last executing test programs: 43.107581124s ago: executing program 2 (id=3637): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast, @random="bac4f9431624", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x8, 0x3a, 0xff, @initdev={0xfe, 0x4, '\x00', 0x0, 0x0}, @mcast2, {[], @echo_request={0x80, 0x0, 0x0, 0x9, 0x5}}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) splice(r1, &(0x7f0000000100)=0x5, r1, &(0x7f0000000140)=0x100000000, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) recvmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000040)}, 0x2}, {{&(0x7f0000000080)=@can, 0x80, &(0x7f0000002040)=[{&(0x7f0000000f00)=""/4096, 0x1000}, {&(0x7f0000001f00)=""/243, 0xf3}, {&(0x7f0000002000)=""/12, 0xc}], 0x3, &(0x7f0000002080)=""/192, 0xc0}, 0x9}, {{&(0x7f0000002140)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000002440)=[{&(0x7f00000021c0)=""/54, 0x36}, {&(0x7f0000002200)=""/190, 0xbe}, {&(0x7f00000022c0)=""/6, 0x6}, {&(0x7f0000002300)=""/246, 0xf6}, {&(0x7f0000002400)=""/37, 0x25}], 0x5, &(0x7f00000024c0)=""/83, 0x53}, 0xff}, {{&(0x7f0000002540)=@ieee802154, 0x80, &(0x7f00000027c0)=[{&(0x7f00000025c0)=""/40, 0x28}, {&(0x7f0000002600)=""/237, 0xed}, {&(0x7f0000002700)=""/32, 0x20}, {&(0x7f0000002740)=""/106, 0x6a}], 0x4, &(0x7f0000002800)=""/6, 0x6}, 0x3}], 0x4, 0x2000, &(0x7f0000002940)={0x77359400}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000e80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800040000000000000b01000008000300", @ANYRES32=r2, @ANYBLOB="28005080140001004abee33957edf8aaae14574df400000005000200070000000800030009ac0f"], 0x44}}, 0x0) 42.106953209s ago: executing program 2 (id=3640): socket(0x10, 0x3, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) file_getattr(0xffffffffffffff9c, 0x0, &(0x7f0000000300), 0x18, 0x1000) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x4, 0x2}) socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS(r0, 0x4b72, &(0x7f0000000240)={0x1, 0x80084, 0x9, 0x76a, 0x1c, "00ef02ffffe40000000000010100"}) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) r4 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r4, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f00000005c0)=[{0x17, '\x00', @st={0x4, [{0x3, @uvalue=0x61d4}, {0x2, @svalue=0x7}, {0x0, @uvalue=0x6}, {0x0, @svalue=0xfffffffffffffffe}]}, 0x4}, {0x3c, '\x00', @buffer={"156074847dff3ec92fd15c5a5ab6e820b94f2a1ade3e311b88351c3481518fff", 0x20}, 0x9}, {0x2b, '\x00', @st={0x4, [{0x2, @svalue=0x787a9145}, {0x0, @svalue}, {0x3, @uvalue=0x3}, {0x0, @svalue=0x50}]}, 0xe6}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRESHEX=0x0, @ANYRESOCT=0x0, @ANYRESHEX=r2, @ANYRES8=r4, @ANYRES16=r3], 0xa0}}, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0c00040001200000280012800b80b82a2e240cc2bfb97445ce0a0081000000aaaaaa00"/48], 0x48}}, 0x4040) io_setup(0x200, &(0x7f00000010c0)=0x0) io_submit(r7, 0x0, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 41.736705732s ago: executing program 2 (id=3642): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000400100004112200a4e2000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2) syz_usb_connect(0x5, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="12011001a4bbea5c1e0451403e6a018e78010902120001fb0180f909049a075318c7b4055c"], 0x0) r2 = gettid() r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001000010700930000ffffffff0a000000060001001000000008000a00", @ANYRES32=r3], 0x24}}, 0x24008000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_QUERYCAP(r7, 0x80685600, &(0x7f0000002000)) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x29, 0x7f, 0x5, 0x4, 0xa, @loopback, @private2, 0x7, 0x8000, 0x10, 0xfffffffe}}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02f9ffff030080000000", @ANYRES32=r7, @ANYBLOB='\x00'/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="04000000020000000100"/28], 0x50) setsockopt$sock_attach_bpf(r6, 0x10f, 0x82, &(0x7f00000000c0), 0x4) ioctl$int_in(r4, 0x5421, &(0x7f0000000180)=0x2) fcntl$setsig(r4, 0xa, 0x12) ppoll(&(0x7f0000000140)=[{r5, 0x8002}], 0x1, 0x0, 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="3e4e15", 0x3}], 0x1}, 0x1) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) ptrace$setregs(0xd, r9, 0x20000000002, &(0x7f0000000040)) ptrace$cont(0x21, r9, 0x80000001, 0x4) r10 = dup2(r4, r5) fcntl$setown(r10, 0x8, r2) tkill(r2, 0x13) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0xffffffffffffffef, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 38.540824024s ago: executing program 2 (id=3660): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[]) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') open_tree(r3, &(0x7f0000000080)='./file0\x00', 0x41100) sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x2000007ff) 37.552414094s ago: executing program 2 (id=3671): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000280)={0xe, {0x8, 0x45b34e, 0x7f, 0x2}, {0xffffffff, 0x7bfe, 0x2, 0x4}, {0x10001, 0xc}}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000040)="c6", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback={0x0, 0xffffffffffffffe0}, 0xffffffff}, 0x1c) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x9, &(0x7f0000000000)=[{0x7, 0x9, 0x2, 0x6ae}, {0x23bc, 0xd8, 0x58}, {0x4, 0x9, 0x8, 0x9}, {0x400, 0x3, 0x5, 0x2}, {0xff, 0x7f, 0x9}, {0xc, 0x8, 0x1, 0x7287}, {0xc, 0x0, 0x8, 0xf88d}, {0x5, 0x8, 0xfe, 0xa}, {0x9, 0x6, 0x7, 0x1}]}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r4, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000) 37.296456499s ago: executing program 2 (id=3672): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) (async) syz_usb_control_io$hid(r1, 0x0, 0x0) getsockopt$inet_int(r0, 0x0, 0xc, 0x0, &(0x7f0000000780)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0xa, 0x8000, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0x8000, 0xffffffff}, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000010) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) io_setup(0x3, 0x0) pipe2$watch_queue(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r5 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x6) (async) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0xffffffffffffffff) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x9) (async) io_submit(0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x18, 0x25, 0x301, 0x270bd24, 0x25dfdbff, {0x1}, [@nested={0x4, 0xae}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) (async) recvmsg(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000000300)=""/109, 0x6d}], 0x2}, 0x2000) 36.768010516s ago: executing program 32 (id=3672): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) (async) syz_usb_control_io$hid(r1, 0x0, 0x0) getsockopt$inet_int(r0, 0x0, 0xc, 0x0, &(0x7f0000000780)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x0) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0xa, 0x8000, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0x8000, 0xffffffff}, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000010) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) io_setup(0x3, 0x0) pipe2$watch_queue(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r5 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x6) (async) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0xffffffffffffffff) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x9) (async) io_submit(0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x18, 0x25, 0x301, 0x270bd24, 0x25dfdbff, {0x1}, [@nested={0x4, 0xae}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) (async) recvmsg(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000000300)=""/109, 0x6d}], 0x2}, 0x2000) 14.221386595s ago: executing program 1 (id=3741): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x26e1, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, 0x0, 0x0) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000240)={0x2, 0x83, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x200440e4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0x3) ioctl$TCSETS(0xffffffffffffffff, 0x5434, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) getsockname$inet(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(0x0, 0x22) shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ffb000/0x4000)=nil) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xffe0) 14.220649578s ago: executing program 3 (id=3742): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) move_pages(0x0, 0x2, &(0x7f00000003c0)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000540)=[0x1], &(0x7f0000001680), 0x4000) 13.694310373s ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 11.89675843s ago: executing program 1 (id=3747): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xc) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r1, 0xf7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) socket$alg(0x26, 0x5, 0x0) setrlimit(0x7, &(0x7f0000000380)={0x1, 0x9}) syslog(0x3, 0x0, 0x0) unshare(0x28000600) r3 = fsopen(&(0x7f00000001c0)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}}) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x2, @win={{0xc78e, 0xffffcaca, 0x5, 0x7}, 0x8, 0x5, 0x0, 0xfffffeff, 0x0, 0x5}}) 11.896562111s ago: executing program 3 (id=3748): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x44f, 0xb304, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x3, "", [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x5, 0x3, 0x1, {0x22, 0x2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x1, 0x3, 0x4}}}}}]}}]}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000006110a40000000000bc000800000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x9, {0x9}}}, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) 11.154046063s ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 9.322672043s ago: executing program 1 (id=3752): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000780)) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000001980)=0x1) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)={0x20, 0x6, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000000300)={&(0x7f0000000880)=[{0x0, 0x2001, 0x25, &(0x7f0000000780)="310effe2d13e03ce32538a798a56ff148c0bd8086264365a63372dbf5e90c79d0aa9390f75"}], 0x1}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000001ff0), 0x10) sendmsg$can_raw(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000280)=@can={{0x3, 0x1}, 0x5, 0x1, 0x0, 0x0, "0165b8a47f89832f"}, 0x10}, 0xee, 0x0, 0x0, 0x40041}, 0x0) 9.317976302s ago: executing program 3 (id=3753): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xc) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r1, 0xf7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=@newsa={0x14c, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast1, @in6=@local}, {@in=@broadcast, 0x0, 0x33}, @in6=@local, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x6}, [@algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "3509fe8fd57fd44aa5074c50bc700e53"}}]}, 0x14c}}, 0x0) socket$alg(0x26, 0x5, 0x0) syslog(0x3, 0x0, 0x0) unshare(0x28000600) r4 = fsopen(&(0x7f00000001c0)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}}) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x2, @win={{0xc78e, 0xffffcaca, 0x5, 0x7}, 0x8, 0x5, 0x0, 0xfffffeff, 0x0, 0x5}}) 9.056214314s ago: executing program 0 (id=3756): socket$packet(0x11, 0x2, 0x300) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.swap.current\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x4d, 0x2, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) statx(r0, &(0x7f00000000c0)='./file0\x00', 0x100, 0x200, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x830, 0x0) syz_io_uring_setup(0x16b, &(0x7f0000000000)={0x0, 0x0, 0x13090}, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='6L\x00\x00'], 0x48) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x14824, &(0x7f0000000200)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xcd0}}, {@max_read={'max_read', 0x3d, 0x5}}, {@allow_other}], [{@fowner_eq={'fowner', 0x3d, r3}}]}}, 0x1, 0x0, &(0x7f0000000340)="57d74c8c43eb764e02478ad61bab63b14edeb74ec5f1d837e1b296cfb7d5c71d62eaac47007c44e169ca1e43c8a0963eff523d15f5bb2a91978f5a879fcd2dc37b9e4311af35fe035c2fca536a9fcd5aafecf9811157116cf399c9b8fc0808e72001e747768608dcdde9dc633bcb2b5602c3f23180672091d80e2a381428a87bd82dff56ff32b5eaee7b542fa17cad64c783fbee99a4dd3b961911af70a848315e36c4cb6e96169674b020eeaa1d17f81a61cba5ada3571f9c460ef91f90d957f986bd0b325396b81f3885aa8159c6") mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) 8.829388765s ago: executing program 0 (id=3758): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x4000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000200)={@remote, @loopback}, &(0x7f0000000100)=0xc) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x100) ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xb, 0x31, 0xffffffffffffffff, 0x3c804000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x123f41, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) write$binfmt_aout(r4, &(0x7f0000000280)=ANY=[], 0xff2e) ioctl$TCFLSH(r4, 0x540b, 0x1) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/keys\x00', 0x0, 0x0) sendmsg$nl_crypto(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0xe0}, 0x1, 0x0, 0x0, 0xc000}, 0x4040008) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28182, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0xffffffffffffffb6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) sendmmsg(r7, 0x0, 0x0, 0x200c0) 8.651448459s ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 6.478932673s ago: executing program 3 (id=3759): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) r1 = socket(0x10, 0x803, 0x0) write(r1, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendto(r1, &(0x7f00000006c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x4, 0x2) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xfff) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000600)=0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f00000001c0)={0x2, @pix={0x4, 0xcf8, 0x3147504d, 0x1, 0x7, 0xe, 0x2, 0x6, 0x1, 0x3, 0x2, 0x3}}) io_submit(r4, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r3, 0x0}]) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000140)={0x0, 0x5, 0xf309}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="40000600000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) (async) socket(0x10, 0x803, 0x0) (async) write(r1, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) (async) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) (async) sendto(r1, &(0x7f00000006c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0) (async) syz_open_dev$vim2m(&(0x7f0000000080), 0x4, 0x2) (async) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xfff) (async) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) io_setup(0x8, &(0x7f0000000600)) (async) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f00000001c0)={0x2, @pix={0x4, 0xcf8, 0x3147504d, 0x1, 0x7, 0xe, 0x2, 0x6, 0x1, 0x3, 0x2, 0x3}}) (async) io_submit(r4, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r3, 0x0}]) (async) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000140)={0x0, 0x5, 0xf309}) (async) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="40000600000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) 6.34486461s ago: executing program 4 (id=3761): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101e6ffffff5d1affd5020000000900010073797a300000000008000240000000032c000000030a01230400e6ff00000000020000100900010073797a30000000000900030073d300000000000014000000110001"], 0x7c}}, 0x4000) r2 = syz_ublk_setup_io_uring(0x7506, &(0x7f0000000580)={0x0, 0x6ce7, 0x4000, 0x0, 0x10d}, &(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000680)) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000200)={'vxcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000180)={0x1d, r4, 0x0, {0x0, 0x0, 0x1}, 0x2}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a38000000030a03000000000000000000020000000900010073797a300000000009000300fff500006d0697540c000240000000000000000114000000110001"], 0x60}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac404000000afb9fdd672bad09dfb78c7699c74e891a0c7fffffffffffffff5000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x24000850}, 0x2000c040) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x10, 0x700, 0xf805, 0xe, {{0x6, 0x4, 0x2, 0x29, 0x18, 0x67, 0x0, 0xcf, 0x2f, 0x0, @rand_addr=0x64010102, @remote, {[@ra={0x94, 0x4, 0x1}]}}}}}) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2, 0x5}}]}, {0x0, [0x61]}}, &(0x7f0000000500)=""/27, 0x33, 0x1b, 0x1, 0x3ff}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xd, 0x3, 0x2, 0x80000000, 0xc286, 0x1, 0x5, '\x00', r5, r6, 0x5, 0x3, 0x1, 0x0, @value=r7}, 0x50) 6.048653893s ago: executing program 4 (id=3762): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000010c007251100000000000109022400010000000009040000010300000009210010160122050009058103"], 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x840}, 0x40000000) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000340)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f00000001c0)=0x7, 0x4) syz_usb_connect$hid(0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000400)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x310, 0x4, 0x7, 0x1, 0x40, 0x2}, 0x19, &(0x7f0000000300)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x81, "b82d41351ebc05e71be0a86c87de5c41"}]}, 0x2, [{0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x410}}, {0x4f, &(0x7f0000000380)=@string={0x4f, 0x3, "e61f36f61581cd416c19530ec5bfda94a1f0bc7122d3f25dafdf4394d3a421952b84cd9ff4292efc92a21cc658b32efcbc4dad241d9f4eaac43e976aa6f7e3d204414c42327138d14e39dd8a14"}}]}) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000040)={0x0, [[0x89ef8, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x207, 0x0, 0x1], [0x7]], '\x00', [{}, {}, {0x4000}, {0x0, 0x0, 0x0, 0x1, 0x1}, {}, {0x403}, {}, {}, {0xfffffc00}], '\x00', 0x1000}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc}]}}, 0x0}, 0x0) 5.829037469s ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 3.810557959s ago: executing program 0 (id=3763): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8fb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xc) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r1, 0xf7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8004) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=@newsa={0x14c, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast1, @in6=@local}, {@in=@broadcast, 0x0, 