last executing test programs: 26.720512371s ago: executing program 0 (id=3046): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="020400000000000000223948"]) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x1, 0x1, {"c6b7b7e198082124066b72a4ca8bf843"}, 0x7, 0x7, 0x3}}}, 0xa0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) socket$inet_smc(0x2b, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r5 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_SET_PROPERTY(r5, 0x40086f52, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x17, '\x00', @data=0x14, 0x16}]}) r6 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00z\xab\xc5.\xfa\x15\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14F\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1<\xf8\xca\f\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_\r\x02\xeaM\xbe\x19\xea#\xff\xdd\xff\xb7z\xa3\xed$\x04&R\x983\xcc\xf9\'\x18A1\xc9\x9f\xb0\x14\xc2\xeb\xf8\xceE\xad\xa4\x92\f\xef\x870m\xb6\v\xd4g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\nvf3cB\x96\xdd\xcf\xc29$\n\r\x802\xd7\x1b$\x95t\x1c9e}\xfdT\xed\x7fud\x9c\xfeAO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#\x06\x00\x00\x00\x00\x80\x00\x00\xce\xc6r\x85\xcd[\x91\x90=v&\x9681\x94\x13\xb5\xd7p>$\x9f6\x8b\xa6<9\x89%\x16\x14\xb8\xfe\xd2$E\xd9:\x9erz\x04\x00B4 \x9b\xaaX\x01k\x01\x00\x00\x00\x04j\x85A\x1dDI\x02\xac\xd5\xf1\xd6\x9aB\xc5n\x10\xbfy\xec:8J\x12\xd1\xa4\x9fY\x8f\xad!si\x8e\xe2\xc6\x10\xae\xb8z\x1d=X\xc6\xaa\x86\xa3u\x7f\tx\x14r\x03j>f|k\xa3b\xd7<\x15\xe6}\xe6\xe8\xf2\x99\xf5\xec{\xd2\xa7\x97\xc8\xb1\x03T\xf5R\xe0\x1d\x86P\xe8\"k.@\x14<\xdd\xf6\xb2s\xe4\xbc\xba\x9aDsi\x05\xcc\xfd\xc4P\b\x99F\xf3?IP\xa4\x1e\xca\xa4\xca\r\xd6[\xb5l', 0x7) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$inet6(r1, &(0x7f000000a0c0), 0x800000000000193, 0x24010001) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4030000", @ANYRES16=r8, @ANYBLOB="010025bd700000000000390000000800", @ANYRES32=r9, @ANYBLOB="10005a800c000080070002004b0a190010005a800c000080050006000000000034015a802c00018005000700010000001e000100186c48030512121b05011203126c0c361848096c060636481b240000280003800500060002000000140005008100ffff0600000009000400ff00010005000700000000003c000280140005000900080000000900d60006000600faff14000500020000020600a183ba040000050006000e0001000c6c022436036c05301600006c000080140003000080090000000101ffff060004000500050007000200000014000500e500f7ff35050030020001809100080005000600000000000500070002000000200002005641570f022519252840130342433a3142350e4042220d3f5712503d05000700010000003400038014000300b500080086000900cb050100080000001100010002101816030418300a12013609000000050004000000000034005a803000018005000400020000000500060000000000140005000700ff7f55724202fbff0100060027cb0500070001000000dc005a80c00002800500040002000000410002001404272c0c2f33184f19301451201d0729364d244b07224013291e211f25195331482b484424184353321920114f1626144c1b1e064154514428304e0100000005000400020000000500040000000000050006000100000005000700000000003a0002003757491c2047240f0f1f3b31012806321f1742511f5551443024244a2c4d382947032b50553541440f04573321260e50321451024d410000140005000300030006000200fcffce00060003001800008014000500cc0006000800090001010200090068b7e8005a80400003800500060002000000150001000416161603161b771603ad1230030b020200000014000500050008000f00080005002d0000020500050006000100000014000380050006000200000005000400020000002c00008014000500040007000700050008000900a300ff031400030000000000080003004000040601040600340002801200010030601660301b020500010218160500001100010048027e126c0b16680b052436160000000700010001180500180003800500070000000000090001000c0416065800000018000080140003000300010005002e0701800500020009003c005a80140003800500040001000000050006000100000024"], 0x3a4}, 0x1, 0x0, 0x0, 0x4000801}, 0x10) setresuid(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000180)={[0x8, 0x3, 0xffffffffffffffff, 