.663539][ T5231] Bluetooth: hci1: command tx timeout [ 172.683602][ T6571] veth0_vlan: entered promiscuous mode [ 172.701878][ T6571] veth1_vlan: entered promiscuous mode [ 172.780466][ T6571] veth0_macvtap: entered promiscuous mode [ 172.796188][ T6571] veth1_macvtap: entered promiscuous mode [ 172.826249][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.837407][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.847537][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.858757][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.869000][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.879762][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.890131][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.901116][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.911470][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.923538][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.937291][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.979793][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.990788][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.001042][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.011795][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.021830][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.033884][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.045229][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.055964][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.066554][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.077282][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.090355][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.103291][ T6571] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.111300][ T5282] usb 5-1: USB disconnect, device number 20 [ 173.112375][ T6571] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.129887][ T6571] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.138998][ T6571] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.250629][ T1179] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 173.437297][ T6679] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'. [ 173.486571][ T1179] usb 4-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 173.512854][ T1179] usb 4-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 173.531324][ T6681] loop2: detected capacity change from 0 to 7 [ 173.545095][ T1179] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 173.564831][ T6681] Dev loop2: unable to read RDB block 7 [ 173.575094][ T1179] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 173.594815][ T6681] loop2: unable to read partition table [ 173.609712][ T1179] usb 4-1: Manufacturer: syz [ 173.615213][ T1179] usb 4-1: SerialNumber: syz [ 173.625656][ T6681] loop2: partition table beyond EOD, truncated [ 173.626147][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.664642][ T6681] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 173.668283][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.773980][ T3130] usb 2-1: USB disconnect, device number 19 [ 173.779961][ C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 173.888939][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.900074][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.933636][ T1179] usbhid 4-1:36.0: couldn't find an input interrupt endpoint [ 173.979862][ T1179] usb 4-1: USB disconnect, device number 15 [ 174.739325][ T5231] Bluetooth: hci1: command tx timeout [ 175.168745][ T6715] loop2: detected capacity change from 0 to 7 [ 175.225702][ T6715] Dev loop2: unable to read RDB block 7 [ 175.235946][ T6715] loop2: AHDI p1 p3 [ 175.246307][ T6715] loop2: partition table partially beyond EOD, truncated [ 175.276092][ T6715] loop2: p1 start 2048 is beyond EOD, truncated [ 175.689189][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 175.866383][ T9] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 175.896407][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.922962][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.948784][ T5280] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 175.975315][ T9] usb 5-1: Product: syz [ 176.016836][ T9] usb 5-1: Manufacturer: syz [ 176.082242][ T9] usb 5-1: SerialNumber: syz [ 176.179324][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.216484][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.246254][ T5280] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 176.314797][ T9] usb 5-1: USB disconnect, device number 21 [ 176.343701][ T5280] usb 3-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 176.462816][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.540894][ T5280] usb 3-1: config 0 descriptor?? [ 176.769203][ T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 176.809736][ T6741] netlink: 'syz.0.361': attribute type 21 has an invalid length. [ 176.847469][ T6741] netlink: 128 bytes leftover after parsing attributes in process `syz.0.361'. [ 176.890327][ T6741] netlink: 'syz.0.361': attribute type 5 has an invalid length. [ 176.929791][ T3130] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 176.948841][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 176.968950][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.975051][ T6722] fuse: Bad value for 'fd' [ 177.012680][ T9] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 177.024766][ T6741] netlink: 3 bytes leftover after parsing attributes in process `syz.0.361'. [ 177.037881][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.052371][ T5280] usbhid 3-1:0.0: can't add hid device: -71 [ 177.069703][ T5280] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 177.084579][ T9] usb 2-1: Product: syz [ 177.097583][ T9] usb 2-1: Manufacturer: syz [ 177.109216][ T3130] usb 5-1: Using ep0 maxpacket: 8 [ 177.116050][ T5280] usb 3-1: USB disconnect, device number 28 [ 177.127131][ T9] usb 2-1: SerialNumber: syz [ 177.136924][ T3130] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 177.156051][ T9] usb 2-1: config 0 descriptor?? [ 177.174100][ T3130] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 177.212075][ T9] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 177.233117][ T3130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 177.263545][ T3130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 177.308494][ T3130] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 177.373472][ T3130] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 177.431752][ T3130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.498738][ T5280] usb 2-1: USB disconnect, device number 20 [ 177.504810][ T3008] usb 2-1: Failed to submit usb control message: -71 [ 177.519837][ T3008] usb 2-1: unable to send the bmi data to the device: -71 [ 177.534325][ T3008] usb 2-1: unable to get target info from device [ 177.576222][ T3008] usb 2-1: could not get target info (-71) [ 177.589007][ T3008] usb 2-1: could not probe fw (-71) [ 177.696906][ T3130] usb 5-1: usb_control_msg returned -71 [ 177.702938][ T3130] usbtmc 5-1:16.0: can't read capabilities [ 177.727565][ T3130] usb 5-1: USB disconnect, device number 22 [ 178.230758][ T3130] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 178.407120][ T6769] loop2: detected capacity change from 0 to 7 [ 178.415693][ T6769] Dev loop2: unable to read RDB block 7 [ 178.423339][ T3130] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 178.424225][ T6769] loop2: AHDI p1 p3 [ 178.438671][ T3130] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 178.440458][ T3130] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 178.475656][ T6769] loop2: partition table partially beyond EOD, truncated [ 178.485384][ T3130] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 178.502283][ T3130] usb 3-1: Manufacturer: syz [ 178.502293][ T6769] loop2: p1 start 2048 is beyond EOD, [ 178.516369][ T3130] usb 3-1: SerialNumber: syz [ 178.520826][ T6769] truncated [ 178.551890][ T5282] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 178.757828][ T3130] usbhid 3-1:36.0: couldn't find an input interrupt endpoint [ 178.796423][ T5282] usb 2-1: Using ep0 maxpacket: 8 [ 178.808161][ T5282] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.826274][ T5282] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 178.841684][ T3130] usb 3-1: USB disconnect, device number 29 [ 178.846721][ T5282] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 178.907085][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.926899][ T5282] usb 2-1: Product: syz [ 178.938900][ T5282] usb 2-1: Manufacturer: syz [ 178.944111][ T5282] usb 2-1: SerialNumber: syz [ 178.987955][ T5282] usb 2-1: bad CDC descriptors [ 179.000935][ T5282] usbtest 2-1:1.0: couldn't get endpoints, -22 [ 179.020556][ T5282] usbtest 2-1:1.0: probe with driver usbtest failed with error -22 [ 180.107858][ T6789] FAULT_INJECTION: forcing a failure. [ 180.107858][ T6789] name failslab, interval 1, probability 0, space 0, times 0 [ 180.123182][ T6789] CPU: 1 UID: 0 PID: 6789 Comm: syz.4.373 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 180.133481][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 180.143604][ T6789] Call Trace: [ 180.146923][ T6789] [ 180.150128][ T6789] dump_stack_lvl+0x241/0x360 [ 180.154887][ T6789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.160197][ T6789] ? __pfx__printk+0x10/0x10 [ 180.164823][ T6789] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 180.170302][ T6789] ? __pfx___might_resched+0x10/0x10 [ 180.175620][ T6789] should_fail_ex+0x3b0/0x4e0 [ 180.180419][ T6789] should_failslab+0xac/0x100 [ 180.185331][ T6789] ? hsr_create_self_node+0x5a/0x340 [ 180.190759][ T6789] __kmalloc_cache_noprof+0x6c/0x2c0 [ 180.196159][ T6789] ? __asan_memset+0x23/0x50 [ 180.200776][ T6789] hsr_create_self_node+0x5a/0x340 [ 180.205914][ T6789] hsr_dev_finalize+0x2c4/0x9a0 [ 180.210786][ T6789] hsr_newlink+0x7ee/0x970 [ 180.215213][ T6789] ? alloc_netdev_mqs+0xcda/0x1000 [ 180.220342][ T6789] ? __pfx_hsr_newlink+0x10/0x10 [ 180.225292][ T6789] ? rtnl_create_link+0x91c/0xc20 [ 180.230345][ T6789] ? __pfx_hsr_newlink+0x10/0x10 [ 180.235482][ T6789] rtnl_newlink+0x1591/0x20a0 [ 180.240220][ T6789] ? __pfx_rtnl_newlink+0x10/0x10 [ 180.245283][ T6789] ? __pfx___mutex_trylock_common+0x10/0x10 [ 180.251235][ T6789] ? rcu_is_watching+0x15/0xb0 [ 180.256022][ T6789] ? trace_contention_end+0x3c/0x120 [ 180.261330][ T6789] ? __mutex_lock+0x2ef/0xd70 [ 180.266043][ T6789] ? __pfx_lock_release+0x10/0x10 [ 180.271097][ T6789] ? __pfx_rtnl_newlink+0x10/0x10 [ 180.276151][ T6789] rtnetlink_rcv_msg+0x73f/0xcf0 [ 180.281120][ T6789] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 180.286392][ T6789] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 180.291922][ T6789] ? ref_tracker_free+0x643/0x7e0 [ 180.297073][ T6789] netlink_rcv_skb+0x1e3/0x430 [ 180.302036][ T6789] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 180.307570][ T6789] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 180.312928][ T6789] ? netlink_deliver_tap+0x2e/0x1b0 [ 180.318162][ T6789] netlink_unicast+0x7f6/0x990 [ 180.323023][ T6789] ? __pfx_netlink_unicast+0x10/0x10 [ 180.328549][ T6789] ? __virt_addr_valid+0x183/0x530 [ 180.333749][ T6789] ? __check_object_size+0x48e/0x900 [ 180.339066][ T6789] netlink_sendmsg+0x8e4/0xcb0 [ 180.344119][ T6789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.349450][ T6789] ? aa_sock_msg_perm+0x91/0x160 [ 180.354519][ T6789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.359873][ T6789] __sock_sendmsg+0x221/0x270 [ 180.364839][ T6789] ____sys_sendmsg+0x52a/0x7e0 [ 180.369808][ T6789] ? __pfx_____sys_sendmsg+0x10/0x10 [ 180.375146][ T6789] __sys_sendmsg+0x2aa/0x390 [ 180.379771][ T6789] ? __pfx___sys_sendmsg+0x10/0x10 [ 180.385077][ T6789] ? vfs_write+0x7bf/0xc90 [ 180.389580][ T6789] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 180.396032][ T6789] ? do_syscall_64+0x100/0x230 [ 180.400819][ T6789] ? do_syscall_64+0xb6/0x230 [ 180.405516][ T6789] do_syscall_64+0xf3/0x230 [ 180.410062][ T6789] ? clear_bhb_loop+0x35/0x90 [ 180.414752][ T6789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.420671][ T6789] RIP: 0033:0x7f3d1337def9 [ 180.425176][ T6789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.445403][ T6789] RSP: 002b:00007f3d14111038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 180.453840][ T6789] RAX: ffffffffffffffda RBX: 00007f3d13535f80 RCX: 00007f3d1337def9 [ 180.461923][ T6789] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 180.469898][ T6789] RBP: 00007f3d14111090 R08: 0000000000000000 R09: 0000000000000000 [ 180.477961][ T6789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 180.486119][ T6789] R13: 0000000000000000 R14: 00007f3d13535f80 R15: 00007f3d1365fa28 [ 180.494199][ T6789] [ 180.818100][ T6795] FAULT_INJECTION: forcing a failure. [ 180.818100][ T6795] name failslab, interval 1, probability 0, space 0, times 0 [ 180.844626][ T6795] CPU: 0 UID: 0 PID: 6795 Comm: syz.2.375 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 180.855032][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 180.865235][ T6795] Call Trace: [ 180.868602][ T6795] [ 180.871689][ T6795] dump_stack_lvl+0x241/0x360 [ 180.876525][ T6795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.881857][ T6795] ? __pfx__printk+0x10/0x10 [ 180.886490][ T6795] ? ref_tracker_alloc+0x332/0x490 [ 180.891661][ T6795] should_fail_ex+0x3b0/0x4e0 [ 180.896401][ T6795] ? skb_clone+0x20c/0x390 [ 180.900885][ T6795] should_failslab+0xac/0x100 [ 180.905635][ T6795] ? skb_clone+0x20c/0x390 [ 180.910112][ T6795] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 180.915591][ T6795] skb_clone+0x20c/0x390 [ 180.919897][ T6795] __netlink_deliver_tap+0x3cc/0x7c0 [ 180.925256][ T6795] ? netlink_deliver_tap+0x2e/0x1b0 [ 180.930507][ T6795] netlink_deliver_tap+0x19d/0x1b0 [ 180.935671][ T6795] netlink_sendskb+0x68/0x140 [ 180.940412][ T6795] netlink_unicast+0x39d/0x990 [ 180.945348][ T6795] ? __asan_memcpy+0x40/0x70 [ 180.950101][ T6795] ? __pfx_netlink_unicast+0x10/0x10 [ 180.955526][ T6795] netlink_rcv_skb+0x262/0x430 [ 180.960335][ T6795] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 180.965830][ T6795] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 180.971182][ T6795] xfrm_netlink_rcv+0x79/0x90 [ 180.975894][ T6795] netlink_unicast+0x7f6/0x990 [ 180.980726][ T6795] ? __pfx_netlink_unicast+0x10/0x10 [ 180.986062][ T6795] ? __virt_addr_valid+0x183/0x530 [ 180.991417][ T6795] ? __check_object_size+0x48e/0x900 [ 180.996919][ T6795] netlink_sendmsg+0x8e4/0xcb0 [ 181.001764][ T6795] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.007426][ T6795] ? aa_sock_msg_perm+0x91/0x160 [ 181.012449][ T6795] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.017799][ T6795] __sock_sendmsg+0x221/0x270 [ 181.022555][ T6795] ____sys_sendmsg+0x52a/0x7e0 [ 181.027417][ T6795] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.032840][ T6795] __sys_sendmsg+0x2aa/0x390 [ 181.037558][ T6795] ? __pfx___sys_sendmsg+0x10/0x10 [ 181.042729][ T6795] ? vfs_write+0x7bf/0xc90 [ 181.047233][ T6795] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.053627][ T6795] ? do_syscall_64+0x100/0x230 [ 181.058470][ T6795] ? do_syscall_64+0xb6/0x230 [ 181.063212][ T6795] do_syscall_64+0xf3/0x230 [ 181.067766][ T6795] ? clear_bhb_loop+0x35/0x90 [ 181.072493][ T6795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.078422][ T6795] RIP: 0033:0x7f745b97def9 [ 181.082895][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.102612][ T6795] RSP: 002b:00007f745c7fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 181.111230][ T6795] RAX: ffffffffffffffda RBX: 00007f745bb35f80 RCX: 00007f745b97def9 [ 181.119431][ T6795] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 181.127468][ T6795] RBP: 00007f745c7fa090 R08: 0000000000000000 R09: 0000000000000000 [ 181.135494][ T6795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 181.143608][ T6795] R13: 0000000000000000 R14: 00007f745bb35f80 R15: 00007f745bc5fa28 [ 181.151648][ T6795] [ 181.365211][ T5280] usb 2-1: USB disconnect, device number 21 [ 181.744851][ T1046] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.859372][ T5280] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 181.921691][ T1046] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.039221][ T5280] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 182.053082][ T5280] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 182.078372][ T5280] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 182.094721][ T1046] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.106976][ T5280] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 182.119840][ T5280] usb 3-1: Manufacturer: syz [ 182.124587][ T5280] usb 3-1: SerialNumber: syz [ 182.197478][ T1046] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.351491][ T5280] usbhid 3-1:36.0: couldn't find an input interrupt endpoint [ 182.412260][ T5280] usb 3-1: USB disconnect, device number 30 [ 182.869829][ T5236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.891653][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.908197][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.919844][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.939023][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 