last executing test programs: 1m33.078827748s ago: executing program 2 (id=4770): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getpeername$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14) sendto$packet(0xffffffffffffffff, &(0x7f0000000900)="588f245e0b7bcf0c06a9b8d10e3dc81c3aa971c2573473e43321e52bf9b4e033b3389b7d35e1a162a116ade0e08fb2539c5c98f63da25278d4aae083bd894e1143629e96116590cc64a354a737a28af0b6d2c860aa190609267113055581b6f2a00c52e85914bde054e048edc4b6328a3093653b4bffe06a71867aee527f7adf8b063b6b0ef2b67ca16205", 0x8b, 0x4000004, &(0x7f0000000400)={0x11, 0x17, r5, 0x1, 0x1, 0x6, @local}, 0x14) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="380000001000370400"/20, @ANYRES32=r6, @ANYBLOB="89040400000000001800128008000100736974000c00028008000100", @ANYRES32=r6], 0x38}}, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x2, {0x0, 0x0, 0xe403, r6}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast1}, @IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6, 0xe, 0x2a36}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@newlink={0x48, 0x10, 0x1, 0x71bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x7afc5, 0xe0f}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, @IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}]}, 0x48}}, 0x0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001100)=@newlink={0x4c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x50a10, 0x51a23}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OKEY={0x8}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x6}]}}}]}, 0x4c}}, 0x20040040) ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000040)={0x300, 0x140, 0xa0, 0x3f, 0x7, 0x1, 0x20, 0x0, {}, {}, {0x0, 0xffffffff}, {}, 0x2, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0xfffffffd, 0x80000, 0x8, 0x4, 0x0, 0x0, 0xa}) ioctl$BTRFS_IOC_BALANCE_V2(r8, 0xc4009420, &(0x7f0000000500)={0x8, 0x6, {0x7, @struct={0x8, 0x9}, 0x0, 0x6, 0x5, 0x0, 0x5, 0x8, 0x40a, @usage=0x8, 0x4, 0x7, [0x5, 0xd13, 0x9, 0x7f, 0x1, 0x7]}, {0xf161, @struct={0x6, 0xd}, 0x0, 0xc, 0x80000001, 0x100, 0xfffffffffffffff7, 0x10000, 0x80, @usage=0x80000000, 0x1, 0x5, [0x8, 0xc, 0x3, 0xffffffffffffffff, 0x9, 0x8001]}, {0x6c, @usage=0x80000001, 0x0, 0x0, 0x100000000, 0x7, 0xfff, 0x1, 0x479, @struct={0x7fffffff, 0x7f}, 0x5, 0xe1b, [0x1, 0x3, 0x6, 0x3ff, 0x7, 0xe26]}, {0xffffffff, 0x5, 0x5}}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r10, 0x80045300, &(0x7f0000000180)) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="fffffede00040000000000000000000000000100", @ANYRES32=0x0, @ANYBLOB="1111020031000000280012800b0001006d61637365630000180002800c0004000400000100c28000080005000500000008000500", @ANYRES32=r7, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) 1m32.338656557s ago: executing program 2 (id=4774): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESHEX], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x4000000) r2 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4040000) bind$inet6(r2, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r7, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000200)=0x4) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r6, 0x74) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4a261f842890d8a56cec003c72a9428ec3536dc79a6ffd74be9ba07c11eb6448743d5f109af4013155d5e3bad3e8d2cc5d2b0d4a88bc31664d0d08d5b0806af92684bd47a6cf9e31040e8221ad56885dad784ee28ecf312fafa025", @ANYRES16=r10, @ANYBLOB="010000000000000000000100000014000180060001000200000008000300ac1414aa"], 0x28}}, 0x0) r11 = socket$netlink(0x10, 0x3, 0x13) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001700)={0x123c, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0xc390}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x1200, 0x7d, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xcb, 0x0, "66c2db908e3babd7497a4cc66895b5701a48bdb7b20a8dc1a84dbabe8820b0ff2fc30569febf20525c28dfc322967d715bfe1930323b20e30048799629f36b05782c76e3eff0a6158da23519a1598073d4715bee9074fad0ca1f1e4ddb8399a63143f09386865335de93c29e1fdc774590a1445123ab51b087b36446e8bfe5aaeda5267d8f4fa43a453de8dd463b54608a2193f63a27de41cd0202bc730aaa5d421b85d46b1f1bb4cf04553fbafb3e364001d5ee6746bbf2b3b17f1e8a18d9be9040017ab76995"}, @NL80211_BAND_6GHZ={0x33, 0x3, "2890e5e1cced3f066f25834d126153edf5ac0268a9eb4eccffc8977f64d89035b51a1b5ce19cd80121ef54643a74e2"}, @NL80211_BAND_6GHZ={0x1004, 0x3, "f0ca6ca852ba80c11ad1f3a793e0db828a2885036b8a4900280145872500191b6402d0f0f05a279fa96fa34bd143a8332c13e3343ebbed64c1f5b964b44ad92faa166603de03ad4ff1b2de3f2e851fad70bb3c17d79550ba59cbf3e827519c517eb792b6149988777a54f2cfeb31fcaf39de6bc0b185ca3224cfadcc5bc54efe899931263ce2839a5a78440e29ad8733552c7808304388cc2ccc5a3846c864cca110e662eed3e5467d2a756245905b05f82f7782d5b6e8532cf690132db360363d25012d959f0053e341bfc48da8ff684dac24ae189716330a539258ab3d3582ced55a39e3633c814e60b71082fa7910739a271a96f5ba8b7c6219c1d4f67bd4e31b3a04a69d6b3c3c89882f2ddbba98c6496666caf50e4ce6ddba8ec92f5c67d97b38bc782679a5b23c07d40917f7867e7b1221b1f51b3efdc55afbcd21f99a1635a6591a0e644153c80d43ace76b8de9899640a1b55262c4241a29c6d57a2e886d5ba4d691f6e3e964e6b91fb49efb49257d78abf86aa256b4f3159f7864277182e86ffee34976e9fb7495523a908768052606fdf3a1728b422e83fa42d6960d4927dfb6cd2ac81b6c893877242639972f87e7bc12b0ef8efc159f0841dc100646831fd23f6161c4cc27ad719adde097dfa8f249abd396c2ed841c18522e281bbd77ee4982caa085cb61f5b11b75e36d4578ce217bcae9f7444e47f2b75e0eef2066dfc3167450c424ca050a30179f33cc6b48f7f96d18b47623a02b91bbdc101ac79ec518288f7d0f6e9f6f951d9c6d49a0bc0a8a87cc93a7e90a3db20345527e44a9a115ceab73b2df7557afbdd29c3824fabe548347340dd6e7071e335c585532e9fb22766d34b7cbae0aa25804570e70c72e1f911fe52fec0cba38cf03fd1a156dd2d2981311f9ffc55848ac913a55b7262aeb470b6ba25f28df2b6a3a9ecf09040aab4392256a815c0819f046524a61fe75068884930f54b08a1376a5f12ae69c8144892a4380cb01d004f016ee710635a49c71863072988273c0986779c806e5d4cc462d0f07fcaeca9f85845594c5a831d24ff76ddf04a7bd16e717f354a866a107c248146ca694d84dbd563e67a33b96ab69a1475438f8b86a6654c534fa00e8f74d515a743ab0492bfa088935c9e036db4b32e3106719dca517ec72c783841f460cd52c4ab76b04b7c276e07a99da9f5ba04a0e8d74b46cd383a0edd63ccb982991bfd0bd3d04c3c1b7faa5bebbfdde0a6f5c4bee4594de6709317f8fcbe8eda7c5445bec04f523b1be4e7e0f3cc763ee1095d96cf4cce652e2c2c6e0afd1348f2c9bd478e60c104bb953c43410aab95d0e07b740944831824879b4aeef37906bea72e97ac97364290ec0ca6ea29194ebe6dfde37956b7a342c6298d6e00418ed135a82a407eabd0348016da0ce04d9763fd26f3d8af6f0a03693cd7c747c755c9a6a64f6187bcbe4507f477b3b647852f650442a0baed5b55ec39cc286757af80c2e6d6e02aa92964bfe336d2644acbc8d0f3fde915203775415c600231363017cd1fe4405193552888431ea95a400ea30031a7b92a92362c5b197465a5df113ac656fd8927fe48372b66d581f33c505424535f45d69967f9ec8156d5d8115069aec6cb98db52afc03767a204bd573757458eb44f741a727f711cdc2b8dddc31998448b9e14c7ba4247efaeadb6d26b8d761a9aa60ed2a43a711a8f71e0bcd30ca42bf82ee9eea89869f8824751d57228acfa1d58683ab342d0cdae0dc75642cfff8d8defceeb326c667b84ffc0bf060f97efde2cde716273ee6d076a4d9af1c08653df19a920fe1e788de2f7be982fee02e7ab8a6a28f428942a92d17bca9027c39d1102bdcb3c6cb4c35a3f72a12ec7f3da005f1756a2afdc5c63953fb11f3e99d163b8d5bf188fba9aa8ba855e5b2f9e9b002ebc3301c6a7bd9da5137acc2334470c10f6af7e0b804183a82f0085bb5f3baa7d14be94bd737eb6859082a12579db96fa5a794908727fdde4e935d61397dfdd4d26a5a41e8753dfda56b1c7f4ba0a3a3b0fbf86a9ed78b669d58397d7ca812bc6d4d1fff45115537b67397b777a81ee7ae24afe23e4dd064f4fc163c8d15300517cd05f3bb062f530d62c51d66e6bca6caaa356a83ab1b16a73f6375c2d864cdaae34196e98c486720319b1dfbcdf7e4eedd33d07a021be0215e36bd23bfa5d13acc15575a9b36cd670b556c70c9a8432b0acc9d0253b04bbfaba88fe25b70677ba511e029632315a81018254701e2a8f0ae79b32c6a65953e2c7151c659daa0317dfc281cc9261e081eb1801d5ddfc87eb7a8809bb1f7143eca89a213776f7c70e51f55a354c79fb0fce815892262bc5163e135490ba512ac05c4b821967c4ac2a81fe8a64d2821f2b194d93237c103ed07bde3c61a60d3a2a5564c83651c354dd35dbe1b351ee5c48f6ce5e2eb80a53c52d191b5b369756a7b79dafdad9c7c5045a34daa54ba2ee60903b128f9cebeba41c9096a36267b2881d83976522bb3e872d12c7b516ed4f48371fdfa0a91461a26876515e37724d446e9737ea47758d11921dae123f939ecee8f0000e242947025559cf7e2c0aceabf2ee03b129f2fc7d73ff9a9dd338dc123d8a788bb396d562fccd748e1b21f21987011a344e3af9007d6b79afce10a6eed487ab6034b7433405fe3b1faf9a1078a1d92ae9715856b0df931c245de0ed1e8cc06dce4889b5824aceba2d8f8bec9c2e8675329285332bc8edffb1045f80dbef9ae5538d109a6b4311a9250d9d177d7638dc2e33aadc61d24275e9ff4b10b4f688991f3262ca044b416c33470a0d5ccea21d99c9352f1259da9c9a11bc37e958dd177b61c4123e5d52b75a83208c1436b3d2f26cda1281583b17ea734cbe7450123da1af5dcaee1dc6f0306b80c2c2d00eda50cc7fe943925cc776a1a2d986bfd611b9d8c267c81fb6027b288ee36022a1c1630e85961751911a22736cd0fb0dd94c6f8b969dafc41c2a5c5f3dbcc24989a80ed88e45097c6b5639048d251bdb66bde9b28d28dc3d751bab6dc0269a4ab6c395cd585404998b97fe8c760ad5cf78d5c56da419037aafb8573919dba7a78ae614d4c04416904d54ec5eea0cee2e72f6835d11901ac70ba4a61a683247f0fbf0830d80286a2dc4de4b86fe2f0295780eaa2acb8646e9ec0d856b4337b94f17b00016f9711c09a576b8ad4209cbee273433b59e5b5d25be7b46fb3c8c9424daf67f301dfea42ce7b799ec925ba561d9e74f129bba9e5f84acbdf7ad7713d928489f64f43b00ca0f8a522ec7c9b9913e3d926b1035165cbdb7fe0e085a91246fa0eb819dc6b20cfa5b4e2e06ef839b45315e5eea29b2b7e8347c9a35f4fe7e953e7f2aba1dcac28bc141399e85e3d2292a41133a30ad7fddb99dbb41d193b30351056f3faebaf9db975b4f0c8f0f8a5ac4f7cf045aa96e5909c3f94b21fdb3c33a0fb86a218d03054d8b90052c19221006a9bbaa2330d414cb701e510393ff38b744ce56120d8630ab62b6b15716dfac6c353a40c43e5868d48dd5a766c0dbb0617002818c55da06105b764861b489bce60899cc8bbbdab3c3063499de38525359d6c8e8ca244b256f8fa67c186c2f1a2e739fca8931b5d60cc536f40fd1de4df82af9eefd9ce0d57eac0908526dac72378b022f0886422632d16c2c24886baed7f6d78a229ef0f957c9ba45e1a37e3bdb12bfa3cc2414c444ee7eba2b26376e379e38617b81edcfd2a7c958aa4500ac46dddce5a82b81c2cc3cc20c6165f2bc79e6c10c8dc30a47445b4094d89179d4bd29c7d707be60fc56bfda226cb1b14bbdc37d552bac4a888b7d20da362fc70032b5965609e5993d51acc94cd77592ca2edf37f0a3af9c3a4dd00d336cdefabd2279d1f7325f8291dc0932ed5ba1dd9332298d9e556dc9f05750f3e08d3639b185cf241b850705925d596551f0093f7fc1bac8ddd31bf93fa021f03187fcab58e6b6f85903812fefcb79f7e8c409582f9d3c03b834a6f6941193b355f6a559ece822f67035e778ee6ad9ef30c1a1856c825e74734b122bc8dee01365f802bfafe28d9532e7585d7c4042f636da167e64bb1b30ae47e90bdc5e2170ca5f8cf02ebd4a29e30fdb068a8dda55307c836d494bbbd207f6623b1c14eb048bc5f294204ee5070622ea80b24552639b25fcf11ab03eb79e8914b8cc3a74c6c9a607f6e2aa0cbda717d3947f0515a315c8a4b5057f5d6fa410cc716a7e9b3b5f20a99ebd1b421968ae237d55c7f921ded72fd25bb291a980a22c2b19ed2b05b1ecd5fc928b013dd837c3b6c3b4409c15ee30f973b14e394598980c532ded5e916b122946198d64fc0eb720c4afbe72f3c5773562adb50d1a6689b1db52723b4f0f93b5b454c77cd7f69d0fdb11f74b2a26d265bb6ceaa472d61ffd9949d12250f55b5e6b751c1af02f25c5fedf0389f19e4a560976ab765f57228dccfbe6bf0e930920acd84ae5b9d00dcf18918525809c3dcaf849b739277ff0a0752696e2b7ae18f5a4c44ddaea8e38886ded8117291421917c17266f399513d3d87bff98454e9428dc3d6fe283b2add8fdaaa93ee1ffed763e80d27e2928f5a37726ce7e5d6ac950fbe34c4307dfa28f3d9730a79cb5236618a3ec4e972ba86ab1b1189dfa7040f49f758a68b14f131881d9c75d7273ae21ba65f8665984825c4240e52ad235a5413c2957a4333b21c56dfff72a3606fdec4825418e089baae17e94acf1efc2c02467dc7fac3f69e92b9de4855f96f0ed36e7edd265d235b09d673c15d7c8506083eb8a91063979dba24ae2bf33126a24cb20264de9ee1c28657610cf3501ee49a34cb07ef479d087124936e3df8317eb28cdd8ebf32a60d691e0ac54eb1c35e62ab31b30376f1ef8df0b5f15c7a459237577f348b125fcba01575df0e70f2bc3c183f9bc594691e280141b7226626bbd08d3f76e1e2a6cce7a272f2b738e7ee00c3378aab58df43f8031417c0eead0d8129ca7c554397a1abea4289bbc6d9f5943b4fdbae27171bc6aa00414a3b3e7616bb4de3d28f1d5f7ef5306a090f37a6a90cbc723af7e2d28f15157e40ae386fabac099990bb50fac8c34093b465adfa5bb078a3eaa2c2c18f0b977b68bc91fa51be6f986005e5b950308c8fa474c6cfd8fc1f91bbaada5ec8451b7c82bb60959d44539b3d69ec1863ed03841409e24837ae4ad8b39f8954ced052493c30a8923bc40f1cd995b03925264cb7232df26cdaf7d9555b3f9c770b1b3d7e77f01ee9ba187adcfb30d7f0c8228ec7176cd0fb79eea941e48e05bc2a8d05ad7e2854981cd482f600ba0691faf8bfada80b97b8c69e12edd27fe283bd71bbc44bc1fcc49d855eaa1d2357ea4b4b6c82423acf3d68cd6ea82bfd271f278ac253fc4c08f30c56adb5cf487854594e6afac69f258104d9914b0b0eb9faee58a0c358280e0e09911ae354cc873c090182fc63175bcd7f6ae0cdca0db679eda2364a0c7fb8e45be6ee3d8d5d5d496caa1c205b0fc1a0434917162474f617426ecd0166cbafa9ea7e5ca5f653f2ff23ec546d2aa616b4a95fd9cdde711c086f42ec76277479c10db90363b93d59386cb81b2168395cabd9b98c09dfcf3442f2036fa2b0923bc6db58d5ffb37e9ba54d7edc9bfbfdf6272772c18a3f92ce9215774d82f83d0f1dae7b5287dfc6508b138c9af9fd9d0deecce8db723e9dc278b68e67fda6da8a4945a42cd120798c4ca1c8360a750e1f5e70cf3861210e12e5db003dc9fd88cc0795e702f9bb8ac8c7359c6ad1c3"}, @NL80211_BAND_6GHZ={0xf5, 0x3, "724a3867a0559a068c61ec5af50f4350732db2daa09d614b57fc40160fd1411bc63c340f7f3f1e1942ea1124dcf74ae6361161ae6263302cf211e6744c1faac19d64a47923f46dec675c9986d75c912ceaa541d4740d72d8d6109d7258b6a6f0969cd9268114386a941c6215c260b2f969892f6be5cbafd5a1dcd56fd571855ced057bfee943043383def933ad694951ec0fc58984737e921417776213c2fae991a98ddd63ea68fb5f575b93946b7b0dfff42bab317f19fc618cdb8546cbf9540626691a1e5c66d5d629a63049b2dc04b507efd6e89e03468a2a984764411efa8811bcf09767de47aefb94f7da76eaab33"}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@broadcast}]}, 0x123c}, 0x1, 0x0, 0x0, 0x20008000}, 0x40800) socket$alg(0x26, 0x5, 0x0) 1m30.155143814s ago: executing program 2 (id=4783): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x4, 0x58482) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x46) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xc, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = socket(0x11, 0x5, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000140)=0xec5, 0x4) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffec00000000000000000000000000010ff020000000000000000000000000001"], 0x340a) recvmmsg(r4, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="03010100000000000000130000000e0001"], 0x34}}, 0x0) ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) getpid() r8 = syz_open_procfs(0x0, &(0x7f0000000240)='statm\x00') readahead(r8, 0x8, 0xc) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0xac, r7, 0x200, 0x70bd29, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x0, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD}, {@nsim={{0xa}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r8}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000400) 1m28.357144393s ago: executing program 2 (id=4786): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x123) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SG_GET_LOW_DMA(r2, 0x227a, &(0x7f0000000240)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="04060386c9"], 0x6) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4090}, 0x0) socket(0x9, 0x2, 0x10001) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000046cc97b3ae7d3b36cb3d05f8ec06dcae961bac4ae79df383da83bfe0274d7b62024d3a5c0969f25711ba3e08bd069ce44215a2a6586ed44d5a40810e7ed9d5cb787e2dca81b0789dcc60605677d4b3f76c03b1becf4a084ff3ee35e555bccb325e9050ff22b85c0a5390a8e0dee0fbb1ddb66ad58976bae1a3c31d130ee8607e98544cfab1", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 1m27.441437798s ago: executing program 2 (id=4790): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x80080, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) fsopen(&(0x7f0000000340)='ocfs2\x00', 0x0) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000001c0)={"3c24139ed44aec57f2e2ad238e7b448ed886923c31d4a043e3b614fd00", 0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r8, @ANYBLOB="0008000007500500580012800b000100627269646765000048000280050019000200000005"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0) close_range(r2, r5, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4088800) eventfd2(0x5, 0x1) io_submit(0x0, 0x0, 0x0) 1m25.470840116s ago: executing program 2 (id=4800): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0x1, &(0x7f0000000940)) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file4\x00', 0xc000, 0x74e) openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb) r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_ep_write(r2, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r3, 0x0, 0x0) syz_usb_disconnect(r2) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00005e3000/0x3000)=nil, 0x3000, 0xc, 0x9, 0x2000) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 1m24.967757601s ago: executing program 32 (id=4800): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0x1, &(0x7f0000000940)) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file4\x00', 0xc000, 0x74e) openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb) r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_ep_write(r2, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r3, 0x0, 0x0) syz_usb_disconnect(r2) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00005e3000/0x3000)=nil, 0x3000, 0xc, 0x9, 0x2000) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 9.648303972s ago: executing program 5 (id=5122): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) fdatasync(r2) close(r0) 9.450179024s ago: executing program 5 (id=5124): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x62) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x501443, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) fsopen(0x0, 0x1) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TCSETS(r2, 0x5402, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000280)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x64, 0x0, @fd, 0x2, 0x0, 0x0, 0x18, 0x0, {0x1}}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5b", 0x30}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) socket$inet(0x2, 0x3, 0x1) syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r8 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x257}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r8, 0x847ba, 0x0, 0xe, 0x0, 0x0) 5.769522095s ago: executing program 1 (id=5135): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x272, 0xb, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffe, 0xfffffffc, 0x80007, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb10, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x3, 0x0, 0x10, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80003, 0x0, 0xffffffff, 0x1, 0x0, 0x9, 0x0, 0x0, 0x105, 0x0, 0x9, 0x0, 0x0, 0x4, 0x0, 0x40000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0xffff, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800004, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x7, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x31, 0x0, 0x0, 0xfffd, 0x0, 0x6}, {0xff, 0x2, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x7f}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) fanotify_mark(0xffffffffffffffff, 0x294, 0x28, 0xffffffffffffffff, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50) syz_open_dev$video4linux(&(0x7f0000000400), 0x7, 0x0) syz_io_uring_setup(0x0, 0xfffffffffffffffe, 0x0, 0x0) 5.476579164s ago: executing program 3 (id=5137): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000000080), &(0x7f0000000100)}, 0x20) (async) getpeername$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2275, &(0x7f00000018c0)) (async) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000400)={@cgroup=r2, 0x4, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'}) socket$kcm(0x29, 