0x980b, 0x7, 0x6, 0x2, 0x7fffffff, 0x8, 0x4, 0x3, 0x28000000, 0x1, 0x3, 0xfffffffffffffff8, 0x10000], 0xeeee8000, 0x200}) syz_fuse_handle_req(r10, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0xc8c, 0x16, 0x7, 0x1, 0x0, 0x0, 0x0, 0x60b0aa53c2fe5fc, 0xfffffffe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="44000000000801010000000002000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030006000000"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={0x0, 0x59}) 26.414402996s ago: executing program 0 (id=3050): move_pages(0x0, 0x3f, &(0x7f00000001c0)=[&(0x7f0000000000/0x800000)=nil], &(0x7f0000000200)=[0x1], 0x0, 0x2) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000085804184000000000000109022400010000402009040000020300010009210700000122050009058103"], 0x0) syz_open_dev$I2C(&(0x7f0000000140), 0x9, 0x48400) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x14, 0x0, 0x0, &(0x7f0000000380)=ANY=[], 0x0}, 0x0) openat$sndseq(0xffffff9c, &(0x7f0000000100), 0x60900) socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x705, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010102}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01030003000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2, 0x0, 0x0, 0x2, 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x4) sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x7400, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x18, &(0x7f0000000040)={0x20, 0xf, 0x4d, {0x4d, 0xa, "d23e52e3e36cc7cc8ce3ac7d4dfdece0979b047d7a547dc12f778416859f38292155e9ebff340231198797d3ffd3f3a3bf9dffb3b5ae526a5392d18352df63651cb45d948d8dd397d4f773"}}, &(0x7f0000000840)=ANY=[@ANYBLOB="0003a2000000b203566d99a271f961792f14d4771ee6a9ff7ff650a8512d38df0cd86fe025c3c2d43a9e8bab25da122ce6668b404e60c48589030d4f4cd73b7f06e1930b167a64580696b3b42781a35d675ad0b466b85e2c3b3c1b4c9b99cb04cb95d17b1e9f49231488dc1c6444ed7eaf591d0887d7a01ae36bf882676afb0f29991d8380da75cc875df2cbfd1886cbb216e182016baf953f0ed8fd546fb0e777f0762ef8ad94723cfe032bfd473b9ac1080b8d1fb7d78ef43af8bf095e488ecf2d26126c2577a5ca030005a1af55e437090100000000000000b7483de3924a5f758112384ab9975acac905799fec4d56d2ab73d3a6a04b369b554db46d6cf79797caedb6e3dc36c325c773d1ee9ff9a9617e33c8271f4da902b1a957e3f0a106e0c119ad0987fdddea5c09e25245fae2ba5510455047aaa53a8cdf30bd2ec9b3ea5ef2a4c176a63e5dc901000000fd771205a740dfff7f00ff97c7d4ef89b8ed6039f0cf8ff046bc9ebccc727bca624ec54bfaac5b45f37f276bb84023b5cb1c62de34e8d7f9916639344fe706965803269844ee69b7e7aaa0382cd770d85b7dade667e1124c158588060f8a8f27a7c39cfa5341c4b390daab9f2d0684280d500ba5be874c967f28149abbca2541b323fd0bc4ef58c9ee588be1f097c341d1a24566c028962425986f332741de7ba45adaa19885bbeadff38d1b52e7edf4e90ff68b20b59f31af491669c102f96743835a3e077b262202e38f62bfbe5b4520753df343812fa93263d170cdc872cdd603bc86097de25885dd03bfd97991484f37084172b7842714f107369716faca25ef004550c6d41431b7ae0a179a0bcb8406bedd6641d5780c6a5b96e66a890c2e10bc9758c51a6bdaadef5a704933030fd0ed9ee41c0b1881d514d7f5188d9ec6cfe1e80b088c256562243ab380e3a88149ad821c6d6ec9c9ac26ad6ff1d53e2fa23b04ee2420f04737958d38be21a81d57607b51"], &(0x7f0000000240)=ANY=[@ANYBLOB="000f48000000050f48000607100204c9feff0a1003e9ffff0848060018100a02231000000f0f05007ffe00000f000000003f000003100b03100b14100a18a2ffffff0f1f0100c0000000f03fff00"], &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x75, 0x0, 0x8, 0x5, "b001f9fb", "145daca2"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x3, 0x6, 0x77, 0x4, 0x3, 