182.947321][ T5236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.871981][ T1046] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.940845][ T1046] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.969449][ T6851] FAULT_INJECTION: forcing a failure. [ 183.969449][ T6851] name failslab, interval 1, probability 0, space 0, times 0 [ 183.992179][ T1046] bond0 (unregistering): Released all slaves [ 184.023852][ T6851] CPU: 0 UID: 0 PID: 6851 Comm: syz.0.389 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 184.034258][ T6851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 184.044342][ T6851] Call Trace: [ 184.047645][ T6851] [ 184.050597][ T6851] dump_stack_lvl+0x241/0x360 [ 184.055359][ T6851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.060591][ T6851] ? __pfx__printk+0x10/0x10 [ 184.065291][ T6851] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 184.070872][ T6851] ? __pfx___might_resched+0x10/0x10 [ 184.076190][ T6851] should_fail_ex+0x3b0/0x4e0 [ 184.080908][ T6851] ? key_alloc+0x341/0xff0 [ 184.085357][ T6851] should_failslab+0xac/0x100 [ 184.090073][ T6851] ? key_alloc+0x341/0xff0 [ 184.094520][ T6851] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 184.099920][ T6851] ? key_user_lookup+0x1b2/0x450 [ 184.104887][ T6851] key_alloc+0x341/0xff0 [ 184.109267][ T6851] __key_create_or_update+0xa55/0xc70 [ 184.114783][ T6851] ? __pfx___key_create_or_update+0x10/0x10 [ 184.120738][ T6851] key_create_or_update+0x42/0x60 [ 184.125795][ T6851] __se_sys_add_key+0x33f/0x490 [ 184.130709][ T6851] ? __pfx___se_sys_add_key+0x10/0x10 [ 184.136115][ T6851] ? do_syscall_64+0x100/0x230 [ 184.140932][ T6851] ? __x64_sys_add_key+0x20/0xc0 [ 184.145905][ T6851] do_syscall_64+0xf3/0x230 [ 184.150436][ T6851] ? clear_bhb_loop+0x35/0x90 [ 184.155175][ T6851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.161116][ T6851] RIP: 0033:0x7f1b0b97def9 [ 184.165556][ T6851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.185192][ T6851] RSP: 002b:00007f1b0c704038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 184.193735][ T6851] RAX: ffffffffffffffda RBX: 00007f1b0bb35f80 RCX: 00007f1b0b97def9 [ 184.201761][ T6851] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000020000000 [ 184.209756][ T6851] RBP: 00007f1b0c704090 R08: ffffffffffffffff R09: 0000000000000000 [ 184.217746][ T6851] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002 [ 184.225734][ T6851] R13: 0000000000000001 R14: 00007f1b0bb35f80 R15: 00007f1b0bc5fa28 [ 184.233738][ T6851] [ 184.279182][ T35] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 184.751612][ T6865] kvm: kvm [6857]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 184.982680][ T5283] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 185.004370][ T6829] chnl_net:caif_netlink_parms(): no params data found [ 185.048861][ T1179] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 185.059864][ T5231] Bluetooth: hci4: command tx timeout [ 185.147275][ T1046] hsr_slave_0: left promiscuous mode [ 185.163876][ T5283] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 185.179940][ T5283] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 185.181381][ T1046] hsr_slave_1: left promiscuous mode [ 185.220174][ T1179] usb 4-1: Using ep0 maxpacket: 8 [ 185.226121][ T1046] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.236633][ T1179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.244178][ T1046] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.260290][ T5283] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 185.278950][ T1179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.291622][ T1046] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.299037][ T5283] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 185.299099][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.308799][ T1179] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91 [ 185.308861][ T1179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.362263][ T1046] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.364761][ T6861] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 185.410379][ T1179] usb 4-1: config 0 descriptor?? [ 185.449152][ T1046] veth1_macvtap: left promiscuous mode [ 185.465018][ T1046] veth0_macvtap: left promiscuous mode [ 185.473581][ T1046] veth1_vlan: left promiscuous mode [ 185.495570][ T1046] veth0_vlan: left promiscuous mode [ 185.613983][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 185.614004][ T29] audit: type=1326 audit(1727090444.683:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000 [ 185.738881][ T29] audit: type=1326 audit(1727090444.683:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f745b97def9 code=0x7ffc0000 [ 185.828457][ T29] audit: type=1326 audit(1727090444.683:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000 [ 185.874610][ T1179] lenovo 0003:17EF:60EE.0009: unknown main item tag 0x6 [ 185.903412][ T29] audit: type=1326 audit(1727090444.683:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000 [ 185.942668][ T1179] lenovo 0003:17EF:60EE.0009: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0 [ 185.951043][ T29] audit: type=1326 audit(1727090444.683:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000 [ 186.002289][ T29] audit: type=1326 audit(1727090444.683:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f745b9affe5 code=0x7ffc0000 [ 186.045027][ T29] audit: type=1326 audit(1727090444.883:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000 [ 186.089468][ T5280] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 186.139181][ T29] audit: type=1326 audit(1727090444.883:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000 [ 186.183153][ T29] audit: type=1326 audit(1727090444.883:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000 [ 186.204580][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.215930][ T29] audit: type=1326 audit(1727090444.883:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000 [ 186.225481][ T5283] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 186.275127][ T5283] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input27 [ 186.286350][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.291291][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 186.305724][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 186.327273][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 186.340445][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 186.350113][ T5280] usb 1-1: Manufacturer: syz [ 186.355269][ T5280] usb 1-1: SerialNumber: syz [ 186.441584][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 186.451694][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.487301][ T5283] usb 3-1: USB disconnect, device number 31 [ 186.491089][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.651599][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint [ 186.685308][ T5280] usb 1-1: USB disconnect, device number 27 [ 186.794998][ T6887] loop2: detected capacity change from 0 to 7 [ 186.820064][ T6887] Dev loop2: unable to read RDB block 7 [ 186.839679][ T6887] loop2: unable to read partition table [ 186.845566][ T6887] loop2: partition table beyond EOD, truncated [ 186.877807][ T6887] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 186.982209][ T4680] Dev loop2: unable to read RDB block 7 [ 186.996801][ T4680] loop2: unable to read partition table [ 187.010117][ T4680] loop2: partition table beyond EOD, truncated [ 187.138778][ T5231] Bluetooth: hci4: command tx timeout [ 187.358528][ T1046] team0 (unregistering): Port device team_slave_1 removed [ 187.523496][ T1046] team0 (unregistering): Port device team_slave_0 removed [ 187.987967][ T5280] usb 4-1: USB disconnect, device number 16 [ 188.388790][ T6893] netlink: 44 bytes leftover after parsing attributes in process `syz.0.398'. [ 188.739938][ T6911] binder: BINDER_SET_CONTEXT_MGR already set [ 188.766563][ T6911] binder: 6906:6911 ioctl 4018620d 20000040 returned -16 [ 188.811108][ T6829] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.826351][ T6829] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.849120][ T6829] bridge_slave_0: entered allmulticast mode [ 188.858353][ T6829] bridge_slave_0: entered promiscuous mode [ 188.869306][ T6829] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.877213][ T6829] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.885476][ T6829] bridge_slave_1: entered allmulticast mode [ 188.894401][ T6829] bridge_slave_1: entered promiscuous mode [ 188.968983][ T5282] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 189.008899][ T6829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.065238][ T6829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.134376][ T5282] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 189.161599][ T5282] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 189.231973][ T5282] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 189.240807][ T5231] Bluetooth: hci4: command tx timeout [ 189.302545][ T6829] team0: Port device team_slave_0 added [ 189.314399][ T5282] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 189.384807][ T6829] team0: Port device team_slave_1 added [ 189.418800][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.491126][ T6903] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 189.539365][ T1046] IPVS: stop unused estimator thread 0... [ 189.593937][ T6829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.626101][ T6829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.837811][ T6829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.918120][ T6829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.972534][ T6829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.130858][ T6829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.350676][ T5282] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 190.360627][ T5282] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input28 [ 190.384663][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 190.396689][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 190.424727][ T5240] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 190.460106][ T5240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 190.474528][ T5240] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 190.495092][ T5240] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 190.631693][ T6829] hsr_slave_0: entered promiscuous mode [ 190.707055][ T6829] hsr_slave_1: entered promiscuous mode [ 190.735694][ T6829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.757017][ T6829] Cannot create hsr debugfs directory [ 190.763151][ T6942] netlink: 24 bytes leftover after parsing attributes in process `syz.0.409'. [ 190.844571][ T1046] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.982118][ T1046] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.170928][ T1046] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.299404][ T5236] Bluetooth: hci4: command tx timeout [ 191.453229][ T1046] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.542650][ T5236] Bluetooth: hci3: command 0x0406 tx timeout [ 191.797738][ T5283] usb 3-1: USB disconnect, device number 32 [ 191.803698][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 191.898731][ T5280] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 192.078961][ T5280] usb 4-1: Using ep0 maxpacket: 32 [ 192.105967][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.161969][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 