last executing test programs: 9.988379962s ago: executing program 2 (id=5799): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000100)='|', 0x1}], 0x1) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = accept$alg(r6, 0x0, 0x0) recvmmsg(r7, &(0x7f00000065c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)=""/161, 0xa1}], 0x1}, 0x2}], 0x1, 0x40004023, 0x0) splice(r4, 0x0, r5, 0x0, 0x2, 0x6) write$cgroup_pid(r5, &(0x7f0000000000), 0xffffff98) splice(r1, 0x0, r5, 0x0, 0x80000000, 0x0) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bff000/0x400000)=nil) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = eventfd2(0xe5c, 0x80000) r11 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000100)={r10, 0x7, 0x2, r11}) r12 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r9, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x1}) ioctl$KVM_SET_IRQCHIP(r9, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x87, 0x82, 0x4, 0x1, 0xc5, 0x9, 0xb3, 0xc4, 0x6, 0x9, 0x5, 0x84, 0x8, 0xfd, 0x1, 0xec}}) ioctl$KVM_SET_REGS(r12, 0x4090ae82, &(0x7f00000003c0)={[0x35, 0xe, 0x4, 0x1, 0x2, 0x1000, 0xf1, 0x0, 0x7ffffffeffffb, 0x1, 0x1, 0x40001, 0x0, 0xc12, 0x1, 0xbde], 0x1000, 0x3d4316}) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a05000002000000000000050000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a300000000070000000060a010400000000000000000500000b00010074756e6e656c000014000280080001400000000108000240000000092800018008000100667764001c0002800800024000000017080043400000000a08000140000000090900010073797a3000000000140000001100010000000000000000000000000a"], 0xd8}}, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) write(r3, 0x0, 0x0) 8.833667111s ago: executing program 2 (id=5803): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x4942c3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) quotactl_fd$Q_SYNC(r1, 0xffffffff80000100, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$video4linux(&(0x7f0000000400), 0x7, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f0000000000)={0x0, {0x9, 0xfffffcbb}}) mmap(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0x300000c, 0x100010, r1, 0x3fa52000) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0)={0x42, 0x0, 0x3}, 0x10) r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140), 0x80401, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r5, &(0x7f00000001c0), 0x2) syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000200), 0x2) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00') read$snddsp(r6, &(0x7f0000000200)=""/125, 0x7d) ioctl$KVM_RUN(r2, 0xae80, 0x0) r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x1, 0x5, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0xe0, 0x60}}}}}]}}]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io$lan78xx(r7, 0x0, 0x0) r8 = socket$pppoe(0x18, 0x1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000500)=""/232, 0xe8}, {0x0}, {0x0}, {0x0}, {&(0x7f0000001900)=""/195, 0xc3}], 0x9}, 0x101) connect$pppoe(r8, &(0x7f0000000040)={0x18, 0x0, {0x1, @link_local, 'macvtap0\x00'}}, 0x1e) sendmmsg(r8, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) syz_usb_control_io$hid(r7, &(0x7f0000000980)={0x24, 0x0, 0x0, &(0x7f0000000040), 0x0}, 0x0) 8.768591829s ago: executing program 0 (id=5804): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x4942c3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) quotactl_fd$Q_SYNC(r1, 0xffffffff80000100, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$video4linux(&(0x7f0000000400), 0x7, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f0000000000)={0x0, {0x9, 0xfffffcbb}}) mmap(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0x300000c, 0x100010, r1, 0x3fa52000) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0)={0x42, 0x0, 0x3}, 0x10) r5 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902"], 0x0) r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140), 0x80401, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r6, &(0x7f00000001c0), 0x2) syz_usb_control_io$rtl8150(r5, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r6, &(0x7f0000000200), 0x2) read$snddsp(0xffffffffffffffff, &(0x7f0000000200)=""/125, 0x7d) ioctl$KVM_RUN(r2, 0xae80, 0x0) r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x1, 0x5, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0xe0, 0x60}}}}}]}}]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, 0x0, 0x0) r8 = socket$pppoe(0x18, 0x1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000500)=""/232, 0xe8}, {0x0}, {0x0}, {0x0}, {&(0x7f0000001900)=""/195, 0xc3}], 0x9}, 0x101) connect$pppoe(r8, &(0x7f0000000040)={0x18, 0x0, {0x1, @link_local, 'macvtap0\x00'}}, 0x1e) sendmmsg(r8, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 8.32268242s ago: executing program 1 (id=5807): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000040)=0x2, 0x4) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x98201, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r2, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, &(0x7f0000000000)) r3 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r3, 0xc0884123, &(0x7f0000000080)) r4 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x3, 0x51, 0xfffff034}, {0x6, 0x4, 0x5, 0x6}]}, 0x10) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fsync(r5) unshare(0x20000400) lseek(0xffffffffffffffff, 0x80000004, 0x1) 8.286546685s ago: executing program 1 (id=5808): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001480)) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902"], 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34000000130001002cbd70000000000007000000", @ANYRES32, @ANYBLOB="008400000000040014001a8010000480"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x24004810) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 8.102595546s ago: executing program 4 (id=5810): socket$unix(0x1, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f00000001c0)={r0, &(0x7f0000000040)='\x00', 0x2100, &(0x7f0000000080)={@_ha_fsid={[0x400, 0xfffffffd]}, {0x1, 0xffff, 0x5, 0xfffffffffffffff2}}, 0xb582, &(0x7f00000000c0)={@_ha_fsid}, &(0x7f0000000140)=0x81}) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000200), &(0x7f0000000240)=0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x6) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0xb3e}]}) socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000007380)=[{{0x0, 0x0, &(0x7f0000000200)}}], 0x1, 0x400c000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r7, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "0000000000ff4270f3d500"}, 0x40009, 0x5}) preadv(r7, &(0x7f0000000040), 0x0, 0x1, 0xd) ioctl$DVB_DEMUX_DMX_STOP(r7, 0x6f2a) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001a00010028bd70000000000002202000ff00000700020000080002000a01010008000100ac14143308000300", @ANYRES8=r8], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0xea5bc50b6199d76e) r9 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x458, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) getgroups(0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r9, 0xc10c5541, &(0x7f0000000040)) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) r10 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0) read$eventfd(r10, &(0x7f0000000200), 0x8) 7.927334283s ago: executing program 4 (id=5811): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@empty, @in=@local, 0x0, 0xffff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0xc, 0x200, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@local, 0xfffffffc, 0x32}, 0x2, @in=@local, 0x6, 0x4, 0x1, 0x0, 0x401}]}]}, 0xfc}}, 0x4000880) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a800000000000000000000008000300", @ANYRES32, @ANYBLOB="06001c"], 0x2c}}, 0x0) syz_io_uring_setup(0x4173, &(0x7f0000000180)={0x0, 0xbf58, 0x10000, 0x202, 0x2d0}, &(0x7f0000001040), 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') r5 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0xa) landlock_restrict_self(r5, 0xa) r6 = landlock_create_ruleset(&(0x7f00000000c0)={0x101}, 0x18, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000140)={0x100, r7}, 0x0) landlock_restrict_self(r6, 0x4) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x0, 0x0, 0x1000) read$FUSE(r4, &(0x7f0000003380)={0x2020}, 0x2020) r8 = socket$inet(0x2, 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a74000000080a01020000000000000034d286d530f48d5a8008000240000000010800024000000003080001400000008808000240000000020800014000000088080002400000000108000140000060010800014000000067080001400000001108000240000000010900010073797a3000000000140000001100010000000000000000000800000a"], 0x9c}, 0x1, 0x0, 0x0, 0x20008810}, 0x80) bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r8, &(0x7f0000000280)="02af", 0x2, 0x5, 0x0, 0x0) 7.716848023s ago: executing program 4 (id=5812): openat$kvm(0x0, &(0x7f0000000000), 0x88000, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0xff, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0xcc}, {0x804, 0x2, 0x1, 0x45, 0x7, 0x1, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x40000001, 0x3, 0x38, 0x3, 0x84, 0x7, 0x6, 0x0, 0x8, 0x3, 0x4, 0x8, 0x24ab}], 0xffffffff}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x88000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80081, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x5, 0x7d, 0x0, 0x3, 0x2, 0x2, 0x4000000004, 0x9, 0x8d], 0x8082000, 0x2111c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) 7.506364655s ago: executing program 3 (id=5813): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000004e13010000000000000000001c000000"], 0x14}}, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal', 0x20001, 0x1b8) r2 = dup2(r1, r1) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0xffffffff, 0x4, 0x3}, 0x50) write$P9_RLINK(r2, &(0x7f00000008c0)={0x7, 0x47, 0x2}, 0x7) socket$nl_route(0x10, 0x3, 0x0) 7.460031112s ago: executing program 3 (id=5814): r0 = dup(0xffffffffffffffff) (async) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000100)={0x8001, r1}, 0x0) (async, rerun: 32) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x4c831, 0xffffffffffffffff, 0x0) (async, rerun: 32) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) (async) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) (async) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0) ftruncate(r3, 0x1) (async) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r4, 0x3ba0, &(0x7f0000000880)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000), 0x1}) r5 = syz_usb_connect(0x5, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000092ecc620ac0500773aeb010203010902240001000020000904c40102fffd01800905020210020200000905820200"], 0x0) syz_usb_control_io$uac1(r5, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0003060000000603"]}, 0x0) syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000300)={0x20, 0x14, 0x6, "f99d5133974f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) (rerun: 32) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r7, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) (async, rerun: 32) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x2, 0x1, 0x0, @sint={0xfffffff8, 0x21}}]}) (async, rerun: 32) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f00000002c0)={0x0, 0x1}) 7.316204906s ago: executing program 4 (id=5815): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) unshare(0x1b386a8192ebb285) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') read$FUSE(r3, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r2, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(r2, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r6, 0x7fffffffffffffff, 0x0) 7.315652505s ago: executing program 3 (id=5816): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f0000000580)={0x40, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000280)={0x0, 0xd, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000540)={0x20, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = syz_usb_connect$rtl8150(0x0, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$rtl8150(r2, &(0x7f0000000ac0)={0x14, &(0x7f0000000940)={0x0, 0x21, 0xe6, {0xe6, 0x4, "9355b23dadef32b092507038f22cb86c965a35aee8b558e3d60aafc57c5b8425b010904ee04225b1e613ff83da643f53951310af97646253ea02cb6f75333fd4ae6e756695d5af5961c76c18a4950e2012d253a6bb4a8b8eb76328aa290fc204750af34374f53d5ddc12719ac80a42501cafe46e730b6306ed44ed984c7f58f4b3a075990238d37201e732ea1d9750fa9d3459f19cfbcd9d7957b986cd555fc38419b31e0b9f8029c5aaaf2ad71cb99a937ffbedf8b2ff7158e7a1f90ef19ca326aab6fd27a2d445290ce87920efcabcecd9ed78b6461db04a5d77ab3724dfb72f6102d4"}}, 0x0}, &(0x7f0000000c80)={0x2c, &(0x7f0000000b00)={0x40, 0x14, 0x4a, "fec133123a2a75e6b1d1e004415294569bbf30a193404186cec1c5323a5dac99f9fede56b314d2c0c073d252465e6de2fa31ef7050fbed58b61984e3ab576a946a20bc6983c4eb2b9c40"}, &(0x7f0000000b80)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000bc0)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000c00)={0xc0, 0x5, 0x2, "3495"}, &(0x7f0000000c40)={0x40, 0x5, 0x5, "c68d89c7ad"}}) write$6lowpan_control(r1, 0x0, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x0}) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000ac000000030a010300000000000000000100000014000480080002400000000008000140000000050900030073797a30000000000900010073797a310000000008000b4000000003640008800c00014000000000800000000c00014000000000000000010c00014000000000000000050c000140000000000000a0a20c000140000010000000c6930c0002"], 0x92fc}}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e23, 0x10000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2}}, 0x0, 0x0, 0x18, 0x0, "1ead1e653bc8c44f99df90c5cf0b677020c111ba29552e0de9a59270560b447dde19d229f2964e10fd40af965f2c1ee9213127ee40d1b0aa59105d4ba8d35f8f485692ef01537d6349e05f89616423ec"}, 0xd8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10) io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x2, 0x2bb}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) r7 = syz_ublk_setup_io_uring(0x6ea4, &(0x7f00000002c0)={0x0, 0xd5bb, 0x4000, 0x2, 0x1ad}, &(0x7f0000000340), &(0x7f0000000400), &(0x7f0000000440)) io_uring_enter(r7, 0x2219, 0x7721, 0x16, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000900)={0x1c, &(0x7f0000000780)={0x0, 0xe}, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x20, 0xc, 0x3, "0c0100"}, 0x0, 0x0, 0x0, 0x0}) 7.226342956s ago: executing program 4 (id=5817): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) unshare(0x1b386a8192ebb285) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') read$FUSE(r2, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(0xffffffffffffffff, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10) ioprio_set$pid(0x1, 0x0, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r6, 0x7fffffffffffffff, 0x0) 6.981737311s ago: executing program 4 (id=5818): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@ipv4_newroute={0x4c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x5}, @RTA_ENCAP={0x28, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x24, 0x1, {{0xf0ff, {0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}]}}}}}]}, 0x4c}}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000440)={0x0}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r4, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x152}) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000001200)=0x8a4, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 6.73412897s ago: executing program 1 (id=5820): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') read$FUSE(r3, 0x0, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r2, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(r2, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10) ioprio_set$pid(0x1, 0x0, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r7, 0x7fffffffffffffff, 0x0) 6.537241157s ago: executing program 2 (id=5821): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xffffffea, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={0xffffffffffffffff}) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002e40)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') 6.291846912s ago: executing program 2 (id=5822): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x7800, 0x8, 0x9, 0xd, {{0x5, 0x4, 0x1, 0x1, 0x14, 0x68, 0x0, 0x9, 0x2f, 0x0, @local, @multicast2}}}}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000040)={0x40, 0x8, 0x4, "41768df2"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000200)={0x0, 0xe}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, 0x0, &(0x7f00000003c0)={0x40, 0x5, 0x1, "e1"}}) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e"], 0xec) 5.648874575s ago: executing program 1 (id=5823): socket(0x10, 0x803, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000140)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x2}}, 0x10) socket$tipc(0x1e, 0x2, 0x0) r1 = io_uring_setup(0x13b1, &(0x7f0000000140)={0x0, 0x911c, 0x40, 0x3, 0x2fa}) io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xd0, 0x0, 0x0, 0x0, 0xfffffffe}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x7, @loopback, 0x8}, 0x1c) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0x20, &(0x7f0000000000)={@in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x83, 0x0, "a30b3b28af4d2f246a01a845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a0000c6df82b800"}, 0xd8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) 4.734905833s ago: executing program 1 (id=5824): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x1, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x20, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x6, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x7, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xffffffff, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x8, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x80000312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x1007, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x7, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x8, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x200009, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x1fd, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xfffc, 0xa620, 0x1, 0x5, 0x801, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0x2, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x9, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r6, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r4, 0x3b8d, &(0x7f0000000280)={0x20, r8, &(0x7f00000002c0)=[{0x1}], 0xdeadbeef, 0x8, 0x1}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x80000000972, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x8, 0x7fff7ffc}]}) close_range(r9, 0xffffffffffffffff, 0x0) 4.003867705s ago: executing program 0 (id=5825): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}, 0xfffffffc}}, 0x10) bind$tipc(r2, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r2, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x2}}, 0x10) bind$tipc(r1, 0x0, 0x0) syz_io_uring_setup(0x6dd0, &(0x7f00000002c0)={0x0, 0x4af9, 0x800, 0x0, 0x7e}, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x42, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec309d59191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 3.601096431s ago: executing program 1 (id=5826): shmget$private(0x0, 0x1000, 0x78000b00, &(0x7f0000ffd000/0x1000)=nil) r0 = socket$inet6(0xa, 0x80002, 0x0) close(r0) r1 = gettid() clock_nanosleep(0x1, 0x1, 0x0, 0x0) rt_sigqueueinfo(r1, 0x20, &(0x7f0000002d00)={0x32, 0xffffffff, 0x58}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = epoll_create1(0x0) r5 = socket$rxrpc(0x21, 0x2, 0x2) close_range(r5, r5, 0x2) open(&(0x7f0000000000)='.