0x7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000407110b5000000000026000000000010009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009) (async) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) (async) gettid() (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) (async) syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x8) r5 = socket(0x10, 0x803, 0x0) write(0xffffffffffffffff, &(0x7f0000000280)="2600000022e8010000000000b7b26d3478cc6f920a97c99f494e07000000f84fcf47e2af0bf99f8e4644296b971c7e790de746b25b9f5bb3b997532baeeaa130bc227f9e316582db8c66d3bc8292bcf501955811853747480dc8fbc245031aa969f310dc37bb173f7adfa93d8af97bd91fdd4f171b9039ee91a81faada721238651bb440285912282d7ae6e309d0c6c3755ad63bc68de2b94012acbc969bd7adb9c7a17c9bd2cb3318183928398fb3f4198681e6d9d51539", 0xb8) (async) setsockopt$sock_int(r5, 0x1, 0x8, 0x0, 0x0) (async) r6 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c) (async) setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000880)=0xfbf, 0x4) sendto$inet6(r6, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000040)={0xa, 0x4e20, 0xfffffffd, @empty, 0x6}, 0x1c) (async) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) (async) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000001040)={'lo\x00', {0x2, 0x4e1e, @broadcast}}) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) (async) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 5.22504799s ago: executing program 3 (id=5140): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="60000000020605000000000000000000070000001400078008001140000000000800124000000c8f0500010006000000050005000200000005000400000000000900020073797a310000000814000300686173683a69702c706f72742c6970"], 0x60}}, 0x20044050) 5.071270021s ago: executing program 3 (id=5142): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x20, 0x8}, {0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x93c, 0x1d}, {0x0, 0x0, 0x0, 0x2dc}}, [@tmpl={0x144, 0x5, [{{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x1a}, 0x3500, 0x0, 0x0, 0xff}, {{@in6=@remote, 0x0, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3502}, {{@in6=@loopback, 0x4d3, 0x3c}, 0x2, @in=@multicast2, 0x0, 0x1, 0x3, 0x0, 0xfffffffd, 0x7}, {{@in6=@empty, 0x0, 0x32}, 0x2, @in6=@remote, 0x3500, 0x0, 0x0, 0x0, 0x0, 0x300, 0xa}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@mcast1, 0x0, 0x1, 0x0, 0x1d}]}]}, 0x1fc}}, 0x14000) 5.063886392s ago: executing program 4 (id=5143): r0 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100060c10000000000000000010", 0x58}], 0x1) 4.899042298s ago: executing program 3 (id=5144): syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa20000000000086dd6c2d01000019840100000000000000000002000000010102fe8000000000000000000000000020aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0) 4.746493512s ago: executing program 4 (id=5145): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) fdatasync(r2) close(r0) 4.705713693s ago: executing program 1 (id=5146): r0 = userfaultfd(0x80801) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000080)={0x10000000}) 4.703639817s ago: executing program 3 (id=5147): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x0, 0x0, 0x1, 0x1}, 0x20) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x4000002, 0x2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002200)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}, {0x1c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x94}}, 0x0) close(0xffffffffffffffff) fsetxattr$security_capability(r1, 0x0, 0x0, 0x0, 0x1) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x67, 0x0, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r4, &(0x7f0000002140)={0xa, 0x4e22, 0x8, @mcast2, 0x5}, 0x1c) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000480)={0x0, 'lo\x00', {0x2}, 0x2}) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000002c0)={'\x00', 0xc, 0xb3a, 0x2, 0x0, 0x0, 0x0}) syz_open_procfs(r6, &(0x7f0000000100)='fdinfo\x00') ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x30f07f, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) 4.482970486s ago: executing program 1 (id=5148): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB], 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd67001b0100183afffe880000000000000000000000000201ff020000000000000000eaffffffff0086009078"], 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=0x0) sched_setattr(r2, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='westwood', 0x8) socket$alg(0x26, 0x5, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/cgroup\x00') r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRES32=r4], 0x0, 0x0, 0x0) read$FUSE(r5, &(0x7f0000007100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0xfffffffffffffff5, r6, {0x7, 0x2b, 0xe, 0x0, 0x2000, 0x10, 0x1, 0xbffffff5, 0x0, 0x0, 0x80, 0x7}}, 0x50) read$FUSE(r5, &(0x7f0000002900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000000000)={0x10, 0x0, r7}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x598ecaebf4e695b5, 0x0) timerfd_create(0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00') lseek(r8, 0x4, 0x0) 4.48036569s ago: executing program 4 (id=5149): ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01864c1, &(0x7f0000000000)={0x0, 0x1, 0xffffffffffffffff}) r1 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r2, 0x0, 0x0}) ioctl$MEDIA_REQUEST_IOC_QUEUE(r2, 0x7c80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.245856358s ago: executing program 4 (id=5150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000900000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c000480380001800e000100696d6d656469617465000000240002800800014000000000180002801400028008000180fffffffc08000340000000010900010073797a30"], 0xd8}}, 0x0) 4.187178637s ago: executing program 5 (id=5151): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x10000, 0x0, 0x9000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1fa, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]}) syz_clone(0xf024100, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000c000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x4, 0x0, 0x0) socket$inet6(0x2d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000040), 0xfffffffffffffffe, 0x442) pipe2$watch_queue(&(0x7f0000000000), 0x80) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.876836702s ago: executing program 4 (id=5152): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r1, 0x0, &(0x7f0000000300)='V', 0x1, 0xfffffffffffffffe}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x9}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000000840)="fc", 0x1, 0x80000000000}) syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0xea, 0x92, 0x4f, 0x20, 0x1410, 0x9011, 0x7f6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x21, 0x20, 0x6, "", [{{0x9, 0x4, 0xf6, 0x0, 0x0, 0x2, 0x6, 0x0, 0x8, [@uac_as={[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xfff7, 0xadd1}]}]}}]}}]}}, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x20, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x808) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000200)={0x0, 0x0, 0x6, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) r7 = syz_open_pts(r6, 0x0) ioctl$TIOCGETD(r7, 0x5424, &(0x7f0000001f00)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@empty, 0x0, 0x4, 0x1, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe, 0x4}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}}, 0x50) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000001"], 0xb8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x4044015}, 0x40010) sendmsg$nl_xfrm(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r1, 0x0, &(0x7f0000ae1000/0x1000)=nil, 0x1000, 0x3}) 2.920956796s ago: executing program 5 (id=5154): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a0, 0x0, 0x111, 0x4b4, 0x0, 0x700, 0x2d0, 0x278, 0x278, 0x2d0, 0x278, 0x3, 0x0, {[{{@ipv6={@mcast2, @empty, [], [0x0, 0xff000000], 'vlan0\x00', 'geneve1\x00', {0xff}, {}, 0x84, 0x0, 0x0, 0x4}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0xff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe]}}, @common=@unspec=@connmark={{0x30}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x5, 'snmp\x00', 'syz0\x00'}}}, {{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, [0xff000000, 0x0, 0xff, 0xff000000], [0x0, 0x700], 'veth0_to_bond\x00', 'veth0_to_team\x00', {}, {}, 0x32}, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0x3b, 0xe, 0x80, 0x9, 0x3, 0x340, 0x2400}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xf, 0x0, 0x46c7, 0x0, 'syz0\x00', 'syz0\x00', {0x800}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) 2.694876244s ago: executing program 5 (id=5155): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000107, 0x0, 0x8}]}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0x6}, {0x3}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) r2 = syz_io_uring_setup(0x837, &(0x7f0000000540)={0x0, 0x2b94, 0x80, 0x7, 0x3cf}, &(0x7f0000000140)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0x9, &(0x7f00000000c0), 0x1, 0x4}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r1, &(0x7f0000000040)={0x10000000}) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x400000000010, 0x3, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$inet(r9, &(0x7f000000a4c0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000001c0)="e2ef7b486e", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)}}], 0x2, 0x4000) close(r9) r10 = dup(r8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r10, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r7, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES16=r5, @ANYRES16=r8], 0x50}, 0x1, 0x0, 0x0, 0x484d}, 0x808) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYRESDEC, @ANYRESHEX=r11, @ANYBLOB="2523dad0a4b5a2dda5a2898af0c3db1bc88c3684f3a1f60e3d242a2ed29fe7d0febb041181cef4a9bfed45f42f0f028488170660f22fda5c1479a467c400b02d13bd0d9c89ab36af260752cecedbd641c3ffa36a85fd88a83912159311791610d1621f10e3741d655ea7579c2b3f336a0a4cdc3e55354446d4a2b5600dcfb8a9d61de7bcfee090051f1d733dcf3e1a762b209acf270f729ee81ad0db0ffd5b64b8e0ca44f342ad63088990deb6890dde55914e7c4532af53568a66bb2634573872c0a7d43f0fdcddabbb576013ceef5573d184396b1e3e56020fb86bd274fc211dea39bcb1758789d70c37befad5204567d35893f46333c387d4d8", @ANYRES32=r3, @ANYRESOCT=r3, @ANYRES8=r6, @ANYRESDEC=r10], 0x30}, 0x1, 0x0, 0x0, 0x8880}, 0x0) 2.691769444s ago: executing program 3 (id=5156): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104a380102030109021b0001000010000904590201801e2a00090582"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x20, 0x8, 0xbc, {0xbc, 0x22, "bc8759e90f601765c7d285158f8a2c2542cdee00adda76ccd2e49edbd5b38b557253e9a6afefc40bca2d9788652d428bea4ac2b1310cf8145cba33bdccf44affed3375a13da0ca734524412b3583896b100fe38ad2428dcab302596eba0778a8a04861eca116471ed3091d6b6ad3d554519460529e0295caf5ea6c1f7c6bdb263ef5c5caffda27cebc2a3499fae13108bae5df63c401642a5c9daffa707f345e08d22fc8d449c76b903764e487ab403718664d9be351acb4f262"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x0, 0xa, 0x1a, "f9e34b45a87ea98d771686d0323039a240d0fb4dfd9a04273dd9"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0x1, 0x8, 0x60000, 0x90, 0x0, 0x400, 0x7, 0x4, 0x6, 0x200, 0x120, 0x4a}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x800}, &(0x7f0000000340)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0x1ff}, &(0x7f0000000440)={0x20, 0x89, 0x2}}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000240)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000380)={0x0, 0x30, 0x2, "a1db"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.584833397s ago: executing program 1 (id=5157): syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) lseek(r2, 0x6, 0x1) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched_retired(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=@deltclass={0x190, 0x29, 0x200, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xd, 0x3}, {0x0, 0x8}, {0x5, 0xd}}, [@c_atm={{0x8}, {0xc, 0x2, [@TCA_ATM_FD={0x8, 0x1, r0}]}}, @c_atm={{0x8}, {0x28, 0x2, [@TCA_ATM_HDR={0x22, 0x3, "f99a6544b7a02a9a26227df060ddef5afd487aa25fd612b70975739a27fa"}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x1}}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x10}}}, @c_cbq={{0x8}, {0xac, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0xa, 0x3}, 0x200, 0x80000000}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x9, 0x0, 0xe, 0xf8, 0x3, 0x1}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x2, 0x8, 0x1, 0x1, 0x7fff, 0x8}}, @TCA_CBQ_RATE={0x10, 0x5, {0x9, 0x2, 0x5, 0x2, 0x8, 0x72}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0xd, 0x1, 0x11, 0x1, 0xa3, 0x9, 0xd8629fd, 0x8}}, @TCA_CBQ_RATE={0x10, 0x5, {0x1, 0x2, 0x1, 0x6, 0x0, 0x3376}}, @TCA_CBQ_WRROPT={0x61, 0x2, {0xf7, 0x8, 0x80, 0x81, 0x95a, 0x5}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x0, 0xc}, 0x748, 0x200}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0xa, 0x8}, 0x5, 0x8}}, @TCA_CBQ_RATE={0x10, 0x5, {0x4, 0x1, 0x0, 0x9, 0x44, 0x10000}}]}}, @c_atm={{0x8}, {0x3c, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xa, 0xb}}, @TCA_ATM_FD={0x8, 0x1, r5}, @TCA_ATM_HDR={0xb, 0x3, "ecdb27abc34060"}, @TCA_ATM_HDR={0xc, 0x3, "9ab81ce2e0507fec"}, @TCA_ATM_FD={0x8}, @TCA_ATM_FD={0x8, 0x1, r0}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x80}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000012edfffebfa30000180000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000003f000000000000005504000001ed0a002500000017ffffff46040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9e104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f1300010000949b3aab06b1e042ff2164d80c8ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1e0600bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6330000000000000000000000000000000000004000000000000000038600008fb854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8265e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb66701f4578ba4cb9b706e605a88c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f6a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cf026657a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2cccb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400090300000021911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a8f01bc4b73cc31df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21c24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a3c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68000000000099347593f67da85d1c962bfb320d1553a74ec3bf003ba62b1784dbf0168a7e85f28b77bdebce96bf386a6dd5df162a16f2b7e8a4de0ffc464a87f91f81866d2ef0af71ebb07a739c3cb1b7000000000000"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x43}, 0x48) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42042, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d03, 0x2000000, 0x1}]}) syz_kvm_setup_syzos_vm$x86(r7, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408000000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r10, @ANYBLOB="0000000000000000b703000008"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94) sendmsg$nl_xfrm(r9, &(0x7f0000005880)={0x0, 0x0, &(0x7f0000005840)={&(0x7f0000001c80)=ANY=[@ANYBLOB="34000000120001"], 0x34}, 0x1, 0x0, 0x0, 0x1090}, 0x40080) ioctl$F2FS_IOC_GET_PIN_FILE(r9, 0x8004f50e, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) 2.436892986s ago: executing program 0 (id=5158): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000000)='+\'\x00', 0x3) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x20, 0x8}, {0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x93c, 0x1d}, {0x0, 0x0, 0x0, 0x2dc}}, [@tmpl={0x104, 0x5, [{{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@empty, 0x3500, 0x0, 0x0, 0xff}, {{@in6=@remote, 0x0, 0x32}, 0x0, @in6=@remote, 0x3502}, {{@in6=@loopback, 0x4d3, 0x3c}, 0x2, @in=@multicast2, 0x0, 0x1, 0x3, 0x0, 0xfffffffd, 0x7}, {{@in=@broadcast, 0x0, 0x6c}, 0x2, @in6=@mcast1, 0x0, 0x1, 0x0, 0x1d}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x24040850}, 0x14000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2.234044539s ago: executing program 0 (id=5159): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) fdatasync(r2) close(r0) 2.147959932s ago: executing program 0 (id=5160): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x40000080}, 0x40000) 1.805834242s ago: executing program 0 (id=5161): r0 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100060c10000000000000000140", 0x58}], 0x1) 1.490771064s ago: executing program 0 (id=5162): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000400019070000000000000025037c00000c00428008000a"], 0x20}, 0x1, 0x0, 0x0, 0x48814}, 0xc000) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) r1 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 976.83545ms ago: executing program 0 (id=5163): syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100003a982a08cd0ca310a22301020301090212"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c0400001000010400000000000000", @ANYRES32=r0, @ANYBLOB="10100000000000000800002005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0) 766.516395ms ago: executing program 5 (id=5164): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, 0x0, 0x0) mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) syz_clone(0xa2540400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000afc000/0x1000)=nil, 0x1000, 0x200000c, 0x2010, r0, 0x86c76000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd21, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x54, 0x2, [@TCA_FLOWER_ACT={0x50, 0x3, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x9, 0x5, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x8848}, 0x4080) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x103002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r6, 0x0) 711.244863ms ago: executing program 4 (id=5165): mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) syz_80211_inject_frame(0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x6000}, 0x0) 202.308012ms ago: executing program 1 (id=5166): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x1, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000010000000000000008f30000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000006900000095"], &(0x7f0000000000)='syzkaller\x00', 0xb, 0x0, 0x0, 0x40f00}, 0x94) 0s ago: executing program 1 (id=5167): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0xff72) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000) recvmsg(0xffffffffffffffff, 0x0, 0x12020) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000000800000", @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000010000104000000000000000013050000", @ANYRES32=r5, @ANYBLOB='\"+\x00\x00\x00\x00\x00\x00\b', @ANYRES32=r2], 0x28}}, 0x4000000) kernel console output (not intermixed with test programs): [ 993.275027][T20791] loop5: partition table beyond EOD, truncated [ 993.285294][T20791] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 993.435497][T20798] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4562'. [ 993.882048][ T30] kauditd_printk_skb: 92 callbacks suppressed [ 993.882061][ T30] audit: type=1800 audit(1773579320.477:3864): pid=20807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4564" name="bus" dev="tmpfs" ino=1973 res=0 errno=0 [ 994.494809][ T10] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 994.716614][ T10] usb 2-1: config 0 has an invalid interface number: 16 but max is 0 [ 994.724977][ T10] usb 2-1: config 0 has no interface number 0 [ 994.731156][ T10] usb 2-1: too many endpoints for config 0 interface 16 altsetting 144: 127, using maximum allowed: 30 [ 994.825106][ T10] usb 2-1: config 0 interface 16 altsetting 144 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 994.882495][ T10] usb 2-1: config 0 interface 16 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0 [ 994.964856][ T10] usb 2-1: config 0 interface 16 altsetting 144 has 1 endpoint descriptor, different from the interface descriptor's value: 127 [ 995.029070][ T10] usb 2-1: config 0 interface 16 has no altsetting 0 [ 995.055047][ T10] usb 2-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 995.100607][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 995.145589][ T10] usb 2-1: config 0 descriptor?? [ 995.365448][ T30] audit: type=1326 audit(1773579321.957:3865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.502287][ T30] audit: type=1326 audit(1773579321.957:3866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.588964][ T10] uclogic 0003:5543:004D.001E: interface is invalid, ignoring [ 995.606159][ T30] audit: type=1326 audit(1773579321.957:3867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.646006][T20828] tipc: Started in network mode [ 995.658540][T20828] tipc: Node identity 42c62a803c7a, cluster identity 4711 [ 995.688007][ T30] audit: type=1326 audit(1773579321.957:3868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.715836][T20828] tipc: Enabled bearer , priority 0 [ 995.730788][T20830] syzkaller0: entered promiscuous mode [ 995.739970][T20830] syzkaller0: entered allmulticast mode [ 995.774375][ T30] audit: type=1326 audit(1773579321.957:3869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.846928][ T30] audit: type=1326 audit(1773579321.957:3870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 995.887170][T20832] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4572'. [ 995.986821][ T30] audit: type=1326 audit(1773579321.957:3871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 996.011110][T20828] binder: BC_ATTEMPT_ACQUIRE not supported [ 996.017777][T20828] binder: 20827:20828 ioctl c0306201 200000000540 returned -22 [ 996.061090][ T30] audit: type=1326 audit(1773579321.957:3872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 996.084857][ T30] audit: type=1326 audit(1773579321.957:3873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20823 comm="syz.4.4570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 996.085203][T20834] tipc: Resetting bearer [ 996.181295][T20827] tipc: Resetting bearer [ 996.257548][T20827] tipc: Disabling bearer [ 996.799229][T20839] tipc: Enabled bearer , priority 0 [ 997.034653][ T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 997.150287][T20838] tipc: Disabling bearer [ 997.204689][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 997.218186][ T10] usb 4-1: config 0 has an invalid interface number: 186 but max is 0 [ 997.360160][ T10] usb 4-1: config 0 has no interface number 0 [ 997.367206][T15163] usb 2-1: USB disconnect, device number 24 [ 997.415008][ T10] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 997.473771][ T10] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 997.544868][ T10] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 997.598731][ T10] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 997.664696][ T5896] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 997.695953][ T10] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 997.734835][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 997.774797][ T10] usb 4-1: Product: syz [ 997.819338][ T10] usb 4-1: Manufacturer: syz [ 997.823947][ T10] usb 4-1: SerialNumber: syz [ 997.848689][ T5896] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 997.866594][ T10] usb 4-1: config 0 descriptor?? [ 997.875478][ T5896] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 997.901054][T20852] netlink: 'syz.1.4577': attribute type 30 has an invalid length. [ 997.984810][ T5896] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 998.018946][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 998.054413][ T5896] usb 1-1: Product: syz [ 998.105107][ T10] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 998.116003][ T5896] usb 1-1: Manufacturer: syz [ 998.124619][ T5896] usb 1-1: SerialNumber: syz [ 998.148903][ T5896] usb 1-1: config 0 descriptor?? [ 998.410597][T20846] vlan0: entered promiscuous mode [ 998.548794][ T5896] usb 1-1: USB disconnect, device number 16 [ 998.700096][T20857] netlink: 'syz.2.4579': attribute type 13 has an invalid length. [ 998.825457][T20857] netlink: 14585 bytes leftover after parsing attributes in process `syz.2.4579'. [ 999.444797][ T9] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 999.606596][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 999.642075][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 999.683557][ T9] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 999.725587][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.763321][ T9] usb 1-1: config 0 descriptor?? [ 1000.200255][ T9] elan 0003:04F3:0755.001F: unknown main item tag 0x0 [ 1000.227367][ T9] elan 0003:04F3:0755.001F: unknown main item tag 0x0 [ 1000.250422][ T9] elan 0003:04F3:0755.001F: unknown main item tag 0x0 [ 1000.272830][ T9] elan 0003:04F3:0755.001F: unknown main item tag 0x0 [ 1000.300455][ T9] elan 0003:04F3:0755.001F: unknown main item tag 0x0 [ 1000.321861][ T9] elan 0003:04F3:0755.001F: failed to start in urb: -90 [ 1000.354356][ T9] elan 0003:04F3:0755.001F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 1000.533707][ T29] usb 4-1: USB disconnect, device number 23 [ 1000.682370][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 1000.682387][ T30] audit: type=1326 audit(1773579327.267:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1000.779783][T20884] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4586'. [ 1000.837882][ T30] audit: type=1326 audit(1773579327.277:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1000.925703][T20886] netlink: 'syz.4.4587': attribute type 10 has an invalid length. [ 1000.953636][ T30] audit: type=1326 audit(1773579327.317:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1000.959345][T20886] dummy0: left allmulticast mode [ 1001.035047][T20890] netlink: 'syz.4.4587': attribute type 10 has an invalid length. [ 1001.043958][ T30] audit: type=1326 audit(1773579327.317:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.072930][T20886] dummy0: entered promiscuous mode [ 1001.124150][T20886] team0: Port device dummy0 added [ 1001.130331][ T30] audit: type=1326 audit(1773579327.317:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.178822][ T30] audit: type=1326 audit(1773579327.317:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.197153][T20890] dummy0: left promiscuous mode [ 1001.206509][ T30] audit: type=1326 audit(1773579327.317:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.231080][ T30] audit: type=1326 audit(1773579327.317:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.286673][T20890] team0: Port device dummy0 removed [ 1001.306338][ T30] audit: type=1326 audit(1773579327.317:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.364937][ T30] audit: type=1326 audit(1773579327.317:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20878 comm="syz.2.4585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1001.539389][T20903] netlink: 'syz.1.4591': attribute type 30 has an invalid length. [ 1001.926975][ T9] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 1002.192728][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1002.205223][ T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1002.275380][ T9] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 1002.284524][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1002.308756][ T9] usb 4-1: Product: syz [ 1002.327823][ T9] usb 4-1: Manufacturer: syz [ 1002.332436][ T9] usb 4-1: SerialNumber: syz [ 1002.339328][ T29] usb 1-1: USB disconnect, device number 17 [ 1002.354849][ T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1002.481173][ T9] usb 4-1: config 0 descriptor?? [ 1002.514642][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 1002.527982][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1002.577382][ T10] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1002.635818][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.700669][ T10] usb 3-1: config 0 descriptor?? [ 1002.901405][ T29] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 1002.994791][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 1003.011054][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1003.062306][ T10] usb 3-1: USB disconnect, device number 6 [ 1003.063170][ T29] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1003.085347][ T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1003.212727][ T29] usb 1-1: Product: syz [ 1003.297097][ T29] usb 1-1: Manufacturer: syz [ 1003.339621][ T29] usb 1-1: SerialNumber: syz [ 1003.465840][ T29] usb 1-1: config 0 descriptor?? [ 1003.479729][T20918] syzkaller1: entered promiscuous mode [ 1003.514431][T20918] syzkaller1: entered allmulticast mode [ 1003.816446][ T29] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1003.905453][ T29] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1003.977972][ T29] usb 1-1: USB disconnect, device number 18 [ 1004.530640][ T29] usb 4-1: USB disconnect, device number 24 [ 1004.934942][ T5819] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1005.074739][ T5819] usb 1-1: device descriptor read/64, error -71 [ 1005.114698][ T29] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1005.274755][ T29] usb 4-1: Using ep0 maxpacket: 16 [ 1005.283051][ T29] usb 4-1: config index 0 descriptor too short (expected 526, got 367) [ 1005.292271][ T29] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1005.309425][ T29] usb 4-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1005.319340][ T5819] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1005.331372][ T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1005.340238][ T29] usb 4-1: Product: syz [ 1005.344489][ T29] usb 4-1: Manufacturer: syz [ 1005.352453][ T29] usb 4-1: SerialNumber: syz [ 1005.371503][ T29] usb 4-1: config 0 descriptor?? [ 1005.566459][ T5819] usb 1-1: device descriptor read/64, error -71 [ 1005.585752][ T29] usb 4-1: USB disconnect, device number 25 [ 1005.687484][ T5819] usb usb1-port1: attempt power cycle [ 1005.902789][T20967] loop5: detected capacity change from 0 to 7 [ 1005.912342][T20967] buffer_io_error: 14 callbacks suppressed [ 1005.912383][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1005.929847][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1005.948556][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1005.959062][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1005.969665][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1005.989449][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1006.026412][ T5819] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1006.065185][ T5819] usb 1-1: device descriptor read/8, error -71 [ 1006.074405][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1006.112884][T20967] ldm_validate_partition_table(): Disk read failed. [ 1006.204375][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1006.242432][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1006.261925][T20967] Buffer I/O error on dev loop5, logical block 0, async page read [ 1006.282858][T20967] Dev loop5: unable to read RDB block 0 [ 1006.295698][T20967] loop5: unable to read partition table [ 1006.307292][ T5819] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1006.334937][T20967] loop5: partition table beyond EOD, truncated [ 1006.348239][ T5819] usb 1-1: device descriptor read/8, error -71 [ 1006.375810][T20967] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1006.477533][ T5819] usb usb1-port1: unable to enumerate USB device [ 1006.709239][T20978] fuse: Bad value for 'fd' [ 1006.872227][T20982] syzkaller1: entered promiscuous mode [ 1006.884827][T20982] syzkaller1: entered allmulticast mode [ 1007.550417][T20997] netlink: 'syz.0.4620': attribute type 30 has an invalid length. [ 1008.530499][T21007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4622'. [ 1008.592320][T21007] vlan0: entered promiscuous mode [ 1009.400448][T21027] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4628'. [ 1009.727943][T21029] syzkaller0: entered promiscuous mode [ 1009.741320][T21029] syzkaller0: entered allmulticast mode [ 1009.904788][T21031] hfs: unable to load iocharset "io#harset" [ 1010.031475][T21037] loop5: detected capacity change from 0 to 7 [ 1010.050571][T21037] ldm_validate_partition_table(): Disk read failed. [ 1010.059911][ T5819] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1010.085594][T21037] Dev loop5: unable to read RDB block 0 [ 1010.104342][T21037] loop5: unable to read partition table [ 1010.111994][T21037] loop5: partition table beyond EOD, truncated [ 1010.118445][T21037] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1010.385861][ T5819] usb 2-1: too many configurations: 244, using maximum allowed: 8 [ 1010.394798][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.405134][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.435522][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.509931][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.600691][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.661840][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.693800][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.706922][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.815143][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.825563][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.837053][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.867443][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.885840][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1010.954773][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1010.995933][ T5819] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1011.034708][ T5819] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1011.070582][ T5819] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1011.098732][ T5819] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2 [ 1011.123974][ T5819] usb 2-1: Product: syz [ 1011.136305][ T5819] usb 2-1: Manufacturer: ㈠꼺曱몜㣄ᣆ컢嘟⋯ꢒ婾泲⧴氒銇๪誵嶀⊫ꆡ⾋᷾慬è¾é¥ºç¼‹äº¨äŒ©ïš¯æ½¬ä ©îŠ²ë­¯ê¦ç«ºè“²î™Œí…¼ç£ã¾¬è™¯ç„­ï§æ¸»êª†ë«±á½™æŒ“ê¯Ãㄩç£ãž±ë˜˜âœŠé®ˆá–˜ë‹†ì¨ƒè¦ºë§Šà·’砫샛鬑ⴂ祒 [ 1011.189988][ T5819] usb 2-1: SerialNumber: syz [ 1011.293090][T21044] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4634'. [ 1012.461137][T21055] netlink: 'syz.4.4638': attribute type 13 has an invalid length. [ 1012.489311][ T5819] usb 2-1: 0:2 : does not exist [ 1012.804773][T21055] netlink: 14585 bytes leftover after parsing attributes in process `syz.4.4638'. [ 1013.184981][ T5819] usb 2-1: USB disconnect, device number 25 [ 1013.479621][T21068] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4641'. [ 1013.594775][ T5819] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1013.757674][ T5819] usb 2-1: Using ep0 maxpacket: 8 [ 1013.791761][ T5819] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1013.881276][ T5819] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1013.955124][ T5819] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1013.969391][T21080] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4645'. [ 1014.024077][ T5819] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1014.056994][T21080] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1014.064470][ T5819] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 1014.084235][T21080] macvtap1: entered allmulticast mode [ 1014.084356][ T5819] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.108643][T21080] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1014.129924][ T5819] usb 2-1: config 0 descriptor?? [ 1014.196301][T21083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4644'. [ 1014.487875][T21094] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4648'. [ 1014.641820][ T5819] hid (null): invalid report_size 26545 [ 1014.684817][ T5819] magicmouse 0003:05AC:0265.0020: unknown main item tag 0x6 [ 1014.700047][ T5819] magicmouse 0003:05AC:0265.0020: invalid report_size 26545 [ 1014.959620][ T5819] magicmouse 0003:05AC:0265.0020: item 0 2 1 7 parsing failed [ 1015.009317][ T5819] magicmouse 0003:05AC:0265.0020: magicmouse hid parse failed [ 1015.068746][ T5819] magicmouse 0003:05AC:0265.0020: probe with driver magicmouse failed with error -22 [ 1015.157593][ T5819] usb 2-1: USB disconnect, device number 26 [ 1015.465551][T21107] loop5: detected capacity change from 0 to 7 [ 1015.472184][T21107] buffer_io_error: 38 callbacks suppressed [ 1015.472198][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.486068][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.493996][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.501916][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.511535][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.580114][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.588118][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.596048][T21107] ldm_validate_partition_table(): Disk read failed. [ 1015.602767][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.610706][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.618740][T21107] Buffer I/O error on dev loop5, logical block 0, async page read [ 1015.627712][T21107] Dev loop5: unable to read RDB block 0 [ 1015.664841][T21107] loop5: unable to read partition table [ 1015.735208][T21107] loop5: partition table beyond EOD, truncated [ 1015.771168][T21107] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1016.565591][ T5959] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1016.915678][ T5959] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1016.936055][ T5959] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1016.964731][ T5959] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.119868][ T5959] usb 2-1: config 0 descriptor?? [ 1017.153013][ T5959] pwc: Askey VC010 type 2 USB webcam detected. [ 1017.557323][ T5959] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1017.564731][ T5959] pwc: recv_control_msg error -32 req 02 val 2700 [ 1017.571780][ T5959] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1017.579012][ T5959] pwc: recv_control_msg error -32 req 04 val 1000 [ 1017.624070][ T5959] pwc: recv_control_msg error -32 req 04 val 1300 [ 1017.653469][ T5959] pwc: recv_control_msg error -71 req 04 val 1400 [ 1017.692896][ T5959] pwc: recv_control_msg error -71 req 02 val 2000 [ 1017.737185][ T5959] pwc: recv_control_msg error -71 req 02 val 2100 [ 1017.823287][ T5959] pwc: recv_control_msg error -71 req 04 val 1500 [ 1017.992569][ T5959] pwc: recv_control_msg error -71 req 02 val 2500 [ 1018.065216][ T5959] pwc: recv_control_msg error -71 req 02 val 2400 [ 1018.098139][ T5959] pwc: recv_control_msg error -71 req 02 val 2600 [ 