0x401}}}, &(0x7f00000007c0)={0x44, &(0x7f0000000b40)=ANY=[@ANYBLOB="200f6e000000884720d990d428f8f16c0bb20f760b4decd01b4c98a71ba18a93891dd443f8663a33fedd31f37294ba455e19a7ef39bb701516bbaa9cc9914c523da06e8f856c79d7351f63bb59201ed78d1273618886bb12e0cef00328c8ae3a0cee1a9fa48ec0620215ed00979dea0abf841153bd52866a603e1917cef2b1eea7aac5b537986f23c5a492c962f01ae649941a73ee25b1a62bbbd1b7d44b4976888249358d984e4c150aa9a94e2db72274921215f8e81a7f35f88c1dc6ce78afdff815dd52c25e2a8210d3ef3ee86a4e8eb9687524f11a25975c8d7f52570621500355d91f3127f371f37193d4b7f4027999ef153728d41cba6db827e26096d4f83c9509b21c8a18e567a49a87181907bae6975f1f3f8b1ac8611567e8c68f6cb952b3bc15a053cb17f07e3322806abe7a43f4baaa55d84413dde1"], &(0x7f0000000400)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x400}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000580)={0x40, 0xb, 0x2, ' {'}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000600)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000640)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000680)={0x40, 0x19, 0x2, '\r8'}, &(0x7f00000006c0)={0x40, 0x1a, 0x2, 0xfffe}, &(0x7f0000000700)={0x40, 0x1c, 0x1, 0x81}, &(0x7f0000000740)={0x40, 0x1e, 0x1, 0xf}, &(0x7f0000000780)={0x40, 0x21, 0x1, 0x1}}) 15.268131352s ago: executing program 3 (id=3076): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000580)={0x138, 0x0, 0x403, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc, 0xf}}}}, [@beacon=[@NL80211_ATTR_IE_PROBE_RESP={0x10, 0x7f, [@cf={0x4, 0x6, {0xcd, 0x6, 0x5, 0x8}}, @ibss={0x6, 0x2}]}, @NL80211_ATTR_BEACON_TAIL={0x56, 0xf, [@random={0x0, 0x34, "1d2fd1891aeed435dfd3ba842a9656a186d1085bc695a653f7624ce5a95c94e5cb7a29a530b1e3f133f6756ce1d446a7f57234a0"}, @ht={0x2d, 0x1a, {0x80, 0x0, 0x5, 0x0, {0x2, 0x40, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x300, 0x9, 0xb}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x65, 0x80, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x9, 0x40}}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x3, 0x0, {0x10000, 0x1da0, 0x0, 0x8}, 0x1, 0x6c2d, 0xb}}, @ssid={0x0, 0x6, @default_ibss_ssid}, @random={0x6, 0x2e, "c658cc217a175b4ef1a5f56e4cafad101e1fd647e89fe584b22f6c1023091b10aab6dff8e5a73f522de8335c604a"}, @ibss={0x6, 0x2}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x9, 0x80, [@channel_switch={0x25, 0x3, {0x1, 0x8}}]}, @NL80211_ATTR_IE_PROBE_RESP={0x1b, 0x7f, [@rann={0x7e, 0x15, {{0x0, 0x9}, 0x8a, 0xcf, @device_a, 0x8, 0x4, 0x23b4}}]}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x8b, 0x9b17}}]}, @NL80211_ATTR_IE_PROBE_RESP={0xc, 0x7f, [@gcr_ga={0xbd, 0x6, @broadcast}]}]]}, 0x138}, 0x1, 0x0, 0x0, 0x280c0}, 0x8800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720a06fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed00000f030000000000001d44000000000000730a04fe0000000072030000000a0000b500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a1"], 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 14.585520051s ago: executing program 3 (id=3078): prctl$PR_SET_THP_DISABLE(0x51, 0x0) io_setup(0x251, &(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x4c, 0x30, 0x400, 0x0, 0x0, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x1c, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x4c}}, 0x84) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x39c, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x2d4, 0x2d4, 0x2d4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xfc, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'team0\x00', {0x6d, 0x6, 0x81, 0x9, 0x8, 0xf, 0x5, 0x20, 0x80}, {0x7}}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@inet=@dscp={{0x24}, {0x4, 0x1}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x40c) socket$l2tp6(0xa, 0x2, 0x73) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = socket$tipc(0x1e, 0x5, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000280)=@filter={'filter\x00', 0xe, 0x4, 0x344, 0xffffffff, 0x268, 0x0, 0x268, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @remote, [0xffffffff, 0xff, 0xff, 0xff], [0xff000000, 0xff000000, 0xff], 'netdevsim0\x00', 'pim6reg1\x00', {0xff}, {0xff}, 0x0, 0xd, 0x0, 0x2}, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf6fa, 