\x00', 0x2882c2, 0xd) listen(r5, 0x8e6) r6 = accept(r2, &(0x7f0000000040)=@nl=@unspec, &(0x7f00000000c0)=0x80) getpeername$tipc(r6, &(0x7f0000000140)=@name, &(0x7f00000001c0)=0x10) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_wait(r4, &(0x7f0000000340)=[{}], 0x1, 0x80000000) r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f0000000480)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB="2023b0000000b007bd7029438ac774ac0f82bc52b439cc38e48e7f3686c7c6abe19f2ae2e482f6d94fb37999b94d7c0014048d1de6eb80a9b49dacc89e81f9be6a8ea461de42efbe90efb74e8e0bb6fdab94be618cf5f69ae00570640016917a88c715289d325d8c5be6c011ad27d2280ca09e7dd9491e4802e78d11f7a5c8e166b60e09bffeea7a71ae7896063648196f4ac249d2e6b2cdd97c373f75598e686e340bf3117a3244af1870c01c5e1acef04a0e74008d02d8e3fab7ba8f346c2f6ba73b9d42c125352497d90bf5c71ebdcf430d7962c160401e41133a4bbfa4402f8a59447feb19db95a6d0da9a49a53db747c9e5c165ce05cd9732db4f4e1a6773577a27ddbbd1c4386c092bc6c30069cadae78bee47b0a72282933ef82e1172bffe052c07510dc66bc675a5e066d4f92361d60fc496141af0f9b96e15c481004c5196df48caef13da10722ecf4fe9af1924388f4d0cb6c7e004ffb495cb235ad0f27cb76e646b28e9b4fd2bc78523998e4390a9e35f498cb0620565103ecaaed392585e81f1afc307cce8fa3e48f51a28a203f6fbaf474a29915bbc6a66f1cad78dd2e2e27ad5bf7fec1a789f0f8c88f215a81a6ac17d7909e7b2a6b257d8886c79e4e38a1160385a331d1652f0e2d24ef333ce34fc8f3e2bbd297ada0972315f8098f10af09ba37a65fc41a97e55d034ced1fdc38ed1b54f57ef4716f10ad032e4b6a9583c8b6db00baed2e31f42"], 0x0, 0x0, 0x0, 0x0}, 0x0) r8 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r8, 0xc018480b, &(0x7f00000000c0)={0x3, 0xffffffff, 0x3, 0x4, 0x21185045, 0x4}) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e20, 0xa, @empty, 0x13b8}}, 0x0, 0x6}, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$IP_VS_SO_GET_INFO(r9, 0x0, 0x481, &(0x7f00000000c0), &(0x7f0000000140)=0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) 3.099913299s ago: executing program 2 (id=5827): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) unshare(0x1b386a8192ebb285) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r2, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(r2, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r5, 0x7fffffffffffffff, 0x0) 2.84102864s ago: executing program 0 (id=5828): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) unshare(0x1b386a8192ebb285) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') read$FUSE(r2, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(0xffffffffffffffff, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10) ioprio_set$pid(0x1, 0x0, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r6, 0x7fffffffffffffff, 0x0) 2.693348682s ago: executing program 0 (id=5829): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xa27, 0x0, &(0x7f0000000280)}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0000083, 0x0, 0x8000000000002000}]}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r3, 0x400, 0x0) rename(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='./file2\x00') r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) r6 = pidfd_getfd(r5, r5, 0x0) ioctl$sock_SIOCINQ(r6, 0x541b, 0x0) syz_kvm_setup_cpu$x86(r6, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000340)=[@text16={0x10, &(0x7f00000002c0)="0f32660f3a44e500660fdeb5005067660f3823f2f2acb828000f00d066b8010000000f01d96766c7442400000000006766c7442402670000006766c744240600000000670f0114248fcaf810bbf94f0e000000440f20c066350b000000440f22c0", 0x61}], 0x1, 0x56, &(0x7f0000000380)=[@flags={0x3, 0x3c01}], 0x1) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0x8ba, 0x0, &(0x7f00000002c0)}) openat(r3, &(0x7f0000000280)='./file2\x00', 0x1059c0, 0x1) r7 = socket(0x2, 0x80805, 0x0) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r7, 0x84, 0x74, &(0x7f0000000200)={r9, 0x5, 0x20}, &(0x7f00000001c0)=0x18) clock_getres(0x7ffffffff000, 0x0) setsockopt$CAN_RAW_FD_FRAMES(r7, 0x65, 0x5, &(0x7f0000000240), 0x4) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r11, 0x4188aec6, &(0x7f0000000040)) ioctl$KVM_SET_CLOCK(r11, 0x4188aec6, &(0x7f0000000040)={0x200000000000000, 0x4, 0x0, 0x125, 0x9}) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r12, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r13, 0x100, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}}, 0x2400c050) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xec) 2.362225936s ago: executing program 3 (id=5830): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x2140, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x3, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1, 0x0, 0xfffffffe, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x8, 0x2, 0x0, 0x0, "ee6a491530f05065"}}, 0x48}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000680)={0x7, &(0x7f0000000640)=[{0x9, 0x2, 0x0, 0x109b}, {0x3, 0x1, 0x2, 0x1}, {0xe351, 0xb, 0xbf, 0x6}, {0x6, 0x7, 0x4, 0xfff}, {0x2, 0xd, 0x3, 0xfffffff8}, {0x0, 0x9, 0xb, 0x60000}, {0x3, 0x9, 0x5d, 0xfffffffa}]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r4, r5], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, r4, 0x0, 0xf8, 0x8, 0x7ff, 0x3, {0x8, 0x8, 0x0, 0x5, 0x0, 0x2, 0x1, 0x1, 0x0, 0xffff, 0x8, 0x7c0, 0xffffffff, 0x77, "ba9a42184edc4097e01b52f22e2cbb318719fb31f6699332292cc81f89f07580"}}) ioctl$SNDCTL_SEQ_THRESHOLD(r0, 0x4004510d, 0x0) r7 = socket(0x10, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000004c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], 0x3}) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000000580)={r8, r4, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[0x0, 0x0]}) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x7, 0xe8, 0x6}, 0x10) write(r7, &(0x7f0000000480)="1c0000001a009b8a140000003b000000000000000000000000000000fd", 0x1d) recvmmsg(r7, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 2.250004443s ago: executing program 2 (id=5831): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, &(0x7f0000000000)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="2c0000002500090122bd5908f9ffffff0200000008003f8004002280080003004700000008003e00", @ANYRES32, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x1000c957}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000700)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x340, 0x340, 0x0, 0x340, 0x270, 0x430, 0x430, 0x430, 0x430, 0x430, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'ipvlan1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [0x0, 0x0, 0xff000000], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x270}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000000010ac054b02000000000001090224000100003000090400000103000100092100000088224e510905"], 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xf2}]}, &(0x7f0000000100)=0x10) r6 = socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000004a0001002bbd7000fddbdf250a008000", @ANYRES32=0x0, @ANYBLOB="0700000014000100ff"], 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x4000000) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00001a4000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x3, 0x0, 0x0, 0x403, 0x0, 0x0, 0x3c, 0x9a}) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4, 0x4010, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) 1.669840693s ago: executing program 3 (id=5832): futex(&(0x7f00000000c0), 0x80, 0x0, &(0x7f0000000140), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='cmdline\x00') read$FUSE(r3, 0x0, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000004e00010028bd70"], 0x38}, 0x1, 0x0, 0x0, 0x4c084}, 0x4020) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r2, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) sendto(r2, &(0x7f00000007c0)='[', 0x1, 0x8001, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000200)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10) ioprio_set$pid(0x1, 0x0, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r7, 0x7fffffffffffffff, 0x0) 1.255835656s ago: executing program 0 (id=5833): socket(0x10, 0x803, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000140)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x2}}, 0x10) socket$tipc(0x1e, 0x2, 0x0) r1 = io_uring_setup(0x13b1, &(0x7f0000000140)={0x0, 0x911c, 0x40, 0x3, 0x2fa}) io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xd0, 0x0, 0x0, 0x0, 0xfffffffe}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x7, @loopback, 0x8}, 0x1c) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0x20, &(0x7f0000000000)={@in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x83, 0x0, "a30b3b28af4d2f246a01a845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a0000c6df82b800"}, 0xd8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) 308.188214ms ago: executing program 3 (id=5834): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x4942c3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) quotactl_fd$Q_SYNC(r1, 0xffffffff80000100, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$video4linux(&(0x7f0000000400), 0x7, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f0000000000)={0x0, {0x9, 0xfffffcbb}}) mmap(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0x300000c, 0x100010, r1, 0x3fa52000) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000000c0)={0x42, 0x0, 0x3}, 0x10) r5 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902"], 0x0) r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140), 0x80401, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r6, &(0x7f00000001c0), 0x2) syz_usb_control_io$rtl8150(r5, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00') read$snddsp(r7, &(0x7f0000000200)=""/125, 0x7d) ioctl$KVM_RUN(r2, 0xae80, 0x0) r8 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x1, 0x5, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0xe0, 0x60}}}}}]}}]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io(r8, 0x0, 0x0) r9 = socket$pppoe(0x18, 0x1, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000500)=""/232, 0xe8}, {0x0}, {0x0}, {0x0}, {&(0x7f0000001900)=""/195, 0xc3}], 0x9}, 0x101) connect$pppoe(r9, &(0x7f0000000040)={0x18, 0x0, {0x1, @link_local, 'macvtap0\x00'}}, 0x1e) sendmmsg(r9, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 0s ago: executing program 0 (id=5835): r0 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000000)=0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) socket$netlink(0x10, 0x3, 0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) timerfd_gettime(r2, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): :1003] [ 1471.387185][T23938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5454'. [ 1471.419171][T21332] usb 1-1: USB disconnect, device number 38 [ 1471.641750][ T138] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1471.650208][ T138] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1471.771007][T23961] netlink: 'syz.4.5459': attribute type 5 has an invalid length. [ 1471.826013][T23965] dlm: non-version read from control device 0 [ 1472.196553][T11157] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1472.685564][T23978] netlink: 'syz.1.5466': attribute type 10 has an invalid length. [ 1472.695448][T23978] bond0: (slave netdevsim1): Releasing backup interface [ 1472.702427][T23978] bond0: (slave netdevsim1): the permanent HWaddr of slave - aa:aa:aa:aa:aa:2b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1472.721224][T23978] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1472.738411][ T5361] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1472.748493][T23978] team0: Port device netdevsim1 added [ 1472.760357][T23978] netlink: 'syz.1.5466': attribute type 10 has an invalid length. [ 1472.770364][T23978] team0: Port device netdevsim1 removed [ 1472.777977][T23978] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1472.786371][T23978] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1472.855244][T11157] usb 3-1: Using ep0 maxpacket: 32 [ 1472.980514][T11157] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 1472.999989][T11157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1473.008034][T11157] usb 3-1: Product: syz [ 1473.012226][T11157] usb 3-1: Manufacturer: syz [ 1473.016856][T11157] usb 3-1: SerialNumber: syz [ 1473.034932][T11157] usb 3-1: config 0 descriptor?? [ 1473.443453][ T5361] usb 4-1: Using ep0 maxpacket: 8 [ 1473.449315][T21310] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1473.470654][ T5361] usb 4-1: config 0 has no interfaces? [ 1473.481260][T11157] RobotFuzz Open Source InterFace, OSIF 3-1:0.0: version d4.15 found at bus 003 address 021 [ 1473.495353][ T5361] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1473.510628][ T5361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1473.532156][ T5361] usb 4-1: Product: syz [ 1473.545753][ T5361] usb 4-1: Manufacturer: syz [ 1473.559495][ T5361] usb 4-1: SerialNumber: syz [ 1473.579475][ T5361] usb 4-1: config 0 descriptor?? [ 1473.828328][T21308] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1474.087841][T21308] usb 2-1: Using ep0 maxpacket: 16 [ 1474.112029][T21308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1474.123143][T21308] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1474.134473][T21308] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 1474.143934][T21308] usb 2-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0 [ 1474.152177][T21308] usb 2-1: Manufacturer: syz [ 1474.159312][T21308] usb 2-1: config 0 descriptor?? [ 1474.434394][T23993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1474.452256][T23993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1474.669711][T21308] hid (null): unknown global tag 0xe [ 1474.677965][T21308] creative-sb0540 0003:041E:3100.0044: unknown global tag 0xe [ 1474.685664][T21308] creative-sb0540 0003:041E:3100.0044: item 0 1 1 14 parsing failed [ 1474.694351][T21308] creative-sb0540 0003:041E:3100.0044: parse failed [ 1474.701209][T21308] creative-sb0540 0003:041E:3100.0044: probe with driver creative-sb0540 failed with error -22 [ 1474.885605][ T5361] usb 2-1: USB disconnect, device number 5 [ 1475.166813][T11157] usb 3-1: USB disconnect, device number 21 [ 1475.462225][ T3326] net_ratelimit: 10 callbacks suppressed [ 1475.462242][ T3326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.489367][ T3326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.547203][T21310] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1475.556840][T21310] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1475.574129][T21310] usb 1-1: Product: syz [ 1475.578411][T21310] usb 1-1: Manufacturer: syz [ 1475.583099][T21310] usb 1-1: SerialNumber: syz [ 1475.614029][T11157] usb 4-1: USB disconnect, device number 11 [ 1475.627189][T21310] usb 1-1: config 0 descriptor?? [ 1475.661767][T21325] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.760389][T24008] tipc: Enabled bearer , priority 0 [ 1475.789471][T24008] syzkaller0: entered promiscuous mode [ 1475.803360][T24008] syzkaller0: entered allmulticast mode [ 1475.828342][T21308] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1475.866637][T24008] tipc: Resetting bearer [ 1475.890186][ T3362] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.899223][T21312] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.908222][T21332] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.001037][T24020] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5481'. [ 1476.027899][T24020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.045307][T24020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.046389][T24022] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5482'. [ 1476.054279][T24020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.072275][T24011] tipc: Resetting bearer [ 1476.083299][T21308] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1476.095070][T21308] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1476.106562][T21308] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1476.124176][T21308] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1476.138868][T21308] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1476.148074][T21308] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1476.156112][T21308] usb 2-1: Product: syz [ 1476.180505][T21308] usb 2-1: Manufacturer: syz [ 1476.188626][T24011] tipc: Disabling bearer [ 1476.197124][T21308] cdc_wdm 2-1:1.0: skipping garbage [ 1476.202413][T21308] cdc_wdm 2-1:1.0: skipping garbage [ 1476.211157][T21308] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1476.220284][T21308] cdc_wdm 2-1:1.0: Unknown control protocol [ 1476.411606][T24028] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1476.425940][T24028] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1476.452591][T11157] usb 2-1: USB disconnect, device number 6 [ 1476.517730][T24030] FAULT_INJECTION: forcing a failure. [ 1476.517730][T24030] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1476.530793][T24030] CPU: 1 UID: 0 PID: 24030 Comm: syz.2.5485 Tainted: G L syzkaller #0 PREEMPT(full) [ 1476.530815][T24030] Tainted: [L]=SOFTLOCKUP [ 1476.530819][T24030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1476.530827][T24030] Call Trace: [ 1476.530833][T24030] [ 1476.530838][T24030] dump_stack_lvl+0xe8/0x150 [ 1476.530859][T24030] should_fail_ex+0x412/0x560 [ 1476.530878][T24030] _copy_to_user+0x31/0xb0 [ 1476.530897][T24030] simple_read_from_buffer+0xe1/0x170 [ 1476.530916][T24030] proc_fail_nth_read+0x1bb/0x230 [ 1476.530934][T24030] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1476.530951][T24030] ? rw_verify_area+0x2a6/0x4d0 [ 1476.530968][T24030] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1476.530984][T24030] vfs_read+0x20c/0xa70 [ 1476.531004][T24030] ? __pfx___mutex_lock+0x10/0x10 [ 1476.531020][T24030] ? __pfx_vfs_read+0x10/0x10 [ 1476.531038][T24030] ? __fget_files+0x2a/0x420 [ 1476.531054][T24030] ? __fget_files+0x3a0/0x420 [ 1476.531068][T24030] ? __fget_files+0x2a/0x420 [ 1476.531087][T24030] ksys_read+0x150/0x270 [ 1476.531105][T24030] ? __pfx_ksys_read+0x10/0x10 [ 1476.531121][T24030] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1476.531141][T24030] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.531155][T24030] do_syscall_64+0x15f/0xf80 [ 1476.531169][T24030] ? trace_irq_disable+0x3b/0x140 [ 1476.531187][T24030] ? clear_bhb_loop+0x40/0x90 [ 1476.531203][T24030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.531215][T24030] RIP: 0033:0x7f7d35f5d60e [ 1476.531242][T24030] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1476.531253][T24030] RSP: 002b:00007f7d36deefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1476.531268][T24030] RAX: ffffffffffffffda RBX: 00007f7d36def6c0 RCX: 00007f7d35f5d60e [ 1476.531277][T24030] RDX: 000000000000000f RSI: 00007f7d36def0a0 RDI: 0000000000000006 [ 1476.531285][T24030] RBP: 00007f7d36def090 R08: 0000000000000000 R09: 0000000000000000 [ 1476.531293][T24030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1476.531300][T24030] R13: 00007f7d36216038 R14: 00007f7d36215fa0 R15: 00007f7d3633fa48 [ 1476.531319][T24030] [ 1476.895545][T24023] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.906900][T21310] usb 1-1: Firmware version (0.0) predates our first public release. [ 1476.919039][T21310] usb 1-1: Please update to version 0.2 or newer [ 1477.410407][T21310] usb 1-1: USB disconnect, device number 39 [ 1477.634319][T24054] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5493'. [ 1477.695429][T11157] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1477.874266][T24060] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1477.941301][T24062] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1478.384765][T24076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5500'. [ 1478.765676][T24083] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5504'. [ 1478.839928][T24081] tipc: Enabled bearer , priority 0 [ 1478.873681][T24081] syzkaller0: entered promiscuous mode [ 1478.879232][T24081] syzkaller0: entered allmulticast mode [ 1478.920357][T11157] usb 2-1: device descriptor read/all, error -71 [ 1479.015200][T24081] tipc: Resetting bearer [ 1479.220408][T24088] tipc: Resetting bearer [ 1479.282999][T24088] tipc: Disabling bearer [ 1479.424022][T24095] xt_HMARK: spi-set and port-set can't be combined [ 1479.563502][T21310] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1479.812094][T24101] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5509'. [ 1480.490767][T24125] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5515'. [ 1480.590787][ T3326] net_ratelimit: 12 callbacks suppressed [ 1480.590808][ T3326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1480.627719][ T3326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.155030][T15826] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 1481.208332][T21308] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.614731][T15826] usb 5-1: device descriptor read/64, error -71 [ 1481.842998][T21310] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1481.852091][T21310] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1481.860097][T21310] usb 3-1: Product: syz [ 1481.864266][T21310] usb 3-1: Manufacturer: syz [ 1481.868853][T21310] usb 3-1: SerialNumber: syz [ 1481.888441][T21310] usb 3-1: config 0 descriptor?? [ 1481.949629][T15826] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 1482.171855][T24161] netlink: 'syz.1.5527': attribute type 62 has an invalid length. [ 1482.181899][T21308] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1482.380230][T21308] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1482.390827][T15826] usb 5-1: device descriptor read/64, error -71 [ 1482.411762][T21308] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 1482.431651][T21308] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 1482.459323][T21308] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1482.484833][T21308] usb 4-1: config 0 descriptor?? [ 1482.499553][T21310] usb 3-1: Firmware version (0.0) predates our first public release. [ 1482.507851][T21310] usb 3-1: Please update to version 0.2 or newer [ 1482.514540][T15826] usb usb5-port1: attempt power cycle [ 1482.613770][T21325] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1482.946333][T15826] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 1482.961866][T21310] usb 3-1: USB disconnect, device number 22 [ 1483.059155][T24169] FAULT_INJECTION: forcing a failure. [ 1483.059155][T24169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1483.093619][T24169] CPU: 1 UID: 0 PID: 24169 Comm: syz.2.5529 Tainted: G L syzkaller #0 PREEMPT(full) [ 1483.093643][T24169] Tainted: [L]=SOFTLOCKUP [ 1483.093648][T24169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1483.093660][T24169] Call Trace: [ 1483.093669][T24169] [ 1483.093678][T24169] dump_stack_lvl+0xe8/0x150 [ 1483.093709][T24169] should_fail_ex+0x412/0x560 [ 1483.093739][T24169] _copy_to_user+0x31/0xb0 [ 1483.093762][T24169] move_addr_to_user+0x13a/0x210 [ 1483.093779][T24169] ____sys_recvmsg+0x245/0x4a0 [ 1483.093800][T24169] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1483.093837][T24169] ? import_iovec+0x73/0xa0 [ 1483.093868][T24169] ___sys_recvmsg+0x215/0x590 [ 1483.093899][T24169] ? __pfx____sys_recvmsg+0x10/0x10 [ 1483.093919][T24169] ? __fget_files+0x2a/0x420 [ 1483.093948][T24169] ? __fget_files+0x3a0/0x420 [ 1483.093982][T24169] do_recvmmsg+0x334/0x800 [ 1483.094018][T24169] ? __pfx_do_recvmmsg+0x10/0x10 [ 1483.094056][T24169] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1483.094095][T24169] __x64_sys_recvmmsg+0x198/0x250 [ 1483.094119][T24169] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1483.094154][T24169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1483.094176][T24169] do_syscall_64+0x15f/0xf80 [ 1483.094197][T24169] ? trace_irq_disable+0x3b/0x140 [ 1483.094219][T24169] ? clear_bhb_loop+0x40/0x90 [ 1483.094234][T24169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1483.094246][T24169] RIP: 0033:0x7f7d35f9cdd9 [ 1483.094269][T24169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1483.094287][T24169] RSP: 002b:00007f7d36def028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1483.094310][T24169] RAX: ffffffffffffffda RBX: 00007f7d36215fa0 RCX: 00007f7d35f9cdd9 [ 1483.094325][T24169] RDX: 0000000000000001 RSI: 0000200000003440 RDI: 0000000000000003 [ 1483.094338][T24169] RBP: 00007f7d36def090 R08: 0000000000000000 R09: 0000000000000000 [ 1483.094350][T24169] R10: 0000000000010022 R11: 0000000000000246 R12: 0000000000000001 [ 1483.094362][T24169] R13: 00007f7d36216038 R14: 00007f7d36215fa0 R15: 00007f7d3633fa48 [ 1483.094380][T24169] [ 1483.525878][T21325] usb 2-1: Using ep0 maxpacket: 16 [ 1483.630513][T15826] usb 5-1: device descriptor read/8, error -71 [ 1483.795426][T24177] netlink: 'syz.4.5532': attribute type 3 has an invalid length. [ 1483.803549][T24177] netlink: 766 bytes leftover after parsing attributes in process `syz.4.5532'. [ 1483.900462][T21332] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1484.184510][T21325] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1484.195301][T21325] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 1484.204362][T21325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1484.224534][T21332] usb 1-1: Using ep0 maxpacket: 32 [ 1484.235972][T21332] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1484.247118][T21325] usb 2-1: config 0 descriptor?? [ 1484.252963][T21332] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1484.267117][T21332] usb 1-1: config 0 descriptor?? [ 1484.293565][T21332] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1484.298179][T21310] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1484.412134][T21325] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1484.749567][T21310] usb 3-1: device descriptor read/64, error -71 [ 1484.808906][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.815291][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.887266][T21308] Bluetooth: Can't get state to change to load configuration err [ 1484.914700][T21308] Bluetooth: Loading sysconfig file failed [ 1484.934128][T21308] ath3k 4-1:0.0: probe with driver ath3k failed with error -16 [ 1484.975322][T21308] usb 4-1: USB disconnect, device number 12 [ 1485.086480][T21310] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1485.202826][T21332] gspca_vc032x: reg_w err -71 [ 1485.213224][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.228456][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.237737][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.244452][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.256801][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.264572][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.284447][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.296391][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.348814][T24192] team0: Device gtp0 is of different type [ 1485.356462][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.367944][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.387659][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.394518][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.402445][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.409833][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.415174][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.421905][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.427269][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.445749][T21332] gspca_vc032x: I2c Bus Busy Wait 00 [ 1485.453041][T21332] gspca_vc032x: Unknown sensor... [ 1485.458217][T21332] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 1485.477638][T21332] usb 1-1: USB disconnect, device number 40 [ 1485.533881][T21310] usb 3-1: device descriptor read/64, error -71 [ 1485.744410][T21310] usb usb3-port1: attempt power cycle [ 1486.184740][T21310] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1486.339676][T24207] netlink: 'syz.4.5540': attribute type 62 has an invalid length. [ 1486.435583][T21325] usb 2-1: USB disconnect, device number 9 [ 1486.630141][T21310] usb 3-1: device descriptor read/8, error -71 [ 1486.682854][T21332] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1486.690821][T21305] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1486.767706][T24216] tipc: Enabled bearer , priority 0 [ 1486.775700][T24216] syzkaller0: entered promiscuous mode [ 1486.781187][T24216] syzkaller0: entered allmulticast mode [ 1486.815412][T24216] syzkaller0: mtu greater than device maximum [ 1486.824995][T24215] tipc: Resetting bearer [ 1486.860378][T21305] usb 1-1: device descriptor read/64, error -71 [ 1486.872104][T24215] tipc: Disabling bearer [ 1486.980762][T21332] usb 5-1: Using ep0 maxpacket: 16 [ 1486.990482][T21332] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1487.007449][T21332] usb 5-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 1487.022028][T21332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1487.041525][T21332] usb 5-1: config 0 descriptor?? [ 1487.064642][T21332] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1487.138324][T21305] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1487.368163][T21305] usb 1-1: device descriptor read/64, error -71 [ 1487.524351][T21305] usb usb1-port1: attempt power cycle [ 1487.737221][T24232] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5547'. [ 1487.918417][T21305] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1487.970175][T21305] usb 1-1: device descriptor read/8, error -71 [ 1488.194031][T24244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5548'. [ 1488.348099][T21305] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1488.420450][T21305] usb 1-1: device descriptor read/8, error -71 [ 1488.532478][T21305] usb usb1-port1: unable to enumerate USB device [ 1488.630708][T15826] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1488.881868][T24270] FAULT_INJECTION: forcing a failure. [ 1488.881868][T24270] name failslab, interval 1, probability 0, space 0, times 0 [ 1488.894688][T24270] CPU: 1 UID: 0 PID: 24270 Comm: syz.2.5558 Tainted: G L syzkaller #0 PREEMPT(full) [ 1488.894711][T24270] Tainted: [L]=SOFTLOCKUP [ 1488.894716][T24270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1488.894724][T24270] Call Trace: [ 1488.894732][T24270] [ 1488.894738][T24270] dump_stack_lvl+0xe8/0x150 [ 1488.894759][T24270] should_fail_ex+0x412/0x560 [ 1488.894778][T24270] should_failslab+0xa8/0x100 [ 1488.894798][T24270] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 1488.894817][T24270] ? kasprintf+0xe2/0x140 [ 1488.894838][T24270] kvasprintf+0xeb/0x1a0 [ 1488.894854][T24270] ? nf_tables_newset+0x1393/0x2580 [ 1488.894873][T24270] ? nfnetlink_rcv+0x123e/0x27b0 [ 1488.894886][T24270] ? netlink_unicast+0x75c/0x8e0 [ 1488.894900][T24270] ? __pfx_kvasprintf+0x10/0x10 [ 1488.894916][T24270] ? do_syscall_64+0x15f/0xf80 [ 1488.894938][T24270] kasprintf+0xe2/0x140 [ 1488.894959][T24270] ? __pfx_kasprintf+0x10/0x10 [ 1488.894984][T24270] nf_tables_set_alloc_name+0x109/0x710 [ 1488.895001][T24270] ? trace_kmalloc+0x2a/0xf0 [ 1488.895019][T24270] ? __kmalloc_noprof+0x37d/0x760 [ 1488.895035][T24270] ? __pfx_nf_tables_set_alloc_name+0x10/0x10 [ 1488.895049][T24270] ? nla_strdup+0xb8/0x140 [ 1488.895072][T24270] nf_tables_newset+0x13b4/0x2580 [ 1488.895098][T24270] ? __pfx_nf_tables_newset+0x10/0x10 [ 1488.895128][T24270] ? __nla_parse+0x40/0x60 [ 1488.895147][T24270] nfnetlink_rcv+0x123e/0x27b0 [ 1488.895180][T24270] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1488.895202][T24270] ? ref_tracker_free+0x693/0x840 [ 1488.895235][T24270] ? __netlink_deliver_tap+0x807/0x850 [ 1488.895289][T24270] ? netlink_deliver_tap+0x2e/0x1b0 [ 1488.895304][T24270] ? netlink_deliver_tap+0x2e/0x1b0 [ 1488.895321][T24270] netlink_unicast+0x75c/0x8e0 [ 1488.895341][T24270] netlink_sendmsg+0x813/0xb40 [ 1488.895362][T24270] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1488.895379][T24270] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1488.895396][T24270] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1488.895415][T24270] ____sys_sendmsg+0x972/0x9f0 [ 1488.895432][T24270] ? __might_fault+0xaf/0x130 [ 1488.895451][T24270] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1488.895471][T24270] ? import_iovec+0x73/0xa0 [ 1488.895490][T24270] ___sys_sendmsg+0x2a5/0x360 [ 1488.895506][T24270] ? __lock_acquire+0x6b5/0x2cf0 [ 1488.895521][T24270] ? __pfx____sys_sendmsg+0x10/0x10 [ 1488.895557][T24270] ? __fget_files+0x2a/0x420 [ 1488.895571][T24270] ? __fget_files+0x3a0/0x420 [ 1488.895590][T24270] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1488.895608][T24270] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1488.895629][T24270] ? __pfx_ksys_write+0x10/0x10 [ 1488.895651][T24270] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1488.895665][T24270] do_syscall_64+0x15f/0xf80 [ 1488.895679][T24270] ? trace_irq_disable+0x3b/0x140 [ 1488.895697][T24270] ? clear_bhb_loop+0x40/0x90 [ 1488.895712][T24270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1488.895725][T24270] RIP: 0033:0x7f7d35f9cdd9 [ 1488.895739][T24270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1488.895750][T24270] RSP: 002b:00007f7d36def028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1488.895765][T24270] RAX: ffffffffffffffda RBX: 00007f7d36215fa0 RCX: 00007f7d35f9cdd9 [ 1488.895774][T24270] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1488.895782][T24270] RBP: 00007f7d36def090 R08: 0000000000000000 R09: 0000000000000000 [ 1488.895790][T24270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1488.895797][T24270] R13: 00007f7d36216038 R14: 00007f7d36215fa0 R15: 00007f7d3633fa48 [ 1488.895816][T24270] [ 1489.437150][T21308] usb 5-1: USB disconnect, device number 7 [ 1489.455252][T15826] usb 2-1: device descriptor read/64, error -71 [ 1489.465986][T24279] dlm: non-version read from control device 0 [ 1489.800238][T15826] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1489.847996][T21305] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1489.991381][T24287] FAULT_INJECTION: forcing a failure. [ 1489.991381][T24287] name failslab, interval 1, probability 0, space 0, times 0 [ 1490.005598][T24287] CPU: 1 UID: 0 PID: 24287 Comm: syz.2.5564 Tainted: G L syzkaller #0 PREEMPT(full) [ 1490.005634][T24287] Tainted: [L]=SOFTLOCKUP [ 1490.005642][T24287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1490.005654][T24287] Call Trace: [ 1490.005663][T24287] [ 1490.005672][T24287] dump_stack_lvl+0xe8/0x150 [ 1490.005704][T24287] should_fail_ex+0x412/0x560 [ 1490.005737][T24287] should_failslab+0xa8/0x100 [ 1490.005770][T24287] __kmalloc_noprof+0xe8/0x760 [ 1490.005799][T24287] ? tcf_idr_create+0x5d/0x6b0 [ 1490.005829][T24287] ? tcf_idr_check_alloc+0xc8/0x7f0 [ 1490.005863][T24287] tcf_idr_create+0x5d/0x6b0 [ 1490.005894][T24287] ? __nla_parse+0x40/0x60 [ 1490.005926][T24287] tcf_police_init+0x38a/0x1560 [ 1490.005965][T24287] ? __pfx_tcf_police_init+0x10/0x10 [ 1490.006014][T24287] ? nla_memcpy+0x5b/0xc0 [ 1490.006053][T24287] tcf_action_init_1+0x4ba/0x740 [ 1490.006083][T24287] ? __pfx_tcf_action_init_1+0x10/0x10 [ 1490.006104][T24287] ? _raw_read_unlock+0x28/0x50 [ 1490.006126][T24287] ? tc_action_load_ops+0x247/0x540 [ 1490.006171][T24287] ? __nla_parse+0x40/0x60 [ 1490.006203][T24287] tcf_action_init+0x31e/0xb40 [ 1490.006230][T24287] ? __kernel_text_address+0xd/0x30 [ 1490.006273][T24287] ? __pfx_tcf_action_init+0x10/0x10 [ 1490.006323][T24287] ? __mutex_trylock_common+0x158/0x260 [ 1490.006355][T24287] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1490.006411][T24287] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1490.006443][T24287] tcf_exts_validate_ex+0x246/0x540 [ 1490.006479][T24287] ? __pfx_tcf_exts_validate_ex+0x10/0x10 [ 1490.006535][T24287] mall_change+0x452/0x8a0 [ 1490.006571][T24287] ? __pfx_mall_change+0x10/0x10 [ 1490.006614][T24287] tc_new_tfilter+0xff8/0x1780 [ 1490.006673][T24287] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1490.006717][T24287] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1490.006758][T24287] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1490.006785][T24287] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1490.006813][T24287] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1490.006836][T24287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1490.006858][T24287] ? ref_tracker_free+0x693/0x840 [ 1490.006887][T24287] ? __pfx_ref_tracker_free+0x10/0x10 [ 1490.006912][T24287] ? __asan_memcpy+0x40/0x70 [ 1490.006935][T24287] ? __skb_clone+0x63/0x7a0 [ 1490.006971][T24287] netlink_rcv_skb+0x232/0x4b0 [ 1490.006999][T24287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1490.007026][T24287] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1490.007066][T24287] ? netlink_deliver_tap+0x2e/0x1b0 [ 1490.007092][T24287] ? netlink_deliver_tap+0x2e/0x1b0 [ 1490.007125][T24287] netlink_unicast+0x75c/0x8e0 [ 1490.007161][T24287] netlink_sendmsg+0x813/0xb40 [ 