0x33}, @in6=@local, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x6}, [@algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "3509fe8fd57fd44aa5074c50bc700e53"}}]}, 0x14c}}, 0x0) socket$alg(0x26, 0x5, 0x0) setrlimit(0x7, &(0x7f0000000380)={0x1, 0x9}) syslog(0x3, 0x0, 0x0) unshare(0x28000600) r3 = fsopen(&(0x7f00000001c0)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}}) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x2, @win={{0xc78e, 0xffffcaca, 0x5, 0x7}, 0x8, 0x5, 0x0, 0xfffffeff, 0x0, 0x5}}) 3.808901659s ago: executing program 1 (id=3764): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x8000000000000000, 0x185000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0283, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67400f07c40249af4b8bb9800000c00f3235010200000f300f20a366450f769e00000100440f20c03588001d00445b66baf80cb88cf4b684ef66bafc0ced460f01c9c4827d24c366ba4cf0ff07ef87f345a57a43e16806a4", 0x58}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SMI(r3, 0xaeb7) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000300)={{0x2000, 0x0, 0x8, 0xff, 0xfb, 0x7f, 0x4, 0x5, 0x0, 0x2e, 0x8}, {0x5000, 0x2000, 0x9, 0x0, 0x40, 0x4, 0x7d, 0x45, 0x5, 0x3, 0x8}, {0xeeef0000, 0xeeef0000, 0xb, 0x5, 0x83, 0x7, 0x40, 0x9, 0x1, 0xa7, 0x6, 0x81}, {0x6000, 0x3000, 0xd, 0x3, 0x4, 0x43, 0xb, 0xff, 0x1, 0xaf, 0xe, 0x11}, {0x4000, 0x8000000, 0xb, 0x1, 0x15, 0x7, 0xab, 0x8, 0x7, 0x83, 0xf6, 0x2}, {0x1000, 0x4, 0x9, 0x14, 0x2, 0x8, 0x7, 0xa0, 0x80, 0x10, 0x1, 0xc}, {0x3000, 0x58000, 0x3, 0x5, 0x7, 0x5, 0x7, 0x6, 0x5, 0x81, 0xff, 0x40}, {0x8080000, 0x1000, 0xf, 0xd, 0xf, 0x7, 0x4, 0x34, 0xda, 0x0, 0xd9, 0x9}, {0x5000, 0x30}, {0x1, 0xf}, 0x4003b, 0x0, 0x8080000, 0x2024, 0x9, 0x1003, 0x2000, [0x6800000000000000, 0x2, 0x0, 0x10000000ff]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000b40)={r5, @in={{0x2, 0x4e21, @private=0xa010101}}, 0xffff, 0xb94}, 0x90) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40048a0}, 0x4880) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r12 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r12, &(0x7f0000000240)="bad330fbc9b55400041900ea0756a85d86dd4e11bce43a5dbf38ff29aabe94b749222147b4d628739944c056f5616c7bfae9e4f631503eeb57da", 0x3a, 0x1840, &(0x7f00000000c0)={0x11, 0x88a8, r11, 0x1, 0xd8}, 0x14) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040)={r5, 0x26, "ffada6cb430847c382e585f1355c101509ae0dde77861febc50b838cfd9625da6787a751ea17"}, &(0x7f00000000c0)=0x2e) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) 3.806746412s ago: executing program 3 (id=3765): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0x1, 0x9, 0x20002f9}) socket$inet(0x2, 0x4, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB="0100000000000000003b5cf789efbf7bfa15df68", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0100000003000000050000000700000000004f9edc67bbc8e30d0000"], 0x50) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c0000001200130626bd7000fddbdf250bff01fd4e224e2200800000f9fffb7f06000000010000000a000000080000000700000007000000", @ANYRES32=0x0, @ANYBLOB="c966d4216504eaff00ff009800beffffff01800000"], 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x1, 0x3, 0x0, 0x13, "00176a0000fcf7ffffa5e8673608f7ecfeff00"}) r2 = dup3(0xffffffffffffffff, r1, 0x0) write$binfmt_elf64(r2, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffd71, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x1, 0x2, &(0x7f0000000380)=@raw=[@map_idx={0x18, 0x4, 0x5, 0x0, 0x6}], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0, 0x4b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r5, 0x4048ae9b, &(0x7f0000000140)={0x10003, 0x0, {[0x0, 0x3ff, 0x5, 0x8001a, 0x80000002, 0x4, 0x6, 0x2000000000000003]}}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4) 3.806221529s ago: executing program 4 (id=3766): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000b40)=ANY=[@ANYBLOB="1201000000000010580413500000000000010902240001000050000904000081030000000921faff000122a00009058103"], 0x0) clock_adjtime(0x17, &(0x7f0000000000)={0xe8ad, 0x7, 0xb, 0xffffffffffffffff, 0x8001, 0x7ff, 0x5, 0x3, 0x100000000000006, 0x200, 0x3, 0x4, 0x9, 0x80000000000005, 0x11, 0xffffffffffffffff, 0xfffffffe, 0x5, 0xc, 0xfffffffd, 0x5, 0x1, 0x11cb, 0xffffffff, 0xd, 0x8000000c}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00030000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000000000000000000008001900000000000a00000000000000fe8000000000000000000000000000bb000000000a"], 0xe0}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r2 = dup(r1) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r2, 0x3) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="4023a0"], 0x0, 0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000440), 0x2, 0x2) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20080, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="05000000050000000200000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x2a060400) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2842, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000005f00)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[], 0x44}}, 0x22028000) splice(r4, 0x0, r5, 0x0, 0x8, 0x1) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'vlan0\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0x41, 0x1, 0x107fff, 0x1, 0x4, 0x89, 0x0, 0xffb, 0x7, 0xb6b, 0x0, 0x4, 0x0, 0x3, 0x9, 0x0, 0x1000, 0xc, 0x3, 0x3, 0x80000001, 0xfffffffa, 0x0, 0x1, 0x9, 0x4, 0x7, 0x5, 0x7, 0x9, 0x3, 0x639, 0x8e, 0x7, 0x2, 0x6, 0x4, 0xb, 0x40, 0x40bed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x3, 0x1, 0x7f, 0x4, 0x9, 0x7, 0xf, 0x101, 0xa, 0x1fa08607, 0x7, 0x100aa, 0x7f, 0x2, 0x180000, 0x1, 0x8b, 0x5, 0x2af, 0x3, 0x3, 0x2, 0x1, 0x9, 0x4, 0x4, 0x1, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10000, 0x3f6, 0xffffffff, 0x6, 0x86, 0x9, 0x0, 0xfdffffff, 0xfffffffe, 0x0, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x4, 0x20004, 0xc50, 0x2, 0xb, 0x2, 0xa, 0xc8, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x5, 0x1fc, 0x5, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) socket$inet_smc(0x2b, 0x1, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$unix(0x1, 0x1, 0x0) 3.189582493s ago: executing program 1 (id=3767): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb8}}, 0x0) 3.134065541s ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 901.017843ms ago: executing program 0 (id=3768): socket$packet(0x11, 0x2, 0x300) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.swap.current\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x4d, 0x2, 0x0, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) statx(r0, &(0x7f00000000c0)='./file0\x00', 0x100, 0x200, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x830, 0x0) syz_io_uring_setup(0x16b, &(0x7f0000000000)={0x0, 0x0, 0x13090}, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='6L\x00\x00'], 0x48) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x14824, &(0x7f0000000200)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xcd0}}, {@max_read={'max_read', 0x3d, 0x5}}, {@allow_other}], [{@fowner_eq={'fowner', 0x3d, r3}}]}}, 0x1, 0x0, &(0x7f0000000340)="57d74c8c43eb764e02478ad61bab63b14edeb74ec5f1d837e1b296cfb7d5c71d62eaac47007c44e169ca1e43c8a0963eff523d15f5bb2a91978f5a879fcd2dc37b9e4311af35fe035c2fca536a9fcd5aafecf9811157116cf399c9b8fc0808e72001e747768608dcdde9dc633bcb2b5602c3f23180672091d80e2a381428a87bd82dff56ff32b5eaee7b542fa17cad64c783fbee99a4dd3b961911af70a848315e36c4cb6e96169674b020eeaa1d17f81a61cba5ada3571f9c460ef91f90d957f986bd0b325396b81f3885aa8159c6") mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) 894.052908ms ago: executing program 1 (id=3769): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8040480) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000280)={&(0x7f00000059c0)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, r6}) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000008280), r4) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0xa8, r7, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x80c}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x10}, 0x4000004) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000240), &(0x7f00000002c0)='./file0\x00', 0x8, 0x1) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00}) fsopen(0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r10 = dup(r9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x12, r10, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) 891.096375ms ago: executing program 3 (id=3770): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x2) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000180)=0x5, 0x4) sendto$inet6(r2, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0xfffffff8}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]}) socket$nl_route(0x10, 0x3, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x0, 0x0}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000180)={0x1}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000240)={0x0, 0xd7}, &(0x7f00000002c0)=0x8) ioctl$KVM_SET_PIT2(r6, 0x4070aea0, &(0x7f0000002400)={[{0xa, 0xcc, 0xfa, 0x5, 0xff, 0x96, 0xc9, 0x6, 0x4, 0x0, 0x2, 0x6, 0xffffffff}, {0x15, 0x1, 0x6, 0xb5, 0x1, 0x6, 0xbb, 0x2, 0xb, 0x5, 0x4, 0x9, 0x1}, {0x2, 0x1000, 0x28, 0x2, 0x1, 0x2a, 0x4, 0x8, 0xe, 0x40, 0xf4, 0x4, 0x200}], 0x6}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000680)={r7, 0x1ff, 0x0, 0x1, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800020], [0x0, 0x1001000, 0x1], [0x0, 0x0, 0xfffffffffefffffc, 0x9]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r8, 0x0, 0x0, r9], [0x2b8]}) close_range(r3, 0xffffffffffffffff, 0x0) r10 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r10, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r11 = socket$unix(0x1, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) 884.295369ms ago: executing program 4 (id=3771): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40014) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$FIBMAP(r0, 0x2283, &(0x7f0000000080)=0x85) 720.996766ms ago: executing program 4 (id=3772): personality(0xfe47fef9f5ff7379) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8382, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) r3 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r3, 0xc2604110, &(0x7f0000000bc0)={0x0, [[0x9, 0x0, 0x0, 0xc, 0x40000200, 0x0, 0x4, 0xfffffffd], [0x1000, 0x0, 0x1, 0xfffffffd, 0x80, 0x0, 0x6, 0x8], [0x4, 0xffefffff, 0x40, 0x0, 0x1, 0x7, 0x8]], '\x00', [{}, {0xc5}, {0x400}, {0x10000}, {0x2000005}, {0x2, 0x22c685d7}, {0xf68b}, {0xb, 0xfffffff8}, {0xc51}, {0x7334486a}, {0x20000}, {0x0, 0x2}], '\x00', 0x0, 0x0, 0x0, 0x20}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4000000004, &(0x7f0000000340)=[{0x10, 0x6, 0xffffffffffffffff}, {0xfffffffffffffffe, 0xfffffffffffffffd, 0xffffffff}], 0x2, 0xbff, 0x1e, 0x0, 0x2c, 0x5f}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/216, 0xd8, 0x0, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1, 0x4}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x400}], 0x0, 0x0, 0x0}) 720.63735ms ago: executing program 0 (id=3773): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf255c85000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x44001}, 0xc800) 337.962494ms ago: executing program 0 (id=3774): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f000000b4c0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000000)="8fab14410848dd95e7b8523bfbf4a6cbcc911b443e673a8fa77ce58a13432ac9824be38c9c2661a897fb45a74a588fdabe427ade9b1ed53f450ce6c2", 0x3c}], 0x1}}], 0x1, 0x20000880) (async) sendmmsg$inet(r0, &(0x7f000000b4c0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000000)="8fab14410848dd95e7b8523bfbf4a6cbcc911b443e673a8fa77ce58a13432ac9824be38c9c2661a897fb45a74a588fdabe427ade9b1ed53f450ce6c2", 0x3c}], 0x1}}], 0x1, 0x20000880) 2.194567ms ago: executing program 5 (id=3673): r0 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000000}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x4, 0x4, 0x100000001}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce617ebf1b"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) 0s ago: executing program 4 (id=3775): r0 = syz_open_procfs(0x0, &(0x7f0000002040)='net/snmp6\x00') r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) set_mempolicy_home_node(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3, 0x0) r4 = dup(r2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @remote}) write$tun(r4, &(0x7f00000022c0)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=r4, @ANYRES8=r1, @ANYRES8=r4, @ANYBLOB="aca12727463517cfe606c700e9ed7b306bc4174f6193379a07273e54e9317ffb58e90af9aa417db0bf260a971c54867e0f2790523d4b7d2258917865643d773ca20a1d0b0b56df103fb364e525d3ad9b4dcb08b4b80118cd085e3fa02553fd2b676899d0e5314367a7417b94e5922911a840f78f956d732600c1030aef00f5768580bf537081f20d05bb5dd57857d35974db2305f9099de10377667a465fe14b73070660a02955cbad898b6114345f3d87675f5d39acada4ab39a0f0ffb04b5a6101e0d185629b5c3c4c462893972d52349d01fe12cc7244c5e21ab8a5c0d860063bfd46"], 0x52) unshare(0x60600) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x102, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = gettid() rt_sigqueueinfo(r7, 0x14, &(0x7f0000000380)={0xe, 0x1, 0x10}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002100)='cpuset.effective_mems\x00', 0x275a, 0x0) write$UHID_CREATE2(r8, &(0x7f0000002100)=ANY=[], 0x118) mmap(&(0x7f0000ba6000/0x1000)=nil, 0x1000, 0x8, 0x2010, r5, 0xfffff000) r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xffffffffffbfffff) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x1, 0x3, 0x9, 0x0, 0x3, 0xd, 0x6, 0x90, 0x7f}}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[0x118addbae, 0x40000000fff, 0x80000000, 0x17e, 0x4, 0x14, 0xf1, 0x0, 0x3, 0xb, 0x1041, 0x9, 0xfffffffffffffffe, 0x45, 0x400, 0xbdb], 0x4, 0x1c4213}) openat$kvm(0xffffffffffffff9c, &(0x7f0000002140), 0x200042, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xf, 0x8010, 0xffffffffffffffff, 0xffffd000) r10 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x0, 0x18c, 0x203, 0x320, 0x19030000, 0x410, 0x2e0, 0x2e0, 0x410, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x300, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x60, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x6}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz0\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540) syz_usb_connect(0x6, 0x11e, &(0x7f0000000d00)=ANY=[@ANYBLOB="25c40dcd52b4ffbeb54f02f5660d1849c1f62fd40da09598761752d99e5c0978f0fe3189f52afe6123552b73adcc2d051c374180436785196419e7171a75a6634f798a49e17973984e0010326ab74afaf0767574c247a33f3d9e5b11e427c36234f0cc956492af5197bc77f76537dc668880b75ab2c3f3131d15a87be96227c21c60b561bfee159693f1b7d280a471", @ANYRESHEX=r3, @ANYRES32, @ANYBLOB="308c4e816ecda624d54fe12c37dc0dca4b40c67e910e0daaa6ed5faf6f240220dcb591b8b9d4ee959733939ae9cd7ceb98dd0740c9dcfd00de2558b6f61503d8851585e93e83a9e7804121b545b923c1ff26d924b34bb18c3c0eaba65de03dd0c9d8fb0cb1c7bac9b50fcc7ca61b671eabc7748bc35e6bbe763cea9c2d6417d24780b50689fa20e5f843340063282a915824cccd896af135782cba0424db6b7711", @ANYRES32=0x0, @ANYBLOB="003547914e288abb95dbe559733aeb750b1152b2538cc4744ca98ed89da8969b2336ae8ba27e9dacaedc1c8a2ba5e9513d02e835ce7db665b488c2da41423a3273c4f555c0e8db74a1c6762a4b0ee7bf89ad2990ab7914a8787c05ee6b3c70f6f80b1b1877a0acadae241552730e310bd927a9056d304d95715950755aa439726219a758771c17715dd9", @ANYBLOB="b0515aedfcbd5689cb030991d77b46ea66d0e45dd3ee00347f9738b89f38cdd8e0099dbfaf2138e7acfe9ab40be6d6679ddfeb44b7fd0a3eb3ca7059a3b139ab97cb999f31afffac4e8641c8455a89cbde85e9e79ad3d2555f7d1617dc16ef2a02a52caae8f16a7492e72c5020b93fbeb8ea84bcd14af1cf73ef40d6a7e8be0d9ce5a8abe822099a7510209abf0220fd7ea5f1ab9f7d7030ca5a0152c11405133d1837594d0bfd2734f94729600dfb9fea054bda6d6a30d4bddbfb6909a283a39323379d96592b", @ANYRES64=r2, @ANYRES32=r0], &(0x7f0000002180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xee, &(0x7f0000000280)=ANY=[@ANYBLOB="ee0332b5170344419142c79ad95dc59f2db41a8f0fb7384109113bf1aa5ddcf07e45f53f61f97c4b40efb1b61de18ee62d4cef9565db3225c8cb8de1dbe02d1f20f3e586b8b7260714a40090e88c913292f7ce7af9d3e8bf79cd3137cd3ddd2d177c5a4f1163be762580c3adef77832099db6d330109921da43b311ecccd71e0bda430ced3ddbe4576ed951d58412c3ac91c09455f25f42ff8507ef93fce7d1dd585117600470d03070000009afc07f11aa6cbafef3cf01728479323f2bd2c809e11d684698b89ad9139fdc461a3029f8e1295596285fcba8c585b350374b1631bbe4acbd61d2da291d8efd2f13c"]}]}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r11 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCTRL(r11, 0xc0445624, &(0x7f0000000040)={0x8098f905, 0x111, "6005588a3f9a9f7e1db9c90600d0da98e122e62200", 0x1, 0xffb, 0x3, 0x0, 0x400}) kernel console output (not intermixed with test programs): 'hsr0' already exists in 'hsr' [ 699.916710][T21622] Cannot create hsr debugfs directory [ 699.936019][T18130] bridge_slave_1: left allmulticast mode [ 699.950083][T18130] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.969900][T18130] bridge_slave_0: left allmulticast mode [ 699.983696][T18130] bridge_slave_0: left promiscuous mode [ 700.002647][T18130] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.468867][T18130] bond1 (unregistering): (slave vti0): Releasing backup interface [ 700.475508][T21906] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3162'. [ 700.579070][T21912] ptrace attach of "ci-upstream-kasan-gce/syz-executor exec"[18758] was attempted by " Àÿ Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ     nl80211 @ h debu€   Õ@$ À ( € \x0c Û  þÿÿú üÿÿÿ €  blkio.bfq.dequeue h  ÿÿ+í‰N•ðãïŠq®‡ÄÛ³úÒ~2³Ü•Ç£öéòž—³I´TýÛåÁu\x0a±¶ GÞíqú¤õŠd‡–½ÅÎÚ0G(Á5ô8tÿØy”Ò\x5c¿u§ [ 700.789304][T18130] bond0 (unregistering): (slave geneve1): Releasing backup interface [ 701.445576][T20265] gspca_sunplus: reg_w_1 err -110 [ 701.450727][T20265] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 701.474713][ T5641] Bluetooth: hci1: command tx timeout [ 701.550628][T18130] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.579807][T18130] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.598354][T18130] bond0 (unregistering): Released all slaves [ 701.625942][T18130] bond1 (unregistering): Released all slaves [ 701.665726][T18130] bond2 (unregistering): Released all slaves [ 701.738930][T18130] bond3 (unregistering): Released all slaves [ 701.781817][T18130] bond4 (unregistering): Released all slaves [ 701.843605][T18130] bond5 (unregistering): (slave dummy0): Releasing active interface [ 701.873159][T18130] bond5 (unregistering): Released all slaves [ 701.951830][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 702.065183][ T9] usb 5-1: USB disconnect, device number 99 [ 702.750511][T22004] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3165'. [ 