'syz1\x00', {0xab7}}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_GET_XSAVE(r8, 0x9000aea4, &(0x7f0000001980)) r9 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97O\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r9, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r9, 0x0) 12.17011836s ago: executing program 2 (id=3083): pipe(&(0x7f00000001c0)={0xffffffffffffffff}) close(0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r3, 0x0, 0x80, 0x8) ioctl$sock_TIOCINQ(r3, 0x541b, 0x0) write(r1, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x5}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x800}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x0, 0xee8, 0x1c, 0x0, 0x8}, {0x7, 0x2, 0x7, 0x1003, 0x5, 0x20000005}, 0x6db6312a, 0x7, 0x1257}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0x3}, {0xffff, 0xb}, {0x0, 0x5}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x3}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004}, 0x4850) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0xf, r11, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0x26}], 0x1}, 0x0) 11.498529919s ago: executing program 3 (id=3085): syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) (fail_nth: 2) 10.74651971s ago: executing program 3 (id=3086): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f00000022c0)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f0000000a0000000d0085a168d0bf46d32345653600648d040005000209000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000402160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000000) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket(0xa, 0x3, 0x3a) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r2, &(0x7f00000004c0)={0x232, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) 10.395794539s ago: executing program 2 (id=3087): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8005, 0x0, 0x7, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x8, 0x4) keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000200)={'syz', 0x3}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000040)={r6, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_drop_memb(r5, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="200000002e0067ea25bd7000fcdbdf25"], 0x20}, 0x1, 0x0, 0x0, 0x40800}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)={0x30, 0x40, 0x107, 0xfffffefe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x6, 0xb, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2, 0x0, 0x1, [@generic]}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000700)="eee8844b6f41d7630cd7cee0bbc3fdf3d5c9ab12de86e0c385b085982cc91d5d7e0b2f51", 0x24, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r10, 0x4138ae84, 0x0) ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, &(0x7f0000000300)={"597aebb3200720801b0e6ba1c3c9395fa6939c9dfe61db731224a32e0e42a97ae54fa5934b3561c8b03878ea755360e1f5398d1ba0cabf6cf8281c713f1e24f6703e7b2139576f37f3343e77d5a7cc22391cd2cdcb81ce51eebfc55762fb866b1c78576c01006aa946b4bc5c06fd6e52e796c7e52630b4abf83a601b07f7178f50c4c9c50a210675d61beb4e28c375f45f347b81fc61fc31b0d3b2bca1ddda53e9f1999cc99ba57f5f6f0674748cc787ecf4cc36db31b276f802c8fab94774fc2370e62ff40f62ba4d27133b1529efbfaea33f7e3c24b64c38b64c2002349c8a1e2dee73e24eb570aeeeba66d4d5f2ffe4b52bc0e341fd3772ac3e465da234d70e806555d345ac3b45dc1c229c8e127e1fe544b70bbad8f3b79e5c0562b10958531e17656b1ab6ef9c7352b709c2a19b3bdd33613c9ef2eeacafb51d090a45032a89ad46bd2859bce48ae4f90f977d83d39db160f6c075af0c77130e5429f8b5e31569d78aa49f670474a4430357acfe713640fdeed88971b78b69b1652bd6e1d6ef4c3d9eb2e32871efaa26bae28839c51799f881fbebd0dda92b58bff3429d89641d35c0d4818137038f7463ba658e8cfa8c504e9c0833d41ae483f2d64aa6ec60199e2eb121c90a8a4956b4121504a1913c2052b33500fc610ca396fd549de3462c2e6a7164c931fd7900707f8ab4498bbad75109d28f421fb7a1d276e15a497a385c23189b33d4e02efb94670e07a03a4908b990a925542