1490.007197][T24287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1490.007227][T24287] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1490.007264][T24287] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1490.007296][T24287] ____sys_sendmsg+0x972/0x9f0 [ 1490.007323][T24287] ? __might_fault+0xaf/0x130 [ 1490.007356][T24287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1490.007393][T24287] ? import_iovec+0x73/0xa0 [ 1490.007426][T24287] ___sys_sendmsg+0x2a5/0x360 [ 1490.007452][T24287] ? __lock_acquire+0x6b5/0x2cf0 [ 1490.007479][T24287] ? __pfx____sys_sendmsg+0x10/0x10 [ 1490.007544][T24287] ? __fget_files+0x2a/0x420 [ 1490.007566][T24287] ? __fget_files+0x3a0/0x420 [ 1490.007600][T24287] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1490.007629][T24287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1490.007666][T24287] ? __pfx_ksys_write+0x10/0x10 [ 1490.007704][T24287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.007727][T24287] do_syscall_64+0x15f/0xf80 [ 1490.007752][T24287] ? trace_irq_disable+0x3b/0x140 [ 1490.007782][T24287] ? clear_bhb_loop+0x40/0x90 [ 1490.007808][T24287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.007829][T24287] RIP: 0033:0x7f7d35f9cdd9 [ 1490.007849][T24287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1490.007867][T24287] RSP: 002b:00007f7d36def028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1490.007891][T24287] RAX: ffffffffffffffda RBX: 00007f7d36215fa0 RCX: 00007f7d35f9cdd9 [ 1490.007906][T24287] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 1490.007920][T24287] RBP: 00007f7d36def090 R08: 0000000000000000 R09: 0000000000000000 [ 1490.007933][T24287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1490.007945][T24287] R13: 00007f7d36216038 R14: 00007f7d36215fa0 R15: 00007f7d3633fa48 [ 1490.007979][T24287] [ 1490.555806][T21305] usb 1-1: Using ep0 maxpacket: 32 [ 1490.621466][T21305] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 1490.631140][T21305] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.639652][T21305] usb 1-1: Product: syz [ 1490.658522][T21305] usb 1-1: Manufacturer: syz [ 1490.663228][T21305] usb 1-1: SerialNumber: syz [ 1490.674913][T21305] usb 1-1: config 0 descriptor?? [ 1490.790574][T24297] fuse: Bad value for 'fd' [ 1490.835791][T15826] usb 2-1: device descriptor read/64, error -71 [ 1490.915331][T21305] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 045 [ 1490.943563][T15826] usb usb2-port1: attempt power cycle [ 1490.998802][T21332] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1491.282011][T21332] usb 3-1: Using ep0 maxpacket: 8 [ 1491.292809][T21332] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1491.306892][T21332] usb 3-1: config 11 has an invalid interface number: 242 but max is 0 [ 1491.318925][T21332] usb 3-1: config 11 has no interface number 0 [ 1491.325549][T21332] usb 3-1: config 11 interface 242 altsetting 225 has an endpoint descriptor with address 0x7B, changing to 0xB [ 1491.340113][T21332] usb 3-1: config 11 interface 242 altsetting 225 bulk endpoint 0xB has invalid maxpacket 8 [ 1491.350683][T21332] usb 3-1: config 11 interface 242 altsetting 225 endpoint 0x6 has invalid maxpacket 15735, setting to 64 [ 1491.362273][T21332] usb 3-1: config 11 interface 242 altsetting 225 endpoint 0xE has invalid wMaxPacketSize 0 [ 1491.372842][T21332] usb 3-1: config 11 interface 242 has no altsetting 0 [ 1491.383222][T21332] usb 3-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=38.8a [ 1491.399646][T21332] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1491.407770][T21332] usb 3-1: Product: syz [ 1491.411990][T21332] usb 3-1: Manufacturer: syz [ 1491.416602][T21332] usb 3-1: SerialNumber: syz [ 1491.425434][T24292] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1491.705357][T24309] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5570'. [ 1491.765031][T21332] usb 3-1: can only deal with bulk endpoints; endpoint 6 is not bulk. [ 1491.784825][T21332] usb 3-1: can only deal with bulk endpoints; endpoint 14 is not bulk. [ 1491.805491][T21332] usb 3-1: couldn't find two input bulk endpoints. Bailing out. [ 1491.856232][T21332] usb 3-1: USB disconnect, device number 27 [ 1492.330859][T24319] team0: entered promiscuous mode [ 1492.341152][T24319] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1492.351764][T24319] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 1492.447407][T24321] netlink: 'syz.1.5575': attribute type 30 has an invalid length. [ 1492.456179][T21308] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1492.519007][T21332] usb 1-1: USB disconnect, device number 45 [ 1492.639342][T24325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5577'. [ 1492.690071][T21308] usb 5-1: config 0 has no interfaces? [ 1492.703733][T24327] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 1492.721224][T21308] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1492.738610][T21310] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1492.747031][T21308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1492.773123][T21308] usb 5-1: config 0 descriptor?? [ 1492.914005][T24337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5582'. [ 1493.073783][T21305] usb 5-1: USB disconnect, device number 8 [ 1493.389994][T21310] usb 3-1: Using ep0 maxpacket: 32 [ 1493.624951][ T5637] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 1493.739141][T24346] tipc: Enabled bearer , priority 0 [ 1493.747454][T24346] syzkaller0: entered promiscuous mode [ 1493.752976][T24346] syzkaller0: entered allmulticast mode [ 1493.798615][T24346] tipc: Resetting bearer [ 1493.807714][T24345] tipc: Resetting bearer [ 1493.866817][T24345] tipc: Disabling bearer [ 1494.042527][T21310] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1494.237702][T24354] netlink: 'syz.1.5588': attribute type 8 has an invalid length. [ 1494.256942][T24354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5588'. [ 1494.274223][T24354] veth1_to_team: entered promiscuous mode [ 1494.283232][T24354] gretap0: entered promiscuous mode [ 1494.299490][T24354] veth1_to_team: left promiscuous mode [ 1494.305986][T24354] gretap0: left promiscuous mode [ 1494.547931][T21308] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1494.724012][T21310] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1494.733135][T21310] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1494.741515][T21310] usb 3-1: Product: syz [ 1494.745710][T21310] usb 3-1: Manufacturer: syz [ 1494.779572][T21308] usb 5-1: Using ep0 maxpacket: 8 [ 1494.793737][T21308] usb 5-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1494.814250][T21308] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1494.842395][T21308] usb 5-1: string descriptor 0 read error: -22 [ 1494.852757][T21308] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.40 [ 1494.868340][T21308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1494.951567][T21310] hub 3-1:4.0: bad descriptor, ignoring hub [ 1494.957569][T21310] hub 3-1:4.0: probe with driver hub failed with error -5 [ 1494.971575][T21310] usbhid 3-1:4.0: couldn't find an input interrupt endpoint [ 1495.172700][T24319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1495.188865][T24319] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1495.290535][T21325] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1495.298603][T21305] usb 3-1: USB disconnect, device number 28 [ 1495.417678][T21308] hid_parser_main: 68 callbacks suppressed [ 1495.417697][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.447642][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.454469][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.467766][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.482121][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.489079][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.495917][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.503479][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.510381][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.517317][T21308] sony 0003:054C:0268.0045: unknown main item tag 0x0 [ 1495.532950][T24371] netlink: 'syz.0.5595': attribute type 30 has an invalid length. [ 1495.577037][T21308] sony 0003:054C:0268.0045: hiddev0,hidraw0: USB HID v80.01 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0 [ 1495.588908][T21308] sony 0003:054C:0268.0045: failed to claim input [ 1495.637792][T21308] usb 5-1: USB disconnect, device number 9 [ 1495.653883][T24372] fido_id[24372]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/0003:054C:0268.0045/report_descriptor': No such file or directory [ 1496.295917][T21310] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1496.621364][T21325] usb 2-1: config 0 has no interfaces? [ 1496.627102][T21325] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1496.636211][ T5361] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 1496.644602][T21325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.654836][T21325] usb 2-1: config 0 descriptor?? [ 1496.678055][T21308] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1496.738007][T21310] usb 1-1: Using ep0 maxpacket: 16 [ 1496.747372][T21310] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1496.762822][T21310] usb 1-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1496.774050][T21310] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1496.783106][T21310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.891366][T21308] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1496.900976][T21308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1496.909042][T21308] usb 3-1: Product: syz [ 1496.913220][T21308] usb 3-1: Manufacturer: syz [ 1496.917872][T21308] usb 3-1: SerialNumber: syz [ 1496.924629][T21308] usb 3-1: config 0 descriptor?? [ 1497.114906][T21312] usb 2-1: USB disconnect, device number 13 [ 1497.454157][T21310] mcp2221 0003:04D8:00DD.0046: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 1497.658062][T24379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1497.670840][T15826] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 1497.690246][T24379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1497.772924][T21312] usb 1-1: USB disconnect, device number 46 [ 1497.808614][T21308] usb 3-1: Firmware version (0.0) predates our first public release. [ 1497.837266][T21308] usb 3-1: Please update to version 0.2 or newer [ 1497.892590][T21308] usb 3-1: USB disconnect, device number 29 [ 1497.897982][ T5361] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1497.908740][ T5361] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1497.917751][ T5361] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 1498.468552][T24407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5608'. [ 1498.477499][T24407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5608'. [ 1498.539691][T24407] syzkaller0: entered promiscuous mode [ 1498.545352][T24407] syzkaller0: entered allmulticast mode [ 1498.659938][T24407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5608'. [ 1498.737960][T21312] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1498.800677][ T5361] usb 5-1: New USB device found, idVendor=154e, idProduct=500e, bcdDevice= 0.40 [ 1498.809800][ T5361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.817821][ T5361] usb 5-1: Product: syz [ 1498.822064][ T5361] usb 5-1: Manufacturer: syz [ 1498.826939][ T5361] usb 5-1: SerialNumber: syz [ 1498.917839][T21312] usb 3-1: device descriptor read/64, error -71 [ 1499.021792][T15826] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1499.029942][T15826] usb 4-1: config 0 has no interface number 0 [ 1499.097704][ T5361] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1499.171361][T13629] udevd[13629]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1499.188682][T21312] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1499.260715][T21308] usb 5-1: USB disconnect, device number 10 [ 1499.358152][T21312] usb 3-1: device descriptor read/64, error -71 [ 1499.486839][T21312] usb usb3-port1: attempt power cycle [ 1499.888048][T21312] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1499.942673][T21312] usb 3-1: device descriptor read/8, error -71 [ 1499.949437][T15826] usb 4-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 1499.958956][T15826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1499.966973][T15826] usb 4-1: Product: syz [ 1499.971166][T15826] usb 4-1: Manufacturer: syz [ 1499.975797][T15826] usb 4-1: SerialNumber: syz [ 1499.983495][T15826] usb 4-1: config 0 descriptor?? [ 1500.205785][T15826] usb 4-1: selecting invalid altsetting 1 [ 1500.211762][T15826] dvb_ttusb_budget: ttusb_init_controller: error [ 1500.218200][T15826] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1500.239017][T21312] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1500.292461][T21312] usb 3-1: device descriptor read/8, error -71 [ 1500.356946][T15826] DVB: Unable to find symbol stv0299_attach() [ 1500.417065][T15826] DVB: Unable to find symbol tda8083_attach() [ 1500.423214][T15826] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 1500.432506][T21312] usb usb3-port1: unable to enumerate USB device [ 1500.471004][T24427] netlink: 'syz.1.5613': attribute type 62 has an invalid length. [ 1500.539818][T24428] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5606'. [ 1500.919710][T21308] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1501.197899][T21308] usb 2-1: Using ep0 maxpacket: 16 [ 1501.235363][T21308] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1501.250222][T21308] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 1501.288759][T21308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1501.311700][T21308] usb 2-1: config 0 descriptor?? [ 1501.326667][T21308] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1506.030740][ T5361] usb 4-1: USB disconnect, device number 13 [ 1506.143955][T24441] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5614'. [ 1506.150216][T24440] tipc: Enabled bearer , priority 0 [ 1506.199519][T24440] syzkaller0: entered promiscuous mode [ 1506.205026][T24440] syzkaller0: entered allmulticast mode [ 1506.255754][T24446] bond4: entered allmulticast mode [ 1506.264664][T24446] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1506.418310][T24448] tipc: Resetting bearer [ 1506.476449][T24458] dlm: non-version read from control device 0 [ 1506.633169][T24454] tipc: Resetting bearer [ 1506.660164][T24454] tipc: Disabling bearer [ 1506.765094][T15826] usb 2-1: USB disconnect, device number 14 [ 1506.779527][T14210] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 1506.836562][ T5361] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1506.888259][T21308] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1506.922149][T24468] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5624'. [ 1507.047970][T14210] usb 5-1: Using ep0 maxpacket: 32 [ 1507.092183][T14210] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 1507.108447][T14210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1507.124693][T14210] usb 5-1: Product: syz [ 1507.133189][T21308] usb 4-1: config 0 has no interfaces? [ 1507.140650][T14210] usb 5-1: Manufacturer: syz [ 1507.145326][T21308] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1507.157612][T14210] usb 5-1: SerialNumber: syz [ 1507.169443][T21308] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.181700][T14210] usb 5-1: config 0 descriptor?? [ 1507.198002][T21308] usb 4-1: config 0 descriptor?? [ 1507.353377][T24471] tipc: Enabled bearer , priority 0 [ 1507.363847][T24471] syzkaller0: entered promiscuous mode [ 1507.369492][T24471] syzkaller0: entered allmulticast mode [ 1507.423654][T24471] tipc: Resetting bearer [ 1507.431349][T14210] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 011 [ 1507.448098][T24470] tipc: Resetting bearer [ 1507.515707][ T5361] usb 3-1: Using ep0 maxpacket: 16 [ 1507.527310][T24470] tipc: Disabling bearer [ 1507.547768][T21308] usb 4-1: USB disconnect, device number 14 [ 1507.694441][T24477] syzkaller0: entered promiscuous mode [ 1507.700054][T24477] syzkaller0: entered allmulticast mode [ 1507.799043][T14210] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 1507.994437][T24480] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5629'. [ 1508.082211][T14210] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1508.103289][T14210] usb 1-1: config 0 has no interface number 0 [ 1508.126032][T14210] usb 1-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 1508.159882][T14210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.178706][ T5361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1508.189594][ T5361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1508.199309][ T5361] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1508.213540][ T5361] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1508.222673][ T5361] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1508.233859][T14210] usb 1-1: Product: syz [ 1508.239932][ T5361] usb 3-1: config 0 descriptor?? [ 1508.241555][T14210] usb 1-1: Manufacturer: syz [ 1508.250575][T14210] usb 1-1: SerialNumber: syz [ 1508.267640][T24486] tipc: Enabled bearer , priority 0 [ 1508.272655][T14210] usb 1-1: config 0 descriptor?? [ 1508.275384][T24486] syzkaller0: entered promiscuous mode [ 1508.289946][T14210] usb 1-1: selecting invalid altsetting 1 [ 1508.290129][T14210] dvb_ttusb_budget: ttusb_init_controller: error [ 1508.290143][T14210] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1508.332521][T24486] syzkaller0: entered allmulticast mode [ 1508.414475][T14210] DVB: Unable to find symbol stv0299_attach() [ 1508.437235][T24486] tipc: Resetting bearer [ 1508.461120][T14210] DVB: Unable to find symbol tda8083_attach() [ 1508.471322][T14210] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 1508.591903][T24490] tipc: Resetting bearer [ 1508.642328][T24490] tipc: Disabling bearer [ 1508.684189][T24495] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5626'. [ 1508.764885][T24497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1508.856358][ T5361] hid_parser_main: 4005 callbacks suppressed [ 1508.856383][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.869762][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.876990][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.893892][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.901384][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.929097][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.936473][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.968972][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.976265][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1508.983539][ T5361] microsoft 0003:045E:07DA.0047: unknown main item tag 0x0 [ 1509.018464][ T5361] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0047/input/input165 [ 1509.199775][ T5361] microsoft 