702.773871][T22004] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3165'. [ 703.114312][ T10] usb 5-1: new low-speed USB device number 100 using dummy_hcd [ 703.291480][ T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 703.330259][T22024] bond1: option ad_user_port_key: invalid value (61326) [ 703.347766][ T10] usb 5-1: config 0 has no interface number 0 [ 703.361050][ T10] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 703.378645][T22024] bond1: option ad_user_port_key: allowed values 0 - 1023 [ 703.394662][ T10] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 703.417201][ T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 703.433267][T22024] bond1 (unregistering): Released all slaves [ 703.457466][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.494739][ T10] usb 5-1: config 0 descriptor?? [ 703.515881][T22015] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 703.554428][ T5641] Bluetooth: hci1: command tx timeout [ 703.563247][ T10] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 703.588750][T22103] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3168'. [ 703.991667][T22121] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3171'. [ 704.041924][T22127] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3172'. [ 704.058740][ T46] usb 5-1: USB disconnect, device number 100 [ 704.720219][T22154] syzkaller0: entered promiscuous mode [ 704.756848][T22154] syzkaller0: entered allmulticast mode [ 705.554546][ T10] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 705.635334][ T5641] Bluetooth: hci1: command tx timeout [ 705.755855][ T10] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 705.775079][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.818095][ T10] usb 2-1: Product: syz [ 705.830700][ T10] usb 2-1: Manufacturer: syz [ 705.846461][ T10] usb 2-1: SerialNumber: syz [ 705.890056][ T10] usb 2-1: config 0 descriptor?? [ 706.445904][ T10] usb 2-1: Firmware: major: 165, minor: 186, hardware type: UNKNOWN (213) [ 706.630943][T22204] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3176'. [ 706.664625][ T10] usb 2-1: failed to fetch extended address, random address set [ 706.672440][T22204] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3176'. [ 706.681947][ T10] usb 2-1: atusb_probe: initialization failed, error = -524 [ 706.707579][ T10] atusb 2-1:0.0: probe with driver atusb failed with error -524 [ 709.650528][T22223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3182'. [ 709.732345][T22224] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3182'. [ 710.528251][T21622] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 710.534823][ T5702] usb 2-1: USB disconnect, device number 106 [ 710.612870][T21622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 710.661410][T22246] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 710.672921][T22260] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3184'. [ 710.706955][T21622] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 710.721963][T22242] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3185'. [ 710.740564][T21622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 710.765314][T21622] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 710.807551][T21622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 710.826998][T22267] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3186'. [ 710.828185][T21622] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 710.868647][T22267] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3186'. [ 710.914106][T21622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 711.099361][T21622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.152443][T21622] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.188317][T18126] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.195469][T18126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 711.268232][T18128] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.275371][T18128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 711.461540][T21622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 711.646200][T21622] veth0_vlan: entered promiscuous mode [ 711.713257][T21622] veth1_vlan: entered promiscuous mode [ 711.850054][T21622] veth0_macvtap: entered promiscuous mode [ 711.907422][T21622] veth1_macvtap: entered promiscuous mode [ 711.984908][T21622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 712.041140][T21622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 712.134089][ T258] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.162252][ T258] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.212651][ T258] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.281539][ T258] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.350457][T22300] use of bytesused == 0 is deprecated and will be removed in the future, [ 712.369279][T22300] use the actual size instead. [ 712.740971][ T258] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.783476][ T258] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.045409][T18128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.086775][T18128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.456219][T22324] syzkaller0: entered promiscuous mode [ 713.477359][T22324] syzkaller0: entered allmulticast mode [ 713.622460][T22332] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3194'. [ 713.675172][T22333] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3194'. [ 713.733689][ T10] IPVS: starting estimator thread 0... [ 713.844849][T22337] IPVS: using max 50 ests per chain, 120000 per kthread [ 714.238077][T22354] FAULT_INJECTION: forcing a failure. [ 714.238077][T22354] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 714.280358][T22357] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3199'. [ 714.294349][T22354] CPU: 0 UID: 0 PID: 22354 Comm: syz.4.3198 Tainted: G L syzkaller #0 PREEMPT(full) [ 714.294381][T22354] Tainted: [L]=SOFTLOCKUP [ 714.294389][T22354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 714.294400][T22354] Call Trace: [ 714.294408][T22354] [ 714.294417][T22354] dump_stack_lvl+0xe8/0x150 [ 714.294447][T22354] should_fail_ex+0x412/0x560 [ 714.294477][T22354] _copy_from_user+0x2d/0xb0 [ 714.294506][T22354] ___sys_sendmsg+0x1c6/0x360 [ 714.294532][T22354] ? __lock_acquire+0x6b5/0x2cf0 [ 714.294559][T22354] ? __pfx____sys_sendmsg+0x10/0x10 [ 714.294620][T22354] ? __fget_files+0x2a/0x420 [ 714.294651][T22354] ? __fget_files+0x3a0/0x420 [ 714.294684][T22354] __x64_sys_sendmsg+0x1bd/0x2a0 [ 714.294714][T22354] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 714.294751][T22354] ? __pfx_ksys_write+0x10/0x10 [ 714.294787][T22354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.294808][T22354] do_syscall_64+0x15f/0xf80 [ 714.294839][T22354] ? trace_irq_disable+0x3b/0x140 [ 714.294866][T22354] ? clear_bhb_loop+0x40/0x90 [ 714.294888][T22354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.294907][T22354] RIP: 0033:0x7fbd1c19ce59 [ 714.294926][T22354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 714.294942][T22354] RSP: 002b:00007fbd1cfe6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 714.294963][T22354] RAX: ffffffffffffffda RBX: 00007fbd1c415fa0 RCX: 00007fbd1c19ce59 [ 714.294977][T22354] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 714.294989][T22354] RBP: 00007fbd1cfe6090 R08: 0000000000000000 R09: 0000000000000000 [ 714.295001][T22354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 714.295012][T22354] R13: 00007fbd1c416038 R14: 00007fbd1c415fa0 R15: 00007fbd1c53fa48 [ 714.295043][T22354] [ 714.500103][ T46] usb 2-1: new low-speed USB device number 107 using dummy_hcd [ 714.736116][ T46] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 714.750474][ T46] usb 2-1: config 0 has no interface number 0 [ 714.757748][ T46] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 714.768814][ T46] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 714.782931][ T46] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 714.796414][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.813126][ T46] usb 2-1: config 0 descriptor?? [ 714.846326][T22347] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 714.865635][ T46] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 714.937641][ T993] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 715.105806][ T993] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 715.118096][ T993] usb 5-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config [ 715.130249][ T10] usb 2-1: USB disconnect, device number 107 [ 715.163904][ T993] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 715.187076][ T993] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 715.212883][ T993] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 715.222872][ T993] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 715.231500][ T993] usb 5-1: Product: syz [ 715.236150][ T993] usb 5-1: Manufacturer: syz [ 715.268045][ T993] cdc_wdm 5-1:1.0: skipping garbage [ 715.281262][ T993] cdc_wdm 5-1:1.0: skipping garbage [ 715.287950][ T993] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 715.479766][T22365] xt_hashlimit: size too large, truncated to 1048576 [ 715.536161][T22394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3201'. [ 716.270108][T11577] usb 5-1: USB disconnect, device number 101 [ 717.053942][T22429] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3212'. [ 717.895727][ T46] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 718.064956][T22453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3215'. [ 718.096909][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 718.108660][ T46] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 718.126452][ T46] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 718.152278][ T46] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 718.215024][ T46] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 718.226712][T22453] vxlan0: entered allmulticast mode [ 718.251211][ T7964] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 718.260905][ T993] usb 3-1: new full-speed USB device number 99 using dummy_hcd [ 718.278598][ T7964] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 718.302640][ T46] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 718.317798][ T7964] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 718.338055][ T46] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 718.341803][ T7964] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 718.369921][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.447192][ T993] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 718.469520][ T993] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 718.506519][ T993] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 718.523493][ T993] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.608254][T22441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 718.617804][ T46] usb 1-1: usb_control_msg returned -32 [ 718.625174][ T46] usbtmc 1-1:16.0: can't read capabilities [ 718.635360][T22441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 718.734519][ T808] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 718.756449][ T993] usb 3-1: usb_control_msg returned -32 [ 718.766385][ T993] usbtmc 3-1:16.0: can't read capabilities [ 718.918932][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 718.938520][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 718.961297][ T808] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 718.977653][ T808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.996094][ T808] usb 5-1: config 0 descriptor?? [ 719.222278][ T808] usbhid 5-1:0.0: can't add hid device: -71 [ 719.236967][ T808] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 719.262298][ T808] usb 5-1: USB disconnect, device number 102 [ 719.744335][ T808] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 719.924424][ T808] usb 5-1: Using ep0 maxpacket: 16 [ 719.942543][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 719.954956][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 719.968346][ T808] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 719.979790][ T808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 720.000606][ T808] usb 5-1: config 0 descriptor?? [ 720.433039][ T808] kye 0003:0458:5016.0022: control desc unexpectedly large [ 720.458764][ T808] kye 0003:0458:5016.0022: control desc unexpectedly large [ 720.541512][ T808] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0022/input/input58 [ 720.626103][T22475] netlink: 'syz.4.3218': attribute type 10 has an invalid length. [ 720.685530][ T808] kye 0003:0458:5016.0022: input,hiddev2,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0 [ 720.901836][T22475] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 720.953461][T22475] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 720.987574][T22537] netlink: 'syz.4.3218': attribute type 10 has an invalid length. [ 721.040059][T22537] bond0: (slave netdevsim1): Releasing backup interface [ 721.061981][T22537] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 721.105598][ T808] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 721.106996][T22537] team0: Port device netdevsim1 added [ 721.189950][T20265] usb 5-1: USB disconnect, device number 103 [ 721.278135][ T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 721.318639][ T808] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 721.340432][ T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 721.350375][ T808] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 721.364319][ T808] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 721.373482][ T808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.408668][ T808] usb 2-1: config 0 descriptor?? [ 721.646052][ T808] hdpvr 2-1:0.0: firmware version 0x0 dated [ 721.664519][ T808] hdpvr 2-1:0.0: untested firmware, the driver might not work. [ 721.804641][T22570] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3225'. [ 722.136101][ T808] hdpvr 2-1:0.0: Could not setup controls [ 722.144487][ T808] hdpvr 2-1:0.0: registering videodev failed [ 722.180715][ T808] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -71 [ 722.214923][ T808] usb 2-1: USB disconnect, device number 108 [ 722.627778][T22599] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.060354][T22612] FAULT_INJECTION: forcing a failure. [ 723.060354][T22612] name failslab, interval 1, probability 0, space 0, times 0 [ 723.098676][T22612] CPU: 0 UID: 0 PID: 22612 Comm: syz.1.3232 Tainted: G L syzkaller #0 PREEMPT(full) [ 723.098711][T22612] Tainted: [L]=SOFTLOCKUP [ 723.098719][T22612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 723.098729][T22612] Call Trace: [ 723.098737][T22612] [ 723.098746][T22612] dump_stack_lvl+0xe8/0x150 [ 723.098767][T22612] should_fail_ex+0x412/0x560 [ 723.098786][T22612] should_failslab+0xa8/0x100 [ 723.098806][T22612] __kmalloc_noprof+0xe8/0x760 [ 723.098831][T22612] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 723.098863][T22612] tomoyo_realpath_from_path+0xe3/0x5d0 [ 723.098889][T22612] ? tomoyo_domain+0xd7/0x130 [ 723.098913][T22612] ? tomoyo_path_number_perm+0x219/0x630 [ 723.098927][T22612] tomoyo_path_number_perm+0x246/0x630 [ 723.098941][T22612] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 723.098954][T22612] ? __lock_acquire+0x6b5/0x2cf0 [ 723.098987][T22612] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 723.099035][T22612] ? __fget_files+0x2a/0x420 [ 723.099060][T22612] ? __fget_files+0x2a/0x420 [ 723.099073][T22612] ? __fget_files+0x3a0/0x420 [ 723.099086][T22612] ? __fget_files+0x2a/0x420 [ 723.099102][T22612] security_file_ioctl+0xc3/0x2a0 [ 723.099116][T22612] __se_sys_ioctl+0x47/0x170 [ 723.099140][T22612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.099160][T22612] do_syscall_64+0x15f/0xf80 [ 723.099184][T22612] ? trace_irq_disable+0x3b/0x140 [ 723.099210][T22612] ? clear_bhb_loop+0x40/0x90 [ 723.099228][T22612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.099239][T22612] RIP: 0033:0x7f76f799ce59 [ 723.099252][T22612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 723.099262][T22612] RSP: 002b:00007f76f88c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 723.099277][T22612] RAX: ffffffffffffffda RBX: 00007f76f7c15fa0 RCX: 00007f76f799ce59 [ 723.099291][T22612] RDX: 0000000000000000 RSI: 0000000040085112 RDI: 0000000000000003 [ 723.099302][T22612] RBP: 00007f76f88c4090 R08: 0000000000000000 R09: 0000000000000000 [ 723.099314][T22612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 723.099334][T22612] R13: 00007f76f7c16038 R14: 00007f76f7c15fa0 R15: 00007f76f7d3fa48 [ 723.099370][T22612] [ 723.101883][T22612] ERROR: Out of memory at tomoyo_realpath_from_path. [ 723.533232][T22616] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3234'. [ 723.794308][ T9] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 723.887038][T22628] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3237'. [ 723.934537][T22626] tipc: Failed to remove unknown binding: 66,1,1/0:2381621125/2381621127 [ 723.957627][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 723.969984][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 723.992519][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 724.010095][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 724.025840][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 724.048699][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 724.062030][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 724.079504][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.100446][ T9] usb 4-1: config 0 descriptor?? [ 724.113290][T22616] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 724.194671][T22499] usbtmc 1-1:16.0: usbtmc_ioctl_request failed -110 [ 724.206880][ T808] usb 1-1: USB disconnect, device number 99 [ 724.274003][ T46] usb 3-1: USB disconnect, device number 99 [ 724.549806][ T5631] Bluetooth: hci2: Opcode 0x0c03 failed: -71 [ 724.561571][ T993] usb 4-1: USB disconnect, device number 123 [ 724.760639][ T5631] Bluetooth: hci0: command 0x0406 tx timeout [ 725.944310][T20265] usb 4-1: new full-speed USB device number 124 using dummy_hcd [ 726.084339][T20265] usb 4-1: device descriptor read/64, error -71 [ 726.364381][T20265] usb 4-1: new full-speed USB device number 125 using dummy_hcd [ 726.524371][T20265] usb 4-1: device descriptor read/64, error -71 [ 726.634613][T20265] usb usb4-port1: attempt power cycle [ 727.006763][T20265] usb 4-1: new full-speed USB device number 126 using dummy_hcd [ 727.054605][ T9] usb 1-1: new low-speed USB device number 100 using dummy_hcd [ 