192.247425][ T5280] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 192.300698][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.364602][ T6944] chnl_net:caif_netlink_parms(): no params data found [ 192.430694][ T5280] usb 4-1: config 0 descriptor?? [ 192.475435][ T5280] hub 4-1:0.0: USB hub found [ 192.609938][ T5231] Bluetooth: hci0: command tx timeout [ 192.648522][ T5280] hub 4-1:0.0: 1 port detected [ 194.771425][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.816683][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.882965][ T5231] Bluetooth: hci0: command tx timeout [ 199.668564][ C0] sched: DL replenish lagged too much [ 203.137639][ T5231] Bluetooth: hci0: command tx timeout [ 206.607778][ T5236] Bluetooth: hci0: command tx timeout [ 207.091558][ T9] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 227.340152][ T9] usb 4-1: USB disconnect, device number 17 [ 230.040917][ T5280] usb 4-1: Failed to suspend device, error -19 [ 311.888522][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 311.895566][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6953/1:b..l [ 311.904018][ C0] rcu: (detected by 0, t=10503 jiffies, g=27181, q=665 ncpus=2) [ 311.911878][ C0] task:syz.3.411 state:R running task stack:23408 pid:6953 tgid:6953 ppid:6335 flags:0x00004006 [ 311.924952][ C0] Call Trace: [ 311.928277][ C0] [ 311.931250][ C0] __schedule+0x1895/0x4b30 [ 311.935828][ C0] ? validate_chain+0x11e/0x5920 [ 311.940827][ C0] ? __pfx_validate_chain+0x10/0x10 [ 311.946130][ C0] ? __pfx___schedule+0x10/0x10 [ 311.951067][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 311.957121][ C0] ? preempt_schedule+0xe1/0xf0 [ 311.962031][ C0] preempt_schedule_common+0x84/0xd0 [ 311.967457][ C0] preempt_schedule+0xe1/0xf0 [ 311.972294][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 311.977745][ C0] preempt_schedule_thunk+0x1a/0x30 [ 311.983007][ C0] unwind_next_frame+0x18f8/0x22d0 [ 311.988194][ C0] ? usb_gadget_unregister_driver+0x4e/0x70 [ 311.994148][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 312.000362][ C0] arch_stack_walk+0x11c/0x150 [ 312.005183][ C0] ? raw_release+0xf6/0x1e0 [ 312.009735][ C0] stack_trace_save+0x118/0x1d0 [ 312.014741][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 312.020205][ C0] save_stack+0xfb/0x1f0 [ 312.024509][ C0] ? __pfx_save_stack+0x10/0x10 [ 312.029412][ C0] ? free_unref_page+0xcfb/0xf20 [ 312.034429][ C0] ? __put_partials+0xeb/0x130 [ 312.039339][ C0] ? put_cpu_partial+0x17c/0x250 [ 312.044328][ C0] ? __slab_free+0x2ea/0x3d0 [ 312.048979][ C0] ? qlist_free_all+0x9a/0x140 [ 312.053816][ C0] ? kasan_quarantine_reduce+0x14f/0x170 [ 312.059517][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 312.064610][ C0] ? __kmalloc_noprof+0x1a6/0x400 [ 312.069691][ C0] ? kobject_get_path+0xb8/0x230 [ 312.074712][ C0] ? kobject_uevent_env+0x2a5/0x8e0 [ 312.079966][ C0] ? device_release_driver_internal+0x4a9/0x7c0 [ 312.086263][ C0] ? driver_detach+0x1fb/0x2d0 [ 312.091075][ C0] ? bus_remove_driver+0x1f3/0x320 [ 312.096229][ C0] ? usb_gadget_unregister_driver+0x4e/0x70 [ 312.102190][ C0] ? page_ext_get+0x20/0x2a0 [ 312.106834][ C0] __reset_page_owner+0x76/0x430 [ 312.111905][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 312.117350][ C0] free_unref_page+0xcfb/0xf20 [ 312.122176][ C0] __put_partials+0xeb/0x130 [ 312.126830][ C0] put_cpu_partial+0x17c/0x250 [ 312.131632][ C0] ? put_cpu_partial+0x70/0x250 [ 312.136623][ C0] __slab_free+0x2ea/0x3d0 [ 312.141085][ C0] ? __phys_addr+0xba/0x170 [ 312.145645][ C0] qlist_free_all+0x9a/0x140 [ 312.150305][ C0] kasan_quarantine_reduce+0x14f/0x170 [ 312.155828][ C0] __kasan_slab_alloc+0x23/0x80 [ 312.160732][ C0] ? kobject_get_path+0xb8/0x230 [ 312.166074][ C0] __kmalloc_noprof+0x1a6/0x400 [ 312.170984][ C0] kobject_get_path+0xb8/0x230 [ 312.175894][ C0] kobject_uevent_env+0x2a5/0x8e0 [ 312.181069][ C0] ? __pfx_gadget_unbind_driver+0x10/0x10 [ 312.186870][ C0] device_release_driver_internal+0x4a9/0x7c0 [ 312.194579][ C0] driver_detach+0x1fb/0x2d0 [ 312.199230][ C0] bus_remove_driver+0x1f3/0x320 [ 312.204222][ C0] usb_gadget_unregister_driver+0x4e/0x70 [ 312.209995][ C0] raw_release+0xf6/0x1e0 [ 312.214457][ C0] ? __pfx_raw_release+0x10/0x10 [ 312.219441][ C0] __fput+0x23f/0x880 [ 312.223485][ C0] task_work_run+0x24f/0x310 [ 312.228121][ C0] ? __pfx_task_work_run+0x10/0x10 [ 312.233280][ C0] ? switch_task_namespaces+0xe4/0x110 [ 312.238796][ C0] do_exit+0xa2f/0x28e0 [ 312.243004][ C0] ? __pfx_do_exit+0x10/0x10 [ 312.247635][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 312.253072][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.259107][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.265486][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 312.270652][ C0] do_group_exit+0x207/0x2c0 [ 312.275294][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 312.280538][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 312.285787][ C0] get_signal+0x176f/0x1810 [ 312.290357][ C0] ? __pfx_get_signal+0x10/0x10 [ 312.295269][ C0] arch_do_signal_or_restart+0x96/0x860 [ 312.300878][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 312.306217][ C0] ? lock_vma_under_rcu+0x602/0x790 [ 312.311478][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 312.317704][ C0] ? irqentry_exit_to_user_mode+0x53/0x280 [ 312.323563][ C0] irqentry_exit_to_user_mode+0x79/0x280 [ 312.329339][ C0] exc_page_fault+0x590/0x8c0 [ 312.334073][ C0] asm_exc_page_fault+0x26/0x30 [ 312.338991][ C0] RIP: 0033:0x7f0f7725cb06 [ 312.343460][ C0] RSP: 002b:00007f0f7765fa70 EFLAGS: 00010202 [ 312.349584][ C0] RAX: 0000001b2f91a000 RBX: 00007f0f78065720 RCX: 0000001b2f919ff8 [ 312.357609][ C0] RDX: ffffffff8bbb6edf RSI: 