1018.126251][ T5959] pwc: recv_control_msg error -71 req 02 val 2900 [ 1018.133803][T21130] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4659'. [ 1018.180300][ T5959] pwc: recv_control_msg error -71 req 02 val 2800 [ 1018.197230][ T5959] pwc: recv_control_msg error -71 req 04 val 1100 [ 1018.209805][ T5959] pwc: recv_control_msg error -71 req 04 val 1200 [ 1018.240687][ T5959] pwc: Registered as video103. [ 1018.260756][ T5959] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input66 [ 1018.299172][ T5959] usb 2-1: USB disconnect, device number 27 [ 1018.456307][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 1018.456324][ T30] audit: type=1326 audit(1773579345.047:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.496587][T21137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4662'. [ 1018.542970][ T30] audit: type=1326 audit(1773579345.047:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.595758][T21137] macvtap2: entered allmulticast mode [ 1018.622996][ T30] audit: type=1326 audit(1773579345.107:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.724790][ T30] audit: type=1326 audit(1773579345.107:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.781761][ T30] audit: type=1326 audit(1773579345.107:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.834674][T15163] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1018.853661][ T30] audit: type=1326 audit(1773579345.117:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1018.912344][T21153] FAULT_INJECTION: forcing a failure. [ 1018.912344][T21153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1018.940082][T21153] CPU: 0 UID: 0 PID: 21153 Comm: syz.1.4668 Tainted: G L syzkaller #0 PREEMPT(full) [ 1018.940110][T21153] Tainted: [L]=SOFTLOCKUP [ 1018.940116][T21153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1018.940126][T21153] Call Trace: [ 1018.940133][T21153] [ 1018.940141][T21153] dump_stack_lvl+0xe8/0x150 [ 1018.940169][T21153] should_fail_ex+0x412/0x560 [ 1018.940197][T21153] _copy_from_user+0x2d/0xb0 [ 1018.940216][T21153] ___sys_sendmsg+0x1c6/0x360 [ 1018.940241][T21153] ? __pfx____sys_sendmsg+0x10/0x10 [ 1018.940263][T21153] ? __schedule+0x15f3/0x52d0 [ 1018.940302][T21153] ? __fget_files+0x2a/0x420 [ 1018.940325][T21153] ? __fget_files+0x3a0/0x420 [ 1018.940355][T21153] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1018.940376][T21153] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1018.940414][T21153] do_syscall_64+0x14d/0xf80 [ 1018.940433][T21153] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.940449][T21153] ? clear_bhb_loop+0x40/0x90 [ 1018.940469][T21153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.940485][T21153] RIP: 0033:0x7f4253d9c799 [ 1018.940502][T21153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1018.940516][T21153] RSP: 002b:00007f4254c7d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1018.940535][T21153] RAX: ffffffffffffffda RBX: 00007f4254016180 RCX: 00007f4253d9c799 [ 1018.940546][T21153] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000007 [ 1018.940556][T21153] RBP: 00007f4254c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 1018.940566][T21153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1018.940575][T21153] R13: 00007f4254016218 R14: 00007f4254016180 R15: 00007f425413fa48 [ 1018.940601][T21153] [ 1019.129054][ T30] audit: type=1326 audit(1773579345.117:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1019.223735][ T30] audit: type=1326 audit(1773579345.117:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1019.265177][T15163] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1019.274342][T15163] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.282392][T15163] usb 4-1: Product: syz [ 1019.286687][T15163] usb 4-1: Manufacturer: syz [ 1019.291267][T15163] usb 4-1: SerialNumber: syz [ 1019.345297][ T30] audit: type=1326 audit(1773579345.117:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1019.409745][ T30] audit: type=1326 audit(1773579345.117:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21138 comm="syz.2.4661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64f339c799 code=0x7ffc0000 [ 1020.007282][T15163] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 1020.022953][T15163] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1020.041852][T15163] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1020.081578][T15163] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 1020.141315][T15163] usb 4-1: USB disconnect, device number 26 [ 1020.519088][T21178] loop5: detected capacity change from 0 to 7 [ 1020.545924][T21178] Dev loop5: unable to read RDB block 7 [ 1020.551623][T21178] loop5: unable to read partition table [ 1020.557801][T21178] loop5: partition table beyond EOD, truncated [ 1020.563998][T21178] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1020.904781][ T5959] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1021.054665][ T5819] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1021.078177][ T5959] usb 2-1: config index 0 descriptor too short (expected 37156, got 36) [ 1021.086921][ T5959] usb 2-1: config 0 has an invalid descriptor of length 34, skipping remainder of the config [ 1021.110601][ T5959] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1021.130413][ T5959] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 1021.151604][ T5959] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1021.236399][ T5819] usb 4-1: Using ep0 maxpacket: 8 [ 1021.256510][ T5959] usb 2-1: config 0 descriptor?? [ 1021.262572][ T5819] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1021.271267][ T5819] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1021.285989][ T5819] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1021.297378][ T5819] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1021.307946][ T5819] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1021.322714][ T5819] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1021.332786][ T5819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1021.504530][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1021.547866][ T5819] usb 4-1: GET_CAPABILITIES returned 0 [ 1021.553407][ T5819] usbtmc 4-1:16.0: can't read capabilities [ 1021.559875][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1021.571665][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1021.589742][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1021.613452][ T5819] usb 2-1: USB disconnect, device number 28 [ 1021.752723][T21184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1021.767885][T21184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1021.779023][ T5948] usb 4-1: USB disconnect, device number 27 [ 1021.954660][ T5819] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1022.001427][T21192] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4681'. [ 1022.074881][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1022.124706][ T5819] usb 3-1: Using ep0 maxpacket: 32 [ 1022.148007][ T5819] usb 3-1: config 0 has an invalid interface number: 4 but max is 0 [ 1022.162778][ T5819] usb 3-1: config 0 has no interface number 0 [ 1022.180694][ T5819] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1022.207269][ T5819] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1022.219080][ T5819] usb 3-1: config 0 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1022.233148][ T5819] usb 3-1: New USB device found, idVendor=046d, idProduct=c537, bcdDevice= 0.00 [ 1022.243936][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1022.253937][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.272842][ T9] usb 2-1: config index 0 descriptor too short (expected 37156, got 36) [ 1022.273560][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.281301][ T9] usb 2-1: config 0 has an invalid descriptor of length 34, skipping remainder of the config [ 1022.281323][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1022.281357][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 1022.281378][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1022.283914][ T9] usb 2-1: config 0 descriptor?? [ 1022.299091][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.367645][ T5819] usb 3-1: config 0 descriptor?? [ 1022.377791][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.394319][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.402928][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.420443][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.460254][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.486032][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.501782][T21196] netlink: 'syz.0.4683': attribute type 1 has an invalid length. [ 1022.554830][ T5818] usb 2-1: USB disconnect, device number 29 [ 1022.826233][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1022.838461][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1022.995682][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1023.014775][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1023.032970][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1023.048767][T21208] hfs: unable to load iocharset "io#harset" [ 1023.055831][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1023.075413][ T5819] logitech-djreceiver 0003:046D:C537.0021: unknown main item tag 0x0 [ 1023.169580][ T5819] logitech-djreceiver 0003:046D:C537.0021: hidraw0: USB HID v10.00 Device [HID 046d:c537] on usb-dummy_hcd.2-1/input4 [ 1023.207490][ T5819] usb 3-1: USB disconnect, device number 7 [ 1023.376671][T21212] fido_id[21212]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1023.723015][T21218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4689'. [ 1024.224105][T21223] tipc: Enabled bearer , priority 10 [ 1024.390448][T21230] usb usb8: usbfs: process 21230 (syz.2.4691) did not claim interface 0 before use [ 1024.596206][T21222] tipc: Disabling bearer [ 1024.691104][T21235] syz.3.4695 (21235): attempted to duplicate a private mapping with mremap. This is not supported. [ 1025.136666][T21230] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 1025.224787][T21230] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 1025.233675][T21230] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 1025.273897][T21244] syzkaller1: entered promiscuous mode [ 1025.444897][T21244] syzkaller1: entered allmulticast mode [ 1025.799919][T21253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4701'. [ 1026.254702][ T5948] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1026.410849][ T5948] usb 2-1: Using ep0 maxpacket: 8 [ 1026.434742][T21266] hfs: unable to load iocharset "io#harset" [ 1026.455704][ T5948] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1026.471572][ T5948] usb 2-1: config 0 has no interfaces? [ 1026.480582][T21272] netlink: 27 bytes leftover after parsing attributes in process `syz.2.4707'. [ 1026.701455][ T5948] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1026.714507][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.914796][ T5948] usb 2-1: Product: syz [ 1026.929103][ T5948] usb 2-1: Manufacturer: syz [ 1026.961552][ T5948] usb 2-1: SerialNumber: syz [ 1026.997259][ T5948] usb 2-1: config 0 descriptor?? [ 1027.291995][T21281] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4708'. [ 1027.301528][T21260] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4702'. [ 1027.335205][ T5948] usb 2-1: USB disconnect, device number 30 [ 1027.835085][T21288] tipc: Enabled bearer , priority 10 [ 1028.049696][T21287] tipc: Disabling bearer [ 1028.405176][T21299] validate_nla: 23 callbacks suppressed [ 1028.405204][T21299] netlink: 'syz.1.4713': attribute type 1 has an invalid length. [ 1028.800782][T21302] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1028.948014][T21302] bond6: (slave vxcan3): Error -95 calling set_mac_address [ 1029.745839][T15163] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1029.845003][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1029.845020][ T30] audit: type=1326 audit(1773579356.427:3991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1029.918159][T15163] usb 3-1: Using ep0 maxpacket: 16 [ 1030.000452][T15163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 208, changing to 7 [ 1030.039008][T15163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18189, setting to 1024 [ 1030.092934][T15163] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1030.107973][T15163] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.138388][T15163] usb 3-1: Product: syz [ 1030.153488][T15163] usb 3-1: Manufacturer: syz [ 1030.170142][T15163] usb 3-1: SerialNumber: syz [ 1030.196448][ T30] audit: type=1326 audit(1773579356.437:3992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1030.232076][T15163] usb 3-1: config 0 descriptor?? [ 1030.289745][ T30] audit: type=1326 audit(1773579356.437:3993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1030.314276][ T30] audit: type=1326 audit(1773579356.717:3994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1030.343096][ T30] audit: type=1326 audit(1773579356.717:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1030.354758][T15163] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1030.464887][ T128] usb 3-1: Failed to submit usb control message: -71 [ 1030.482355][ T128] usb 3-1: unable to send the bmi data to the device: -71 [ 1030.498988][ T128] usb 3-1: unable to get target info from device [ 1030.507174][ T128] usb 3-1: could not get target info (-71) [ 1030.513256][ T128] usb 3-1: could not probe fw (-71) [ 1030.513344][T15163] usb 3-1: USB disconnect, device number 8 [ 1030.568677][ T30] audit: type=1326 audit(1773579356.717:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21314 comm="syz.0.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79d4d9c799 code=0x7ffc0000 [ 1030.886583][T21325] xt_hashlimit: size too large, truncated to 1048576 [ 1031.343929][T21328] netlink: 'syz.2.4719': attribute type 10 has an invalid length. [ 1031.422688][T21328] bond0: (slave wlan1): Opening slave failed [ 1031.495150][T21327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1031.634723][ T5948] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1031.795996][ T5948] usb 2-1: Using ep0 maxpacket: 8 [ 1031.803456][ T5948] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1031.870740][ T5948] usb 2-1: config 0 has no interfaces? [ 1031.882791][ T5948] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1031.893112][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.912566][ T5948] usb 2-1: Product: syz [ 1031.921956][T21340] hfs: unable to load iocharset "io#harset" [ 1031.989766][ T5948] usb 2-1: Manufacturer: syz [ 1032.009271][ T5948] usb 2-1: SerialNumber: syz [ 1032.062673][ T5948] usb 2-1: config 0 descriptor?? [ 1032.246734][T21352] netlink: 'syz.4.4727': attribute type 3 has an invalid length. [ 1032.256974][T21353] netlink: 'syz.2.4726': attribute type 13 has an invalid length. [ 1032.273079][T21353] netlink: 14585 bytes leftover after parsing attributes in process `syz.2.4726'. [ 1032.329496][T21335] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4721'. [ 1032.354960][ T5819] usb 2-1: USB disconnect, device number 31 [ 1032.414949][ T5948] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 1032.575021][ T5948] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1032.587615][ T5948] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1032.638273][ T5948] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1032.649049][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.671423][ T5948] usb 4-1: Product: syz [ 1032.695546][ T5948] usb 4-1: Manufacturer: syz [ 1032.710413][ T5948] usb 4-1: SerialNumber: syz [ 1032.738029][ T5948] usb 4-1: config 0 descriptor?? [ 1033.040509][T21349] vlan3: entered promiscuous mode [ 1033.040532][T21349] bridge0: entered promiscuous mode [ 1033.128248][ T5948] usb 4-1: USB disconnect, device number 28 [ 1033.520268][T21369] tipc: Enabled bearer , priority 10 [ 1033.557808][T21368] tipc: Disabling bearer [ 1033.738880][T21373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4734'. [ 1033.781687][T21373] macvtap2: entered allmulticast mode [ 1033.830297][ T30] audit: type=1326 audit(1773579360.417:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21370 comm="syz.1.4733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1033.986324][ T30] audit: type=1326 audit(1773579360.427:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21370 comm="syz.1.4733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1034.333358][ T30] audit: type=1326 audit(1773579360.427:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21370 comm="syz.1.4733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1034.429060][ T30] audit: type=1326 audit(1773579360.427:4000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21370 comm="syz.1.4733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1035.696580][T21401] netlink: 'syz.2.4741': attribute type 10 has an invalid length. [ 1035.726531][T21401] bond0: (slave wlan1): Opening slave failed [ 1035.750469][T21400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1036.219217][T21408] syzkaller1: entered promiscuous mode [ 1036.262681][T21408] syzkaller1: entered allmulticast mode [ 1037.127494][T21428] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4749'. [ 1037.913713][T21428] vlan2: entered promiscuous mode [ 1038.994352][T21454] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4753'. [ 1039.041246][T21458] usb usb8: usbfs: process 21458 (syz.4.4756) did not claim interface 0 before use [ 1039.208985][T21463] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1039.237945][T21463] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1039.256066][T21460] netlink: 'syz.1.4757': attribute type 10 has an invalid length. [ 1039.265448][T21463] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1039.267070][T21460] bond0: (slave wlan1): Opening slave failed [ 1039.353784][T21459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1040.994451][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 1040.994468][ T30] audit: type=1326 audit(1773579367.587:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.164622][ T30] audit: type=1326 audit(1773579367.587:4016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.259459][ T30] audit: type=1326 audit(1773579367.587:4017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.313703][T21510] netlink: 'syz.0.4769': attribute type 1 has an invalid length. [ 1041.324310][ T30] audit: type=1326 audit(1773579367.587:4018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.456168][ T30] audit: type=1326 audit(1773579367.587:4019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.528272][ T30] audit: type=1326 audit(1773579367.587:4020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.757799][T21516] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4773'. [ 1041.785884][ T30] audit: type=1326 audit(1773579367.587:4021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1041.990349][ T30] audit: type=1326 audit(1773579367.587:4022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1042.306276][ T30] audit: type=1326 audit(1773579367.587:4023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1042.388868][ T30] audit: type=1326 