727.085468][T20265] usb 4-1: device descriptor read/8, error -71 [ 727.227564][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 727.241938][ T9] usb 1-1: config 0 has no interface number 0 [ 727.255562][ T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 727.274689][T22710] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3246'. [ 727.293258][ T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 727.305975][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 727.315568][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.333299][ T9] usb 1-1: config 0 descriptor?? [ 727.344268][T20265] usb 4-1: new full-speed USB device number 127 using dummy_hcd [ 727.356254][T22702] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 727.382826][T20265] usb 4-1: device descriptor read/8, error -71 [ 727.389943][ T9] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 727.515728][T20265] usb usb4-port1: unable to enumerate USB device [ 727.632512][T20265] usb 1-1: USB disconnect, device number 100 [ 728.348284][T22731] fuse: Unknown parameter '^?' [ 728.524740][T22731] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3250'. [ 729.264307][ T808] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 729.364311][T20265] usb 5-1: new full-speed USB device number 104 using dummy_hcd [ 729.421977][ T808] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 729.478465][ T808] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 729.528618][ T808] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 729.558481][T20265] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 729.578418][ T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.596220][T20265] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 729.614479][T20265] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.635256][T20265] usb 5-1: Product: syz [ 729.648483][T20265] usb 5-1: Manufacturer: syz [ 729.672035][T22755] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 729.682689][T20265] usb 5-1: SerialNumber: syz [ 729.712335][ T808] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 729.712870][T20265] usb 5-1: config 0 descriptor?? [ 729.772747][T20265] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 729.837110][T20265] usb 5-1: Detected FT232R [ 729.985288][T22781] FAULT_INJECTION: forcing a failure. [ 729.985288][T22781] name failslab, interval 1, probability 0, space 0, times 0 [ 730.018742][T22781] CPU: 1 UID: 0 PID: 22781 Comm: syz.0.3257 Tainted: G L syzkaller #0 PREEMPT(full) [ 730.018767][T22781] Tainted: [L]=SOFTLOCKUP [ 730.018772][T22781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 730.018778][T22781] Call Trace: [ 730.018785][T22781] [ 730.018794][T22781] dump_stack_lvl+0xe8/0x150 [ 730.018828][T22781] should_fail_ex+0x412/0x560 [ 730.018858][T22781] should_failslab+0xa8/0x100 [ 730.018886][T22781] __kvmalloc_node_noprof+0x178/0x8a0 [ 730.018906][T22781] ? alloc_netdev_mqs+0xa8/0x1210 [ 730.018922][T22781] alloc_netdev_mqs+0xa8/0x1210 [ 730.018933][T22781] ? __pfx_vlan_setup+0x10/0x10 [ 730.018953][T22781] rtnl_create_link+0x31f/0xd70 [ 730.018979][T22781] rtnl_newlink_create+0x277/0xb70 [ 730.019005][T22781] ? __pfx___nla_validate_parse+0x10/0x10 [ 730.019041][T22781] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 730.019068][T22781] ? __pfx___mutex_lock+0x10/0x10 [ 730.019091][T22781] ? ns_capable+0x89/0xe0 [ 730.019105][T22781] rtnl_newlink+0x166a/0x1bb0 [ 730.019136][T22781] ? __pfx_rtnl_newlink+0x10/0x10 [ 730.019158][T22781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.019214][T22781] ? kasan_quarantine_put+0xbb/0x1f0 [ 730.019231][T22781] ? lockdep_hardirqs_on+0x7a/0x110 [ 730.019253][T22781] ? nlmon_xmit+0xb0/0x100 [ 730.019266][T22781] ? kmem_cache_free+0x182/0x650 [ 730.019295][T22781] ? __lock_acquire+0x6b5/0x2cf0 [ 730.019320][T22781] ? __dev_queue_xmit+0x2b6/0x3950 [ 730.019350][T22781] ? __local_bh_enable_ip+0xd0/0x130 [ 730.019369][T22781] ? lockdep_hardirqs_on+0x7a/0x110 [ 730.019388][T22781] ? __dev_queue_xmit+0x2b6/0x3950 [ 730.019404][T22781] ? __local_bh_enable_ip+0xd0/0x130 [ 730.019414][T22781] ? __dev_queue_xmit+0x2b6/0x3950 [ 730.019434][T22781] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 730.019471][T22781] ? __pfx_rtnl_newlink+0x10/0x10 [ 730.019501][T22781] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 730.019527][T22781] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 730.019545][T22781] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 730.019557][T22781] ? ref_tracker_free+0x693/0x840 [ 730.019574][T22781] ? __pfx_ref_tracker_free+0x10/0x10 [ 730.019588][T22781] ? __asan_memcpy+0x40/0x70 [ 730.019606][T22781] ? __skb_clone+0x63/0x7a0 [ 730.019640][T22781] netlink_rcv_skb+0x232/0x4b0 [ 730.019665][T22781] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 730.019689][T22781] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 730.019714][T22781] ? netlink_deliver_tap+0x2e/0x1b0 [ 730.019729][T22781] ? netlink_deliver_tap+0x2e/0x1b0 [ 730.019747][T22781] netlink_unicast+0x75c/0x8e0 [ 730.019779][T22781] netlink_sendmsg+0x813/0xb40 [ 730.019814][T22781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 730.019842][T22781] ? aa_sock_msg_perm+0xf1/0x1b0 [ 730.019861][T22781] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 730.019878][T22781] ____sys_sendmsg+0x972/0x9f0 [ 730.019894][T22781] ? __might_fault+0xaf/0x130 [ 730.019916][T22781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 730.019950][T22781] ? import_iovec+0x73/0xa0 [ 730.019980][T22781] ___sys_sendmsg+0x2a5/0x360 [ 730.020003][T22781] ? __lock_acquire+0x6b5/0x2cf0 [ 730.020021][T22781] ? __pfx____sys_sendmsg+0x10/0x10 [ 730.020058][T22781] ? __fget_files+0x2a/0x420 [ 730.020074][T22781] ? __fget_files+0x3a0/0x420 [ 730.020107][T22781] __x64_sys_sendmsg+0x1bd/0x2a0 [ 730.020135][T22781] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 730.020169][T22781] ? __pfx_ksys_write+0x10/0x10 [ 730.020184][T22781] ? handle_softirqs+0x715/0x840 [ 730.020200][T22781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.020212][T22781] do_syscall_64+0x15f/0xf80 [ 730.020232][T22781] ? clear_bhb_loop+0x40/0x90 [ 730.020254][T22781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.020273][T22781] RIP: 0033:0x7f22de39ce59 [ 730.020291][T22781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 730.020306][T22781] RSP: 002b:00007f22df235028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 730.020326][T22781] RAX: ffffffffffffffda RBX: 00007f22de615fa0 RCX: 00007f22de39ce59 [ 730.020338][T22781] RDX: 0000000008000002 RSI: 0000200000000180 RDI: 0000000000000003 [ 730.020346][T22781] RBP: 00007f22df235090 R08: 0000000000000000 R09: 0000000000000000 [ 730.020353][T22781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 730.020361][T22781] R13: 00007f22de616038 R14: 00007f22de615fa0 R15: 00007f22de73fa48 [ 730.020379][T22781] [ 730.595595][T20265] ftdi_sio ttyUSB0: Unable to read latency timer: -121 [ 730.661003][ T808] usb 4-1: USB disconnect, device number 2 [ 730.782167][T20265] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 730.799840][T20265] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 730.834116][T20265] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 730.898800][T20265] usb 5-1: USB disconnect, device number 104 [ 730.929419][T20265] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 730.961174][T20265] ftdi_sio 5-1:0.0: device disconnected [ 731.096971][ T9] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 731.236039][ T9] usb 1-1: device descriptor read/64, error -71 [ 731.484290][ T9] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 731.626686][ T9] usb 1-1: device descriptor read/64, error -71 [ 731.754699][ T9] usb usb1-port1: attempt power cycle [ 732.104301][ T9] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 732.160163][ T9] usb 1-1: device descriptor read/8, error -71 [ 732.405305][ T9] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 732.464737][ T9] usb 1-1: device descriptor read/8, error -71 [ 732.594940][ T9] usb usb1-port1: unable to enumerate USB device [ 735.029329][T22885] binder: 22884:22885 ioctl c0306201 2000000004c0 returned -22 [ 735.057518][T22885] binder: BINDER_SET_CONTEXT_MGR already set [ 735.097489][T22885] binder: 22884:22885 ioctl 4018620d 200000000280 returned -16 [ 736.551659][T22907] program syz.3.3277 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 736.625884][T22910] FAULT_INJECTION: forcing a failure. [ 736.625884][T22910] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.662548][T22910] CPU: 0 UID: 0 PID: 22910 Comm: syz.0.3278 Tainted: G L syzkaller #0 PREEMPT(full) [ 736.662587][T22910] Tainted: [L]=SOFTLOCKUP [ 736.662595][T22910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 736.662606][T22910] Call Trace: [ 736.662615][T22910] [ 736.662624][T22910] dump_stack_lvl+0xe8/0x150 [ 736.662654][T22910] should_fail_ex+0x412/0x560 [ 736.662684][T22910] _copy_from_user+0x2d/0xb0 [ 736.662712][T22910] video_usercopy+0x36f/0x1450 [ 736.662743][T22910] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 736.662773][T22910] ? __pfx___video_do_ioctl+0x10/0x10 [ 736.662802][T22910] ? __pfx_video_usercopy+0x10/0x10 [ 736.662839][T22910] ? __fget_files+0x2a/0x420 [ 736.662866][T22910] ? __fget_files+0x2a/0x420 [ 736.662887][T22910] ? __fget_files+0x3a0/0x420 [ 736.662912][T22910] v4l2_ioctl+0x18d/0x1e0 [ 736.662940][T22910] ? __pfx_v4l2_ioctl+0x10/0x10 [ 736.662966][T22910] __se_sys_ioctl+0xfc/0x170 [ 736.662994][T22910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.663015][T22910] do_syscall_64+0x15f/0xf80 [ 736.663041][T22910] ? trace_irq_disable+0x3b/0x140 [ 736.663069][T22910] ? clear_bhb_loop+0x40/0x90 [ 736.663092][T22910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.663112][T22910] RIP: 0033:0x7f22de39ce59 [ 736.663139][T22910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 736.663156][T22910] RSP: 002b:00007f22df235028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.663176][T22910] RAX: ffffffffffffffda RBX: 00007f22de615fa0 RCX: 00007f22de39ce59 [ 736.663190][T22910] RDX: 00002000000000c0 RSI: 00000000c02c563a RDI: 0000000000000003 [ 736.663203][T22910] RBP: 00007f22df235090 R08: 0000000000000000 R09: 0000000000000000 [ 736.663215][T22910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 736.663227][T22910] R13: 00007f22de616038 R14: 00007f22de615fa0 R15: 00007f22de73fa48 [ 736.663259][T22910] [ 737.539961][T22931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3281'. [ 737.650459][ T9] IPVS: starting estimator thread 0... [ 737.796495][T22938] IPVS: using max 31 ests per chain, 74400 per kthread [ 737.962062][T22947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3286'. [ 738.103912][T22935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3283'. [ 738.224863][T22935] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.232766][T22935] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.191894][T22969] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3291'. [ 740.192656][T22987] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3297'. [ 740.934301][ T5627] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 741.105609][T20265] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 741.106469][ T5627] usb 4-1: Using ep0 maxpacket: 32 [ 741.146432][ T5627] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 741.174274][ T5627] usb 4-1: config 0 has no interface number 0 [ 741.188872][ T5627] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 741.210497][ T5627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.254336][ T5627] usb 4-1: Product: syz [ 741.265938][ T5627] usb 4-1: Manufacturer: syz [ 741.277520][ T5627] usb 4-1: SerialNumber: syz [ 741.298591][T20265] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 741.329897][T20265] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 741.352874][ T5627] usb 4-1: config 0 descriptor?? [ 741.353012][T20265] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 741.395786][T20265] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.430091][ T5627] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 741.457322][T20265] usb 5-1: config 0 descriptor?? [ 741.479483][ T5627] usb 4-1: selecting invalid altsetting 1 [ 741.501392][ T5627] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 741.548878][ T5627] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 741.591052][ T5627] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 741.640822][ T5627] usb 4-1: media controller created [ 741.719793][ T5627] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 741.875776][ T5627] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 741.911409][ T5627] zl10353_read_register: readreg error (reg=127, ret==-71) [ 741.926644][T20265] cm6533_jd 0003:0D8C:0022.0023: unknown main item tag 0x0 [ 741.949909][ T5627] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 742.002352][T20265] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0023/input/input59 [ 742.114010][T20265] cm6533_jd 0003:0D8C:0022.0023: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 742.141661][T23006] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3303'. [ 742.241672][ T5627] usb 4-1: USB disconnect, device number 3 [ 742.628433][T20265] usb 5-1: USB disconnect, device number 105 [ 744.160646][T23109] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 744.184479][ T46] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 744.354361][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 744.371842][ T46] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 744.396850][T23111] fuse: Unknown parameter '0x0000000000000003' [ 744.412551][ T46] usb 5-1: config 0 has no interface number 0 [ 744.454489][ T46] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 744.493855][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.524843][ T46] usb 5-1: Product: syz [ 744.541954][ T46] usb 5-1: Manufacturer: syz [ 744.563623][ T46] usb 5-1: SerialNumber: syz [ 744.599868][ T46] usb 5-1: config 0 descriptor?? [ 745.075150][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 745.119211][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 745.389273][T11577] usb 3-1: new low-speed USB device number 100 using dummy_hcd [ 745.414984][T23130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 745.448896][T23130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 745.597882][T11577] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 745.632653][T11577] usb 3-1: config 0 has no interface number 0 [ 745.656264][T11577] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 745.693962][T11577] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 745.716859][T11577] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 745.741233][T11577] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.765753][T11577] usb 3-1: config 0 descriptor?? [ 745.783183][T23125] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 745.838381][T11577] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 746.177939][T11577] usb 3-1: USB disconnect, device number 100 [ 746.939316][T23200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3338'. [ 746.962725][T23200] openvswitch: netlink: Message has 2 unknown bytes. [ 747.019111][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 747.096922][ T46] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 747.162763][ T46] usb 5-1: USB disconnect, device number 106 [ 747.215410][T23209] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 747.409283][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.423437][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.614347][ T46] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 747.809433][ T46] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 747.822070][ T46] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 747.839246][ T46] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 747.860389][ T46] usb 5-1: config 220 has no interface number 2 [ 747.870207][ T46] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 747.937248][ T46] usb 5-1: config 220 interface 0 has no altsetting 0 [ 747.992406][ T46] usb 5-1: config 220 interface 76 has no altsetting 0 [ 748.010856][ T46] usb 5-1: config 220 interface 1 has no altsetting 0 [ 748.051066][ T46] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 748.073792][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.107104][ T46] usb 5-1: Product: syz [ 748.128464][ T46] usb 5-1: Manufacturer: syz [ 748.146674][ T46] usb 5-1: SerialNumber: syz [ 748.395337][T23209] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3339'. [ 748.426382][ T46] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 748.478243][ T46] uvcvideo 5-1:220.0: No valid video chain found. [ 748.505658][ T46] usb 5-1: selecting invalid altsetting 0 [ 748.543631][ T46] usb 5-1: selecting invalid altsetting 0 [ 748.579352][ T46] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 748.652721][ T46] usb 5-1: USB disconnect, device number 107 [ 749.514294][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 749.685016][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 749.694282][T11577] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 749.695296][ T10] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 749.753426][ T10] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 749.804229][ T10] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 749.865038][ T10] usb 4-1: config 168 interface 0 has no altsetting 0 [ 749.875991][T11577] usb 2-1: Using ep0 maxpacket: 8 [ 749.905239][T11577] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 749.924132][ T10] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 749.946616][ T10] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 749.947190][T11577] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 750.001313][T11577] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 750.020346][T11577] usb 2-1: config 168 interface 0 has no altsetting 0 [ 750.035221][ T10] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 750.064524][T11577] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 750.075507][T11577] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 750.087633][T11577] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 750.103727][T11577] usb 2-1: config 168 interface 0 has no altsetting 0 [ 750.112833][T11577] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 750.125010][T11577] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 750.140700][T11577] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 750.154622][ T10] usb 4-1: config 168 interface 0 has no altsetting 0 [ 750.154889][T11577] usb 