154c86694d84c65bac5a0e9e2f2e36b95aac26d64447ffd828f831380bc6eece3db2c18693d29b59760ed2ebabd7b9bf874126a7f08205c81a0df5ff169b236cf3d05002f1798913f3f75292f1f1c42a9151170309d0bda87447719341e85b7aa07f07965205c37ea21b5504eb97eab44a70a7b2597ce0af2608c5cc2a85366ec11e47e2a197c6e038f6f9f4d1d25edb077f6d98d44305c4ebc803047409dfa8e6f93d9ce63ab434957924dbdefefc99bff0bb4a68142e04c7c20954541728ed4505377ba88ec208ce064e3c8a7943577e20804932e0571a902cf0c45c54dbacb9968ed15fee9234fff2f631990bf840f5693d285ecd94688c63a251dd2e2a7d0049ee2c45c1e695b87711cf5a6d31414d0f708e5d0fc03b2f37becf1e3267ff6b4d740c2b5d905ecf572d2c9f06b5da649af020b6931dfe057442e2cf12f28d93fd1b49f5716a0c2d773250c2caf8f52f2da9412ae377ed6f74a2f0123d6bb9fae78c37a88f029f1ecaf91d023bbf90a6110b21a015b3a6a4b5e54433c662e6162b114c128c158b8391eb5b57f8cdd4be5207bfbaded1a2063852f15fd2a9d00becc20d2432846c6254625d0af44119fd273ea85ccd4e18e47456bd72ea67a334d65368a8858322d8a1bd2786eb36138fa0b3600f44d03ba84615fcf998500"}) close_range(r0, 0xffffffffffffffff, 0x0) 10.361628118s ago: executing program 3 (id=3088): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902"], 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d004dd000000000000010902240001000000"], 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xda, 0x35, 0x8e, 0x8, 0x46d, 0x900, 0x669e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[], 0x0) 7.167110668s ago: executing program 3 (id=3092): socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca00090506"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000480)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b00)={0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="57d2a1260000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfeed, 0xffffffffffffffff) keyctl$revoke(0x3, r1) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffe, 0x0, 0xc, 0x0, 0x0, 0x0, 0xe758, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x4, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x3, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x51, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ec5, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000500)={'syz1\x00', {0xb710, 0xe, 0x3}, 0x34, [0xe, 0x1ff, 0x8, 0x3, 0x2, 0x8, 0x69, 0x2, 0x0, 0x874, 0x9, 0xd4a1, 0x3, 0x3, 0x7, 0x5b8, 0x2, 0x6, 0xc, 0x7, 0x51, 0xbe4, 0x100, 0x1, 0xa, 0x8, 0xfff, 0x8, 0xb, 0x80, 0x9ad, 0x26, 0x1, 0x5, 0x1, 0x6, 0x905e, 0xf87, 0xe2ee, 0x0, 0x6, 0x5, 0x1, 0x80000000, 0x1000, 0x1d7, 0x2, 0x6, 0xff, 0x8001, 0x10, 0x7, 0xc3bb, 0x1, 0x1, 0x5, 0x1, 0x4, 0x2, 0x339, 0xbbf, 0xfffff000, 0x100800, 0x8], [0x2, 0x100, 0x7af, 0x6, 0x5, 0x0, 0x5, 0x7fffc, 0x2, 0x6, 0xa, 0x10000, 0x2, 0x17, 0x20, 0x2, 0x5, 0x5, 0xa, 0x65, 0x9, 0x9, 0x8, 0x4, 0x7fff, 0x3ff, 0xffffff01, 0x8, 0x3, 0x9, 0xb6, 0x7cb4cb2c, 0x0, 0x2, 0x7d, 0xffff, 0x7, 0xc5d3, 0xa, 0xc2e, 0x7, 0x9, 0x9, 0x8, 0x2, 0xfffffffe, 0x7c, 0x9, 0x5, 0x5, 0xa, 0x5, 0xc98, 0x9, 0xffffcbb6, 0xd0, 0x1, 0x5, 0x6, 0x1, 0x7, 0x5, 0x1, 0x6], [0x404, 0x5, 0xffffffff, 0x200, 0x5e4, 0xfffffff6, 0x6, 0x3, 0x1ff, 0x6, 0x9, 0x3, 0x0, 0x10000, 0x9, 0x3, 0x2, 0x89a, 0x100, 0x5, 0x2, 0x1, 0x3, 0xfffffffb, 0x7, 0x6, 0x20000007, 0x9, 0x4, 0x0, 0x3, 0x9, 0x0, 0x2, 0x6, 0x0, 0xfffffff8, 0x7, 0x0, 0x3, 0x6, 0x0, 0x5, 0x3, 0x9bb, 0xa, 0x0, 0x4, 0x7, 0x3ff, 0x0, 0xe5c, 0x1, 0x5, 0x9, 0x7, 0x80000000, 0x8, 0x1, 0xffff6139, 0x42c0, 0x76, 0xe339], [0xd54, 0x1, 0x4, 0xb, 0x4, 0x7f, 0x6, 0x2, 0x0, 0x7ff, 0x2, 0x10000, 0x8, 0x8001, 0x80, 0xfb, 0xe68f, 0xdaba, 0xfffffffe, 0x52b, 0x8010, 0x9, 0xfd, 0x80000000, 0x8, 0x8, 0x2, 0x5, 0xfffffffb, 0x5, 0x7, 0x7, 0xd2c7, 0x8001, 0x94, 0x80000000, 0x8, 0x0, 0x5, 0x0, 0x8, 0x6, 0x3, 0x7, 0x0, 0x7, 0x961a, 0x1, 0x7, 0x49, 0x7, 0x255d, 0x1, 0x0, 0x9, 0x5, 0x10, 0x7, 0x0, 0xff, 0x66, 0x90000000, 0x7, 0x81]}, 0x45c) sendmmsg(0xffffffffffffffff, &(0x7f0000004fc0)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000380)="f2a3", 