0003:045E:07DA.0047: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 1509.525022][T24461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1509.543625][T24461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1509.578654][T14210] usb 3-1: USB disconnect, device number 34 [ 1509.798252][T21305] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1509.868935][T24473] i2c i2c-1: failure writing data [ 1509.874239][T21308] usb 5-1: USB disconnect, device number 11 [ 1509.912796][T24506] xt_hashlimit: size too large, truncated to 1048576 [ 1509.966092][T21310] usb 1-1: USB disconnect, device number 47 [ 1509.992580][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 1509.992601][ T29] audit: type=1326 audit(1777590736.498:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.083927][T21305] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1510.104678][T21305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.112899][ T29] audit: type=1326 audit(1777590736.498:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.158179][T21305] usb 2-1: Product: syz [ 1510.176197][T21305] usb 2-1: Manufacturer: syz [ 1510.186151][T21305] usb 2-1: SerialNumber: syz [ 1510.211560][T21305] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1510.242977][T14210] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1510.252289][ T29] audit: type=1326 audit(1777590736.498:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.323042][ T29] audit: type=1326 audit(1777590736.498:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.376455][ T29] audit: type=1326 audit(1777590736.498:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.509581][ T29] audit: type=1326 audit(1777590736.498:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.688465][ T29] audit: type=1326 audit(1777590736.498:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.713065][ T29] audit: type=1326 audit(1777590736.498:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.747034][T21310] usb 2-1: USB disconnect, device number 15 [ 1510.755053][T24516] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5635'. [ 1510.834831][ T29] audit: type=1326 audit(1777590736.498:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1510.937613][ T29] audit: type=1326 audit(1777590736.498:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24505 comm="syz.4.5634" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x7ffc0000 [ 1511.035191][T24516] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5635'. [ 1511.338658][T14210] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1511.352791][T14210] ath9k_htc: Failed to initialize the device [ 1511.370695][T21310] usb 2-1: ath9k_htc: USB layer deinitialized [ 1511.507826][T24533] tipc: Enabled bearer , priority 0 [ 1511.517936][T24533] syzkaller0: entered promiscuous mode [ 1511.523452][T24533] syzkaller0: entered allmulticast mode [ 1511.712815][T24533] tipc: Resetting bearer [ 1511.748690][T21332] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1511.817869][T24541] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5644'. [ 1511.837941][T24541] netlink: 'syz.4.5644': attribute type 10 has an invalid length. [ 1511.858519][T24541] bond0: (slave netdevsim1): Releasing backup interface [ 1511.874296][T24541] netlink: 'syz.4.5644': attribute type 10 has an invalid length. [ 1511.885382][T24541] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1511.918927][T24541] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1511.938199][T24539] tipc: Resetting bearer [ 1512.020131][ T5361] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1512.020799][T21332] usb 4-1: config 0 has no interfaces? [ 1512.043784][T21332] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1512.063489][T21332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1512.074334][T24539] tipc: Disabling bearer [ 1512.097637][T21332] usb 4-1: config 0 descriptor?? [ 1512.216564][T24549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5648'. [ 1512.323233][T21325] usb 4-1: USB disconnect, device number 15 [ 1512.353527][T21310] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1512.569958][T15826] usb 3-1: new full-speed USB device number 35 using dummy_hcd [ 1512.674980][T11157] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 1512.682771][ T5361] usb 1-1: Using ep0 maxpacket: 8 [ 1513.004474][T21310] usb 2-1: Using ep0 maxpacket: 32 [ 1513.113031][T11157] usb 5-1: device descriptor read/64, error -71 [ 1513.168115][T21332] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1513.327153][ T5361] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1513.338124][ T5361] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1513.347244][ T5361] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.358058][ T5361] usb 1-1: config 0 descriptor?? [ 1513.407748][T21332] usb 4-1: Using ep0 maxpacket: 32 [ 1513.414856][T21332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1513.425844][T21332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1513.436149][T21332] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1513.439966][T11157] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 1513.453558][T21332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.464252][T21332] usb 4-1: config 0 descriptor?? [ 1513.473659][T21332] hub 4-1:0.0: USB hub found [ 1513.660888][T21310] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 1513.669320][T21310] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1513.677972][T21310] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1513.687188][T21310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1513.687319][T21332] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1513.696952][T21310] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1513.696986][T21310] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1513.697044][T21310] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1513.697070][T21310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.748832][T21310] usb 2-1: config 0 descriptor?? [ 1513.781931][ T5361] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1513.885661][T15826] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1513.893719][T15826] usb 3-1: config 0 has no interface number 0 [ 1513.995486][T11157] usb 5-1: device descriptor read/64, error -71 [ 1514.108037][T11157] usb usb5-port1: attempt power cycle [ 1514.116919][T21310] usblp 2-1:0.0: usblp1: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1514.144494][T21310] usb 2-1: USB disconnect, device number 16 [ 1514.161439][T21310] usblp1: removed [ 1514.169716][T21332] usbhid 4-1:0.0: can't add hid device: -71 [ 1514.180731][T21332] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1514.210269][T21332] usb 4-1: USB disconnect, device number 16 [ 1514.515448][T16887] usb 1-1: USB disconnect, device number 48 [ 1514.556197][T11157] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 1514.774569][T15826] usb 3-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 1514.783969][T15826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.791974][T15826] usb 3-1: Product: syz [ 1514.796163][T15826] usb 3-1: Manufacturer: syz [ 1514.800773][T15826] usb 3-1: SerialNumber: syz [ 1514.806535][ T5361] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1514.816049][T15826] usb 3-1: config 0 descriptor?? [ 1514.995375][T11157] usb 5-1: device descriptor read/8, error -71 [ 1515.001724][T21310] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1515.011945][T15826] usb 3-1: selecting invalid altsetting 1 [ 1515.017788][T15826] dvb_ttusb_budget: ttusb_init_controller: error [ 1515.024127][T15826] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1515.063012][T15826] DVB: Unable to find symbol stv0299_attach() [ 1515.090378][T15826] DVB: Unable to find symbol tda8083_attach() [ 1515.110064][T15826] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 1515.203950][T24547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5647'. [ 1515.234124][T15826] usb 3-1: USB disconnect, device number 35 [ 1515.324703][T11157] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 1515.435449][ T5361] usb 4-1: Using ep0 maxpacket: 32 [ 1515.468275][T24558] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1515.520861][T24562] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1515.533160][T24562] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1515.763598][T11157] usb 5-1: device descriptor read/8, error -71 [ 1515.769972][T21310] usb 2-1: device not accepting address 17, error -71 [ 1515.816638][T24566] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1515.877359][T11157] usb usb5-port1: unable to enumerate USB device [ 1515.920486][T24568] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5655'. [ 1515.950236][T24568] netlink: 'syz.2.5655': attribute type 10 has an invalid length. [ 1515.963616][T24568] bond0: (slave netdevsim1): Releasing backup interface [ 1515.971278][T24568] bond0: (slave netdevsim1): the permanent HWaddr of slave - 36:22:3d:88:e1:06 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1515.994943][T21325] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1516.006543][T24568] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1516.016927][T24568] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 1516.027662][T24568] team0: Port device netdevsim1 added [ 1516.037479][T24568] netlink: 'syz.2.5655': attribute type 10 has an invalid length. [ 1516.049237][T24568] netdevsim netdevsim2 netdevsim1: left promiscuous mode [ 1516.058819][T24570] vcan0: tx address claim with dlc 0 [ 1516.066812][T24568] team0: Port device netdevsim1 removed [ 1516.075594][T24568] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1516.084277][T24568] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1516.216633][ T5361] usb 4-1: unable to read config index 0 descriptor/all [ 1516.224302][ T5361] usb 4-1: can't read configurations, error -71 [ 1516.467581][T24583] dummy0: entered allmulticast mode [ 1516.656583][ T5361] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1516.664336][T21325] usb 1-1: Using ep0 maxpacket: 32 [ 1516.870741][T11157] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1517.087844][T15826] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1517.302113][T21325] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 1517.310350][T21325] usb 1-1: config 0 has no interface number 0 [ 1517.316506][T21325] usb 1-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping [ 1517.327590][ T5361] usb 4-1: Using ep0 maxpacket: 32 [ 1517.554594][T24592] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1517.961666][ T5361] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1517.969999][ T5361] usb 4-1: config 0 has no interface number 0 [ 1517.976433][ T5361] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1518.178986][T11157] usb 3-1: config 0 has no interfaces? [ 1518.184656][T11157] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1518.193704][T11157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1518.202999][T21325] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1518.212069][T21325] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.220243][T21325] usb 1-1: Product: syz [ 1518.224455][T21325] usb 1-1: Manufacturer: syz [ 1518.229067][T21325] usb 1-1: SerialNumber: syz [ 1518.239139][T11157] usb 3-1: config 0 descriptor?? [ 1518.245354][T21325] usb 1-1: config 0 descriptor?? [ 1518.403075][T15826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1518.414192][T15826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1518.423988][T15826] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1518.434644][T21325] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1518.444899][T21325] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22 [ 1518.461382][T15826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1518.515839][T15826] usb 5-1: config 0 descriptor?? [ 1518.614103][T21332] usb 3-1: USB disconnect, device number 36 [ 1518.689838][T24597] syzkaller0: entered promiscuous mode [ 1518.698625][T24597] syzkaller0: entered allmulticast mode [ 1518.850589][ T5361] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1518.859686][ T5361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.868358][ T5361] usb 4-1: Product: syz [ 1518.872583][ T5361] usb 4-1: Manufacturer: syz [ 1518.877210][ T5361] usb 4-1: SerialNumber: syz [ 1518.895171][ T5361] usb 4-1: config 0 descriptor?? [ 1518.970419][T24588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1518.979126][T24588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1519.504999][T15826] usbhid 5-1:0.0: can't add hid device: -71 [ 1519.511735][T15826] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1519.531258][T15826] usb 5-1: USB disconnect, device number 16 [ 1519.725199][T21332] usb 1-1: USB disconnect, device number 49 [ 1519.793306][T24606] syzkaller0: entered promiscuous mode [ 1519.798828][T24606] syzkaller0: entered allmulticast mode [ 1519.811048][T24606] tcf_pedit_act: 7 callbacks suppressed [ 1519.811069][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.833891][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.840813][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.847640][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.854597][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.861394][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.868173][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.874944][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.881850][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.888645][T24606] tc action pedit offset must be on 32 bit boundaries [ 1519.895490][T24606] 0: reclassify loop, rule prio 0, protocol 800 [ 1520.028537][T24610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5671'. [ 1520.057959][T11157] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1520.066239][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71 [ 1520.077136][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 1520.150452][T24610] netlink: 'syz.0.5671': attribute type 1 has an invalid length. [ 1520.159046][T24610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5671'. [ 1520.175941][T15826] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1520.184370][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1520.195209][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1520.225861][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1520.239213][ T5361] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1520.257949][ T5361] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 1520.314802][ T5361] usb 4-1: USB disconnect, device number 18 [ 1520.612725][T24622] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1520.640837][T24622] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1520.854435][T11157] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1520.872590][T11157] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1520.905291][T11157] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1520.938159][T11157] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1521.143598][T24632] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5680'. [ 1521.170382][T24632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5680'. [ 1521.218197][T21332] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1521.511771][T21332] usb 2-1: config 0 has no interfaces? [ 1521.522094][T21332] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1521.535922][T21332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.552038][T21332] usb 2-1: config 0 descriptor?? [ 1521.830522][T11157] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice= 0.40 [ 1521.839823][T11157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1521.847932][T11157] usb 3-1: Product: syz [ 1521.852407][T11157] usb 3-1: Manufacturer: syz [ 1521.857025][T11157] usb 3-1: SerialNumber: syz [ 1521.874755][T21332] usb 2-1: USB disconnect, device number 19 [ 1522.047136][T15826] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1522.057990][T15826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1522.068838][T15826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1522.156724][T15826] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1522.594519][T11157] usb 3-1: Can't get UAC3 power state for id 10 [ 1522.602249][T15826] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1522.611417][T15826] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1522.619493][T15826] usb 5-1: Manufacturer: syz [ 1522.636814][T15826] usb 5-1: config 0 descriptor?? [ 1522.706088][T21310] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 1522.959209][T24649] netlink: 'syz.2.5685': attribute type 3 has an invalid length. [ 1523.045105][T11157] usb 3-1: 2:0: failed to get current value for ch 0 (-71) [ 1523.064522][T24626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1523.093620][T24626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1523.619730][T24668] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1523.722273][T15826] usbhid 5-1:0.0: can't add hid device: -71 [ 1523.728305][T15826] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1523.744973][T15826] usb 5-1: USB disconnect, device number 17 [ 1524.107998][T21332] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1524.278369][T11157] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 1524.286001][T11157] usb 3-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 1524.295861][T11157] usb 3-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1 [ 1524.392530][T21332] usb 4-1: Using ep0 maxpacket: 32 [ 1524.420581][T21332] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1524.437502][T21332] usb 4-1: config 3 has an invalid interface number: 2 but max is 0 [ 1524.467908][T21332] usb 4-1: config 3 has no interface number 0 [ 1524.488347][T21332] usb 4-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=20.c1 [ 1524.519437][T21332] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1524.545096][T21332] usb 4-1: Product: syz [ 1524.554473][T21332] usb 4-1: Manufacturer: syz [ 1524.577216][T21332] usb 4-1: SerialNumber: syz [ 1524.637164][T11157] usb 3-1: USB disconnect, device number 37 [ 1524.830155][T21332] rtsx_usb 4-1:3.2: probe with driver rtsx_usb failed with error -22 [ 1524.863254][T24680] udevd[24680]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1524.891456][T21332] usb 4-1: USB disconnect, device number 19 [ 1524.950983][T21310] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1524.960287][T21310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1524.968315][T21310] usb 2-1: Product: syz [ 1524.972525][T21310] usb 2-1: Manufacturer: syz [ 1524.977256][T21310] usb 2-1: SerialNumber: syz [ 1525.009050][T21310] usb 2-1: config 0 descriptor?? [ 1525.435533][T24686] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5694'. [ 