2-1: config 168 interface 0 has no altsetting 0 [ 750.174508][T11577] usb 2-1: string descriptor 0 read error: -22 [ 750.185405][T11577] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 750.212106][ T10] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 750.236885][T11577] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.237652][ T10] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 750.277722][T11577] adutux 2-1:168.0: interrupt endpoints not found [ 750.323310][ T10] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 750.361369][ T10] usb 4-1: config 168 interface 0 has no altsetting 0 [ 750.381516][ T10] usb 4-1: string descriptor 0 read error: -22 [ 750.394372][ T10] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 750.418432][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.464674][ T10] adutux 4-1:168.0: interrupt endpoints not found [ 750.544502][T20265] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 750.548481][T23300] netlink: 'syz.0.3355': attribute type 29 has an invalid length. [ 750.561878][T23272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 750.573087][T23272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 750.612115][T23300] netlink: 'syz.0.3355': attribute type 29 has an invalid length. [ 750.633849][T23300] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3355'. [ 750.667036][T23265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 750.694941][T23265] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 750.734390][T20265] usb 3-1: Using ep0 maxpacket: 32 [ 750.748004][T20265] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 750.770138][T20265] usb 3-1: config 0 has no interface number 0 [ 750.787764][T20265] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 750.812828][T20265] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.834832][T20265] usb 3-1: Product: syz [ 750.844351][T20265] usb 3-1: Manufacturer: syz [ 750.854224][T20265] usb 3-1: SerialNumber: syz [ 750.869876][T20265] usb 3-1: config 0 descriptor?? [ 750.896327][T20265] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 750.917812][T20265] usb 3-1: selecting invalid altsetting 1 [ 750.934146][T20265] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 750.956738][T20265] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 750.973670][T20265] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 750.983133][T20265] usb 3-1: media controller created [ 751.025608][T20265] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 751.048920][T23313] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3356'. [ 751.120261][T11577] usb 2-1: USB disconnect, device number 109 [ 751.215613][T23328] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 751.271954][T23328] netlink: 'syz.2.3354': attribute type 1 has an invalid length. [ 751.763707][T23341] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 751.793293][T23341] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 752.117087][T20265] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 752.146390][T20265] zl10353_read_register: readreg error (reg=127, ret==-110) [ 752.418935][T23328] bond1: (slave gretap1): making interface the new active one [ 752.530580][T23328] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 752.868708][T20265] usb 4-1: USB disconnect, device number 4 [ 753.400858][T23406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3363'. [ 753.791767][T23406] The dccp option matching is deprecated and scheduled to be removed in 2027. [ 753.791767][T23406] Please contact the netfilter-devel mailing list or update your nftables rules. [ 754.924512][T20265] usb 3-1: USB disconnect, device number 101 [ 755.376604][T23430] netlink: 'syz.0.3368': attribute type 3 has an invalid length. [ 755.546099][T23435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3369'. [ 755.565434][T23435] bridge: RTM_NEWNEIGH with invalid ether address [ 755.935158][ T46] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 756.104303][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 756.130975][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 756.158984][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 756.186894][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 756.218932][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 756.242435][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 756.280231][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 756.326110][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 756.391682][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 756.471576][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 756.507149][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 756.553847][T23467] netlink: 'syz.2.3376': attribute type 23 has an invalid length. [ 756.574451][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 756.620538][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 756.659724][ T46] usb 1-1: string descriptor 0 read error: -22 [ 756.666418][ T46] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 756.698818][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.732885][ T46] adutux 1-1:168.0: interrupt endpoints not found [ 756.955245][T23443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 756.974761][T23443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 757.114304][ T46] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 757.290591][ T46] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 757.325571][ T46] usb 2-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=22.4e [ 757.346933][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.374323][ T46] usb 2-1: Product: syz [ 757.383829][ T46] usb 2-1: Manufacturer: syz [ 757.396844][ T46] usb 2-1: SerialNumber: syz [ 757.425854][ T46] usb 2-1: config 0 descriptor?? [ 757.567585][T23508] sctp: [Deprecated]: syz.2.3382 (pid 23508) Use of int in max_burst socket option. [ 757.567585][T23508] Use struct sctp_assoc_value instead [ 757.595741][ T46] peak_usb 2-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22 [ 757.625843][ T46] peak_usb 2-1:0.0: unable to read PCAN-USB serial number (err -22) [ 757.825321][ T46] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22 [ 757.867650][ T10] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 758.055028][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 758.084951][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 758.103731][ T10] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 758.114756][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.168490][ T10] usb 3-1: config 0 descriptor?? [ 758.931790][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 758.941801][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 758.961697][ T10] usb 3-1: USB disconnect, device number 102 [ 759.052837][ T46] usb 1-1: USB disconnect, device number 105 [ 759.723685][ T5641] Bluetooth: hci5: command 0x0406 tx timeout [ 760.504688][ T46] usb 5-1: new full-speed USB device number 108 using dummy_hcd [ 760.615556][ T9] usb 2-1: USB disconnect, device number 110 [ 760.697030][ T46] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 760.741145][ T46] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 760.799943][ T46] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 760.833727][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 761.080553][ T46] usb 5-1: usb_control_msg returned -32 [ 761.108079][ T46] usbtmc 5-1:16.0: can't read capabilities [ 761.514365][ T46] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 761.694275][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 761.708524][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 761.724104][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 761.739448][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 761.761317][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 761.773166][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 761.787798][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 761.805148][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 761.819338][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 761.829985][ T46] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 761.850906][ T46] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 761.878458][ T46] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 761.895188][ T46] usb 1-1: config 168 interface 0 has no altsetting 0 [ 761.907459][ T46] usb 1-1: string descriptor 0 read error: -22 [ 761.920451][ T46] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 761.947683][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.996382][ T46] adutux 1-1:168.0: interrupt endpoints not found [ 762.208683][T23627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 762.251617][T23627] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 762.774295][ T46] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 762.964448][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 762.980321][ T46] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 762.993915][ T46] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 763.017733][ T46] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 763.049452][ T46] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 92 [ 763.079390][ T46] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 763.109113][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.319210][ T5702] usb 5-1: USB disconnect, device number 108 [ 764.331838][ T9] usb 1-1: USB disconnect, device number 106 [ 764.575114][ T10] usb 3-1: USB disconnect, device number 103 [ 765.606126][T23765] FAULT_INJECTION: forcing a failure. [ 765.606126][T23765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 765.699555][T23765] CPU: 1 UID: 0 PID: 23765 Comm: syz.4.3418 Tainted: G L syzkaller #0 PREEMPT(full) [ 765.699589][T23765] Tainted: [L]=SOFTLOCKUP [ 765.699597][T23765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 765.699607][T23765] Call Trace: [ 765.699614][T23765] [ 765.699622][T23765] dump_stack_lvl+0xe8/0x150 [ 765.699651][T23765] should_fail_ex+0x412/0x560 [ 765.699679][T23765] _copy_from_user+0x2d/0xb0 [ 765.699706][T23765] ucma_write+0x15d/0x2f0 [ 765.699734][T23765] ? __pfx_ucma_write+0x10/0x10 [ 765.699754][T23765] ? iov_iter_iovec_advance+0x1e0/0x290 [ 765.699797][T23765] vfs_writev+0x4bd/0x990 [ 765.699820][T23765] ? __pfx_ucma_write+0x10/0x10 [ 765.699845][T23765] ? __pfx_vfs_writev+0x10/0x10 [ 765.699883][T23765] ? __fget_files+0x2a/0x420 [ 765.699909][T23765] ? __fget_files+0x3a0/0x420 [ 765.699927][T23765] ? __fget_files+0x2a/0x420 [ 765.699956][T23765] do_writev+0x154/0x2e0 [ 765.699979][T23765] ? __pfx_do_writev+0x10/0x10 [ 765.700008][T23765] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.700029][T23765] do_syscall_64+0x15f/0xf80 [ 765.700054][T23765] ? trace_irq_disable+0x3b/0x140 [ 765.700090][T23765] ? clear_bhb_loop+0x40/0x90 [ 765.700112][T23765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.700131][T23765] RIP: 0033:0x7fbd1c19ce59 [ 765.700151][T23765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 765.700166][T23765] RSP: 002b:00007fbd1cfe6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 765.700188][T23765] RAX: ffffffffffffffda RBX: 00007fbd1c415fa0 RCX: 00007fbd1c19ce59 [ 765.700201][T23765] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000012 [ 765.700213][T23765] RBP: 00007fbd1cfe6090 R08: 0000000000000000 R09: 0000000000000000 [ 765.700225][T23765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.700237][T23765] R13: 00007fbd1c416038 R14: 00007fbd1c415fa0 R15: 00007fbd1c53fa48 [ 765.700267][T23765] [ 766.224291][ T9] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 766.385753][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 766.395772][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 766.434898][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 766.464695][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.757510][ T9] usb 3-1: usb_control_msg returned -32 [ 766.775908][ T9] usbtmc 3-1:16.0: can't read capabilities [ 767.254348][T11577] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 767.425468][T11577] usb 4-1: Using ep0 maxpacket: 8 [ 767.438537][T11577] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 767.464545][T11577] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 767.493721][T23799] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3425'. [ 767.505627][T11577] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 767.540385][T11577] usb 4-1: config 168 interface 0 has no altsetting 0 [ 767.568384][T11577] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 767.595769][T11577] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 767.631296][T11577] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 767.667817][T11577] usb 4-1: config 168 interface 0 has no altsetting 0 [ 767.695317][T11577] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 767.717469][T11577] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 767.739341][T11577] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 767.773216][T11577] usb 4-1: config 168 interface 0 has no altsetting 0 [ 767.794123][T11577] usb 4-1: string descriptor 0 read error: -22 [ 767.808284][T11577] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 767.840214][T11577] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.916038][T11577] adutux 4-1:168.0: interrupt endpoints not found [ 768.135974][T23786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 768.154899][T23786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 768.717162][ T9] usb 3-1: USB disconnect, device number 104 [ 769.827633][T23841] xt_hashlimit: size too large, truncated to 1048576 [ 770.313624][T11577] usb 4-1: USB disconnect, device number 5 [ 770.745773][T23868] libceph: resolve '0..' (ret=-3): failed [ 771.904517][ T5702] usb 5-1: new full-speed USB device number 109 using dummy_hcd [ 772.096111][ T5702] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 772.120176][ T5702] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 772.210754][ T5702] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 772.256797][ T5702] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.359488][T23903] netlink: 'syz.2.3440': attribute type 4 has an invalid length. [ 772.513962][ T5702] usb 5-1: usb_control_msg returned -32 [ 772.543225][ T5702] usbtmc 5-1:16.0: can't read capabilities [ 773.314308][ T993] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 773.475835][ T993] usb 1-1: Using ep0 maxpacket: 8 [ 773.491140][ T993] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 773.502693][ T993] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 773.523586][ T993] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 773.548882][ T993] usb 1-1: config 168 interface 0 has no altsetting 0 [ 773.593435][ T993] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 773.610439][ T993] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 773.656470][ T993] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 773.712052][ T993] usb 1-1: config 168 interface 0 has no altsetting 0 [ 773.722094][ T993] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 773.734013][ T993] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 773.757394][ T993] usb 1-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 773.771686][ T993] usb 1-1: config 168 interface 0 has no altsetting 0 [ 773.790432][ T993] usb 1-1: string descriptor 0 read error: -22 [ 773.797362][ T993] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 773.813121][ T993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.846875][ T993] adutux 1-1:168.0: interrupt endpoints not found [ 774.049791][T23924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 774.070883][T23924] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 774.632572][ T5702] usb 5-1: USB disconnect, device number 109 [ 775.088311][ T5631] Bluetooth: hci3: command 0x0406 tx timeout [ 776.227822][T11577] usb 1-1: USB disconnect, device number 107 [ 777.200588][T24033] pimreg3: entered allmulticast mode [ 777.309385][T24046] netlink: 'syz.1.3455': attribute type 28 has an invalid length. [ 777.325083][ T9] usb 5-1: new full-speed USB device number 110 using dummy_hcd [ 777.354429][T24046] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3455'. [ 777.506544][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 61, changing to 4 [ 777.587753][ T9] usb 5-1: New USB device found, idVendor=2a39, idProduct=3fd2, bcdDevice= 0.40 [ 777.598899][T24059] netlink: 'syz.1.3457': attribute type 1 has an invalid length. [ 777.626288][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.641951][ T9] usb 5-1: Product: syz [ 777.646346][ T9] usb 5-1: Manufacturer: syz [ 777.653237][ T9] usb 5-1: SerialNumber: syz [ 777.871763][T24059] 8021q: adding VLAN 0 to HW filter on device bond1 [ 777.894695][T24044] input: syz1 as /devices/virtual/input/input60 [ 777.994024][T24062] bond1: (slave geneve2): making interface the new active one [ 778.083291][T24062] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 779.465889][ T993] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 779.624465][ T993] usb 4-1: Using ep0 maxpacket: 8 [ 779.638674][ T993] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 779.655244][ T993] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 779.680581][ T993] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 779.706101][ T993] usb 4-1: config 168 interface 0 has no altsetting 0 [ 779.738694][ T993] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 779.764639][ T993] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 779.797712][ T993] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 779.844492][ T993] usb 4-1: config 168 interface 0 has no altsetting 0 [ 779.854934][ T993] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 779.866413][ T993] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 779.880889][ T993] usb 4-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 779.897770][ T993] usb 4-1: config 168 interface 0 has no altsetting 0 [ 779.911641][ T993] usb 4-1: string descriptor 0 read error: -22 [ 779.919943][ T993] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 779.929966][ T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.968212][ T993] adutux 4-1:168.0: interrupt endpoints not found [ 780.187007][T24125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 780.213740][T24125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 780.222971][ T9] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 780.238504][ T9] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 780.445706][ T9] usb 5-1: USB disconnect, device