audit(1773579367.587:4024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21496 comm="syz.4.4768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedfe19c799 code=0x7ffc0000 [ 1042.534710][ T5948] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1042.715575][ T5948] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 1042.727533][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1042.773028][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1042.936547][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1042.951809][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1042.980761][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.041368][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.054675][T15163] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 1043.206566][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.216010][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.233470][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.243763][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.253747][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.265357][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.273386][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.283068][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.315668][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.326828][T15163] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1043.353286][T15163] usb 4-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 1043.358382][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.373179][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.444146][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.450994][T15163] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1043.496239][T15163] usb 4-1: config 0 descriptor?? [ 1043.538621][T15163] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1043.579617][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.619467][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.671411][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.819350][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1043.835871][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1043.890530][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1043.911047][ T5948] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1043.922984][ T5948] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1043.942645][ T5948] usb 2-1: Product: syz [ 1043.965517][ T5948] usb 2-1: Manufacturer: syz [ 1043.973778][ T5948] usb 2-1: SerialNumber: syz [ 1043.993317][ T5948] usb 2-1: config 0 descriptor?? [ 1044.022244][ T5948] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 1044.328519][T21531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1044.348610][T21531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1044.384432][T21531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1044.409202][T21531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1044.502454][ T5959] usb 2-1: USB disconnect, device number 32 [ 1044.511408][ T5959] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 1045.986965][T15163] usb 4-1: USB disconnect, device number 29 [ 1046.394862][T15163] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1046.569227][T15163] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFB, changing to 0x8B [ 1046.581002][T15163] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 7195, setting to 1024 [ 1046.593742][T15163] usb 4-1: config 17 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1046.632588][T15163] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1046.664785][T15163] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.727153][T21567] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1046.757005][T15163] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1046.986531][ T5948] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0 [ 1047.005072][ T5948] hid-generic 0000:0000:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1047.044288][T15163] usb 4-1: USB disconnect, device number 30 [ 1047.106757][T21583] loop5: detected capacity change from 0 to 7 [ 1047.465612][T21583] buffer_io_error: 14 callbacks suppressed [ 1047.465629][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.479908][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.622528][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.634846][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.655849][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.685213][T21579] fido_id[21579]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1047.725299][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1047.733155][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1048.015251][T21583] ldm_validate_partition_table(): Disk read failed. [ 1048.072189][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1048.080439][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1048.088392][T21583] Buffer I/O error on dev loop5, logical block 0, async page read [ 1048.097198][T21583] Dev loop5: unable to read RDB block 0 [ 1048.135793][T21589] wg1: entered promiscuous mode [ 1048.234187][T21583] loop5: unable to read partition table [ 1048.254766][T21591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4797'. [ 1048.324851][T21583] loop5: partition table beyond EOD, truncated [ 1048.358660][T21583] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1048.694626][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1048.864633][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 1048.872431][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1048.894793][ T10] usb 4-1: config 0 has no interfaces? [ 1048.921813][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1048.931255][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1048.954739][ T10] usb 4-1: Product: syz [ 1048.969385][ T10] usb 4-1: Manufacturer: syz [ 1048.983737][ T10] usb 4-1: SerialNumber: syz [ 1049.017094][ T10] usb 4-1: config 0 descriptor?? [ 1049.270350][T21595] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4798'. [ 1049.310940][ T5948] usb 4-1: USB disconnect, device number 31 [ 1049.449797][T21606] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1049.459827][T21606] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1049.468264][T21606] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1049.476336][T21606] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1049.484048][T21606] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1049.812321][T21615] syzkaller1: entered promiscuous mode [ 1049.821694][T21615] syzkaller1: entered allmulticast mode [ 1050.327933][T21607] chnl_net:caif_netlink_parms(): no params data found [ 1051.397773][T21607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.467268][T21607] bridge0: port 1(bridge_slave_0) entered disabled state [ 1051.496146][T21607] bridge_slave_0: entered allmulticast mode [ 1051.516544][T21607] bridge_slave_0: entered promiscuous mode [ 1051.544966][ T5829] Bluetooth: hci2: command tx timeout [ 1051.557627][T21607] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.589288][T21607] bridge0: port 2(bridge_slave_1) entered disabled state [ 1051.646942][T21607] bridge_slave_1: entered allmulticast mode [ 1051.688476][T21607] bridge_slave_1: entered promiscuous mode [ 1051.710337][T21639] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4809'. [ 1051.880086][T21607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1051.924106][T21607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1051.996379][T21607] team0: Port device team_slave_0 added [ 1052.041484][T21607] team0: Port device team_slave_1 added [ 1052.218843][T21607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1052.244425][T21607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1052.384667][T21607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1052.404950][T21607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1052.411915][T21607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1052.462884][T21607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1052.906610][T21607] hsr_slave_0: entered promiscuous mode [ 1052.913292][T21607] hsr_slave_1: entered promiscuous mode [ 1052.930195][T21607] debugfs: 'hsr0' already exists in 'hsr' [ 1052.957870][T21607] Cannot create hsr debugfs directory [ 1052.984801][T21663] netlink: 'syz.3.4816': attribute type 4 has an invalid length. [ 1052.992611][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1053.100525][T21664] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1053.214718][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 1053.222721][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1053.254840][ T9] usb 1-1: config 0 has no interfaces? [ 1053.266400][T21665] CIFS: iocharset name too long [ 1053.276819][ T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1053.290050][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1053.315414][ T9] usb 1-1: Product: syz [ 1053.327096][ T9] usb 1-1: Manufacturer: syz [ 1053.344744][ T9] usb 1-1: SerialNumber: syz [ 1053.514083][ T9] usb 1-1: config 0 descriptor?? [ 1053.554734][ T29] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1053.625003][ T5829] Bluetooth: hci2: command tx timeout [ 1053.755759][ T29] usb 4-1: Using ep0 maxpacket: 16 [ 1053.815596][T21656] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4815'. [ 1053.849378][T15163] usb 1-1: USB disconnect, device number 23 [ 1053.938109][ T29] usb 4-1: config 0 has no interfaces? [ 1054.015294][ T29] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1054.030869][T21671] syzkaller1: entered promiscuous mode [ 1054.036574][ T29] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1054.059711][T21671] syzkaller1: entered allmulticast mode [ 1054.079231][ T29] usb 4-1: Manufacturer: syz [ 1054.107611][ T29] usb 4-1: config 0 descriptor?? [ 1054.258326][T21673] tipc: Enabled bearer , priority 10 [ 1054.279204][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.285622][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.357424][T21667] tipc: Disabling bearer [ 1055.397986][T21684] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 1055.416371][T21607] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1055.446239][T21607] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1055.536220][T21607] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1055.650366][T21607] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1055.714778][ T5829] Bluetooth: hci2: command tx timeout [ 1056.007632][T21701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4827'. [ 1056.063787][T21607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1056.098786][T21607] 8021q: adding VLAN 0 to HW filter on device team0 [ 1056.118253][ T128] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.125475][ T128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1056.153949][ T128] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.161079][ T128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.214154][T21703] input: syz0 as /devices/virtual/input/input68 [ 1056.340336][T21607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1056.421976][T21607] veth0_vlan: entered promiscuous mode [ 1056.440505][T21607] veth1_vlan: entered promiscuous mode [ 1056.538440][T21709] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1056.546534][T21709] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1056.579664][T21607] veth0_macvtap: entered promiscuous mode [ 1056.592473][T21607] veth1_macvtap: entered promiscuous mode [ 1056.601550][T21709] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1056.689417][T21607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1056.706781][T21607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1056.795425][ T7844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.806711][ T7844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.816929][ T7844] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.827756][ T7844] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.263138][T14690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.275794][T14690] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.319817][ T128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.344827][T15163] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1057.403154][ T5948] usb 4-1: USB disconnect, device number 32 [ 1057.406354][ T128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.534601][T15163] usb 1-1: Using ep0 maxpacket: 16 [ 1057.576180][T15163] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1057.624587][T15163] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1057.664586][T15163] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1057.724827][T15163] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1057.784848][ T5829] Bluetooth: hci2: command tx timeout [ 1057.790302][T15163] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1057.839969][T15163] usb 1-1: config 0 descriptor?? [ 1058.069177][T21726] xfrm0: entered promiscuous mode [ 1058.074422][T21726] xfrm0: entered allmulticast mode [ 1058.208960][T21732] tipc: Enabled bearer , priority 10 [ 1058.430471][T21730] tipc: Disabling bearer [ 1058.449627][T21734] netlink: 108 bytes leftover after parsing attributes in process `syz.0.4830'. [ 1059.704488][T21761] binder: 21754:21761 ioctl ae01 3a returned -22 [ 1060.108779][T15163] usbhid 1-1:0.0: can't add hid device: -71 [ 1060.115083][T15163] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1060.196050][T15163] usb 1-1: USB disconnect, device number 24 [ 1060.313786][T21763] netlink: 'syz.5.4844': attribute type 1 has an invalid length. [ 1060.803157][T15163] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 1060.914643][T21763] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1060.991942][T15163] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1061.016120][T15163] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1061.064069][T15163] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1061.121689][T15163] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1061.174736][T15163] usb 1-1: Product: syz [ 1061.178927][T15163] usb 1-1: Manufacturer: syz [ 1061.183492][T15163] usb 1-1: SerialNumber: syz [ 1061.257482][T15163] usb 1-1: config 0 descriptor?? [ 1061.757064][T21765] vlan0: entered promiscuous mode [ 1061.967035][T15163] usb 1-1: USB disconnect, device number 25 [ 1061.993850][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 1061.993867][ T30] audit: type=1326 audit(1773579388.587:4082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1062.207606][ T30] audit: type=1326 audit(1773579388.587:4083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1062.251806][ T30] audit: type=1326 audit(1773579388.627:4084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1062.302951][ T30] audit: type=1326 audit(1773579388.627:4085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1062.358640][ T30] audit: type=1326 audit(1773579388.627:4086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1062.383036][ T30] audit: type=1326 audit(1773579388.637:4087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4253d5cfce code=0x7ffc0000 [ 1062.448003][ T5896] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 1062.502065][ T30] audit: type=1326 audit(1773579388.707:4088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4253d9c42b code=0x7ffc0000 [ 1062.566181][ T30] audit: type=1326 audit(1773579388.717:4089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4253d9c42b code=0x7ffc0000 [ 1062.640029][T21789] ALSA: mixer_oss: invalid OSS volume 'syz_t' [ 1062.646520][ T30] audit: type=1326 audit(1773579388.767:4090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4253d9c42b code=0x7ffc0000 [ 1062.782527][ T5896] usb 2-1: Using ep0 maxpacket: 16 [ 1062.808067][ T5896] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255 [ 1062.859584][ T5896] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 1062.874882][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1062.902799][ T5896] usb 2-1: Product: syz [ 1062.907478][ T30] audit: type=1326 audit(1773579388.767:4091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21780 comm="syz.1.4848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4253d9c42b code=0x7ffc0000 [ 1062.952932][ T5896] usb 2-1: Manufacturer: syz [ 1062.973243][ T5896] usb 2-1: SerialNumber: syz [ 1062.994868][ T5896] usb 2-1: config 0 descriptor?? [ 1063.002389][T21781] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1063.069324][ T5896] mcba_usb 2-1:0.0: Microchip CAN BUS Analyzer connected [ 1063.215673][T21806] loop5: detected capacity change from 0 to 7 [ 1063.231593][T21802] vlan0: entered promiscuous mode [ 1063.246346][ C0] mcba_usb 2-1:0.0 can0: Tx URB aborted (-71) [ 1063.252517][ C0] mcba_usb 2-1:0.0 can0: Tx URB aborted (-71) [ 1063.269148][T21806] Dev loop5: unable to read RDB block 7 [ 1063.395363][T21808] usb usb8: usbfs: process 21808 (syz.4.4853) did not claim interface 0 before use [ 1063.436077][T21802] hsr0: entered promiscuous mode [ 1063.462789][ T5896] usb 2-1: USB disconnect, device number 33 [ 1063.494870][T21806] loop5: unable to read partition table [ 1063.500958][T21806] loop5: partition table beyond EOD, truncated [ 1063.507807][T21806] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1063.554832][ T5896] mcba_usb 2-1:0.0 can0: device disconnected [ 1063.607913][T21813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4854'. [ 1063.853716][T21808] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1063.899421][T21808] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1064.097908][T21808] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1064.866541][T21828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4858'. [ 1064.959975][T21819] bond3 (unregistering): Released all slaves [ 1066.280116][T21852] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4866'. [ 1066.822624][T21861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1066.851852][T21861] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.035286][T21868] netlink: 'syz.4.4872': attribute type 30 has an invalid length. [ 1067.060432][ T29] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 1067.224697][ T29] usb 1-1: Using ep0 maxpacket: 16 [ 1067.232900][ T29] usb 1-1: config index 0 descriptor too short (expected 37359, got 202) [ 1067.242380][ T29] usb 1-1: config 33 has too many interfaces: 95, using maximum allowed: 32 [ 1067.270054][ T29] usb 1-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config [ 1067.301181][T21878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4877'. [ 1067.319131][ T29] usb 1-1: config 33 has 1 interface, different from the descriptor's value: 95 [ 1067.361405][ T29] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1067.375543][ T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1067.387161][ T29] usb 1-1: Product: syz [ 1067.400499][ T29] usb 1-1: Manufacturer: syz [ 1067.419094][ T29] usb 1-1: SerialNumber: syz [ 1067.659412][ T29] usb 1-1: 0:2 : does not exist [ 1067.727318][ T29] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1067.747085][T21886] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4881'. [ 1067.749469][T21885] netlink: 27 bytes leftover after parsing attributes in process `syz.1.4880'. [ 1067.774893][ T5948] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1068.071565][ T29] usb 1-1: USB disconnect, device number 26 [ 1068.105312][ T5948] usb 4-1: Using ep0 maxpacket: 16 [ 1068.131107][ T5948] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 1068.145914][ T5818] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1068.164032][ T5948] usb 4-1: config 0 has no interface number 0 [ 1068.173033][ T5948] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1068.185722][ T5948] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1068.216038][T12870] udevd[12870]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:33.