1525.501565][T21310] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1525.558091][T21332] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 1525.756242][T24643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1525.810619][T24643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1525.830651][T21332] usb 1-1: config 0 has no interfaces? [ 1525.842999][T21332] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1525.867784][T21332] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1525.888915][T21332] usb 1-1: config 0 descriptor?? [ 1526.116367][T21332] usb 1-1: USB disconnect, device number 50 [ 1526.421665][T24702] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5699'. [ 1526.818909][T21310] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1526.869184][T21308] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1526.981682][T24710] syzkaller0: entered promiscuous mode [ 1526.987233][T24710] syzkaller0: entered allmulticast mode [ 1527.088751][T21332] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 1527.138282][T21308] usb 3-1: Using ep0 maxpacket: 16 [ 1527.151804][T21308] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1527.168832][T21308] usb 3-1: config 1 has an invalid interface number: 244 but max is 1 [ 1527.180299][T21308] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1527.190669][T21308] usb 3-1: config 1 has 3 interfaces, different from the descriptor's value: 2 [ 1527.201706][T21308] usb 3-1: config 1 has no interface number 2 [ 1527.208020][T21308] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1527.219135][T21308] usb 3-1: config 1 interface 244 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1527.232382][T21308] usb 3-1: config 1 interface 244 has no altsetting 0 [ 1527.242404][T21308] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1527.253226][T21308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.261329][T21308] usb 3-1: Product: syz [ 1527.265554][T21308] usb 3-1: Manufacturer: syz [ 1527.270208][T21308] usb 3-1: SerialNumber: syz [ 1527.297990][T14210] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1527.350414][T21332] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1527.359907][T21332] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1527.370959][T21332] usb 1-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40 [ 1527.381169][T21332] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.397606][T21332] usb 1-1: Product: syz [ 1527.403365][T21332] usb 1-1: Manufacturer: syz [ 1527.411022][T21332] usb 1-1: SerialNumber: syz [ 1527.492237][T21308] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1527.505629][T21310] usb 2-1: USB disconnect, device number 20 [ 1527.526730][T21308] cdc_ncm 3-1:1.0: bind() failure [ 1527.545694][T14210] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 1527.564377][T21308] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1527.571374][T14210] usb 4-1: config 0 has no interface number 0 [ 1527.573102][T24720] syzkaller0: entered promiscuous mode [ 1527.589817][T21308] cdc_ncm 3-1:1.1: bind() failure [ 1527.605559][T21308] cdc_mbim 3-1:1.244: probe with driver cdc_mbim failed with error -71 [ 1527.615461][T24720] syzkaller0: entered allmulticast mode [ 1527.633368][T14210] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 1527.637492][T24720] 0: reclassify loop, rule prio 0, protocol 800 [ 1527.647770][T21308] usb 3-1: USB disconnect, device number 38 [ 1527.656345][T14210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.682918][T14210] usb 4-1: Product: syz [ 1527.697717][T14210] usb 4-1: Manufacturer: syz [ 1527.702550][T14210] usb 4-1: SerialNumber: syz [ 1527.755460][T14210] usb 4-1: config 0 descriptor?? [ 1527.761782][T24726] IPVS: set_ctl: invalid protocol: 43 224.0.0.1:20000 [ 1527.801907][T24708] syzkaller0: entered promiscuous mode [ 1527.807470][T24708] syzkaller0: entered allmulticast mode [ 1528.129975][T14210] uvcvideo 4-1:0.64: Found UVC 0.08 device syz (046d:0823) [ 1528.139330][T14210] uvcvideo 4-1:0.64: No valid video chain found. [ 1528.149590][T14210] usb 4-1: USB disconnect, device number 20 [ 1528.218153][T21308] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1528.240902][T24732] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5710'. [ 1528.397678][T21308] usb 3-1: device descriptor read/64, error -71 [ 1528.542576][ T5637] Bluetooth: hci1: connection err: -111 [ 1528.551139][ T5637] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1528.560821][T24736] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5712'. [ 1528.639430][T24738] syzkaller0: entered promiscuous mode [ 1528.645005][T24738] syzkaller0: entered allmulticast mode [ 1528.667986][T21308] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1528.850980][T21308] usb 3-1: device descriptor read/64, error -71 [ 1528.898015][T14210] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1528.962940][T21308] usb usb3-port1: attempt power cycle [ 1528.974041][T24743] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5715'. [ 1529.170619][T14210] usb 5-1: config 0 has no interfaces? [ 1529.176395][T14210] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1529.207605][T14210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.218841][T14210] usb 5-1: config 0 descriptor?? [ 1529.348042][T21308] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1529.414525][T21308] usb 3-1: device descriptor read/8, error -71 [ 1529.526774][T11157] usb 5-1: USB disconnect, device number 18 [ 1529.689440][T21308] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1529.742581][T21308] usb 3-1: device descriptor read/8, error -71 [ 1529.796198][T24759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1529.870872][T21308] usb usb3-port1: unable to enumerate USB device [ 1530.238514][T21305] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1530.440259][ T5637] Bluetooth: hci4: unexpected event for opcode 0x2041 [ 1530.460253][T21305] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1530.480550][T21305] usb 4-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1530.556510][T21305] usb 4-1: config 2 interface 0 has no altsetting 0 [ 1530.586047][T21305] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47 [ 1530.605356][T21305] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1530.707617][T21305] usb 4-1: Product: syz [ 1530.716129][T21305] usb 4-1: Manufacturer: syz [ 1530.767251][T21305] usb 4-1: SerialNumber: syz [ 1531.147901][T21308] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1531.434092][T21308] usb 5-1: Using ep0 maxpacket: 32 [ 1531.445238][T21308] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 1531.461588][T21308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1531.500982][T21308] usb 5-1: Product: syz [ 1531.590640][T11157] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 1531.601860][T21308] usb 5-1: Manufacturer: syz [ 1531.632259][T21308] usb 5-1: SerialNumber: syz [ 1531.719738][T21308] usb 5-1: config 0 descriptor?? [ 1531.763719][T21308] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 1531.789153][T21308] dvb-usb: bulk message failed: -22 (2/0) [ 1531.840841][T21308] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1531.878612][T21308] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 1531.886928][T21308] usb 5-1: media controller created [ 1531.984195][T24772] loop9: detected capacity change from 0 to 524287936 [ 1532.025984][T21308] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1532.115534][T24772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1532.130304][T24772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1532.130498][T21308] usb 5-1: selecting invalid altsetting 7 [ 1532.146378][T21308] cxusb: set interface failed [ 1532.151262][T21308] dvb-usb: bulk message failed: -22 (1/0) [ 1532.280156][T21308] DVB: Unable to find symbol lgdt330x_attach() [ 1532.293792][T21308] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 1532.395247][T21308] rc_core: IR keymap rc-dvico-portable not found [ 1532.402553][T21308] Registered IR keymap rc-empty [ 1532.409620][T21308] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0 [ 1532.455952][T21308] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input166 [ 1532.480006][T21332] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input167 [ 1532.498063][T21308] dvb-usb: schedule remote query interval to 100 msecs. [ 1532.509812][T21308] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 1532.528154][ T4980] bcm5974 1-1:1.0: could not read from device [ 1532.548631][T21308] usb 5-1: USB disconnect, device number 19 [ 1532.553426][T24788] netlink: 'syz.1.5726': attribute type 29 has an invalid length. [ 1532.749606][ T4980] bcm5974 1-1:1.0: could not read from device [ 1532.867137][ T4980] bcm5974 1-1:1.0: could not read from device [ 1532.945831][T21308] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 1533.000525][T11157] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1533.008607][T11157] usb 3-1: config 0 has no interface number 0 [ 1533.014830][ T4980] bcm5974 1-1:1.0: could not read from device [ 1533.115850][T24680] bcm5974 1-1:1.0: could not read from device [ 1533.231641][T24680] bcm5974 1-1:1.0: could not read from device [ 1533.273569][T24680] udevd[24680]: Error opening device "/dev/input/event5": Input/output error [ 1533.284883][T24680] udevd[24680]: Unable to EVIOCGABS device "/dev/input/event5" [ 1533.299110][T24680] udevd[24680]: Unable to EVIOCGABS device "/dev/input/event5" [ 1533.312871][T24680] udevd[24680]: Unable to EVIOCGABS device "/dev/input/event5" [ 1533.347990][ T4980] bcm5974 1-1:1.0: could not read from device [ 1533.348846][T24680] udevd[24680]: Unable to EVIOCGABS device "/dev/input/event5" [ 1533.474353][ T4980] bcm5974 1-1:1.0: could not read from device [ 1533.930587][T21308] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1533.933388][ T5361] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1534.047277][T11157] usb 3-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 1534.056474][T11157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.064545][T11157] usb 3-1: Product: syz [ 1534.068743][T11157] usb 3-1: Manufacturer: syz [ 1534.082897][T11157] usb 3-1: config 0 descriptor?? [ 1534.161675][T21308] usb 2-1: Using ep0 maxpacket: 8 [ 1534.161673][T11157] usb 3-1: can't set config #0, error -71 [ 1534.163148][T11157] usb 3-1: USB disconnect, device number 43 [ 1534.188511][T21308] usb 2-1: config 0 has no interfaces? [ 1534.194815][T24800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1534.197234][T21308] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1534.235782][T24800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1534.249651][T24800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1534.249675][T21308] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.270215][T21308] usb 2-1: Product: syz [ 1534.283053][T21308] usb 2-1: Manufacturer: syz [ 1534.288358][T21308] usb 2-1: SerialNumber: syz [ 1534.294135][T24800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1534.303925][T24800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1534.308916][T21308] usb 2-1: config 0 descriptor?? [ 1535.068149][T24804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1535.096469][T24804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1536.182584][ T5361] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1536.191706][ T5361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.199727][ T5361] usb 5-1: Product: syz [ 1536.203892][ T5361] usb 5-1: Manufacturer: syz [ 1536.208476][ T5361] usb 5-1: SerialNumber: syz [ 1536.244872][ T5361] usb 5-1: config 0 descriptor?? [ 1536.511139][ T5637] Bluetooth: hci2: command tx timeout [ 1536.650392][T11157] usb 2-1: USB disconnect, device number 21 [ 1537.723796][T24777] tipc: Enabled bearer , priority 0 [ 1537.756721][T11157] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1537.761156][T24778] syzkaller0: entered promiscuous mode [ 1537.771877][T24778] syzkaller0: entered allmulticast mode [ 1537.776880][T21310] usb 1-1: USB disconnect, device number 51 [ 1537.781332][T24781] tipc: Resetting bearer [ 1537.924202][T24808] netlink: 'syz.0.5732': attribute type 10 has an invalid length. [ 1537.945735][T24781] tipc: Resetting bearer [ 1537.992335][ T5361] usb 5-1: can't set config #0, error -71 [ 1538.008848][ T5361] usb 5-1: USB disconnect, device number 20 [ 1538.542739][ T5637] Bluetooth: hci2: command tx timeout [ 1539.105771][T11157] usb 2-1: config 0 has no interfaces? [ 1539.111337][T11157] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1539.120496][T11157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1539.132550][T11157] usb 2-1: config 0 descriptor?? [ 1540.623596][ T5637] Bluetooth: hci2: command tx timeout [ 1542.681725][ T5637] Bluetooth: hci2: command tx timeout [ 1543.033481][T24781] tipc: Disabling bearer [ 1543.063246][T14210] tipc: Node number set to 132667224 [ 1543.187575][T11157] usb 4-1: USB disconnect, device number 21 [ 1543.189466][ T3326] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.317336][T24822] tipc: Enabling of bearer rejected, failed to enable media [ 1543.368227][T24837] Invalid option length (64058) for dns_resolver key [ 1543.392960][T24838] netlink: 'syz.0.5738': attribute type 10 has an invalid length. [ 1543.401740][T14210] usb 2-1: USB disconnect, device number 22 [ 1543.481827][T24841] netlink: 'syz.0.5738': attribute type 10 has an invalid length. [ 1543.517034][T24838] bond0: (slave netdevsim1): Releasing backup interface [ 1543.567037][T24838] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1543.576090][T24838] team0: Port device netdevsim1 added [ 1543.696667][ T3326] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.724091][T24841] team0: Port device netdevsim1 removed [ 1543.732903][T24841] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1543.743432][T24841] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1543.848140][T14210] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1543.859160][ T3326] bond0: (slave netdevsim1): Releasing backup interface [ 1543.869374][ T3326] bond0: (slave netdevsim1): the permanent HWaddr of slave - 36:22:3d:88:e1:06 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 1543.922422][ T3326] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.078219][T14210] usb 2-1: Using ep0 maxpacket: 8 [ 1544.094157][T14210] usb 2-1: config 0 has no interfaces? [ 1544.105680][T14210] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1544.141897][T14210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1544.167607][T14210] usb 2-1: Product: syz [ 1544.181605][T14210] usb 2-1: Manufacturer: syz [ 1544.194679][T14210] usb 2-1: SerialNumber: syz [ 1544.221014][T14210] usb 2-1: config 0 descriptor?? [ 1544.422456][ T3326] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.506932][T24802] bridge0: port 1(bridge_slave_0) entered blocking state [ 1544.514394][T24802] bridge0: port 1(bridge_slave_0) entered disabled state [ 1544.523771][T24802] bridge_slave_0: entered allmulticast mode [ 1544.539076][T24802] bridge_slave_0: entered promiscuous mode [ 1544.599615][T24802] bridge0: port 2(bridge_slave_1) entered blocking state [ 1544.607944][T24802] bridge0: port 2(bridge_slave_1) entered disabled state [ 1544.622590][T24802] bridge_slave_1: entered allmulticast mode [ 1544.629187][T14210] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 1544.662781][T24802] bridge_slave_1: entered promiscuous mode [ 1544.807940][T14210] usb 1-1: device descriptor read/64, error -71 [ 1544.844005][T24883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1544.871796][T24883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1544.894722][T24802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1545.008863][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 1545.008883][ T29] audit: type=1326 audit(1777590771.548:1542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24866 comm="syz.4.5746" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f389839cdd9 code=0x0 [ 1545.015743][T24802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1545.103097][T24802] team0: Port device team_slave_0 added [ 1545.119599][T14210] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 1545.145682][T24802] team0: Port device team_slave_1 added [ 1545.177797][T24802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1545.204301][T24802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1545.230346][T24802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1545.245352][T24802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1545.264884][T24802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1545.291468][T24802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1545.348193][T14210] usb 1-1: device descriptor read/64, error -71 [ 1545.459716][T14210] usb usb1-port1: attempt power cycle [ 1545.524971][T24802] hsr_slave_0: entered promiscuous mode [ 1545.531510][T24802] hsr_slave_1: entered promiscuous mode [ 1545.537860][T24802] debugfs: 'hsr0' already exists in 'hsr' [ 1545.543635][T24802] Cannot create hsr debugfs directory [ 1545.637749][T21308] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1545.858804][T21308] usb 4-1: Using ep0 maxpacket: 32 [ 1545.872431][T21308] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1545.883198][T14210] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1545.893636][T21308] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1545.902854][T21308] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1545.911329][T21308] usb 4-1: Product: syz [ 1545.915550][T21308] usb 4-1: Manufacturer: syz [ 1545.920250][T21308] usb 4-1: SerialNumber: syz [ 1545.927335][T21308] usb 4-1: config 0 descriptor?? [ 1545.933752][T14210] usb 1-1: device descriptor read/8, error -71 [ 1545.947972][T24890] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1545.962701][T21308] hub 4-1:0.0: bad descriptor, ignoring hub [ 1545.968822][T21308] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1546.166183][T24890] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1546.209023][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.215562][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.258166][T14210] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 1546.273415][ T3326] bond0 (unregistering): (slave macvlan2): Releasing backup interface [ 1546.282892][ T3326] team0: left promiscuous mode [ 1546.289394][ T3326] bond0 (unregistering): Released all slaves [ 1546.313108][ T3326] bond1 (unregistering): Released all slaves [ 1546.316215][T14210] usb 1-1: device descriptor read/8, error -71 [ 1546.335022][ T3326] bond2 (unregistering): Released all slaves [ 1546.353667][ T3326] bond3 (unregistering): Released all slaves [ 1546.368777][ T3326] bond4 (unregistering): Released all slaves [ 1546.384021][T24892] tipc: Enabled bearer , priority 0 [ 1546.391089][T24893] syzkaller0: entered promiscuous mode [ 1546.396751][T24893] syzkaller0: entered allmulticast mode [ 1546.406509][T24891] tipc: Resetting bearer [ 1546.434871][T14210] usb usb1-port1: unable to enumerate USB device [ 1546.525043][T24891] tipc: Disabling bearer [ 1546.591999][T15826] usb 2-1: USB disconnect, device number 23 [ 1546.648627][ T3326] tipc: Left network mode [ 1547.230913][T15826] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1547.531083][T21305] usb 4-1: USB disconnect, device number 22 [ 1548.243779][ T5290] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1548.297392][T15826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1548.311450][T15826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1548.325352][T15826] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1548.338285][T15826] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1548.347312][T15826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1548.358578][T15826] usb 2-1: config 0 descriptor?? [ 1548.820811][T24945] tipc: Enabled bearer , priority 0 [ 1548.828517][T24945] syzkaller0: entered promiscuous mode [ 1548.834031][T24945] syzkaller0: entered allmulticast mode [ 1548.860157][ T5361] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1548.914884][ T3326] hsr_slave_0: left promiscuous mode [ 1548.923098][ T3326] hsr_slave_1: left promiscuous mode [ 1548.946717][ T3326] veth1_macvtap: left promiscuous mode [ 1548.952361][ T3326] veth0_macvtap: left promiscuous mode [ 1548.958511][ T3326] veth1_vlan: left promiscuous mode [ 1548.964066][ T3326] veth0_vlan: left promiscuous mode [ 1549.092246][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.099738][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.107132][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.114523][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.121924][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.129525][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.136921][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.144354][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.151767][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.159197][T15826] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0 [ 1549.259196][T15826] plantronics 0003:047F:FFFF.0048: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1549.320713][T21305] usb 2-1: USB disconnect, device number 24 [ 1549.496780][T24960] fido_id[24960]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1549.540557][ T5361] usb 4-1: Using ep0 maxpacket: 8 [ 1549.979307][T24944] tipc: Resetting bearer [ 1550.050976][T24944] tipc: Disabling bearer [ 1550.063671][T24967] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5764'. [ 1550.076433][T15826] tipc: Node number set to 3043039403 [ 1550.246784][ T5361] usb 4-1: config 0 has no interfaces? [ 1550.359472][T24979] syzkaller0: entered promiscuous mode [ 1550.368421][T21305] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1550.380812][T24979] syzkaller0: entered allmulticast mode [ 1550.394451][T24802] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1550.407272][T24802] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1550.458852][T24802] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1550.539283][T24802] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1550.547447][T24802] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1550.562681][T24802] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1550.590238][T21305] usb 2-1: config 0 has no interfaces? [ 1550.596123][T21305] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1550.610673][T24802] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1550.621810][T21305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1550.634700][T24802] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1550.668850][T21305] usb 2-1: config 0 descriptor?? [ 1550.914539][T24802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1550.936363][T24802] 8021q: adding VLAN 0 to HW filter on device team0 [ 1551.002851][T15249] bridge0: port 1(bridge_slave_0) entered blocking state [ 1551.009997][T15249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1551.023336][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 1551.030566][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1551.076654][T24802] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1551.093541][T24802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1551.132305][T24802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1551.168836][T24802] veth0_vlan: entered promiscuous mode [ 1551.182889][T24802] veth1_vlan: entered promiscuous mode [ 1551.191044][ T5361] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1551.200136][ T5361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1551.208161][ T5361] usb 4-1: Product: syz [ 1551.212353][ T5361] usb 4-1: Manufacturer: syz [ 1551.212826][T24802] veth0_macvtap: entered promiscuous mode [ 1551.216967][ T5361] usb 4-1: SerialNumber: syz [ 1551.228284][T24802] veth1_macvtap: entered promiscuous mode [ 1551.240141][ T5361] usb 4-1: config 0 descriptor?? [ 1551.260051][T24802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1551.272916][T24802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1551.343529][T15249] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1551.388066][T15249] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1551.396857][T15249] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1551.405602][T15249] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1551.581406][T21308] usb 4-1: USB disconnect, device number 23 [ 1551.684481][T25004] loop9: detected capacity change from 0 to 8 [ 1551.698225][T21310] usb 2-1: USB disconnect, device number 25 [ 1551.721290][T25012] netlink: 'syz.0.5772': attribute type 1 has an invalid length. [ 1551.804702][T25004] loop9: detected capacity change from 8 to 7 [ 1551.831025][ C0] blk_print_req_error: 10 callbacks suppressed [ 1551.831047][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.846608][ C0] buffer_io_error: 336 callbacks suppressed [ 1551.846630][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.861899][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.871083][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.874769][T25012] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1551.890142][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.899390][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.923533][T25013] bond2: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 1551.935298][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.944480][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.952793][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.961924][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.969991][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1551.979141][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1551.987392][T25013] bond2: entered allmulticast mode [ 1551.997294][T15249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1552.005538][T15249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1552.012943][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1552.022189][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1552.039726][T25004] ldm_validate_partition_table(): Disk read failed. [ 1552.065319][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1552.074608][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1552.087809][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1552.096968][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1552.107060][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1552.116294][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1552.167112][T25028] FAULT_INJECTION: forcing a failure. [ 1552.167112][T25028] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.179964][T25004] Dev loop9: unable to read RDB block 0 [ 1552.185959][T25028] CPU: 0 UID: 0 PID: 25028 Comm: syz.0.5775 Tainted: G L syzkaller #0 PREEMPT(full) [ 1552.185992][T25028] Tainted: [L]=SOFTLOCKUP [ 1552.186000][T25028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1552.186011][T25028] Call Trace: [ 1552.186020][T25028] [ 1552.186028][T25028] dump_stack_lvl+0xe8/0x150 [ 1552.186060][T25028] should_fail_ex+0x412/0x560 [ 1552.186089][T25028] should_failslab+0xa8/0x100 [ 1552.186118][T25028] ? skb_clone+0x212/0x3a0 [ 1552.186144][T25028] kmem_cache_alloc_noprof+0x87/0x650 [ 1552.186170][T25028] ? __netlink_lookup+0xc6/0x8b0 [ 1552.186201][T25028] skb_clone+0x212/0x3a0 [ 1552.186232][T25028] __netlink_deliver_tap+0x404/0x850 [ 1552.186269][T25028] ? netlink_deliver_tap+0x2e/0x1b0 [ 1552.186297][T25028] netlink_deliver_tap+0x19c/0x1b0 [ 1552.186324][T25028] netlink_unicast+0x730/0x8e0 [ 1552.186359][T25028] netlink_sendmsg+0x813/0xb40 [ 1552.186395][T25028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1552.186434][T25028] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1552.186463][T25028] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1552.186493][T25028] ____sys_sendmsg+0x972/0x9f0 [ 1552.186518][T25028] ? __might_fault+0xaf/0x130 [ 1552.186550][T25028] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1552.186588][T25028] ? import_iovec+0x73/0xa0 [ 1552.186622][T25028] ___sys_sendmsg+0x2a5/0x360 [ 1552.186647][T25028] ? __lock_acquire+0x6b5/0x2cf0 [ 1552.186676][T25028] ? __pfx____sys_sendmsg+0x10/0x10 [ 1552.186742][T25028] ? __fget_files+0x2a/0x420 [ 1552.186766][T25028] ? __fget_files+0x3a0/0x420 [ 1552.186802][T25028] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1552.186833][T25028] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1552.186872][T25028] ? __pfx_ksys_write+0x10/0x10 [ 1552.186911][T25028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.186935][T25028] do_syscall_64+0x15f/0xf80 [ 1552.186961][T25028] ? trace_irq_disable+0x3b/0x140 [ 1552.186992][T25028] ? clear_bhb_loop+0x40/0x90 [ 1552.187019][T25028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.187045][T25028] RIP: 0033:0x7f67ea59cdd9 [ 1552.187066][T25028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1552.187084][T25028] RSP: 002b:00007f67eb3b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1552.187108][T25028] RAX: ffffffffffffffda RBX: 00007f67ea815fa0 RCX: 00007f67ea59cdd9 [ 1552.187124][T25028] RDX: 0000000004044844 RSI: 0000200000000300 RDI: 0000000000000003 [ 1552.187138][T25028] RBP: 00007f67eb3b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1552.187151][T25028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1552.187164][T25028] R13: 00007f67ea816038 R14: 00007f67ea815fa0 R15: 00007f67ea93fa48 [ 1552.187198][T25028] [ 1552.509894][ T138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1552.517784][ T138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1552.525802][T25004] loop9: unable to read partition table [ 1552.531618][T25004] loop9: partition table beyond EOD, truncated [ 1552.537869][T25004] loop_reread_partitions: partition scan of loop9 (|LCTn1`BPY 꽡7=ݥ4ɫ,߸MyV4!4) failed (rc=-5) [ 1552.571415][T25028] lo: MTU too low for tipc bearer [ 1552.576521][T25028] tipc: Enabling of bearer rejected, failed to enable media [ 1552.585573][T25026] FAULT_INJECTION: forcing a failure. [ 1552.585573][T25026] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.660100][T25026] CPU: 1 UID: 0 PID: 25026 Comm: syz.3.5776 Tainted: G L syzkaller #0 PREEMPT(full) [ 1552.660136][T25026] Tainted: [L]=SOFTLOCKUP [ 1552.660144][T25026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1552.660156][T25026] Call Trace: [ 1552.660165][T25026] [ 1552.660175][T25026] dump_stack_lvl+0xe8/0x150 [ 1552.660206][T25026] should_fail_ex+0x412/0x560 [ 1552.660249][T25026] should_failslab+0xa8/0x100 [ 1552.660283][T25026] __kmalloc_noprof+0xe8/0x760 [ 1552.660311][T25026] ? tomoyo_encode+0x28b/0x550 [ 1552.660345][T25026] tomoyo_encode+0x28b/0x550 [ 1552.660379][T25026] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1552.660410][T25026] ? tomoyo_domain+0xd7/0x130 [ 1552.660444][T25026] ? tomoyo_path_number_perm+0x219/0x630 [ 1552.660468][T25026] tomoyo_path_number_perm+0x246/0x630 [ 1552.660491][T25026] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1552.660513][T25026] ? __lock_acquire+0x6b5/0x2cf0 [ 1552.660553][T25026] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 1552.660600][T25026] ? __fget_files+0x2a/0x420 [ 1552.660625][T25026] ? __fget_files+0x2a/0x420 [ 1552.660646][T25026] ? __fget_files+0x3a0/0x420 [ 1552.660667][T25026] ? __fget_files+0x2a/0x420 [ 1552.660695][T25026] security_file_ioctl+0xc3/0x2a0 [ 1552.660720][T25026] __se_sys_ioctl+0x47/0x170 [ 1552.660750][T25026] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.660772][T25026] do_syscall_64+0x15f/0xf80 [ 1552.660795][T25026] ? trace_irq_disable+0x3b/0x140 [ 1552.660825][T25026] ? clear_bhb_loop+0x40/0x90 [ 1552.660850][T25026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.660871][T25026] RIP: 0033:0x7ff27799cdd9 [ 1552.660891][T25026] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1552.660909][T25026] RSP: 002b:00007ff27888a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1552.660932][T25026] RAX: ffffffffffffffda RBX: 00007ff277c15fa0 RCX: 00007ff27799cdd9 [ 1552.660947][T25026] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1552.660959][T25026] RBP: 00007ff27888a090 R08: 0000000000000000 R09: 0000000000000000 [ 1552.660972][T25026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1552.660984][T25026] R13: 00007ff277c16038 R14: 00007ff277c15fa0 R15: 00007ff277d3fa48 [ 1552.661015][T25026] [ 1552.661035][T25026] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1553.217953][T21305] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1553.298473][T21308] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 1553.468689][T21305] usb 2-1: Using ep0 maxpacket: 8 [ 1553.485578][T21305] usb 2-1: config 0 has no interfaces? [ 1553.509613][T21305] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1553.518963][T21305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1553.529512][T21305] usb 2-1: Product: syz [ 1553.534896][T21305] usb 2-1: Manufacturer: syz [ 1553.541154][T21308] usb 1-1: Using ep0 maxpacket: 8 [ 1553.546417][T21305] usb 2-1: SerialNumber: syz [ 1553.553884][T21308] usb 1-1: config 0 has no interfaces? [ 1553.565124][T21305] usb 2-1: config 0 descriptor?? [ 1553.591685][T21308] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1553.613534][T21308] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1553.623307][T21308] usb 1-1: Product: syz [ 1553.628345][T21308] usb 1-1: Manufacturer: syz [ 1553.633008][T21308] usb 1-1: SerialNumber: syz [ 1553.646372][T21308] usb 1-1: config 0 descriptor?? [ 1553.671434][T25057] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5784'. [ 1553.707242][T21310] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1553.856382][T25057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5784'. [ 1554.152080][T25061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1554.169076][T25061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1554.221541][T25062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1554.236581][T25062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1555.027470][T21310] usb 3-1: config 0 has no interfaces? [ 1555.033046][T21310] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1555.042207][T21310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1555.050451][T25070] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5786'. [ 1555.074629][T21310] usb 3-1: config 0 descriptor?? [ 1555.368116][T25075] netlink: 'syz.4.5789': attribute type 10 has an invalid length. [ 1555.378081][T25075] bond0: (slave netdevsim1): Releasing backup interface [ 1555.387608][T25075] netlink: 'syz.4.5789': attribute type 10 has an invalid length. [ 1555.396598][T25075] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1555.404981][T25075] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1555.843064][T21308] usb 2-1: USB disconnect, device number 26 [ 1555.858132][T21305] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1556.038416][T11157] usb 1-1: USB disconnect, device number 56 [ 1556.128624][T21305] usb 5-1: Using ep0 maxpacket: 16 [ 1556.136054][T21305] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1556.170767][T21305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1556.207620][T21305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1556.218592][T21308] usb 3-1: USB disconnect, device number 44 [ 1556.229421][T21305] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1556.243974][T21305] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1556.244501][ T5361] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1556.258792][T21305] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1556.287622][T21305] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1556.295852][T21305] usb 5-1: Manufacturer: syz [ 1556.322589][T21305] usb 5-1: config 0 descriptor?? [ 1556.329567][T25091] netlink: 316 bytes leftover after parsing attributes in process `syz.0.5796'. [ 1556.408971][T25093] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5797'. [ 1556.638360][T21305] rc_core: IR keymap rc-hauppauge not found [ 1556.644584][T21305] Registered IR keymap rc-empty [ 1556.649870][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.688597][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.748883][T21305] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1556.764876][T21305] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input172 [ 1556.768406][T25080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1556.788364][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.793400][T25080] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1556.811297][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.826929][T25080] netlink: 'syz.4.5791': attribute type 2 has an invalid length. [ 1556.834818][T25080] netlink: 'syz.4.5791': attribute type 2 has an invalid length. [ 1556.868796][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.932753][ T5361] usb 4-1: Using ep0 maxpacket: 16 [ 1556.938083][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1556.988503][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.041084][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.054788][T25112] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5799'. [ 1557.099016][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.148297][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.209872][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.259320][T21305] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1557.291108][T25116] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5801'. [ 1557.320741][T21305] mceusb 5-1:0.0: Registered # with mce emulator interface version 1 [ 1557.331622][T21305] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1557.344270][T21305] usb 5-1: USB disconnect, device number 21 [ 