number 110 [ 780.506370][T24172] netlink: 'syz.1.3469': attribute type 3 has an invalid length. [ 782.372669][ T9] usb 4-1: USB disconnect, device number 6 [ 783.362093][T24245] input: syz0 as /devices/virtual/input/input61 [ 785.334346][ T5702] usb 3-1: new full-speed USB device number 105 using dummy_hcd [ 785.496809][ T5702] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 785.524256][ T5702] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 785.598809][ T5702] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 785.619713][ T5702] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.980675][ T5702] usb 3-1: GET_CAPABILITIES returned 7 [ 785.998520][ T5702] usbtmc 3-1:16.0: can't read capabilities [ 786.193959][ T5702] usb 3-1: USB disconnect, device number 105 [ 786.479891][ T10] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 786.634818][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 786.641815][ T10] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 786.659889][ T10] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 786.699074][ T10] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 786.723965][ T10] usb 2-1: config 168 interface 0 has no altsetting 0 [ 786.742555][ T10] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 786.774052][ T10] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 786.807545][ T10] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 786.833558][ T10] usb 2-1: config 168 interface 0 has no altsetting 0 [ 786.846469][T24307] netlink: ct family unspecified [ 786.852541][T24307] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 786.862900][ T10] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 786.875896][ T10] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 786.890820][ T10] usb 2-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 786.905154][ T10] usb 2-1: config 168 interface 0 has no altsetting 0 [ 786.945145][ T10] usb 2-1: string descriptor 0 read error: -22 [ 786.951663][ T10] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 786.962857][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.990539][ T10] adutux 2-1:168.0: interrupt endpoints not found [ 787.122274][T24317] bond1: option downdelay: invalid value (18446744073661448198) [ 787.139916][T24317] bond1: option downdelay: allowed values 0 - 2147483647 [ 787.188301][T24317] bond1 (unregistering): Released all slaves [ 787.223080][T24295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 787.268451][T24295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 787.517206][T24393] xt_TCPMSS: Only works on TCP SYN packets [ 787.580103][T24399] input: syz0 as /devices/virtual/input/input62 [ 788.511576][T24245] Set syz1 is full, maxelem 65536 reached [ 789.454033][ T5702] usb 2-1: USB disconnect, device number 111 [ 789.625458][ T9] usb 3-1: new full-speed USB device number 106 using dummy_hcd [ 789.796399][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 789.823726][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 789.857169][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 789.889952][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.129295][ T9] usb 3-1: GET_CAPABILITIES returned 7 [ 790.142634][ T9] usbtmc 3-1:16.0: can't read capabilities [ 790.331719][ T993] usb 3-1: USB disconnect, device number 106 [ 790.434624][ T5631] Bluetooth: hci4: command 0x0406 tx timeout [ 790.554330][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 790.704326][ T9] usb 4-1: device descriptor read/64, error -71 [ 790.955004][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 791.104539][ T9] usb 4-1: device descriptor read/64, error -71 [ 791.214851][ T993] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 791.223173][ T9] usb usb4-port1: attempt power cycle [ 791.384373][ T993] usb 3-1: Using ep0 maxpacket: 8 [ 791.398790][ T993] usb 3-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 791.409739][ T993] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 791.422446][ T993] usb 3-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 791.436188][ T993] usb 3-1: config 168 interface 0 has no altsetting 0 [ 791.466576][ T993] usb 3-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 791.491454][ T993] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 791.513199][ T993] usb 3-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 791.528044][ T993] usb 3-1: config 168 interface 0 has no altsetting 0 [ 791.538226][ T993] usb 3-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 791.551151][ T993] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 791.564223][ T993] usb 3-1: config 168 interface 0 altsetting 188 has 0 endpoint descriptors, different from the interface descriptor's value: 100 [ 791.578164][ T993] usb 3-1: config 168 interface 0 has no altsetting 0 [ 791.585250][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 791.598657][ T993] usb 3-1: string descriptor 0 read error: -22 [ 791.607202][ T9] usb 4-1: device descriptor read/8, error -71 [ 791.615674][ T993] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 791.628895][ T993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.666416][ T993] adutux 3-1:168.0: interrupt endpoints not found [ 791.844296][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 791.865820][ T9] usb 4-1: device descriptor read/8, error -71 [ 791.874303][ T5709] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 791.882535][T24524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 791.900841][T24524] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 791.994951][ T9] usb usb4-port1: unable to enumerate USB device [ 792.024283][ T5709] usb 2-1: device descriptor read/64, error -71 [ 792.265184][ T5709] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 792.405579][ T5709] usb 2-1: device descriptor read/64, error -71 [ 792.516318][ T5709] usb usb2-port1: attempt power cycle [ 792.864261][ T5709] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 792.895174][ T5709] usb 2-1: device descriptor read/8, error -71 [ 792.905225][ T993] usb 5-1: new low-speed USB device number 111 using dummy_hcd [ 793.067736][ T993] usb 5-1: unable to get BOS descriptor or descriptor too short [ 793.095438][ T993] usb 5-1: config index 0 descriptor too short (expected 308, got 52) [ 793.105967][ T993] usb 5-1: config 102 has an invalid descriptor of length 255, skipping remainder of the config [ 793.118926][ T993] usb 5-1: config 102 has 0 interfaces, different from the descriptor's value: 16 [ 793.133225][ T993] usb 5-1: string descriptor 0 read error: -22 [ 793.141059][ T993] usb 5-1: New USB device found, idVendor=1b80, idProduct=e302, bcdDevice=8c.2b [ 793.150812][ T5709] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 793.159714][ T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.187050][ T5709] usb 2-1: device descriptor read/8, error -71 [ 793.297043][ T5709] usb usb2-port1: unable to enumerate USB device [ 793.395294][ T5702] usb 5-1: USB disconnect, device number 111 [ 793.804282][ T993] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 793.959382][ T993] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 793.977694][ T993] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 793.996157][ T993] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 794.008061][ T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.011871][ T5702] usb 3-1: USB disconnect, device number 107 [ 794.124342][ T29] kauditd_printk_skb: 62 callbacks suppressed [ 794.124362][ T29] audit: type=1800 audit(1778890538.084:792): pid=24608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3530" name="nullb0" dev="devtmpfs" ino=4485 res=0 errno=0 [ 794.227102][ T993] usb 4-1: GET_CAPABILITIES returned 7 [ 794.242178][ T993] usbtmc 4-1:16.0: can't read capabilities [ 794.430506][ T5709] usb 4-1: USB disconnect, device number 11 [ 795.195330][T24645] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3537'. [ 795.710213][T24664] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3539'. [ 795.729958][T24664] bond_slave_0: entered promiscuous mode [ 796.734368][ T46] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 796.843987][T24701] erspan0: default FDB implementation only supports local addresses [ 796.964394][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 796.990989][ T46] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 797.031502][ T46] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 797.065637][ T46] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 797.082516][ T46] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 797.100548][ T46] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 797.117263][ T46] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 797.127740][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.294286][ T5702] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 797.407198][ T46] usb 3-1: usb_control_msg returned -32 [ 797.433472][ T46] usbtmc 3-1:16.0: can't read capabilities [ 797.663317][T24691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 797.735358][T24691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 797.874679][ T993] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 798.036968][ T993] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 76, changing to 7 [ 798.059694][ T993] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 798.096358][ T993] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 798.139715][ T993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.176662][ T993] usb 5-1: config 0 descriptor?? [ 798.202999][ T993] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 798.341311][T11577] usb 3-1: USB disconnect, device number 108 [ 798.550464][T24739] netlink: 'syz.2.3551': attribute type 11 has an invalid length. [ 798.948031][T24752] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3552'. [ 799.006918][T24752] batadv1: entered promiscuous mode [ 799.025826][T24752] batadv1: entered allmulticast mode [ 799.051857][T24752] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 800.221794][T11577] usb 5-1: USB disconnect, device number 112 [ 800.357006][T24790] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3559'. [ 800.976989][T20265] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 801.176188][T20265] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 801.209769][T20265] usb 5-1: config 0 has no interface number 0 [ 801.230670][T20265] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 801.261077][T20265] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 801.293405][T20265] usb 5-1: config 0 descriptor?? [ 801.313304][T20265] cp210x 5-1:0.1: cp210x converter detected [ 801.516161][T24841] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3570'. [ 801.542870][T20265] usb 5-1: cp210x converter now attached to ttyUSB0 [ 801.679900][T24841] bond2: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 801.708249][T24841] bond2 (unregistering): Released all slaves [ 802.314580][T24934] FAULT_INJECTION: forcing a failure. [ 802.314580][T24934] name failslab, interval 1, probability 0, space 0, times 0 [ 802.328332][T24934] CPU: 0 UID: 0 PID: 24934 Comm: syz.1.3575 Tainted: G L syzkaller #0 PREEMPT(full) [ 802.328366][T24934] Tainted: [L]=SOFTLOCKUP [ 802.328373][T24934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 802.328384][T24934] Call Trace: [ 802.328393][T24934] [ 802.328401][T24934] dump_stack_lvl+0xe8/0x150 [ 802.328431][T24934] should_fail_ex+0x412/0x560 [ 802.328463][T24934] should_failslab+0xa8/0x100 [ 802.328493][T24934] __kmalloc_cache_noprof+0x88/0x660 [ 802.328518][T24934] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 802.328547][T24934] ? sctp_add_bind_addr+0x8c/0x370 [ 802.328578][T24934] sctp_add_bind_addr+0x8c/0x370 [ 802.328609][T24934] sctp_copy_local_addr_list+0x314/0x4f0 [ 802.328639][T24934] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 802.328666][T24934] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 802.328699][T24934] ? sctp_v4_is_any+0x35/0x60 [ 802.328723][T24934] ? sctp_copy_one_addr+0x93/0x360 [ 802.328755][T24934] sctp_bind_addr_copy+0xb3/0x3c0 [ 802.328788][T24934] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 802.328818][T24934] sctp_connect_new_asoc+0x2ff/0x6b0 [ 802.328843][T24934] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 802.328867][T24934] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 802.328888][T24934] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 802.328907][T24934] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 802.328930][T24934] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 802.328957][T24934] ? security_sctp_bind_connect+0x7e/0x2c0 [ 802.328982][T24934] sctp_sendmsg+0x1576/0x2c50 [ 802.329020][T24934] ? __pfx_sctp_sendmsg+0x10/0x10 [ 802.329045][T24934] ? aa_sk_perm+0x6d5/0x900 [ 802.329068][T24934] ? __might_fault+0xaf/0x130 [ 802.329099][T24934] ? __pfx_aa_sk_perm+0x10/0x10 [ 802.329127][T24934] ? sock_rps_record_flow+0x19/0x350 [ 802.329150][T24934] ? inet_sendmsg+0x2f4/0x370 [ 802.329168][T24934] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 802.329197][T24934] ____sys_sendmsg+0x80a/0x9f0 [ 802.329233][T24934] ? __pfx_____sys_sendmsg+0x10/0x10 [ 802.329267][T24934] ? import_iovec+0x73/0xa0 [ 802.329298][T24934] ___sys_sendmsg+0x2a5/0x360 [ 802.329324][T24934] ? __lock_acquire+0x6b5/0x2cf0 [ 802.329350][T24934] ? __pfx____sys_sendmsg+0x10/0x10 [ 802.329383][T24934] ? kstrtouint+0x6e/0xe0 [ 802.329432][T24934] ? __fget_files+0x2a/0x420 [ 802.329454][T24934] ? __fget_files+0x3a0/0x420 [ 802.329487][T24934] __sys_sendmmsg+0x27c/0x4e0 [ 802.329520][T24934] ? __pfx___sys_sendmmsg+0x10/0x10 [ 802.329545][T24934] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 802.329604][T24934] ? ksys_write+0x242/0x270 [ 802.329634][T24934] ? __pfx_ksys_write+0x10/0x10 [ 802.329669][T24934] __x64_sys_sendmmsg+0xa0/0xc0 [ 802.329695][T24934] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.329715][T24934] do_syscall_64+0x15f/0xf80 [ 802.329747][T24934] ? trace_irq_disable+0x3b/0x140 [ 802.329774][T24934] ? clear_bhb_loop+0x40/0x90 [ 802.329797][T24934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.329816][T24934] RIP: 0033:0x7f76f799ce59 [ 802.329835][T24934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.329851][T24934] RSP: 002b:00007f76f88c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 802.329873][T24934] RAX: ffffffffffffffda RBX: 00007f76f7c15fa0 RCX: 00007f76f799ce59 [ 802.329888][T24934] RDX: 0000000000000001 RSI: 0000200000004900 RDI: 0000000000000003 [ 802.329901][T24934] RBP: 00007f76f88c4090 R08: 0000000000000000 R09: 0000000000000000 [ 802.329914][T24934] R10: 00000000000000c4 R11: 0000000000000246 R12: 0000000000000002 [ 802.329927][T24934] R13: 00007f76f7c16038 R14: 00007f76f7c15fa0 R15: 00007f76f7d3fa48 [ 802.329961][T24934] [ 804.300728][ T5709] usb 5-1: USB disconnect, device number 113 [ 804.365815][ T5709] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 804.378857][T24988] netlink: 'syz.2.3587': attribute type 3 has an invalid length. [ 804.393326][ T5709] cp210x 5-1:0.1: device disconnected [ 804.442838][T24999] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3589'. [ 804.477958][T24999] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3589'. [ 804.684894][T25007] loop2: detected capacity change from 0 to 7 [ 804.710058][T25007] Dev loop2: unable to read RDB block 7 [ 804.727561][T25007] loop2: AHDI p1 p3 p4 [ 804.751220][T25007] loop2: partition table partially beyond EOD, truncated [ 804.789009][T25007] loop2: p1 start 1818582900 is beyond EOD, truncated [ 804.826072][T25007] loop2: p3 size 4261412863 extends beyond EOD, truncated [ 805.591567][T25032] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3597'. [ 805.737699][ T29] audit: type=1326 audit(1778890549.704:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 805.801048][ T29] audit: type=1326 audit(1778890549.704:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 805.825899][ T29] audit: type=1326 audit(1778890549.744:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 805.870794][ T29] audit: type=1326 audit(1778890549.744:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 805.907844][ T29] audit: type=1326 audit(1778890549.754:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 805.968465][ T29] audit: type=1326 audit(1778890549.754:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 806.031136][ T29] audit: type=1326 audit(1778890549.754:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 806.093934][ T29] audit: type=1326 audit(1778890549.764:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 806.136775][ T29] audit: type=1326 audit(1778890549.764:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 806.178867][ T29] audit: type=1326 audit(1778890549.824:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25034 comm="syz.0.3598" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22de39ce59 code=0x7ffc0000 [ 806.614604][ T5709] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 806.632522][T25052] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 806.776904][ T5709] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 806.804081][ T5709] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 806.845682][ T5709] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 806.887981][ T5709] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 806.916731][ T5709] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 806.942998][ T5709] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 806.961892][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 806.999206][ T5709] usb 2-1: Product: syz [ 807.013721][ T5709] usb 2-1: Manufacturer: syz [ 807.067599][ T5709] cdc_wdm 2-1:1.0: skipping garbage [ 807.082313][ T5709] cdc_wdm 2-1:1.0: skipping garbage [ 807.108714][ T5709] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 807.131233][ T5709] cdc_wdm 2-1:1.0: Unknown control protocol [ 807.353620][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.360373][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.366678][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.373294][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.379610][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.386204][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.392477][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.399090][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.405524][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.412312][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.418596][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.425208][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.431960][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.438556][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.445111][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 