0000000000000008 RDI: 00007f0f78065720 [ 312.365636][ C0] RBP: 00000000000000e3 R08: 00007f0f77520000 R09: 00007f0f77522000 [ 312.373671][ C0] R10: 000000008bbb6ee3 R11: 00000000000000ff R12: ffffffff8bbb6975 [ 312.381862][ C0] R13: 00007f0f77535f40 R14: 0000000000000008 R15: 000000000000013e [ 312.389885][ C0] ? format_decode+0x455/0x1bb0 [ 312.394819][ C0] ? format_decode+0x9bf/0x1bb0 [ 312.399734][ C0] [ 312.402833][ C0] rcu: rcu_preempt kthread starved for 7944 jiffies! g27181 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 312.414071][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 312.424088][ C0] rcu: RCU grace-period kthread stack dump: [ 312.430106][ C0] task:rcu_preempt state:R running task stack:25744 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 312.441958][ C0] Call Trace: [ 312.445362][ C0] [ 312.448330][ C0] __schedule+0x1895/0x4b30 [ 312.452901][ C0] ? __pfx___schedule+0x10/0x10 [ 312.457820][ C0] ? __pfx_lock_release+0x10/0x10 [ 312.462898][ C0] ? __asan_memset+0x23/0x50 [ 312.467542][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 312.473437][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.479999][ C0] ? schedule+0x90/0x320 [ 312.484287][ C0] schedule+0x14b/0x320 [ 312.488625][ C0] schedule_timeout+0x1be/0x310 [ 312.493563][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 312.498977][ C0] ? __pfx_process_timeout+0x10/0x10 [ 312.504406][ C0] ? prepare_to_swait_event+0x330/0x350 [ 312.510012][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 312.514905][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 312.520162][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 312.526359][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 312.531685][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.537631][ C0] ? finish_swait+0xd4/0x1e0 [ 312.542280][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 312.546914][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.552153][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.558181][ C0] ? __kthread_parkme+0x169/0x1d0 [ 312.563523][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.568762][ C0] kthread+0x2f0/0x390 [ 312.572885][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 312.578140][ C0] ? __pfx_kthread+0x10/0x10 [ 312.582772][ C0] ret_from_fork+0x4b/0x80 [ 312.587236][ C0] ? __pfx_kthread+0x10/0x10 [ 312.591864][ C0] ret_from_fork_asm+0x1a/0x30 [ 312.596697][ C0] [ 312.599747][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 312.606204][ C0] Sending NMI from CPU 0 to CPUs 1: [ 312.611468][ C1] NMI backtrace for cpu 1 [ 312.611491][ C1] CPU: 1 UID: 0 PID: 5283 Comm: kworker/1:6 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 312.611516][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 312.611535][ C1] Workqueue: events_power_efficient neigh_periodic_work [ 312.611560][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 312.611587][ C1] Code: 89 fb e8 23 00 00 00 48 8b 3d a4 58 9c 0c 48 89 de 5b e9 13 cc 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 00 1e [ 312.611603][ C1] RSP: 0018:ffffc90000a17888 EFLAGS: 00000002 [ 312.611618][ C1] RAX: 0000000000010100 RBX: 0000000000000001 RCX: ffff888032253c00 [ 312.611632][ C1] RDX: ffff888032253c00 RSI: 0000000000000001 RDI: 0000000000000000 [ 312.611644][ C1] RBP: dffffc0000000000 R08: ffffffff89c7fc6d R09: fffff52000142f00 [ 312.611659][ C1] R10: dffffc0000000000 R11: fffff52000142f00 R12: 0000000000000002 [ 312.611672][ C1] R13: ffffffff89c7faa0 R14: ffff88807f2bc330 R15: ffff888030842c00 [ 312.611686][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 312.611702][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 312.611715][ C1] CR2: 000000110c275a05 CR3: 000000000e734000 CR4: 00000000003506f0 [ 312.611731][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 312.611742][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 312.611754][ C1] Call Trace: [ 312.611761][ C1] [ 312.611769][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 312.611798][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 312.611826][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 312.611853][ C1] ? nmi_handle+0x2a/0x5a0 [ 312.611878][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 312.611902][ C1] ? nmi_handle+0x14f/0x5a0 [ 312.611919][ C1] ? nmi_handle+0x2a/0x5a0 [ 312.611937][ C1] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 312.611959][ C1] ? default_do_nmi+0x63/0x160 [ 312.611977][ C1] ? exc_nmi+0x123/0x1f0 [ 312.611993][ C1] ? end_repeat_nmi+0xf/0x53 [ 312.612017][ C1] ? __pfx_advance_sched+0x10/0x10 [ 312.612044][ C1] ? advance_sched+0x1cd/0xca0 [ 312.612068][ C1] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 312.612091][ C1] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 312.612115][ C1] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 312.612138][ C1] [ 312.612143][ C1] [ 312.612150][ C1] advance_sched+0x1da/0xca0 [ 312.612175][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.612197][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 312.612221][ C1] ? __pfx_advance_sched+0x10/0x10 [ 312.612246][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 312.612264][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 312.612295][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 312.612318][ C1] hrtimer_interrupt+0x396/0x990 [ 312.612346][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 312.612366][ C1] sysvec_apic_timer_interrupt+0x52/0xc0 [ 312.612389][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 312.612419][ C1] RIP: 0010:lock_acquire+0x264/0x550 [ 312.612444][ C1] Code: 2b 00 74 08 4c 89 f7 e8 3a 50 8e 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 312.612460][ C1] RSP: 