1557.637845][T25122] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5802'. [ 1557.755032][T25131] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5806'. [ 1557.795225][T25131] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5806'. [ 1557.888102][T21305] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1558.150314][T21305] usb 3-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1558.167898][T21310] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 1558.187909][T21305] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1558.200574][T21305] usb 3-1: string descriptor 0 read error: -22 [ 1558.212980][T21305] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.40 [ 1558.222342][T21305] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.359663][T25144] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5810'. [ 1558.437955][T14210] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1558.496711][ T5361] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1558.506140][ T5361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.514340][ T5361] usb 4-1: Product: syz [ 1558.518561][ T5361] usb 4-1: Manufacturer: syz [ 1558.523178][ T5361] usb 4-1: SerialNumber: syz [ 1558.531624][ T5361] usb 4-1: config 0 descriptor?? [ 1558.710691][T14210] usb 2-1: config 0 has no interfaces? [ 1558.716674][T14210] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1558.723278][ T5361] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1558.757227][T14210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1558.786679][T14210] usb 2-1: config 0 descriptor?? [ 1558.847921][T21310] usb 1-1: Using ep0 maxpacket: 8 [ 1558.951207][ T5361] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 1558.962673][ T5361] usb 4-1: USB disconnect, device number 24 [ 1559.071544][T21305] usbhid 3-1:1.0: can't add hid device: -71 [ 1559.080727][T21305] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 1559.105555][T21305] usb 3-1: USB disconnect, device number 45 [ 1559.127598][T25161] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5815'. [ 1559.202880][T25165] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5817'. [ 1559.502459][T21310] usb 1-1: config 0 has no interfaces? [ 1559.592847][T21325] usb 2-1: USB disconnect, device number 27 [ 1559.805628][T24800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1559.818329][T24800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1559.842480][ T5361] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1559.854909][T24800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1559.863136][T24800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1559.870993][T24800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1560.086419][T21310] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1560.097828][T21310] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1560.108665][T21310] usb 1-1: Product: syz [ 1560.112894][T21310] usb 1-1: Manufacturer: syz [ 1560.117521][T21310] usb 1-1: SerialNumber: syz [ 1560.199221][T21310] usb 1-1: config 0 descriptor?? [ 1560.495401][T25175] bridge0: port 1(bridge_slave_0) entered blocking state [ 1560.502645][T25175] bridge0: port 1(bridge_slave_0) entered disabled state [ 1560.512135][T25175] bridge_slave_0: entered allmulticast mode [ 1560.523172][T25175] bridge_slave_0: entered promiscuous mode [ 1560.565419][T16887] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1560.607205][T25175] bridge0: port 2(bridge_slave_1) entered blocking state [ 1560.614580][T25175] bridge0: port 2(bridge_slave_1) entered disabled state [ 1560.622575][T25175] bridge_slave_1: entered allmulticast mode [ 1560.630277][T25175] bridge_slave_1: entered promiscuous mode [ 1560.657305][T25175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1560.672175][T25175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1560.721140][T25175] team0: Port device team_slave_0 added [ 1560.732905][T25175] team0: Port device team_slave_1 added [ 1560.772139][T25175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1560.780382][T25175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1560.808905][T25175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1560.823451][T25175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1560.830565][T25175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1560.856528][T25175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1560.932212][T25175] hsr_slave_0: entered promiscuous mode [ 1560.939089][T25175] hsr_slave_1: entered promiscuous mode [ 1560.992936][T25193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1561.001834][T25193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1561.257997][ T5361] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1561.268277][ T5361] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1561.277349][ T5361] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1561.286160][T16887] usb 3-1: Using ep0 maxpacket: 16 [ 1561.297422][ T5361] usb 4-1: config 0 descriptor?? [ 1561.304795][ T48] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.444964][ T48] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.492434][ T5361] pwc: Askey VC010 type 2 USB webcam detected. [ 1561.658225][ T48] bond0: (slave netdevsim1): Releasing backup interface [ 1561.670497][ T48] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.754224][T25196] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1561.872580][ T48] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.952142][T24800] Bluetooth: hci0: command tx timeout [ 1562.064703][ T5361] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1562.180129][ T5361] pwc: recv_control_msg error -32 req 02 val 2700 [ 1562.347893][T21325] usb 1-1: USB disconnect, device number 57 [ 1562.390285][ T48] bridge_slave_1: left allmulticast mode [ 1562.396293][ T48] bridge_slave_1: left promiscuous mode [ 1562.408062][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 1562.438890][ T48] bridge_slave_0: left allmulticast mode [ 1562.444615][ T48] bridge_slave_0: left promiscuous mode [ 1562.481610][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 1562.853077][T25163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1562.878693][T16887] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1562.887794][T16887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.895820][T16887] usb 3-1: Product: syz [ 1562.900018][T16887] usb 3-1: Manufacturer: syz [ 1562.904657][T16887] usb 3-1: SerialNumber: syz [ 1562.924974][T25163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1562.939799][T25163] __nla_validate_parse: 1 callbacks suppressed [ 1562.939820][T25163] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5816'. [ 1562.956082][T16887] usb 3-1: config 0 descriptor?? [ 1563.100442][ T5361] pwc: recv_control_msg error -71 req 04 val 1300 [ 1563.113661][T16887] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1563.207254][ T5361] pwc: recv_control_msg error -71 req 04 val 1400 [ 1563.328625][T21325] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1563.336820][T16887] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 1563.346134][ T5361] pwc: recv_control_msg error -71 req 02 val 2000 [ 1563.357906][T16887] usb 3-1: USB disconnect, device number 46 [ 1563.371627][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1563.392815][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1563.404140][ T48] bond0 (unregistering): Released all slaves [ 1563.414911][ T48] bond1 (unregistering): Released all slaves [ 1563.432158][ T5361] pwc: recv_control_msg error -71 req 02 val 2100 [ 1563.445749][ T48] bond2 (unregistering): Released all slaves [ 1563.489258][ T5290] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1563.509200][T25220] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5827'. [ 1563.540073][ T5361] pwc: recv_control_msg error -71 req 04 val 1500 [ 1563.581908][T25224] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5828'. [ 1563.655448][ T5361] pwc: recv_control_msg error -71 req 02 val 2500 [ 1563.778916][ T5361] pwc: recv_control_msg error -71 req 02 val 2400 [ 1563.786104][T24800] Bluetooth: hci5: Malformed LE Event: 0x0b [ 1563.849147][ T48] tipc: Left network mode [ 1563.880630][ T5361] pwc: recv_control_msg error -71 req 02 val 2600 [ 1563.993390][T24800] Bluetooth: hci0: command tx timeout [ 1563.994657][ T5361] pwc: recv_control_msg error -71 req 02 val 2900 [ 1564.114937][ T5361] pwc: recv_control_msg error -71 req 02 val 2800 [ 1564.235071][ T5361] pwc: recv_control_msg error -71 req 04 val 1100 [ 1564.333824][ T5361] pwc: recv_control_msg error -71 req 04 val 1200 [ 1564.383241][ T5361] pwc: Registered as video103. [ 1564.418674][ T5361] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input175 [ 1564.459927][ T5361] usb 4-1: USB disconnect, device number 25 [ 1564.473552][T25247] netlink: 'syz.2.5831': attribute type 62 has an invalid length. [ 1564.667439][T21325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1564.678458][T21325] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1564.695348][T21325] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1564.722204][T21325] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1564.745646][T21325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.760042][T21325] usb 2-1: config 0 descriptor?? [ 1564.827101][T25252] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5832'. [ 1565.005672][T11157] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1565.681690][T11157] usb 3-1: Using ep0 maxpacket: 16 [ 1565.687928][T21325] plantronics 0003:047F:FFFF.0049: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1566.064628][T24800] Bluetooth: hci0: command tx timeout [ 1566.337298][T11157] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1566.349158][T11157] usb 3-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 1566.366540][T11157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1566.376960][T11157] usb 3-1: config 0 descriptor?? [ 1566.493590][T25175] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1566.526209][T25175] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1566.566814][T25175] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1566.587418][T21325] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1566.599961][T11157] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1566.630689][T25175] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1566.639980][T25175] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1566.650949][T25175] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1566.659324][T25175] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1566.676782][T25175] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1566.814572][ T48] ------------[ cut here ]------------ [ 1566.820195][ T48] Have pending ack frames! [ 1566.824650][ T48] WARNING: net/mac80211/main.c:1746 at ieee80211_free_ack_frame+0x14/0x40, CPU#0: kworker/u8:3/48 [ 1566.835685][ T48] Modules linked in: [ 1566.840518][ T48] CPU: 0 UID: 0 PID: 48 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 1566.851898][ T48] Tainted: [L]=SOFTLOCKUP [ 1566.856261][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1566.867404][ T48] Workqueue: netns cleanup_net [ 1566.872910][ T48] RIP: 0010:ieee80211_free_ack_frame+0x14/0x40 [ 1566.879546][ T48] Code: 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 f3 e8 b3 f2 b3 f6 48 8d 3d 7c 37 30 05 <67> 48 0f b9 3a 31 ff 48 89 de ba 02 00 00 00 e8 b8 53 63 fe 31 c0 [ 1566.899641][ T48] RSP: 0018:ffffc90000b87610 EFLAGS: 00010293 [ 1566.905755][ T48] RAX: ffffffff8b11b97d RBX: ffff88807db9c8c0 RCX: ffff888022ac8000 [ 1566.914567][ T48] RDX: 0000000000000000 RSI: ffff88807db9c8c0 RDI: ffffffff9041f100 [ 1566.923323][ T48] RBP: ffffc90000b87718 R08: ffffc90000b8768f R09: 0000000000000000 [ 1566.931931][ T48] R10: ffffc90000b87680 R11: ffffffff8b11b970 R12: ffffc90000b87680 [ 1566.941047][ T48] R13: ffff88802b0a63f0 R14: 1ffff92000170ecc R15: 0000000000000001 [ 1566.949672][ T48] FS: 0000000000000000(0000) GS:ffff888125290000(0000) knlGS:0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1566.959320][ T48] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1566.966540][ T48] CR2: 0000200000360030 CR3: 000000008c970000 CR4: 00000000003526f0 [ 1566.975636][ T48] DR0: 0000000080000000 DR1: 0000000000000001 DR2: fffffffffffffffe [ 1566.984268][ T48] DR3: 0000000000000009 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1566.994789][ T48] Call Trace: [ 1566.998617][ T48] [ 1567.001584][ T48] idr_for_each+0x1c6/0x2a0 [ 1567.006131][ T48] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 1567.012703][ T48] ? __pfx_idr_for_each+0x10/0x10 [ 1567.018196][ T48] ? kfree+0x1c5/0x640 [ 1567.022353][ T48] ? kobject_put+0x26d/0x560 [ 1567.027341][ T48] ieee80211_free_hw+0x44/0x3d0 [ 1567.033689][ T48] mac80211_hwsim_del_radio+0x2f3/0x490 [ 1567.039340][ T48] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 1567.045453][ T48] ? hwsim_exit_net+0xd11/0xfa0 [ 1567.050395][ T48] ? __local_bh_enable_ip+0xd0/0x130 [ 1567.055715][ T48] hwsim_exit_net+0xede/0xfa0 [ 1567.060514][ T48] ? hwsim_exit_net+0x336/0xfa0 [ 1567.065561][ T48] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1567.070796][ T48] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 1567.076607][ T48] ops_undo_list+0x49f/0x940 [ 1567.081734][ T48] ? __pfx_ops_undo_list+0x10/0x10 [ 1567.086931][ T48] ? idr_destroy+0x218/0x290 [ 1567.091550][ T48] ? do_raw_spin_unlock+0xf5/0x210 [ 1567.096687][ T48] cleanup_net+0x56b/0x800 [ 1567.101270][ T48] ? __pfx_cleanup_net+0x10/0x10 [ 1567.106253][ T48] ? process_scheduled_works+0xa70/0x1860 [ 1567.112007][ T48] ? process_scheduled_works+0xa70/0x1860 [ 1567.117752][ T48] process_scheduled_works+0xb5d/0x1860 [ 1567.123318][ T48] ? __pfx_process_scheduled_works+0x10/0x10 [ 1567.129554][ T48] ? assign_work+0x3d5/0x5e0 [ 1567.134254][ T48] worker_thread+0xa53/0xfc0 [ 1567.138974][ T48] kthread+0x388/0x470 [ 1567.143111][ T48] ? __pfx_worker_thread+0x10/0x10 [ 1567.148322][ T48] ? __pfx_kthread+0x10/0x10 [ 1567.152966][ T48] ret_from_fork+0x514/0xb70 [ 1567.157680][ T48] ? __pfx_ret_from_fork+0x10/0x10 [ 1567.162823][ T48] ? __switch_to+0xc79/0x1410 [ 1567.167573][ T48] ? __pfx_kthread+0x10/0x10 [ 1567.172194][ T48] ret_from_fork_asm+0x1a/0x30 [ 1567.177012][ T48] [ 1567.180119][ T48] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1567.187434][ T48] CPU: 0 UID: 0 PID: 48 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 1567.198322][ T48] Tainted: [L]=SOFTLOCKUP [ 1567.202675][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1567.212777][ T48] Workqueue: netns cleanup_net [ 1567.217682][ T48] Call Trace: [ 1567.220999][ T48] [ 1567.223969][ T48] vpanic+0x56c/0xa60 [ 1567.228004][ T48] ? __pfx__printk+0x10/0x10 [ 1567.232646][ T48] ? __pfx_vpanic+0x10/0x10 [ 1567.237190][ T48] ? is_bpf_text_address+0x292/0x2b0 [ 1567.242522][ T48] ? is_bpf_text_address+0x26/0x2b0 [ 1567.247766][ T48] panic+0xc5/0xd0 [ 1567.251526][ T48] ? __pfx_panic+0x10/0x10 [ 1567.255989][ T48] ? ret_from_fork_asm+0x1a/0x30 [ 1567.260986][ T48] __warn+0x315/0x4c0 [ 1567.264969][ T48] ? ieee80211_free_ack_frame+0x14/0x40 [ 1567.270529][ T48] ? ieee80211_free_ack_frame+0x14/0x40 [ 1567.276100][ T48] __report_bug+0x29a/0x540 [ 1567.280629][ T48] ? __pfx_stack_trace_save+0x10/0x10 [ 1567.286027][ T48] ? ieee80211_free_ack_frame+0x14/0x40 [ 1567.291593][ T48] ? __pfx___report_bug+0x10/0x10 [ 1567.296715][ T48] ? mac80211_hwsim_del_radio+0x2dc/0x490 [ 1567.302522][ T48] ? hwsim_exit_net+0xede/0xfa0 [ 1567.307366][ T48] ? ops_undo_list+0x49f/0x940 [ 1567.312137][ T48] ? cleanup_net+0x56b/0x800 [ 1567.316749][ T48] ? process_scheduled_works+0xb5d/0x1860 [ 1567.322489][ T48] ? worker_thread+0xa53/0xfc0 [ 1567.327345][ T48] ? kthread+0x388/0x470 [ 1567.331588][ T48] ? ret_from_fork_asm+0x1a/0x30 [ 1567.336523][ T48] report_bug_entry+0x19a/0x290 [ 1567.341369][ T48] ? ieee80211_free_ack_frame+0x14/0x40 [ 1567.346909][ T48] ? ieee80211_free_ack_frame+0x19/0x40 [ 1567.352482][ T48] handle_bug+0xce/0x200 [ 1567.356732][ T48] exc_invalid_op+0x1a/0x50 [ 1567.361283][ T48] asm_exc_invalid_op+0x1a/0x20 [ 1567.366153][ T48] RIP: 0010:ieee80211_free_ack_frame+0x14/0x40 [ 1567.372334][ T48] Code: 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 f3 e8 b3 f2 b3 f6 48 8d 3d 7c 37 30 05 <67> 48 0f b9 3a 31 ff 48 89 de ba 02 00 00 00 e8 b8 53 63 fe 31 c0 [ 1567.391950][ T48] RSP: 0018:ffffc90000b87610 EFLAGS: 00010293 [ 1567.398121][ T48] RAX: ffffffff8b11b97d RBX: ffff88807db9c8c0 RCX: ffff888022ac8000 [ 1567.406420][ T48] RDX: 0000000000000000 RSI: ffff88807db9c8c0 RDI: ffffffff9041f100 [ 1567.414441][ T48] RBP: ffffc90000b87718 R08: ffffc90000b8768f R09: 0000000000000000 [ 1567.422415][ T48] R10: ffffc90000b87680 R11: ffffffff8b11b970 R12: ffffc90000b87680 [ 1567.430389][ T48] R13: ffff88802b0a63f0 R14: 1ffff92000170ecc R15: 0000000000000001 [ 1567.438437][ T48] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 1567.444525][ T48] ? ieee80211_free_ack_frame+0xd/0x40 [ 1567.450010][ T48] idr_for_each+0x1c6/0x2a0 [ 1567.454519][ T48] ? __pfx_ieee80211_free_ack_frame+0x10/0x10 [ 1567.460583][ T48] ? __pfx_idr_for_each+0x10/0x10 [ 1567.465615][ T48] ? kfree+0x1c5/0x640 [ 1567.469691][ T48] ? kobject_put+0x26d/0x560 [ 1567.474334][ T48] ieee80211_free_hw+0x44/0x3d0 [ 1567.479222][ T48] mac80211_hwsim_del_radio+0x2f3/0x490 [ 1567.484798][ T48] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 1567.490970][ T48] ? hwsim_exit_net+0xd11/0xfa0 [ 1567.495902][ T48] ? __local_bh_enable_ip+0xd0/0x130 [ 1567.501270][ T48] hwsim_exit_net+0xede/0xfa0 [ 1567.505943][ T48] ? hwsim_exit_net+0x336/0xfa0 [ 1567.510787][ T48] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1567.516072][ T48] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 1567.521891][ T48] ops_undo_list+0x49f/0x940 [ 1567.526484][ T48] ? __pfx_ops_undo_list+0x10/0x10 [ 1567.531609][ T48] ? idr_destroy+0x218/0x290 [ 1567.536193][ T48] ? do_raw_spin_unlock+0xf5/0x210 [ 1567.541426][ T48] cleanup_net+0x56b/0x800 [ 1567.545854][ T48] ? __pfx_cleanup_net+0x10/0x10 [ 1567.550794][ T48] ? process_scheduled_works+0xa70/0x1860 [ 1567.556616][ T48] ? process_scheduled_works+0xa70/0x1860 [ 1567.562357][ T48] process_scheduled_works+0xb5d/0x1860 [ 1567.567921][ T48] ? __pfx_process_scheduled_works+0x10/0x10 [ 1567.573912][ T48] ? assign_work+0x3d5/0x5e0 [ 1567.578589][ T48] worker_thread+0xa53/0xfc0 [ 1567.583217][ T48] kthread+0x388/0x470 [ 1567.587323][ T48] ? __pfx_worker_thread+0x10/0x10 [ 1567.592475][ T48] ? __pfx_kthread+0x10/0x10 [ 1567.597072][ T48] ret_from_fork+0x514/0xb70 [ 1567.601661][ T48] ? __pfx_ret_from_fork+0x10/0x10 [ 1567.606771][ T48] ? __switch_to+0xc79/0x1410 [ 1567.611465][ T48] ? __pfx_kthread+0x10/0x10 [ 1567.616055][ T48] ret_from_fork_asm+0x1a/0x30 [ 1567.620823][ T48] [ 1567.624429][ T48] Kernel Offset: disabled [ 1567.628769][ T48] Rebooting in 86400 seconds..