0x2}], 0x1}}], 0x1, 0xc840) sendmmsg(r2, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) syz_usb_control_io$lan78xx(r0, &(0x7f00000001c0)={0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000180)=ANY=[]}, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x40, 0x10, 0x31, "97ceb323d632a44d572e800be12cd361babe38b6f4422cf3f91018719de1a1c34c1d3a3fb0f72ef81df01ff434115da0fc"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x1}, 0x0, &(0x7f00000002c0)={0xc0, 0xa1, 0x4, 0x524}, &(0x7f0000000300)={0x40, 0xa0, 0x4, 0x8}, &(0x7f0000000340)={0xc0, 0xa2, 0x2f, "dedb342e60b5104b8367d690894a11b588dd3473611535b27855ddf522f8a20417aacf81bf1458b62bfe677fd922a7"}}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x4000, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r4, &(0x7f0000000980)={0x10, 0x0, 0x25dfdbff, 0x100}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc) r6 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r6, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x400}, 0xc) socket$netlink(0x10, 0x3, 0x4) 6.446680789s ago: executing program 0 (id=3056): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="020400000000000000223948"]) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x1, 0x1, {"c6b7b7e198082124066b72a4ca8bf843"}, 0x7, 0x7, 0x3}}}, 0xa0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) socket$inet_smc(0x2b, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r5 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_SET_PROPERTY(r5, 0x40086f52, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x17, '\x00', @data=0x14, 0x16}]}) r6 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00z\xab\xc5.\xfa\x15\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14F\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1<\xf8\xca\f\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_\r\x02\xeaM\xbe\x19\xea#\xff\xdd\xff\xb7z\xa3\xed$\x04&R\x983\xcc\xf9\'\x18A1\xc9\x9f\xb0\x14\xc2\xeb\xf8\xceE\xad\xa4\x92\f\xef\x870m\xb6\v\xd4g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\nvf3cB\x96\xdd\xcf\xc29$\n\r\x802\xd7\x1b$\x95t\x1c9e}\xfdT\xed\x7fud\x9c\xfeAO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#\x06\x00\x00\x00\x00\x80\x00\x00\xce\xc6r\x85\xcd[\x91\x90=v&\x9681\x94\x13\xb5\xd7p>$\x9f6\x8b\xa6<9\x89%\x16\x14\xb8\xfe\xd2$E\xd9:\x9erz\x04\x00B4 \x9b\xaaX\x01k\x01\x00\x00\x00\x04j\x85A\x1dDI\x02\xac\xd5\xf1\xd6\x9aB\xc5n\x10\xbfy\xec:8J\x12\xd1\xa4\x9fY\x8f\xad!si\x8e\xe2\xc6\x10\xae\xb8z\x1d=X\xc6\xaa\x86\xa3u\x7f\tx\x14r\x03j>f|k\xa3b\xd7<\x15\xe6}\xe6\xe8\xf2\x99\xf5\xec{\xd2\xa7\x97\xc8\xb1\x03T\xf5R\xe0\x1d\x86P\xe8\"k.@\x14<\xdd\xf6\xb2s\xe4\xbc\xba\x9aDsi\x05\xcc\xfd\xc4P\b\x99F\xf3?IP\xa4\x1e\xca\xa4\xca\r\xd6[\xb5l', 0x7) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$inet6(r1, &(0x7f000000a0c0), 0x800000000000193, 0x24010001) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4030000", @ANYRES16=r8, @ANYBLOB="010025bd7000000000003900000008000300", @ANYRES32=r9, @ANYBLOB="10005a800c000080070002004b0a190010005a800c000080050006000000000034015a802c00018005000700010000001e000100186c48030512121b05011203126c0c361848096c060636481b240000280003800500060002000000140005008100ffff0600000009000400ff00010005000700000000003c000280140005000900080000000900d60006000600faff14000500020000020600a183ba040000050006000e0001000c6c022436036c05301600006c000080140003000080090000000101ffff060004000500050007000200000014000500e500f7ff35050030020001809100080005000600000000000500070002000000200002005641570f022519252840130342433a3142350e4042220d3f5712503d05000700010000003400038014000300b500080086000900cb050100080000001100010002101816030418300a12013609000000050004000000000034005a803000018005000400020000000500060000000000140005000700ff7f55724202fbff0100060027cb0500070001000000dc005a80c00002800500040002000000410002001404272c0c2f33184