0018:ffffc90000a17cc0 EFLAGS: 00000206 [ 312.612475][ C1] RAX: 0000000000000001 RBX: 1ffff92000142fa4 RCX: 653003236a4c1a00 [ 312.612488][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c60ddc0 [ 312.612502][ C1] RBP: ffffc90000a17e08 R08: ffffffff942597c7 R09: 1ffffffff284b2f8 [ 312.612516][ C1] R10: dffffc0000000000 R11: fffffbfff284b2f9 R12: 1ffff92000142fa0 [ 312.612530][ C1] R13: dffffc0000000000 R14: ffffc90000a17d20 R15: 0000000000000246 [ 312.612555][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 312.612585][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 312.612604][ C1] ? __ip6_local_out+0x4dc/0x800 [ 312.612629][ C1] ? __pfx_lock_release+0x10/0x10 [ 312.612657][ C1] nf_hook+0xbf/0x450 [ 312.612678][ C1] ? nf_hook+0x9e/0x450 [ 312.612702][ C1] ? nf_hook+0x9e/0x450 [ 312.612722][ C1] ? __pfx_nf_hook+0x10/0x10 [ 312.612744][ C1] ? __ip6_local_out+0x4dc/0x800 [ 312.612767][ C1] ? __ip6_local_out+0x7c1/0x800 [ 312.612792][ C1] ? __pfx___ip6_local_out+0x10/0x10 [ 312.612818][ C1] ? __pfx_dst_output+0x10/0x10 [ 312.612840][ C1] ? ip6_route_output_flags+0x30/0x610 [ 312.612861][ C1] ip6_output+0x26f/0x3c0 [ 312.612880][ C1] ? __pfx_ip6_finish_output+0x10/0x10 [ 312.612903][ C1] synproxy_send_tcp_ipv6+0x568/0x7c0 [ 312.612927][ C1] ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10 [ 312.612954][ C1] ? __pfx___alloc_skb+0x10/0x10 [ 312.612978][ C1] ? skb_put+0x114/0x1f0 [ 312.613002][ C1] synproxy_send_client_synack_ipv6+0x7d0/0xc30 [ 312.613031][ C1] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 312.613054][ C1] ? synproxy_pernet+0x45/0x270 [ 312.613077][ C1] nft_synproxy_do_eval+0x739/0xa60 [ 312.613101][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 312.613126][ C1] ? __pfx_validate_chain+0x10/0x10 [ 312.613150][ C1] nft_do_chain+0x4ad/0x1da0 [ 312.613175][ C1] ? nf_nat_inet_fn+0xa30/0xd10 [ 312.613201][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 312.613233][ C1] ? nf_nat_ipv6_fn+0x2cb/0x3e0 [ 312.613261][ C1] ? __pfx_nf_nat_ipv6_fn+0x10/0x10 [ 312.613289][ C1] nft_do_chain_inet+0x418/0x6b0 [ 312.613312][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 312.613332][ C1] ? nf_nat_ipv6_local_in+0x1cd/0x620 [ 312.613361][ C1] ? __pfx_nf_nat_ipv6_local_in+0x10/0x10 [ 312.613387][ C1] ? nf_nat_ipv6_fn+0x2cb/0x3e0 [ 312.613422][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 312.613442][ C1] nf_hook_slow+0xc3/0x220 [ 312.613462][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 312.613485][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 312.613509][ C1] NF_HOOK+0x29e/0x450 [ 312.613533][ C1] ? NF_HOOK+0x9a/0x450 [ 312.613555][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 312.613579][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 312.613604][ C1] ? ip6_rcv_finish_core+0x1fb/0x410 [ 312.613630][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 312.613653][ C1] NF_HOOK+0x3a4/0x450 [ 312.613675][ C1] ? skb_orphan+0xae/0xd0 [ 312.613700][ C1] ? NF_HOOK+0x9a/0x450 [ 312.613721][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 312.613745][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 312.613772][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 312.613795][ C1] __netif_receive_skb+0x1ea/0x650 [ 312.613813][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 312.613839][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 312.613856][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.613882][ C1] ? __pfx_lock_release+0x10/0x10 [ 312.613908][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 312.613934][ C1] process_backlog+0x662/0x15b0 [ 312.613955][ C1] ? process_backlog+0x33b/0x15b0 [ 312.613978][ C1] ? __pfx_process_backlog+0x10/0x10 [ 312.613996][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.614023][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.614051][ C1] __napi_poll+0xcb/0x490 [ 312.614070][ C1] net_rx_action+0x89b/0x1240 [ 312.614098][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 312.614118][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 312.614148][ C1] ? __pfx_net_tx_action+0x10/0x10 [ 312.614167][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.614198][ C1] handle_softirqs+0x2c5/0x980 [ 312.614224][ C1] ? do_softirq+0x11b/0x1e0 [ 312.614247][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 312.614275][ C1] do_softirq+0x11b/0x1e0 [ 312.614296][ C1] [ 312.614302][ C1] [ 312.614308][ C1] ? __pfx_do_softirq+0x10/0x10 [ 312.614331][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 312.614359][ C1] ? rcu_is_watching+0x15/0xb0 [ 312.614379][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 312.614408][ C1] ? neigh_periodic_work+0xb35/0xd50 [ 312.614426][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 312.614449][ C1] ? neigh_destroy+0x423/0x580 [ 312.614479][ C1] neigh_periodic_work+0xb35/0xd50 [ 312.614500][ C1] ? process_scheduled_works+0x976/0x1850 [ 312.614524][ C1] process_scheduled_works+0xa63/0x1850 [ 312.614561][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 312.614589][ C1] ? assign_work+0x364/0x3d0 [ 312.614614][ C1] worker_thread+0x870/0xd30 [ 312.614641][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 312.614665][ C1] ? __kthread_parkme+0x169/0x1d0 [ 312.614692][ C1] ? __pfx_worker_thread+0x10/0x10 [ 312.614716][ C1] kthread+0x2f0/0x390 [ 312.614732][ C1] ? __pfx_worker_thread+0x10/0x10 [ 312.614755][ C1] ? __pfx_kthread+0x10/0x10 [ 312.614772][ C1] ret_from_fork+0x4b/0x80 [ 312.614797][ C1] ? __pfx_kthread+0x10/0x10 [ 312.614813][ C1] ret_from_fork_asm+0x1a/0x30 [ 312.614845][ C1] [ 318.297242][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P6953 } 11123 jiffies s: 9581 root: 0x0/T [ 318.315020][ T19] rcu: blocking rcu_node structures (internal RCU debug):