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1068.316438][ T5818] usb 2-1: Using ep0 maxpacket: 8 [ 1068.328308][ T5948] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1068.337519][ T5818] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1068.350880][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1068.361855][ T5818] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1068.408068][ T5948] usb 4-1: Product: syz [ 1068.412274][ T5948] usb 4-1: SerialNumber: syz [ 1068.426255][ T5818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1068.448847][ T5818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1068.461567][ T5948] usb 4-1: config 0 descriptor?? [ 1068.469817][ T5818] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1068.519293][T21899] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4884'. [ 1068.535850][ T5948] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 1068.685826][T21882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.738135][T21882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1068.865993][ T5948] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input69 [ 1068.936100][ T5818] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1069.075231][ T5819] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 1069.120872][ T5818] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1069.180896][ T5818] usb 2-1: Product: syz [ 1069.213772][ T5818] usb 2-1: Manufacturer: syz [ 1069.252841][ T5818] usb 2-1: SerialNumber: syz [ 1069.260238][ T5819] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1069.272558][ T5819] usb 6-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 1069.315430][ T5818] usb 2-1: config 0 descriptor?? [ 1069.340667][ T5819] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.363444][ T5818] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input70 [ 1069.402830][ T5819] usb 6-1: config 0 descriptor?? [ 1069.481922][ T5819] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1069.542037][ T5948] usb 2-1: USB disconnect, device number 34 [ 1070.343879][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.353720][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.360897][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.368099][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.375304][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.382446][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.389623][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.396786][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.403881][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.412298][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1070.419867][ C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1070.429498][ T5948] usb 4-1: USB disconnect, device number 33 [ 1070.498799][ T5948] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1070.773110][T21920] syzkaller1: entered promiscuous mode [ 1070.787791][T21920] syzkaller1: entered allmulticast mode [ 1071.364699][ T5948] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 1071.536828][ T5948] usb 1-1: device descriptor read/64, error -71 [ 1071.844725][ T5948] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 1071.942747][ T5818] usb 6-1: USB disconnect, device number 2 [ 1072.023275][ T5948] usb 1-1: device descriptor read/64, error -71 [ 1072.324781][ T5948] usb usb1-port1: attempt power cycle [ 1072.735135][ T5948] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1072.765409][ T5948] usb 1-1: device descriptor read/8, error -71 [ 1073.044842][ T5948] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1073.066509][ T5948] usb 1-1: device descriptor read/8, error -71 [ 1073.203414][ T5948] usb usb1-port1: unable to enumerate USB device [ 1073.324509][T21957] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4902'. [ 1073.424384][T21957] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1073.485439][T21957] macvtap1: entered allmulticast mode [ 1073.527510][T21957] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 1073.895466][T21965] syzkaller1: entered promiscuous mode [ 1073.901140][T21965] syzkaller1: entered allmulticast mode [ 1075.096398][T21980] hfs: unable to load iocharset "io#harset" [ 1075.215830][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 1075.215846][ T30] audit: type=1326 audit(1773579401.817:4120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.302246][ T30] audit: type=1326 audit(1773579401.847:4121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.373139][T21992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4914'. [ 1075.377158][ T30] audit: type=1326 audit(1773579401.847:4122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.548372][ T30] audit: type=1326 audit(1773579401.847:4123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.659695][ T30] audit: type=1326 audit(1773579401.847:4124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.694693][T21999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4916'. [ 1075.708107][ T30] audit: type=1326 audit(1773579401.847:4125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.786627][ T30] audit: type=1326 audit(1773579401.847:4126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.876572][ T30] audit: type=1326 audit(1773579401.847:4127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1075.944004][ T30] audit: type=1326 audit(1773579401.847:4128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1076.017636][ T30] audit: type=1326 audit(1773579401.847:4129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21985 comm="syz.5.4913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721419c799 code=0x7ffc0000 [ 1077.478304][T22028] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4922'. [ 1079.025491][T22055] netlink: 'syz.1.4930': attribute type 30 has an invalid length. [ 1079.292599][T22050] hfs: unable to load iocharset "io#harset" [ 1079.865042][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1079.876350][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1080.279573][T22061] loop5: detected capacity change from 0 to 7 [ 1080.365023][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 1080.365040][ T30] audit: type=1326 audit(1773579406.957:4173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.453947][T22061] Dev loop5: unable to read RDB block 7 [ 1080.461768][ T30] audit: type=1326 audit(1773579406.957:4174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.501660][T22061] loop5: unable to read partition table [ 1080.524191][T22061] loop5: partition table beyond EOD, truncated [ 1080.542990][ T30] audit: type=1326 audit(1773579406.957:4175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.585152][T22061] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1080.629166][ T30] audit: type=1326 audit(1773579406.957:4176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.670672][ T30] audit: type=1326 audit(1773579406.957:4177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.734827][ T30] audit: type=1326 audit(1773579406.957:4178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.863764][ T30] audit: type=1326 audit(1773579406.957:4179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1080.953168][ T30] audit: type=1326 audit(1773579406.957:4180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1081.121566][ T30] audit: type=1326 audit(1773579406.957:4181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1081.240230][ T30] audit: type=1326 audit(1773579406.957:4182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22056 comm="syz.1.4931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1081.898397][T22078] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4936'. [ 1081.929262][T22078] vlan2: entered promiscuous mode [ 1082.288371][T22089] netlink: 'syz.0.4941': attribute type 30 has an invalid length. [ 1082.488283][T22098] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4944'. [ 1083.255238][T22104] hfs: unable to load iocharset "io#harset" [ 1083.620227][T22118] netlink: 'syz.1.4951': attribute type 13 has an invalid length. [ 1083.669251][T22118] netlink: 14585 bytes leftover after parsing attributes in process `syz.1.4951'. [ 1083.918278][T22119] process 'memfd:-BÕN4¦EyÛѧ±Sñ:)' started with executable stack [ 1084.116604][T22128] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4955'. [ 1084.155434][T22127] netlink: 468 bytes leftover after parsing attributes in process `syz.0.4953'. [ 1084.205562][ T5959] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1084.286493][T22128] vlan3: entered promiscuous mode [ 1084.348001][ T5959] usb 6-1: device descriptor read/64, error -71 [ 1084.584875][ T5959] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1084.724698][ T5959] usb 6-1: device descriptor read/64, error -71 [ 1084.845278][ T5959] usb usb6-port1: attempt power cycle [ 1085.204334][ T5959] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1085.245357][ T5959] usb 6-1: device descriptor read/8, error -71 [ 1085.412216][T22145] syzkaller1: entered promiscuous mode [ 1085.424710][T22145] syzkaller1: entered allmulticast mode [ 1085.504698][ T5959] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1085.519614][T22151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4966'. [ 1085.570642][ T5959] usb 6-1: device descriptor read/8, error -71 [ 1085.599000][T22153] netlink: 'syz.4.4964': attribute type 30 has an invalid length. [ 1085.700879][ T5959] usb usb6-port1: unable to enumerate USB device [ 1085.753538][T22151] macvtap2: entered allmulticast mode [ 1085.832514][T22155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4967'. [ 1085.901747][T22155] vlan1: entered promiscuous mode [ 1086.261023][ T30] kauditd_printk_skb: 89 callbacks suppressed [ 1086.261039][ T30] audit: type=1326 audit(1773579412.857:4272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22167 comm="syz.1.4973" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x0 [ 1086.632671][T22181] netlink: 'syz.1.4977': attribute type 13 has an invalid length. [ 1086.655756][T22179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4976'. [ 1086.714662][T22181] netlink: 14585 bytes leftover after parsing attributes in process `syz.1.4977'. [ 1086.924671][ T5948] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1087.076344][ T5948] usb 1-1: device descriptor read/64, error -71 [ 1087.201082][T22197] x_tables: duplicate underflow at hook 1 [ 1087.331583][ T5948] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1087.441366][T22202] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4984'. [ 1087.513686][T22204] loop5: detected capacity change from 0 to 7 [ 1087.520420][T22204] buffer_io_error: 14 callbacks suppressed [ 1087.520435][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.534385][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.542355][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.551237][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.559322][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.567415][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.575326][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.583163][T22204] ldm_validate_partition_table(): Disk read failed. [ 1087.589843][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.597749][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.605641][T22204] Buffer I/O error on dev loop5, logical block 0, async page read [ 1087.613694][T22204] Dev loop5: unable to read RDB block 0 [ 1087.619505][T22204] loop5: unable to read partition table [ 1087.625390][T22204] loop5: partition table beyond EOD, truncated [ 1087.631556][T22204] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1087.705671][T22202] vlan2: entered promiscuous mode [ 1087.717396][ T5948] usb 1-1: device descriptor read/64, error -71 [ 1087.736097][T22202] team0: entered promiscuous mode [ 1087.769257][T22202] team_slave_0: entered promiscuous mode [ 1087.855035][ T5948] usb usb1-port1: attempt power cycle [ 1087.932860][T22202] team_slave_1: entered promiscuous mode [ 1088.374726][ T5948] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1088.439574][ T5948] usb 1-1: device descriptor read/8, error -71 [ 1088.714759][ T5948] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1088.788987][ T5948] usb 1-1: device descriptor read/8, error -71 [ 1088.945015][ T5948] usb usb1-port1: unable to enumerate USB device [ 1089.036751][T22217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4988'. [ 1089.160787][T22220] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4988'. [ 1089.425471][T22225] netlink: 'syz.1.4990': attribute type 30 has an invalid length. [ 1089.604851][T22217] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1089.685683][T22228] FAULT_INJECTION: forcing a failure. [ 1089.685683][T22228] name failslab, interval 1, probability 0, space 0, times 0 [ 1089.698713][T22228] CPU: 0 UID: 0 PID: 22228 Comm: syz.3.4991 Tainted: G L syzkaller #0 PREEMPT(full) [ 1089.698730][T22228] Tainted: [L]=SOFTLOCKUP [ 1089.698734][T22228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1089.698740][T22228] Call Trace: [ 1089.698745][T22228] [ 1089.698751][T22228] dump_stack_lvl+0xe8/0x150 [ 1089.698776][T22228] should_fail_ex+0x412/0x560 [ 1089.698793][T22228] should_failslab+0xa8/0x100 [ 1089.698806][T22228] ? dst_alloc+0x105/0x170 [ 1089.698821][T22228] kmem_cache_alloc_noprof+0x87/0x650 [ 1089.698835][T22228] dst_alloc+0x105/0x170 [ 1089.698848][T22228] ip_route_input_rcu+0x23e5/0x3130 [ 1089.698952][T22228] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 1089.698967][T22228] ? ipt_do_table+0x2b2/0x1630 [ 1089.699014][T22228] ? lock_acquire+0xf0/0x2e0 [ 1089.699030][T22228] ? ip_route_input_noref+0xad/0x270 [ 1089.699041][T22228] ip_route_input_noref+0x17c/0x270 [ 1089.699052][T22228] ? __pfx_ip_route_input_noref+0x10/0x10 [ 1089.699064][T22228] ? ipt_do_table+0x2b2/0x1630 [ 1089.699076][T22228] ? __pfx_ipt_do_table+0x10/0x10 [ 1089.699090][T22228] ip_rcv_finish_core+0x5af/0x1c00 [ 1089.699109][T22228] ip_rcv_finish+0x14c/0x2a0 [ 1089.699128][T22228] NF_HOOK+0x336/0x3c0 [ 1089.699149][T22228] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1089.699168][T22228] ? NF_HOOK+0x9e/0x3c0 [ 1089.699185][T22228] ? __pfx_NF_HOOK+0x10/0x10 [ 1089.699206][T22228] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1089.699225][T22228] ? netif_receive_skb+0x102/0xc50 [ 1089.699239][T22228] ? __pfx_ip_rcv+0x10/0x10 [ 1089.699251][T22228] netif_receive_skb+0x45b/0xc50 [ 1089.699268][T22228] ? __pfx_netif_receive_skb+0x10/0x10 [ 1089.699280][T22228] ? __lock_acquire+0x6b5/0x2cf0 [ 1089.699294][T22228] ? tun_rx_batched+0x185/0x790 [ 1089.699332][T22228] tun_rx_batched+0x1de/0x790 [ 1089.699342][T22228] ? __build_skb+0x62/0x440 [ 1089.699354][T22228] ? __pfx_tun_rx_batched+0x10/0x10 [ 1089.699369][T22228] ? tun_get_user+0x2354/0x3dd0 [ 1089.699378][T22228] ? __local_bh_enable_ip+0xd0/0x130 [ 1089.699392][T22228] ? tun_get_user+0x2669/0x3dd0 [ 1089.699400][T22228] tun_get_user+0x2a78/0x3dd0 [ 1089.699418][T22228] ? aa_file_perm+0x50e/0x15e0 [ 1089.699433][T22228] ? __pfx_tun_get_user+0x10/0x10 [ 1089.699441][T22228] ? aa_file_perm+0x192/0x15e0 [ 1089.699463][T22228] ? ref_tracker_alloc+0x35c/0x4c0 [ 1089.699479][T22228] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1089.699496][T22228] ? tun_get+0x1c/0x2f0 [ 1089.699507][T22228] ? tun_get+0x1c/0x2f0 [ 1089.699515][T22228] ? tun_get+0x1c/0x2f0 [ 1089.699527][T22228] tun_chr_write_iter+0x113/0x200 [ 1089.699537][T22228] vfs_write+0x61d/0xb90 [ 1089.699552][T22228] ? __pfx_vfs_write+0x10/0x10 [ 1089.699566][T22228] ? __fget_files+0x2a/0x420 [ 1089.699584][T22228] ksys_write+0x150/0x270 [ 1089.699595][T22228] ? __pfx_ksys_write+0x10/0x10 [ 1089.699610][T22228] do_syscall_64+0x14d/0xf80 [ 1089.699623][T22228] ? trace_irq_disable+0x3b/0x150 [ 1089.699637][T22228] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.699646][T22228] ? clear_bhb_loop+0x40/0x90 [ 1089.699658][T22228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.699668][T22228] RIP: 0033:0x7f8181f5cfce [ 1089.699679][T22228] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1089.699688][T22228] RSP: 002b:00007f8182f02fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1089.699699][T22228] RAX: ffffffffffffffda RBX: 00007f8182f036c0 RCX: 00007f8181f5cfce [ 1089.699706][T22228] RDX: 000000000000007e RSI: 0000200000000080 RDI: 00000000000000c8 [ 1089.699713][T22228] RBP: 00007f8182f03090 R08: 0000000000000000 R09: 0000000000000000 [ 1089.699718][T22228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1089.699724][T22228] R13: 00007f8182216038 R14: 00007f8182215fa0 R15: 00007f818233fa48 [ 1089.699738][T22228] [ 1091.254482][T22232] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4992'. [ 1091.444827][ T5818] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1091.460670][T22240] loop5: detected capacity change from 0 to 7 [ 1091.534790][T22240] Dev loop5: unable to read RDB block 7 [ 1091.540817][T22240] loop5: unable to read partition table [ 1091.546811][T22240] loop5: partition table beyond EOD, truncated [ 1091.553052][T22240] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1091.674184][ T5818] usb 4-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 1091.683722][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.717631][ T5818] usb 4-1: Product: syz [ 1091.721946][ T5818] usb 4-1: Manufacturer: syz [ 1091.732021][ T5818] usb 4-1: SerialNumber: syz [ 1091.751201][ T5818] usb 4-1: config 0 descriptor?? [ 1091.759678][ T5818] hub 4-1:0.0: bad descriptor, ignoring hub [ 1091.766168][ T5818] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1091.806873][ T5818] f81232 4-1:0.0: f81534a converter detected [ 1091.864734][ T5948] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1091.967543][ T5818] usb 4-1: f81534a converter now attached to ttyUSB0 [ 1092.039445][ T5948] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1092.100497][ T5948] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1092.639064][ T5948] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1092.688878][ T5948] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1092.698344][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.712074][ T5948] usb 6-1: Product: syz [ 1092.716429][ T5948] usb 6-1: Manufacturer: syz [ 1092.721153][ T5948] usb 6-1: SerialNumber: syz [ 1092.731976][ T5948] hub 6-1:1.0: bad descriptor, ignoring hub [ 1092.738140][ T5948] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1092.795390][ T5819] usb 4-1: USB disconnect, device number 34 [ 1092.905317][ T30] audit: type=1326 audit(1773579419.457:4273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1092.932214][ T5819] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0 [ 1092.942102][ T5819] f81232 4-1:0.0: device disconnected [ 1092.952576][ T5948] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1092.972185][T22254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5001'. [ 1092.997288][ T30] audit: type=1326 audit(1773579419.457:4274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.057924][ T30] audit: type=1326 audit(1773579419.457:4275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.089212][T22254] macvtap3: entered allmulticast mode [ 1093.133882][ T30] audit: type=1326 audit(1773579419.457:4276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.224102][ T30] audit: type=1326 audit(1773579419.457:4277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.448586][ T30] audit: type=1326 audit(1773579419.457:4278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.489177][T22244] usb 6-1: reset high-speed USB device number 7 using dummy_hcd [ 1093.528681][ T30] audit: type=1326 audit(1773579419.457:4279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.607516][ T30] audit: type=1326 audit(1773579419.457:4280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.635094][ T30] audit: type=1326 audit(1773579419.457:4281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.661008][ T30] audit: type=1326 audit(1773579419.457:4282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22251 comm="syz.1.