807.451719][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 807.456441][ T46] usb 2-1: USB disconnect, device number 116 [ 807.457864][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 808.613586][T25117] netlink: 'syz.0.3612': attribute type 21 has an invalid length. [ 808.642264][T25117] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3612'. [ 808.839944][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.848227][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.284425][ T46] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 809.464288][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 809.488138][ T46] usb 5-1: config 0 has an invalid interface number: 119 but max is 0 [ 809.511979][ T46] usb 5-1: config 0 has no interface number 0 [ 809.528122][ T46] usb 5-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 809.551367][ T46] usb 5-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xD3, changing to 0x83 [ 809.583715][ T46] usb 5-1: config 0 interface 119 altsetting 0 endpoint 0x83 has an invalid bInterval 144, changing to 7 [ 809.609119][ T46] usb 5-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 42757, setting to 1024 [ 809.640753][ T46] usb 5-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 809.679104][ T46] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 809.699888][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.722740][ T46] usb 5-1: Product: syz [ 809.738724][ T46] usb 5-1: Manufacturer: syz [ 809.748499][ T46] usb 5-1: SerialNumber: syz [ 809.765381][ T46] usb 5-1: config 0 descriptor?? [ 809.784071][ T46] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.119/input/input65 [ 810.083456][ T46] usb 5-1: USB disconnect, device number 114 [ 810.662714][T25194] netlink: 'syz.2.3623': attribute type 4 has an invalid length. [ 810.914576][ T5631] Bluetooth: hci0: command 0x0406 tx timeout [ 811.453198][T25215] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3627'. [ 811.633488][T25223] bond0: entered promiscuous mode [ 811.648914][T25223] bond_slave_0: entered promiscuous mode [ 811.668487][T25223] bond_slave_1: entered promiscuous mode [ 811.704254][ T5709] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 811.886416][ T5709] usb 2-1: Using ep0 maxpacket: 16 [ 811.907400][ T5709] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 811.939751][ T5709] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 811.984026][ T5709] usb 2-1: config 0 has no interface number 0 [ 812.013636][ T5709] usb 2-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 812.040095][ T5709] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 812.060062][ T5709] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 812.084609][ T5709] usb 2-1: Product: syz [ 812.097994][ T5709] usb 2-1: SerialNumber: syz [ 812.120469][ T5709] usb 2-1: config 0 descriptor?? [ 812.151868][ T5709] usbhid 2-1:0.8: couldn't find an input interrupt endpoint [ 813.133125][T25257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 813.266451][T25257] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 813.455093][ T5709] usb 2-1: USB disconnect, device number 117 [ 814.074568][T25278] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3640'. [ 814.128633][T25282] netlink: 'syz.1.3641': attribute type 1 has an invalid length. [ 814.170628][T25282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3641'. [ 814.175494][T25283] openvswitch: netlink: Message has 4 unknown bytes. [ 814.684289][ T993] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 814.826750][ T993] usb 3-1: device descriptor read/64, error -71 [ 814.934698][T25301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3645'. [ 815.057176][T25306] netlink: 'syz.0.3647': attribute type 3 has an invalid length. [ 815.074386][ T993] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 815.214500][ T993] usb 3-1: device descriptor read/64, error -71 [ 815.338077][ T993] usb usb3-port1: attempt power cycle [ 815.352970][ T46] IPVS: starting estimator thread 0... [ 815.362433][T25316] IPVS: nq: FWM 3 0x00000003 - no destination available [ 815.370393][T25317] IPVS: nq: FWM 3 0x00000003 - no destination available [ 815.404828][ T5709] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 815.454268][T25318] IPVS: using max 28 ests per chain, 67200 per kthread [ 815.568586][ T5709] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 815.590074][ T5709] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 815.620218][ T5709] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 815.643710][ T5709] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.670839][ T5709] usb 1-1: config 0 descriptor?? [ 815.695783][ T993] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 815.746581][ T993] usb 3-1: device descriptor read/8, error -71 [ 815.911935][ T5709] usbhid 1-1:0.0: can't add hid device: -71 [ 815.931527][ T5709] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 815.962867][ T5709] usb 1-1: USB disconnect, device number 108 [ 815.994383][ T993] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 816.050379][ T993] usb 3-1: device descriptor read/8, error -71 [ 816.176202][ T993] usb usb3-port1: unable to enumerate USB device [ 817.403906][T25361] bond2: option ad_user_port_key: invalid value (19298) [ 817.416241][T25397] netlink: 'syz.0.3658': attribute type 3 has an invalid length. [ 817.448820][T25361] bond2: option ad_user_port_key: allowed values 0 - 1023 [ 817.530261][T25361] bond2 (unregistering): Released all slaves [ 817.543921][T25403] binder: 25401:25403 ioctl 7a7 200000000180 returned -22 [ 817.784296][T25442] netlink: 'syz.0.3661': attribute type 1 has an invalid length. [ 817.904908][T25442] 8021q: adding VLAN 0 to HW filter on device bond1 [ 818.038271][T25442] bond1: (slave geneve2): making interface the new active one [ 818.065404][T25442] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 819.710610][T22637] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 819.742357][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 819.756719][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 819.767291][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 819.776608][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 819.816227][ T5702] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 820.006426][ T5702] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 76, changing to 10 [ 820.052888][ T5702] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 820.229351][ T5702] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 820.304194][ T5702] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.351668][ T5702] usb 5-1: config 0 descriptor?? [ 820.793874][T25525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 820.857837][T25525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.164305][T25537] Bluetooth: hci1: command 0x0406 tx timeout [ 821.265298][ T5702] usbhid 5-1:0.0: can't add hid device: -71 [ 821.273956][ T5702] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 821.352295][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 821.377826][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 821.388788][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 821.401468][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 821.411265][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 821.465234][ T5702] usb 5-1: USB disconnect, device number 115 [ 821.829527][T25631] netlink: 'syz.4.3681': attribute type 1 has an invalid length. [ 821.983815][T25637] fuse: fd is not a fuse device [ 822.583060][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 822.599514][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 822.617507][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 822.639369][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 822.654215][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 822.730647][T25659] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3684'. [ 824.426862][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 824.455068][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 824.466128][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 824.474710][ T5709] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 824.492825][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 824.500991][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 824.567349][T25711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3692'. [ 824.655160][ T5709] usb 2-1: Using ep0 maxpacket: 32 [ 824.671676][ T5709] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 824.680278][ T5709] usb 2-1: config 0 has no interface number 0 [ 824.686790][ T5709] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 824.698635][ T5709] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 824.713429][ T5709] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 824.726643][ T5709] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 824.737076][ T5709] usb 2-1: Product: syz [ 824.741382][ T5709] usb 2-1: Manufacturer: syz [ 824.746303][ T5709] usb 2-1: SerialNumber: syz [ 824.762316][ T5709] usb 2-1: config 0 descriptor?? [ 824.942493][T25738] netlink: 'syz.0.3693': attribute type 1 has an invalid length. [ 824.984722][ T5709] radio-si470x 2-1:0.35: this is not a si470x device. [ 825.001918][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 825.001937][ T29] audit: type=1326 audit(1778890568.954:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25698 comm="syz.1.3690" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f76f799ce59 code=0x0 [ 825.036499][ T29] audit: type=1326 audit(1778890568.954:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25698 comm="syz.1.3690" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f76f799ce59 code=0x0 [ 825.193485][ T29] audit: type=1326 audit(1778890569.154:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25698 comm="syz.1.3690" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f76f799ce59 code=0x0 [ 825.222397][T25738] 8021q: adding VLAN 0 to HW filter on device bond2 [ 825.585868][ T5709] radio-raremono 2-1:0.35: this is not Thanko's Raremono. [ 826.017236][T25795] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3694'. [ 826.115611][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 826.131395][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 826.149753][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 826.164578][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 826.177849][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 826.323121][T25809] dummy0: entered promiscuous mode [ 826.368100][T25808] dummy0: left promiscuous mode [ 826.794295][ T993] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 826.964284][ T993] usb 5-1: Using ep0 maxpacket: 32 [ 826.970949][ T993] usb 5-1: config 0 has an invalid interface number: 20 but max is 0 [ 826.980314][ T993] usb 5-1: config 0 has no interface number 0 [ 826.986517][ T993] usb 5-1: config 0 interface 20 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 826.997429][ T993] usb 5-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid maxpacket 20280, setting to 1024 [ 827.009075][ T993] usb 5-1: config 0 interface 20 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 827.021278][ T993] usb 5-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 827.030663][ T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.039138][ T993] usb 5-1: Product: syz [ 827.043391][ T993] usb 5-1: Manufacturer: syz [ 827.048070][ T993] usb 5-1: SerialNumber: syz [ 827.056249][ T993] usb 5-1: config 0 descriptor?? [ 827.061902][T25834] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 827.069835][T25834] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 827.219279][ T5702] usb 2-1: USB disconnect, device number 118 [ 827.290100][ T993] usb-storage 5-1:0.20: USB Mass Storage device detected [ 827.300843][ T993] usb-storage 5-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 827.499232][ T993] scsi host1: usb-storage 5-1:0.20 [ 827.667452][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 827.684593][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 827.700387][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 827.716591][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 827.728853][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 827.812063][ T5702] usb 5-1: USB disconnect, device number 116 [ 827.863445][T25880] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3703'. [ 827.908258][T25880] netlink: 147088 bytes leftover after parsing attributes in process `syz.0.3703'. [ 827.994366][T25894] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3705'. [ 829.243840][T25945] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3710'. [ 829.297689][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 829.332584][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 829.343289][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 829.353348][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 829.361599][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 830.034333][ T993] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 830.204744][ T993] usb 4-1: Using ep0 maxpacket: 32 [ 830.213275][ T993] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 830.222860][ T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.231314][ T993] usb 4-1: Product: syz [ 830.235896][ T993] usb 4-1: Manufacturer: syz [ 830.240584][ T993] usb 4-1: SerialNumber: syz [ 830.247896][ T993] usb 4-1: config 0 descriptor?? [ 830.261381][ T993] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 830.269120][ T993] dvb-usb: bulk message failed: -22 (2/0) [ 830.279888][ T993] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 830.290291][ T993] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 830.298616][ T993] usb 4-1: media controller created [ 830.313837][ T993] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 830.332804][ T993] usb 4-1: selecting invalid altsetting 7 [ 830.338733][ T993] cxusb: set interface failed [ 830.343446][ T993] dvb-usb: bulk message failed: -22 (1/0) [ 830.376004][ T993] DVB: Unable to find symbol lgdt330x_attach() [ 830.382190][ T993] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 830.444277][ T993] rc_core: IR keymap rc-dvico-portable not found [ 830.450785][ T993] Registered IR keymap rc-empty [ 830.457493][ T993] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 830.471658][T25946] cxusb: i2c wr: len=80 is too big! [ 830.471658][T25946] [ 830.474027][ T993] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input66 [ 830.499507][ T993] dvb-usb: schedule remote query interval to 100 msecs. [ 830.508983][ T993] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 830.541123][ T993] usb 4-1: USB disconnect, device number 13 [ 830.660126][ T993] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 830.885100][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 830.898286][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 830.918726][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 830.931260][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 830.942716][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 831.045860][ T9] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 831.216103][ T9] usb 5-1: config 48 interface 0 altsetting 98 bulk endpoint 0x4 has invalid maxpacket 1024 [ 831.226720][ T9] usb 5-1: config 48 interface 0 altsetting 98 has an endpoint descriptor with address 0x5A, changing to 0xA [ 831.239951][ T9] usb 5-1: config 48 interface 0 altsetting 98 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 831.251443][ T9] usb 5-1: config 48 interface 0 altsetting 98 endpoint 0xA has invalid wMaxPacketSize 0 [ 831.281897][ T9] usb 5-1: config 48 interface 0 has no altsetting 0 [ 831.300532][ T9] usb 5-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 831.318856][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.328275][ T9] usb 5-1: Product: syz [ 831.333380][ T9] usb 5-1: Manufacturer: syz [ 831.341645][ T9] usb 5-1: SerialNumber: syz [ 831.362487][T26023] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 831.654387][ T9] usb 5-1: USB disconnect, device number 117 [ 832.639132][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 832.673174][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 832.686671][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 832.704487][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 832.713213][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 833.031287][T26117] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3722'. [ 833.375698][T26145] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3724'. [ 833.406705][ T9] usb 1-1: new full-speed USB device number 109 using dummy_hcd [ 833.565141][ T9] usb 1-1: device descriptor read/64, error -71 [ 833.824301][ T9] usb 1-1: new full-speed USB device number 110 using dummy_hcd [ 833.964809][ T9] usb 1-1: device descriptor read/64, error -71 [ 834.074541][ T9] usb usb1-port1: attempt power cycle [ 834.446012][ T9] usb 1-1: new full-speed USB device number 111 using dummy_hcd [ 834.475445][ T9] usb 1-1: device descriptor read/8, error -71 [ 834.735220][ T9] usb 1-1: new full-speed USB device number 112 using dummy_hcd [ 834.766287][ T9] usb 1-1: device descriptor read/8, error -71 [ 834.833950][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 834.849267][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 834.865049][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 834.877795][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 834.886095][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 834.904607][ T9] usb usb1-port1: unable to enumerate USB device [ 836.888373][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 836.903805][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 836.921123][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 836.932298][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 836.936162][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 836.953669][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 837.023391][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.047977][ T46] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 837.081973][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.130898][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.176622][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.223710][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.238071][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 