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4253d9c799 code=0x7ffc0000 [ 1093.722676][T22262] syzkaller0: entered promiscuous mode [ 1093.730762][T22262] syzkaller0: entered allmulticast mode [ 1093.917539][ T5948] usb 6-1: USB disconnect, device number 7 [ 1093.936715][ T5948] usblp0: removed [ 1094.569517][T22277] netlink: 'syz.0.5007': attribute type 30 has an invalid length. [ 1094.661725][T22287] loop5: detected capacity change from 0 to 7 [ 1094.668496][T22287] buffer_io_error: 14 callbacks suppressed [ 1094.668512][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698716][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698760][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698791][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698842][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698885][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698914][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698929][T22287] ldm_validate_partition_table(): Disk read failed. [ 1094.698956][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.698985][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.699014][T22287] Buffer I/O error on dev loop5, logical block 0, async page read [ 1094.699045][T22287] Dev loop5: unable to read RDB block 0 [ 1094.699110][T22287] loop5: unable to read partition table [ 1094.699291][T22287] loop5: partition table beyond EOD, truncated [ 1094.699325][T22287] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1096.572540][T22313] ip6gre2: entered promiscuous mode [ 1096.653219][T22315] loop5: detected capacity change from 0 to 7 [ 1096.695354][T22315] Dev loop5: unable to read RDB block 7 [ 1096.704420][T22315] loop5: unable to read partition table [ 1096.811373][T22315] loop5: partition table beyond EOD, truncated [ 1096.819747][T22315] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1097.235963][T22323] fuse: Unknown parameter '0x0000000000000007' [ 1098.047870][T22331] batadv_slave_1: entered promiscuous mode [ 1098.057871][T22331] batadv_slave_1: entered allmulticast mode [ 1098.449862][T22341] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5028'. [ 1098.478160][T22342] netlink: 'syz.1.5026': attribute type 30 has an invalid length. [ 1098.496232][T22341] vlan2: entered promiscuous mode [ 1098.655216][ T5896] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 1098.834622][ T5896] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1098.855844][ T5896] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1098.891831][T22347] FAULT_INJECTION: forcing a failure. [ 1098.891831][T22347] name failslab, interval 1, probability 0, space 0, times 0 [ 1098.904604][T22347] CPU: 1 UID: 0 PID: 22347 Comm: syz.5.5030 Tainted: G L syzkaller #0 PREEMPT(full) [ 1098.904629][T22347] Tainted: [L]=SOFTLOCKUP [ 1098.904635][T22347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1098.904645][T22347] Call Trace: [ 1098.904652][T22347] [ 1098.904659][T22347] dump_stack_lvl+0xe8/0x150 [ 1098.904686][T22347] should_fail_ex+0x412/0x560 [ 1098.904710][T22347] should_failslab+0xa8/0x100 [ 1098.904727][T22347] ? skb_clone+0x212/0x3a0 [ 1098.904745][T22347] kmem_cache_alloc_noprof+0x87/0x650 [ 1098.904765][T22347] skb_clone+0x212/0x3a0 [ 1098.904780][T22347] ? ip6_err_gen_icmpv6_unreach+0x177/0x960 [ 1098.904802][T22347] ip6_err_gen_icmpv6_unreach+0x18d/0x960 [ 1098.904825][T22347] ? net_generic+0x1e/0x240 [ 1098.904918][T22347] ? net_generic+0x1e/0x240 [ 1098.904934][T22347] ? __pfx_ip6_err_gen_icmpv6_unreach+0x10/0x10 [ 1098.904962][T22347] ipip6_err+0x60e/0xb90 [ 1098.905012][T22347] tunnelmpls4_err+0x93/0x1e0 [ 1098.905044][T22347] icmp_unreach+0x4da/0x880 [ 1098.905109][T22347] icmp_rcv+0xd14/0x1270 [ 1098.905135][T22347] ? __pfx_icmp_rcv+0x10/0x10 [ 1098.905154][T22347] ip_protocol_deliver_rcu+0x2e0/0x440 [ 1098.905175][T22347] ? ip_local_deliver_finish+0x2ae/0x6f0 [ 1098.905194][T22347] ip_local_deliver_finish+0x3bb/0x6f0 [ 1098.905220][T22347] NF_HOOK+0x336/0x3c0 [ 1098.905239][T22347] ? __pfx_ipt_do_table+0x10/0x10 [ 1098.905256][T22347] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1098.905275][T22347] ? NF_HOOK+0x9e/0x3c0 [ 1098.905293][T22347] ? __pfx_NF_HOOK+0x10/0x10 [ 1098.905310][T22347] ? ip_rcv_finish_core+0xda3/0x1c00 [ 1098.905332][T22347] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1098.905356][T22347] ? ip_local_deliver+0x12a/0x1b0 [ 1098.905379][T22347] NF_HOOK+0x336/0x3c0 [ 1098.905401][T22347] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1098.905419][T22347] ? NF_HOOK+0x9e/0x3c0 [ 1098.905438][T22347] ? __pfx_NF_HOOK+0x10/0x10 [ 1098.905460][T22347] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1098.905486][T22347] ? netif_receive_skb+0x102/0xc50 [ 1098.905506][T22347] ? __pfx_ip_rcv+0x10/0x10 [ 1098.905524][T22347] netif_receive_skb+0x45b/0xc50 [ 1098.905549][T22347] ? __pfx_netif_receive_skb+0x10/0x10 [ 1098.905569][T22347] ? __lock_acquire+0x6b5/0x2cf0 [ 1098.905592][T22347] ? tun_rx_batched+0x185/0x790 [ 1098.905611][T22347] tun_rx_batched+0x1de/0x790 [ 1098.905626][T22347] ? __build_skb+0x62/0x440 [ 1098.905647][T22347] ? __pfx_tun_rx_batched+0x10/0x10 [ 1098.905673][T22347] ? tun_get_user+0x2354/0x3dd0 [ 1098.905689][T22347] ? __local_bh_enable_ip+0xd0/0x130 [ 1098.905711][T22347] ? tun_get_user+0x2669/0x3dd0 [ 1098.905726][T22347] tun_get_user+0x2a78/0x3dd0 [ 1098.905760][T22347] ? aa_file_perm+0x50e/0x15e0 [ 1098.905782][T22347] ? __pfx_tun_get_user+0x10/0x10 [ 1098.905796][T22347] ? aa_file_perm+0x192/0x15e0 [ 1098.905836][T22347] ? ref_tracker_alloc+0x35c/0x4c0 [ 1098.905863][T22347] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1098.905889][T22347] ? tun_get+0x1c/0x2f0 [ 1098.905911][T22347] ? tun_get+0x1c/0x2f0 [ 1098.905926][T22347] ? tun_get+0x1c/0x2f0 [ 1098.905947][T22347] tun_chr_write_iter+0x113/0x200 [ 1098.905966][T22347] vfs_write+0x61d/0xb90 [ 1098.905992][T22347] ? __pfx_vfs_write+0x10/0x10 [ 1098.906019][T22347] ? __fget_files+0x2a/0x420 [ 1098.906048][T22347] ksys_write+0x150/0x270 [ 1098.906068][T22347] ? __pfx_ksys_write+0x10/0x10 [ 1098.906104][T22347] do_syscall_64+0x14d/0xf80 [ 1098.906121][T22347] ? trace_irq_disable+0x3b/0x150 [ 1098.906142][T22347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.906158][T22347] ? clear_bhb_loop+0x40/0x90 [ 1098.906176][T22347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.906191][T22347] RIP: 0033:0x7f721415cfce [ 1098.906207][T22347] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1098.906220][T22347] RSP: 002b:00007f7215135fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1098.906237][T22347] RAX: ffffffffffffffda RBX: 00007f72151366c0 RCX: 00007f721415cfce [ 1098.906248][T22347] RDX: 000000000000007e RSI: 0000200000000080 RDI: 00000000000000c8 [ 1098.906259][T22347] RBP: 00007f7215136090 R08: 0000000000000000 R09: 0000000000000000 [ 1098.906269][T22347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1098.906279][T22347] R13: 00007f7214416038 R14: 00007f7214415fa0 R15: 00007f721453fa48 [ 1098.906306][T22347] [ 1098.910024][ T5896] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1100.224918][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.232948][ T5896] usb 1-1: Product: syz [ 1100.386574][ T5896] usb 1-1: Manufacturer: syz [ 1100.463076][ T5896] usb 1-1: SerialNumber: syz [ 1100.496572][T22358] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5032'. [ 1100.506709][ T5896] usb 1-1: config 0 descriptor?? [ 1100.538082][T22350] loop5: detected capacity change from 0 to 7 [ 1100.545233][T22350] buffer_io_error: 14 callbacks suppressed [ 1100.545254][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.559087][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.567327][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.575726][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.585960][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.594339][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.602627][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.610894][T22350] ldm_validate_partition_table(): Disk read failed. [ 1100.617910][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.628368][T22358] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5032'. [ 1100.641977][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.650113][T22350] Buffer I/O error on dev loop5, logical block 0, async page read [ 1100.660311][T22350] Dev loop5: unable to read RDB block 0 [ 1100.666312][T22350] loop5: unable to read partition table [ 1100.672393][T22350] loop5: partition table beyond EOD, truncated [ 1100.678762][T22350] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1100.882741][T22357] netlink: 'syz.5.5033': attribute type 10 has an invalid length. [ 1101.200092][T22357] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1101.430297][T22338] vlan1: entered promiscuous mode [ 1101.478947][T22356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1101.507551][ T5896] usb 1-1: USB disconnect, device number 35 [ 1101.865065][ T10] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1102.034738][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 1102.041824][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 1102.043285][T22369] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1102.055628][ T10] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 1102.081186][T22373] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5035'. [ 1102.136901][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.174608][ T10] usb 2-1: Product: syz [ 1102.178809][ T10] usb 2-1: Manufacturer: syz [ 1102.183404][ T10] usb 2-1: SerialNumber: syz [ 1102.240664][ T10] usb 2-1: config 0 descriptor?? [ 1102.262967][ T10] hub 2-1:0.0: bad descriptor, ignoring hub [ 1102.296226][ T10] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1102.339865][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1102.460950][T22378] vlan1: entered promiscuous mode [ 1103.015447][T22385] usb usb8: usbfs: process 22385 (syz.5.5039) did not claim interface 0 before use [ 1103.164749][ T5818] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1103.444861][ T5818] usb 1-1: Using ep0 maxpacket: 8 [ 1103.455072][ T5818] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1103.754744][ T5818] usb 1-1: config 0 has no interfaces? [ 1103.796597][ T5818] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1103.814856][ T5818] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1103.829502][ T9] usb 2-1: USB disconnect, device number 35 [ 1103.888227][ T5818] usb 1-1: Product: syz [ 1103.892569][ T5818] usb 1-1: Manufacturer: syz [ 1103.916765][ T5818] usb 1-1: SerialNumber: syz [ 1103.948101][ T5818] usb 1-1: config 0 descriptor?? [ 1104.181573][ T9] usb 1-1: USB disconnect, device number 36 [ 1104.359344][T22405] netlink: 'syz.5.5044': attribute type 30 has an invalid length. [ 1105.320469][T22424] fuse: Unknown parameter '0x0000000000000007' [ 1105.534481][T22418] hfs: unable to load iocharset "io#harset" [ 1106.684743][T22426] nvme_fabrics: missing parameter 'transport=%s' [ 1106.691588][T22426] nvme_fabrics: missing parameter 'nqn=%s' [ 1106.979576][T22439] netlink: 'syz.0.5053': attribute type 1 has an invalid length. [ 1107.461250][T22441] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1107.560661][T22441] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 1107.872042][ T5959] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1107.918480][T22453] netlink: 'syz.1.5058': attribute type 10 has an invalid length. [ 1108.051733][ T5959] usb 4-1: Using ep0 maxpacket: 8 [ 1108.080007][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1108.097058][ T5959] usb 4-1: config 0 has no interfaces? [ 1108.133647][ T5959] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1108.144734][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1108.196627][T22453] mac80211_hwsim hwsim38 wlan1: entered promiscuous mode [ 1108.203766][ T5959] usb 4-1: Product: syz [ 1108.214644][ T5959] usb 4-1: Manufacturer: syz [ 1108.224903][ T5959] usb 4-1: SerialNumber: syz [ 1108.234894][T22453] mac80211_hwsim hwsim38 wlan1: entered allmulticast mode [ 1108.248026][ T5959] usb 4-1: config 0 descriptor?? [ 1108.270281][T22453] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1108.320410][T22452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1108.486609][ T5959] usb 4-1: USB disconnect, device number 35 [ 1110.142659][T22491] fuse: Unknown parameter '0x0000000000000007' [ 1110.891506][T22501] netlink: 388 bytes leftover after parsing attributes in process `syz.0.5068'. [ 1110.974727][ T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1111.135853][T22500] bond4: option ad_user_port_key: invalid value (32324) [ 1111.142886][T22500] bond4: option ad_user_port_key: allowed values 0 - 1023 [ 1111.153667][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1111.216361][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1111.255473][ T9] usb 2-1: config 0 has no interfaces? [ 1111.305997][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1111.334798][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1111.367772][T22500] bond4 (unregistering): Released all slaves [ 1111.387202][ T9] usb 2-1: Product: syz [ 1111.391367][ T9] usb 2-1: Manufacturer: syz [ 1111.417669][ T9] usb 2-1: SerialNumber: syz [ 1111.455452][ T9] usb 2-1: config 0 descriptor?? [ 1111.664960][T22504] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.5072'. [ 1111.700065][ T9] usb 2-1: USB disconnect, device number 36 [ 1112.193926][T22529] syzkaller1: entered promiscuous mode [ 1112.248414][T22529] syzkaller1: entered allmulticast mode [ 1112.772624][T22543] loop5: detected capacity change from 0 to 7 [ 1112.782565][T22543] Dev loop5: unable to read RDB block 7 [ 1112.788424][T22543] loop5: unable to read partition table [ 1112.807142][T22543] loop5: partition table beyond EOD, truncated [ 1112.918296][T22543] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1112.972565][ T5193] Dev loop5: unable to read RDB block 7 [ 1112.987937][ T5193] loop5: unable to read partition table [ 1113.014404][ T5193] loop5: partition table beyond EOD, truncated [ 1113.816389][T22557] fuse: Unknown parameter '0x0000000000000007' [ 1114.594367][T22566] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5090'. [ 1114.847110][T22572] netlink: 84 bytes leftover after parsing attributes in process `syz.5.5090'. [ 1115.206419][ T5959] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1115.376496][ T5959] usb 4-1: Using ep0 maxpacket: 8 [ 1115.383420][ T5959] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1115.395445][ T5959] usb 4-1: config 0 has no interfaces? [ 1115.415848][ T5959] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1115.425959][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1115.433957][ T5959] usb 4-1: Product: syz [ 1115.446377][ T5959] usb 4-1: Manufacturer: syz [ 1115.461235][ T5959] usb 4-1: SerialNumber: syz [ 1115.480656][ T5959] usb 4-1: config 0 descriptor?? [ 1115.713452][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.720004][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.720097][T22575] netlink: 1004 bytes leftover after parsing attributes in process `syz.3.5092'. [ 1119.655495][T22582] tipc: Enabling of bearer rejected, failed to enable media [ 1119.694110][ T5819] usb 4-1: USB disconnect, device number 36 [ 1119.862620][T22600] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5097'. [ 1119.871954][T22600] openvswitch: netlink: Flow key attr not present in new flow. [ 1120.014313][T22602] syzkaller0: entered promiscuous mode [ 1120.019928][T22602] syzkaller0: entered allmulticast mode [ 1120.201855][T22596] netlink: 'syz.3.5099': attribute type 10 has an invalid length. [ 1120.468175][T22596] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1120.671348][T22594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1120.720699][T22608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5102'. [ 1120.852452][T22608] macvtap3: entered allmulticast mode [ 1121.010981][T22614] syzkaller0: entered promiscuous mode [ 1121.040975][T22616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5106'. [ 1121.053994][T22614] syzkaller0: entered allmulticast mode [ 1121.245875][T22620] fuse: Unknown parameter '0x0000000000000007' [ 1121.715810][ T5959] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1121.894677][ T5959] usb 2-1: Using ep0 maxpacket: 8 [ 1121.960052][ T5959] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1121.997788][ T5959] usb 2-1: config 0 has no interfaces? [ 1122.012963][ T5959] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1122.045888][ T5959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1122.053909][ T5959] usb 2-1: Product: syz [ 1122.154249][ T5959] usb 2-1: Manufacturer: syz [ 1122.247079][ T5959] usb 2-1: SerialNumber: syz [ 1122.304271][ T5959] usb 2-1: config 0 descriptor?? [ 1122.534704][ T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1122.600971][T22625] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.5110'. [ 1122.704415][ T5819] usb 2-1: USB disconnect, device number 37 [ 1122.765149][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 1122.779456][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1122.815092][ T10] usb 6-1: config 13 has an invalid interface number: 50 but max is 0 [ 1122.833991][ T10] usb 6-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 1122.874666][ T10] usb 6-1: config 13 has no interface number 0 [ 1122.905918][ T10] usb 6-1: config 13 interface 50 altsetting 167 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 1122.958901][ T10] usb 6-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1123.024690][ T10] usb 6-1: config 13 interface 50 has no altsetting 0 [ 1123.055927][ T10] usb 6-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 1123.073429][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1123.101962][ T10] usb 6-1: Product: syz [ 1123.132402][ T10] usb 6-1: Manufacturer: syz [ 1123.142612][ T10] usb 6-1: SerialNumber: syz [ 1123.431463][ T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1123.463580][ T10] usb 6-1: MIDIStreaming interface descriptor not found [ 1123.735116][ T10] usb 6-1: USB disconnect, device number 8 [ 1123.782907][T22657] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5116'. [ 1123.896444][T22660] 8021q: VLANs not supported on vcan0 [ 1124.444709][ T29] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1124.604674][ T29] usb 1-1: Using ep0 maxpacket: 16 [ 1124.622612][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1124.658900][ T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1124.674668][ T29] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1124.691088][ T29] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1124.700362][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1124.711309][ T29] usb 1-1: config 0 descriptor?? [ 1124.773363][T22675] syzkaller0: entered promiscuous mode [ 1124.784118][T22675] syzkaller0: entered allmulticast mode [ 1125.155701][ T29] microsoft 0003:045E:07DA.0023: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 1125.337550][ T29] microsoft 0003:045E:07DA.0023: no inputs found [ 1125.364630][ T29] microsoft 0003:045E:07DA.0023: could not initialize ff, continuing anyway [ 1125.394660][ T5948] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1125.604611][ T5948] usb 4-1: Using ep0 maxpacket: 8 [ 1125.630005][ T5948] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1125.923409][ T5948] usb 4-1: config 0 has no interfaces? [ 1126.232560][ T5948] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1126.288684][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1126.328414][ T5948] usb 4-1: Product: syz [ 1126.346061][ T5948] usb 4-1: Manufacturer: syz [ 1126.373055][ T5948] usb 4-1: SerialNumber: syz [ 1126.402870][ T5948] usb 4-1: config 0 descriptor?? [ 1126.622178][T22683] netlink: 1004 bytes leftover after parsing attributes in process `syz.3.5126'. [ 1126.668104][ T10] usb 4-1: USB disconnect, device number 37 [ 1126.710959][T22696] fuse: Unknown parameter '0x0000000000000007' [ 1126.983828][T22701] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1127.082679][ T10] usb 1-1: USB disconnect, device number 37 [ 1128.535322][T22718] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 1129.244647][ T5948] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1129.414766][ T5948] usb 1-1: Using ep0 maxpacket: 8 [ 1129.415581][T22741] fuse: Bad value for 'group_id' [ 1129.442770][ T5948] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1129.472539][ T5948] usb 1-1: config 0 has no interfaces? [ 1129.492835][T22741] fuse: Bad value for 'group_id' [ 1129.495514][ T5948] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1129.534690][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.584335][ T5948] usb 1-1: Product: syz [ 1129.594814][ T5948] usb 1-1: Manufacturer: syz [ 1129.599429][ T5948] usb 1-1: SerialNumber: syz [ 1129.656879][ T5948] usb 1-1: config 0 descriptor?? [ 1129.723234][T22750] 8021q: VLANs not supported on lo [ 1130.037736][T22758] fuse: Unknown parameter '0x0000000000000007' [ 1130.116210][T22733] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.5141'. [ 1130.153127][ T5959] usb 1-1: USB disconnect, device number 38 [ 1131.785308][ T5948] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1131.850765][T22787] fuse: Bad value for 'group_id' [ 1131.858286][T22787] fuse: Bad value for 'group_id' [ 1131.908100][T22788] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5157'. [ 1131.945022][ T5948] usb 4-1: Using ep0 maxpacket: 32 [ 1131.974901][ T5948] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1131.983191][ T5948] usb 4-1: config 0 has no interface number 0 [ 1131.997448][ T5948] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1132.083722][ T5948] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1132.112832][ T5948] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1132.141588][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1132.226198][ T5948] usb 4-1: Product: syz [ 1132.232949][ T5948] usb 4-1: Manufacturer: syz [ 1132.285531][ T5948] usb 4-1: SerialNumber: syz [ 1132.305688][ T5948] usb 4-1: config 0 descriptor?? [ 1132.320469][ T5948] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1132.377062][ T5948] em28xx 4-1:0.89: Video interface 89 found: [ 1132.651570][T22795] loop5: detected capacity change from 0 to 7 [ 1132.762358][T22795] Dev loop5: unable to read RDB block 7 [ 1132.814319][T22795] loop5: AHDI p1 p2 p3 [ 1132.818772][T22795] loop5: partition table partially beyond EOD, truncated [ 1132.846437][T22795] loop5: p1 start 1601398130 is beyond EOD, truncated [ 1132.884801][T22795] loop5: p2 start 1702059890 is beyond EOD, truncated [ 1132.931947][ T5948] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 1133.464826][ T29] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1133.574797][ T5948] em28xx 4-1:0.89: failed to get i2c transfer status from bridge register (error=-5) [ 1133.584302][ T5948] em28xx 4-1:0.89: board has no eeprom [ 1133.625081][ T29] usb 1-1: Using ep0 maxpacket: 8 [ 1133.637898][ T29] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1133.684714][ T29] usb 1-1: config 0 has no interfaces? [ 1133.703732][ T29] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1133.744280][ T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1133.770765][ T29] usb 1-1: Product: syz [ 1133.865313][ T5948] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 1133.875495][ T5948] em28xx 4-1:0.89: analog set to bulk mode. [ 1133.881457][ T5818] em28xx 4-1:0.89: Registering V4L2 extension [ 1133.900259][ T29] usb 1-1: Manufacturer: syz [ 1133.936778][ T29] usb 1-1: SerialNumber: syz [ 1133.943821][T22799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1133.965487][ T29] usb 1-1: config 0 descriptor?? [ 1134.000185][ T5948] usb 4-1: USB disconnect, device number 38 [ 1134.050044][ T5948] em28xx 4-1:0.89: Disconnecting em28xx [ 1134.072263][ T5818] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 1134.079694][ T5818] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 1134.088394][ T5818] em28xx 4-1:0.89: No AC97 audio processor [ 1134.128190][ T5818] usb 4-1: Decoder not found [ 1134.132796][ T5818] em28xx 4-1:0.89: failed to create media graph [ 1134.155465][ T5818] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 1134.181616][T22797] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.5163'. [ 1134.195538][T22812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5167'. [ 1134.226907][ T5818] em28xx 4-1:0.89: Registering snapshot button... [ 1134.237464][T15662] usb 1-1: USB disconnect, device number 39 [ 1134.256510][T22810] ================================================================== [ 1134.264599][T22810] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420 [ 1134.272077][T22810] Read of size 8 at addr ffff88805ad08748 by task v4l_id/22810 [ 1134.279620][T22810] [ 1134.281951][T22810] CPU: 1 UID: 0 PID: 22810 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1134.281980][T22810] Tainted: [L]=SOFTLOCKUP [ 1134.281987][T22810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1134.281997][T22810] Call Trace: [ 1134.282005][T22810] [ 1134.282012][T22810] dump_stack_lvl+0xe8/0x150 [ 1134.282036][T22810] print_report+0xba/0x230 [ 1134.282054][T22810] ? v4l2_fh_open+0xac/0x420 [ 1134.282073][T22810] kasan_report+0x117/0x150 [ 1134.282093][T22810] ? v4l2_fh_open+0xac/0x420 [ 1134.282114][T22810] v4l2_fh_open+0xac/0x420 [ 1134.282132][T22810] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1134.282152][T22810] em28xx_v4l2_open+0x157/0x9a0 [ 1134.282239][T22810] ? do_raw_spin_lock+0x12b/0x2f0 [ 1134.282259][T22810] v4l2_open+0x1bf/0x3a0 [ 1134.282306][T22810] chrdev_open+0x4cd/0x5e0 [ 1134.282326][T22810] ? __pfx_chrdev_open+0x10/0x10 [ 1134.282343][T22810] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1134.282362][T22810] ? __pfx_chrdev_open+0x10/0x10 [ 1134.282379][T22810] do_dentry_open+0x785/0x14e0 [ 1134.282405][T22810] vfs_open+0x3b/0x340 [ 1134.282423][T22810] ? path_openat+0x2df0/0x3860 [ 1134.282441][T22810] path_openat+0x2e08/0x3860 [ 1134.282462][T22810] ? __pfx_stack_trace_save+0x10/0x10 [ 1134.282479][T22810] ? stack_depot_save_flags+0x33/0x810 [ 1134.282504][T22810] ? __pfx_path_openat+0x10/0x10 [ 1134.282517][T22810] ? __x64_sys_openat+0x138/0x170 [ 1134.282536][T22810] ? do_syscall_64+0x14d/0xf80 [ 1134.282552][T22810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.282571][T22810] ? __lock_acquire+0x6b5/0x2cf0 [ 1134.282592][T22810] do_file_open+0x23e/0x4a0 [ 1134.282611][T22810] ? __pfx_do_file_open+0x10/0x10 [ 1134.282632][T22810] ? _raw_spin_unlock+0x28/0x50 [ 1134.282687][T22810] ? alloc_fd+0x64b/0x6c0 [ 1134.282711][T22810] do_sys_openat2+0x113/0x200 [ 1134.282732][T22810] ? __pfx_do_sys_openat2+0x10/0x10 [ 1134.282752][T22810] ? exc_page_fault+0x6a/0xc0 [ 1134.282770][T22810] ? do_user_addr_fault+0xc6f/0x1340 [ 1134.282790][T22810] __x64_sys_openat+0x138/0x170 [ 1134.282812][T22810] do_syscall_64+0x14d/0xf80 [ 1134.282828][T22810] ? trace_irq_disable+0x3b/0x150 [ 1134.282849][T22810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.282864][T22810] ? clear_bhb_loop+0x40/0x90 [ 1134.282881][T22810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1134.282896][T22810] RIP: 0033:0x7f30dc4a7407 [ 1134.282912][T22810] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1134.282925][T22810] RSP: 002b:00007ffe1a1b9920 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1134.282943][T22810] RAX: ffffffffffffffda RBX: 00007f30dcb5c880 RCX: 00007f30dc4a7407 [ 1134.282955][T22810] RDX: 0000000000000000 RSI: 00007ffe1a1b9f1b RDI: ffffffffffffff9c [ 1134.282966][T22810] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1134.282982][T22810] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1134.282992][T22810] R13: 00007ffe1a1b9b70 R14: 00007f30dcc61000 R15: 00005571b081e4d8 [ 1134.283010][T22810] [ 1134.283017][T22810] [ 1134.582635][T22810] Allocated by task 5818: [ 1134.586945][T22810] kasan_save_track+0x3e/0x80 [ 1134.591607][T22810] __kasan_kmalloc+0x93/0xb0 [ 1134.596190][T22810] __kmalloc_cache_noprof+0x31c/0x660 [ 1134.601547][T22810] em28xx_v4l2_init+0x10b/0x2e70 [ 1134.604945][T22812] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1134.606589][T22810] em28xx_init_extension+0x120/0x1c0 [ 1134.618421][T22810] process_scheduled_works+0xb6e/0x18c0 [ 1134.623951][T22810] worker_thread+0xa53/0xfc0 [ 1134.628521][T22810] kthread+0x388/0x470 [ 1134.632568][T22810] ret_from_fork+0x51e/0xb90 [ 1134.637137][T22810] ret_from_fork_asm+0x1a/0x30 [ 1134.641883][T22810] [ 1134.644185][T22810] Freed by task 5818: [ 1134.648141][T22810] kasan_save_track+0x3e/0x80 [ 1134.652794][T22810] kasan_save_free_info+0x46/0x50 [ 1134.657799][T22810] __kasan_slab_free+0x5c/0x80 [ 1134.662541][T22810] kfree+0x1c1/0x630 [ 1134.666410][T22810] em28xx_v4l2_init+0x1683/0x2e70 [ 1134.671420][T22810] em28xx_init_extension+0x120/0x1c0 [ 1134.676682][T22810] process_scheduled_works+0xb6e/0x18c0 [ 1134.682202][T22810] worker_thread+0xa53/0xfc0 [ 1134.686766][T22810] kthread+0x388/0x470 [ 1134.690808][T22810] ret_from_fork+0x51e/0xb90 [ 1134.695373][T22810] ret_from_fork_asm+0x1a/0x30 [ 1134.700118][T22810] [ 1134.702419][T22810] The buggy address belongs to the object at ffff88805ad08000 [ 1134.702419][T22810] which belongs to the cache kmalloc-8k of size 8192 [ 1134.716449][T22810] The buggy address is located 1864 bytes inside of [ 1134.716449][T22810] freed 8192-byte region [ffff88805ad08000, ffff88805ad0a000) [ 1134.730406][T22810] [ 1134.732717][T22810] The buggy address belongs to the physical page: [ 1134.739174][T22810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ad08 [ 1134.747918][T22810] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1134.756399][T22810] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1134.763928][T22810] page_type: f5(slab) [ 1134.767889][T22810] raw: 00fff00000000040 ffff88813fea6280 dead000000000100 dead000000000122 [ 1134.776454][T22810] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 1134.785028][T22810] head: 00fff00000000040 ffff88813fea6280 dead000000000100 dead000000000122 [ 1134.793678][T22810] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 1134.802325][T22810] head: 00fff00000000003 ffffea00016b4201 00000000ffffffff 00000000ffffffff [ 1134.810975][T22810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1134.819621][T22810] page dumped because: kasan: bad access detected [ 1134.826018][T22810] page_owner tracks the page as allocated [ 1134.831711][T22810] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xf2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_MEMALLOC|__GFP_COMP|__GFP_NOMEMALLOC), pid 1541, tgid 1541 (kworker/0:2), ts 1119302493289, free_ts 1118340038328 [ 1134.853996][T22810] post_alloc_hook+0x231/0x280 [ 1134.858741][T22810] get_page_from_freelist+0x24dc/0x2580 [ 1134.864265][T22810] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1134.870048][T22810] allocate_slab+0x77/0x660 [ 1134.874536][T22810] refill_objects+0x331/0x3c0 [ 1134.879207][T22810] __pcs_replace_empty_main+0x2e6/0x730 [ 1134.884735][T22810] __kmalloc_node_track_caller_noprof+0x572/0x7b0 [ 1134.891128][T22810] __alloc_skb+0x2c1/0x7d0 [ 1134.895520][T22810] __netdev_alloc_skb+0xc1/0x810 [ 1134.900435][T22810] ath6kl_usb_post_recv_transfers+0x207/0x6f0 [ 1134.906542][T22810] ath6kl_usb_power_on+0x6a/0x280 [ 1134.911547][T22810] ath6kl_core_init+0x1e1/0x10b0 [ 1134.916465][T22810] ath6kl_usb_probe+0x14df/0x15d0 [ 1134.921472][T22810] usb_probe_interface+0x668/0xc90 [ 1134.926749][T22810] really_probe+0x267/0xaf0 [ 1134.931317][T22810] __driver_probe_device+0x18c/0x320 [ 1134.936594][T22810] page last free pid 15661 tgid 15661 stack trace: [ 1134.943070][T22810] __free_frozen_pages+0xc2b/0xdb0 [ 1134.948162][T22810] __slab_free+0x263/0x2b0 [ 1134.952562][T22810] qlist_free_all+0x97/0x100 [ 1134.957138][T22810] kasan_quarantine_reduce+0x148/0x160 [ 1134.962589][T22810] __kasan_kmalloc+0x22/0xb0 [ 1134.967161][T22810] __kmalloc_noprof+0x35c/0x760 [ 1134.971994][T22810] tomoyo_encode+0x28b/0x550 [ 1134.976656][T22810] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1134.982277][T22810] tomoyo_path_perm+0x283/0x560 [ 1134.987122][T22810] security_inode_getattr+0x12b/0x310 [ 1134.992474][T22810] vfs_getattr+0x23/0x70 [ 1134.996699][T22810] vfs_statx_path+0x2b/0x230 [ 1135.001277][T22810] vfs_statx+0x12e/0x200 [ 1135.005500][T22810] vfs_fstatat+0x11b/0x170 [ 1135.009927][T22810] __x64_sys_newfstatat+0x151/0x200 [ 1135.015108][T22810] do_syscall_64+0x14d/0xf80 [ 1135.019678][T22810] [ 1135.021993][T22810] Memory state around the buggy address: [ 1135.027602][T22810] ffff88805ad08600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1135.035646][T22810] ffff88805ad08680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1135.043689][T22810] >ffff88805ad08700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1135.051733][T22810] ^ [ 1135.058137][T22810] ffff88805ad08780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1135.066185][T22810] ffff88805ad08800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1135.074229][T22810] ================================================================== [ 1135.141089][ T5818] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input71 [ 1135.158397][ T5818] em28xx 4-1:0.89: Remote control support is not available for this card. [ 1135.183242][ T5948] em28xx 4-1:0.89: Closing input extension [ 1135.189452][ T5948] em28xx 4-1:0.89: Deregistering snapshot button [ 1135.211481][T22810] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1135.218725][T22810] CPU: 1 UID: 0 PID: 22810 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1135.229318][T22810] Tainted: [L]=SOFTLOCKUP [ 1135.233640][T22810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1135.243693][T22810] Call Trace: [ 1135.246969][T22810] [ 1135.249899][T22810] vpanic+0x56c/0xa60 [ 1135.253891][T22810] ? __pfx_vpanic+0x10/0x10 [ 1135.258404][T22810] panic+0xc5/0xd0 [ 1135.262129][T22810] ? __pfx_panic+0x10/0x10 [ 1135.266549][T22810] ? preempt_schedule_thunk+0x16/0x30 [ 1135.271930][T22810] ? preempt_schedule_thunk+0x16/0x30 [ 1135.277303][T22810] ? v4l2_fh_open+0xac/0x420 [ 1135.281896][T22810] check_panic_on_warn+0x89/0xb0 [ 1135.286839][T22810] ? v4l2_fh_open+0xac/0x420 [ 1135.291431][T22810] end_report+0x73/0x180 [ 1135.295679][T22810] ? v4l2_fh_open+0xac/0x420 [ 1135.300274][T22810] kasan_report+0x128/0x150 [ 1135.304787][T22810] ? v4l2_fh_open+0xac/0x420 [ 1135.309383][T22810] v4l2_fh_open+0xac/0x420 [ 1135.313800][T22810] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1135.319779][T22810] em28xx_v4l2_open+0x157/0x9a0 [ 1135.324626][T22810] ? do_raw_spin_lock+0x12b/0x2f0 [ 1135.329652][T22810] v4l2_open+0x1bf/0x3a0 [ 1135.333888][T22810] chrdev_open+0x4cd/0x5e0 [ 1135.338298][T22810] ? __pfx_chrdev_open+0x10/0x10 [ 1135.343227][T22810] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1135.349541][T22810] ? __pfx_chrdev_open+0x10/0x10 [ 1135.354463][T22810] do_dentry_open+0x785/0x14e0 [ 1135.359220][T22810] vfs_open+0x3b/0x340 [ 1135.363272][T22810] ? path_openat+0x2df0/0x3860 [ 1135.368021][T22810] path_openat+0x2e08/0x3860 [ 1135.372602][T22810] ? __pfx_stack_trace_save+0x10/0x10 [ 1135.377956][T22810] ? stack_depot_save_flags+0x33/0x810 [ 1135.383405][T22810] ? __pfx_path_openat+0x10/0x10 [ 1135.388324][T22810] ? __x64_sys_openat+0x138/0x170 [ 1135.393332][T22810] ? do_syscall_64+0x14d/0xf80 [ 1135.398089][T22810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.404139][T22810] ? __lock_acquire+0x6b5/0x2cf0 [ 1135.409062][T22810] do_file_open+0x23e/0x4a0 [ 1135.413553][T22810] ? __pfx_do_file_open+0x10/0x10 [ 1135.418565][T22810] ? _raw_spin_unlock+0x28/0x50 [ 1135.423405][T22810] ? alloc_fd+0x64b/0x6c0 [ 1135.427723][T22810] do_sys_openat2+0x113/0x200 [ 1135.432386][T22810] ? __pfx_do_sys_openat2+0x10/0x10 [ 1135.437574][T22810] ? exc_page_fault+0x6a/0xc0 [ 1135.442234][T22810] ? do_user_addr_fault+0xc6f/0x1340 [ 1135.447514][T22810] __x64_sys_openat+0x138/0x170 [ 1135.452355][T22810] do_syscall_64+0x14d/0xf80 [ 1135.456926][T22810] ? trace_irq_disable+0x3b/0x150 [ 1135.461936][T22810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.467984][T22810] ? clear_bhb_loop+0x40/0x90 [ 1135.472649][T22810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.478531][T22810] RIP: 0033:0x7f30dc4a7407 [ 1135.482932][T22810] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1135.502519][T22810] RSP: 002b:00007ffe1a1b9920 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1135.510928][T22810] RAX: ffffffffffffffda RBX: 00007f30dcb5c880 RCX: 00007f30dc4a7407 [ 1135.518905][T22810] RDX: 0000000000000000 RSI: 00007ffe1a1b9f1b RDI: ffffffffffffff9c [ 1135.526870][T22810] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1135.534843][T22810] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1135.542812][T22810] R13: 00007ffe1a1b9b70 R14: 00007f30dcc61000 R15: 00005571b081e4d8 [ 1135.550783][T22810] [ 1135.554038][T22810] Kernel Offset: disabled [ 1135.558347][T22810] Rebooting in 86400 seconds..