837.247303][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3728'. [ 837.253279][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 837.296897][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 837.313793][ T46] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 837.339016][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.376791][ T46] usb 5-1: config 0 descriptor?? [ 837.514322][T11577] usb 2-1: new full-speed USB device number 119 using dummy_hcd [ 837.674635][T11577] usb 2-1: device descriptor read/64, error -71 [ 837.932298][T26209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3731'. [ 837.954344][T11577] usb 2-1: new full-speed USB device number 120 using dummy_hcd [ 838.114399][T11577] usb 2-1: device descriptor read/64, error -71 [ 838.196659][ T46] usbhid 5-1:0.0: can't add hid device: -71 [ 838.217269][ T46] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 838.267649][T11577] usb usb2-port1: attempt power cycle [ 838.324411][ T46] usb 5-1: USB disconnect, device number 118 [ 838.614358][T11577] usb 2-1: new full-speed USB device number 121 using dummy_hcd [ 838.635299][T11577] usb 2-1: device descriptor read/8, error -71 [ 838.874305][T11577] usb 2-1: new full-speed USB device number 122 using dummy_hcd [ 838.894730][T11577] usb 2-1: device descriptor read/8, error -71 [ 839.004519][T11577] usb usb2-port1: unable to enumerate USB device [ 839.424761][T26286] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3736'. [ 839.571089][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 839.590648][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 839.601209][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 839.610605][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 839.626463][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 839.824226][T23129] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 839.925092][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 840.002468][T23129] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 840.024434][T23129] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 840.042726][T23129] usb 5-1: Product: syz [ 840.052852][T23129] usb 5-1: Manufacturer: syz [ 840.062960][T23129] usb 5-1: SerialNumber: syz [ 840.084213][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 840.094641][T23129] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 840.098063][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 840.126708][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 840.146531][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 3104, setting to 1024 [ 840.167614][ T46] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 840.167969][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 840.225173][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 840.258148][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 840.293380][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.534342][ T9] usb 4-1: GET_CAPABILITIES returned 0 [ 840.561134][ T9] usbtmc 4-1:16.0: can't read capabilities [ 840.762449][T26292] input: syz0 as /devices/virtual/input/input67 [ 840.860419][ T9] usb 4-1: USB disconnect, device number 14 [ 841.246601][ T46] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 841.261390][ T46] ath9k_htc: Failed to initialize the device [ 841.312342][ T46] usb 5-1: ath9k_htc: USB layer deinitialized [ 841.832829][T26374] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3740'. [ 841.852567][T26374] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3740'. [ 841.866138][T26374] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3740'. [ 841.958889][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 841.970863][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 841.982520][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 841.994352][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 842.006247][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 842.702123][ T993] usb 5-1: USB disconnect, device number 119 [ 844.285707][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 844.301081][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 844.310142][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 844.322880][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 844.331457][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 844.445927][ T993] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 844.571839][T26465] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3750'. [ 844.626319][ T993] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 844.651620][ T993] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 844.682232][ T993] usb 4-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 844.705914][ T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 844.740315][ T993] usb 4-1: config 0 descriptor?? [ 844.759914][T26430] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 845.398042][ T993] usbhid 4-1:0.0: can't add hid device: -71 [ 845.413295][ T993] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 845.441835][ T993] usb 4-1: USB disconnect, device number 15 [ 846.778774][T26514] netlink: 'syz.0.3751': attribute type 1 has an invalid length. [ 846.863826][T26514] 8021q: adding VLAN 0 to HW filter on device bond3 [ 846.899615][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 846.928881][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 846.940209][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 846.949992][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 846.957852][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 847.054676][ T9] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 847.234665][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 847.250584][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 847.278626][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 847.306387][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.324873][ T9] usb 2-1: Product: syz [ 847.342282][ T9] usb 2-1: Manufacturer: syz [ 847.354412][ T9] usb 2-1: SerialNumber: syz [ 847.378172][ T9] usb 2-1: config 0 descriptor?? [ 847.410392][ T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 847.446087][ T9] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 848.022668][ T9] em28xx 2-1:0.0: chip ID is em2765 [ 848.633793][ T9] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 848.651295][ T9] em28xx 2-1:0.0: board has no eeprom [ 849.715273][T26515] em28xx 2-1:0.0: reading from i2c device at 0x0 failed (error=-5) [ 849.738020][T26622] vxcan0: tx address claim with dest, not broadcast [ 849.775353][ T9] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 849.785118][ T9] em28xx 2-1:0.0: dvb set to bulk mode. [ 849.787761][ T5641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 849.790868][ T993] em28xx 2-1:0.0: Binding DVB extension [ 849.812580][ T5641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 849.824011][ T5641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 849.833698][ T5641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 849.846042][ T5641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 849.847639][ T9] usb 2-1: USB disconnect, device number 123 [ 849.884490][ T5702] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 849.947789][ T9] em28xx 2-1:0.0: Disconnecting em28xx [ 850.012107][ T993] em28xx 2-1:0.0: Registering input extension [ 850.027073][ T9] em28xx 2-1:0.0: Closing input extension [ 850.054392][ T5702] usb 4-1: Using ep0 maxpacket: 8 [ 850.069098][ T5702] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 850.097273][ T5702] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 850.114882][ T5702] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 850.123807][ T5702] usb 4-1: Product: syz [ 850.128165][ T5702] usb 4-1: Manufacturer: syz [ 850.150219][ T5702] usb 4-1: SerialNumber: syz [ 850.150424][ T9] em28xx 2-1:0.0: Freeing device [ 850.224575][T11577] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 850.385663][T11577] usb 5-1: Using ep0 maxpacket: 16 [ 850.403761][T11577] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.429922][ T5702] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 850.438385][T11577] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 850.448895][ T5702] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 850.456978][T11577] usb 5-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 850.467687][ T5702] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 850.475218][T11577] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 850.489282][T11577] usb 5-1: config 0 descriptor?? [ 850.640684][T26616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 850.649885][T26616] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 850.737992][ T5702] usb 4-1: palm_os_3_probe - error -71 getting bytes available request [ 850.765800][ T5702] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 850.791802][ T5702] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 850.805671][ T5702] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 850.821290][ T5702] usb 4-1: USB disconnect, device number 16 [ 850.835179][ T5702] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 850.851563][ T5702] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 850.864057][ T5702] visor 4-1:1.0: device disconnected [ 850.920137][T11577] vrc2 0003:07C0:1125.0024: fixing up VRC-2 report descriptor [ 850.934084][T11577] input: HID 07c0:1125 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:07C0:1125.0024/input/input69 [ 851.015487][T11577] vrc2 0003:07C0:1125.0024: input,hidraw0: USB HID v10.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.4-1/input0 [ 851.120600][ T9] usb 5-1: USB disconnect, device number 120 [ 852.438869][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 852.459241][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 852.474371][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 852.483249][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 852.492704][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 852.506731][ T46] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 852.686196][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 852.693716][ T46] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 852.709792][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 852.733602][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 852.753037][ T46] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 852.801541][ T46] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 852.833986][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.877738][ T46] usb 5-1: config 0 descriptor?? [ 854.121992][ T46] usbhid 5-1:0.0: can't add hid device: -71 [ 854.132006][ T46] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 854.146509][ T46] usb 5-1: USB disconnect, device number 121 [ 855.333166][T25537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 855.344570][T25537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 855.359216][T25537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 855.371902][T25537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 855.400813][T25537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 855.497522][ T29] audit: type=1326 audit(1778890599.454:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26810 comm="syz.3.3770" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5dc579ce59 code=0x0 [ 855.577257][T26831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3773'. [ 856.173188][T26867] xt_bpf: check failed: parse error [ 857.474457][ T30] INFO: task kworker/u8:11:18130 blocked for more than 143 seconds. [ 857.482674][ T30] Tainted: G L syzkaller #0 [ 857.489296][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 857.498575][ T30] task:kworker/u8:11 state:D stack:23328 pid:18130 tgid:18130 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 857.510785][ T30] Workqueue: netns cleanup_net [ 857.515643][ T30] Call Trace: [ 857.518943][ T30] [ 857.521878][ T30] __schedule+0x1821/0x5740 [ 857.526469][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 857.531537][ T30] ? __pfx___schedule+0x10/0x10 [ 857.536531][ T30] ? schedule+0x90/0x360 [ 857.540816][ T30] schedule+0x164/0x360 [ 857.545034][ T30] afs_cell_purge+0x40d/0x580 [ 857.549740][ T30] ? __pfx_afs_cell_purge+0x10/0x10 [ 857.555179][ T30] ? __pfx_var_wake_function+0x10/0x10 [ 857.560695][ T30] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 857.566756][ T30] ? __timer_delete_sync+0x4a4/0x520 [ 857.572121][ T30] afs_net_exit+0x50/0x100 [ 857.576724][ T30] ops_undo_list+0x49f/0x940 [ 857.581352][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 857.586524][ T30] ? idr_destroy+0x218/0x290 [ 857.591140][ T30] ? do_raw_spin_unlock+0xf5/0x210 [ 857.597118][ T30] cleanup_net+0x56b/0x800 [ 857.601582][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 857.606593][ T30] ? process_scheduled_works+0xa70/0x1860 [ 857.612342][ T30] ? process_scheduled_works+0xa70/0x1860 [ 857.618182][ T30] process_scheduled_works+0xb5d/0x1860 [ 857.623787][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 857.629846][ T30] ? assign_work+0x3d5/0x5e0 [ 857.634596][ T30] worker_thread+0xa53/0xfc0 [ 857.639241][ T30] kthread+0x389/0x470 [ 857.643306][ T30] ? __pfx_worker_thread+0x10/0x10 [ 857.648464][ T30] ? __pfx_kthread+0x10/0x10 [ 857.653075][ T30] ret_from_fork+0x514/0xb70 [ 857.657722][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 857.662854][ T30] ? __switch_to+0xc79/0x1410 [ 857.667585][ T30] ? __pfx_kthread+0x10/0x10 [ 857.672207][ T30] ret_from_fork_asm+0x1a/0x30 [ 857.677274][ T30] [ 857.680416][ T30] [ 857.680416][ T30] Showing all locks held in the system: [ 857.688204][ T30] 1 lock held by khungtaskd/30: [ 857.693073][ T30] #0: ffffffff8e95cde0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 857.703655][ T30] 2 locks held by getty/5381: [ 857.708441][ T30] #0: ffff888035ece0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 857.718572][ T30] #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0 [ 857.728768][ T30] 3 locks held by kworker/u8:11/18130: [ 857.734276][ T30] #0: ffff88801be8e140 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 857.745244][ T30] #1: ffffc900062f7c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 857.755892][ T30] #2: ffffffff8fdc19a8 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 857.765340][ T30] [ 857.767680][ T30] ============================================= [ 857.767680][ T30] [ 857.776138][ T30] NMI backtrace for cpu 1 [ 857.776161][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 857.776186][ T30] Tainted: [L]=SOFTLOCKUP [ 857.776192][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 857.776202][ T30] Call Trace: [ 857.776210][ T30] [ 857.776218][ T30] dump_stack_lvl+0xe8/0x150 [ 857.776246][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 857.776268][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 857.776290][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 857.776313][ T30] sys_info+0x135/0x170 [ 857.776332][ T30] watchdog+0xfd3/0x1030 [ 857.776362][ T30] ? watchdog+0x1c9/0x1030 [ 857.776393][ T30] kthread+0x389/0x470 [ 857.776419][ T30] ? __pfx_watchdog+0x10/0x10 [ 857.776443][ T30] ? __pfx_kthread+0x10/0x10 [ 857.776469][ T30] ret_from_fork+0x514/0xb70 [ 857.776492][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 857.776512][ T30] ? __switch_to+0xc79/0x1410 [ 857.776542][ T30] ? __pfx_kthread+0x10/0x10 [ 857.776568][ T30] ret_from_fork_asm+0x1a/0x30 [ 857.776605][ T30] [ 857.776613][ T30] Sending NMI from CPU 1 to CPUs 0: [ 857.893523][ C0] NMI backtrace for cpu 0 [ 857.893547][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 857.893569][ C0] Tainted: [L]=SOFTLOCKUP [ 857.893576][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 857.893586][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 857.893615][ C0] Code: bb 7d 02 e9 93 f7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 82 20 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 857.893629][ C0] RSP: 0018:ffffffff8e607dc0 EFLAGS: 00000242 [ 857.893645][ C0] RAX: 0000000000d15d23 RBX: ffffffff819a958a RCX: 0000000080000001 [ 857.893656][ C0] RDX: 0000000000000001 RSI: ffffffff8dfaa81a RDI: ffffffff8c28af60 [ 857.893667][ C0] RBP: ffffffff8e607eb0 R08: ffff8880b86339db R09: 1ffff110170c673b [ 857.893678][ C0] R10: dffffc0000000000 R11: ffffed10170c673c R12: 0000000000000000 [ 857.893690][ C0] R13: 1ffffffff1cd25d8 R14: 0000000000000000 R15: 1ffffffff1cd25d8 [ 857.893701][ C0] FS: 0000000000000000(0000) GS:ffff88812528a000(0000) knlGS:0000000000000000 [ 857.893714][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 857.893725][ C0] CR2: 00007f22de5ea2f8 CR3: 000000000e74a000 CR4: 00000000003526f0 [ 857.893742][ C0] Call Trace: [ 857.893750][ C0] [ 857.893757][ C0] default_idle+0x9/0x20 [ 857.893772][ C0] default_idle_call+0x72/0xb0 [ 857.893788][ C0] do_idle+0x36a/0x5f0 [ 857.893806][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 857.893826][ C0] ? __pfx_do_idle+0x10/0x10 [ 857.893846][ C0] cpu_startup_entry+0x43/0x60 [ 857.893863][ C0] rest_init+0x2de/0x300 [ 857.893880][ C0] start_kernel+0x38a/0x3e0 [ 857.893899][ C0] x86_64_start_reservations+0x24/0x30 [ 857.893920][ C0] x86_64_start_kernel+0x143/0x1c0 [ 857.893940][ C0] common_startup_64+0x13e/0x147 [ 857.893967][ C0] [ 857.894830][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 857.894850][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 857.894874][ T30] Tainted: [L]=SOFTLOCKUP [ 857.894882][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 857.894892][ T30] Call Trace: [ 857.894900][ T30] [ 857.894908][ T30] vpanic+0x56c/0xa60 [ 857.894932][ T30] ? __pfx___schedule+0x10/0x10 [ 857.894956][ T30] ? __pfx_vpanic+0x10/0x10 [ 857.894983][ T30] panic+0xc5/0xd0 [ 857.895003][ T30] ? __pfx_panic+0x10/0x10 [ 857.895023][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 857.895052][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 857.895076][ T30] watchdog+0x102c/0x1030 [ 857.895107][ T30] ? watchdog+0x1c9/0x1030 [ 857.895136][ T30] kthread+0x389/0x470 [ 857.895159][ T30] ? __pfx_watchdog+0x10/0x10 [ 857.895181][ T30] ? __pfx_kthread+0x10/0x10 [ 857.895204][ T30] ret_from_fork+0x514/0xb70 [ 857.895226][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 857.895244][ T30] ? __switch_to+0xc79/0x1410 [ 857.895271][ T30] ? __pfx_kthread+0x10/0x10 [ 857.895294][ T30] ret_from_fork_asm+0x1a/0x30 [ 857.895329][ T30] [ 858.199663][ T30] Kernel Offset: disabled [ 858.203996][ T30] Rebooting in 86400 seconds..