f19301451201d0729364d244b07224013291e211f25195331482b484424184353321920114f1626144c1b1e064154514428304e0100000005000400020000000500040000000000050006000100000005000700000000003a0002003757491c2047240f0f1f3b31012806321f1742511f5551443024244a2c4d382947032b50553541440f04573321260e50321451024d410000140005000300030006000200fcffce00060003001800008014000500cc0006000800090001010200090068b7e8005a80400003800500060002000000150001000416161603161b771603ad1230030b020200000014000500050008000f00080005002d0000020500050006000100000014000380050006000200000005000400020000002c00008014000500040007000700050008000900a300ff031400030000000000080003004000040601040600340002801200010030601660301b020500010218160500001100010048027e126c0b16680b052436160000000700010001180500180003800500070000000000090001000c0416065800000018000080140003000300010005002e0701800500020009003c005a801400038005000400"], 0x3a4}, 0x1, 0x0, 0x0, 0x4000801}, 0x10) setresuid(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000180)={[0x8, 0x3, 0xffffffffffffffff, 0x980b, 0x7, 0x6, 0x2, 0x7fffffff, 0x8, 0x4, 0x3, 0x28000000, 0x1, 0x3, 0xfffffffffffffff8, 0x10000], 0xeeee8000, 0x200}) syz_fuse_handle_req(r10, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0xc8c, 0x16, 0x7, 0x1, 0x0, 0x0, 0x0, 0x60b0aa53c2fe5fc, 0xfffffffe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="44000000000801010000000002000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030006000000"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={0x0, 0x59}) 6.059839302s ago: executing program 2 (id=3094): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000780)={0x20, 0x0, 0x403, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xc, 0xf}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x280c0}, 0x8800) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00'}) sendmsg$can_bcm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000100c00"/16, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000004001"], 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, @val=@target_btf_id=0xffffffffffffffff}, 0x14) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff08"], 0x6f4}}, 0x0) 5.71807142s ago: executing program 2 (id=3095): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_usb_connect(0x5, 0xe4, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d200010000400009046a00067af4190009050f102000"], 0x0) 5.396839254s ago: executing program 0 (id=3098): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = fsopen(&(0x7f0000000140)='vfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) preadv2(r2, 0x0, 0xffffffffffffff54, 0x2, 0x5, 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, &(0x7f0000000100)}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000970057107dd2def805b1ca4a78", @ANYRES16=0x0, @ANYBLOB="00032abd7000fb00000014001f00000000000000000000000000000000010c0016000000"], 0x3c}}, 0x40011) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_AUTHENTICATE(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="bc000000", @ANYRES16=0x0, @ANYBLOB="000225bd7000ffdbdf252500000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900fa000000030000000800350004000000040028001100070078739c24753cfd067434bcaac9000000110007005c7a437d330849f4176c3e7243f94133d3e4000000180050800400050005000200040000000800030005ac0f000a0034000101010101010000080035003b2a183f0a00340002020202020200000800a10000040000050018013900000008009f00040000000800220117000000080026"], 0xbc}}, 0x0) ioctl$XFS_IOC_GETBMAPA(r1, 0xc020582c, &(0x7f0000000080)={0xbe5, 0x1, 0x6, 0x886e, 0x1000}) close_range(r3, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) unshare(0xa040400) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pwrite64(r6, 0x0, 0x0, 0xf90) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x1000, &(0x7f00000003c0)=ANY=[@ANYRES16=0x0, @ANYRESHEX=r7, @ANYBLOB="2cef29b44c2483e70a2d392c279a154abc726f6f746d6f30ab08303030", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r0]) r8 = socket(0x11, 0x2, 0x0) setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) read$FUSE(r7, &(0x7f0000006380)={0x2020}, 0x2020) r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x82002, 0x0) write$dsp(r9, &(0x7f0000000040)='F', 0x1) ioctl$SNDCTL_DSP_SPEED(r9, 0xc0045002, &(0x7f0000000040)=0x10004) r10 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r10, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000000c0)}}], 0x1, 0x4000000) r11 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000000080)={r12, 0x1}, 0x8) 4.950096707s ago: executing program 1 (id=3101): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0x95008100, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace(0x10, r2) 4.576152863s ago: executing program 1 (id=3102): r0 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) (async, rerun: 32) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x430}) (async, rerun: 32) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) (async) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000}) 4.384160824s ago: executing program 0 (id=3103): prctl$PR_SET_THP_DISABLE(0x51, 0x0) io_setup(0x251, &(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x4c, 0x30, 0x400, 0x0, 0x0, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x1c, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x4c}}, 0x84) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x39c, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x2d4, 0x2d4, 0x2d4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xfc, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'team0\x00', {0x6d, 0x6, 0x81, 0x9, 0x8, 0xf, 0x5, 0x20, 0x80}, {0x7}}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@inet=@dscp={{0x24}, {0x4, 0x1}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x40c) clock_adjtime(0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = socket$tipc(0x1e, 0x5, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000280)=@filter={'filter\x00', 0xe, 0x4, 0x344, 0xffffffff, 0x268, 0x0, 0x268, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @remote, [0xffffffff, 0xff, 0xff, 0xff], [0xff000000, 0xff000000, 0xff], 'netdevsim0\x00', 'pim6reg1\x00', {0xff}, {0xff}, 0x0, 0xd, 0x0, 0x2}, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xf6fa, 'syz1\x00', {0xab7}}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_GET_XSAVE(r8, 0x9000aea4, &(0x7f0000001980)) r9 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97O\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r9, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r9, 0x0) 4.269896821s ago: executing program 1 (id=3104): request_key(&(0x7f0000000040)='ceph\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdeeH\xe5+\xf0', 0xffffffffffffffff) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000002680)=[{{0x0, 0x0, 0x0}, 0x280}], 0x1, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r2, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001200)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="60010000100013040000000000000000e0000001000000000000006e71bf3740fb5093f7ca59eb4790e1420000000000fc0100"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000ffffac1414bb000004d432000000ac1414000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff00000000000000000800000000020000000000000000000000000000000000000300000000000000cc000000000000000000000000000000f6000000000000000000000025bd7000000000000a0001010000000070001200726663343330392863636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200100008000000052445c8d64341fc0f7955be128affee2ed503aaf05226141f7b41741b20a32f8c1ea3472"], 0x160}}, 0x0) 4.181345248s ago: executing program 2 (id=3105): r0 = openat$nullb(0xffffff9c, &(0x7f0000000040), 0x40800, 0x0) ioctl$BLKGETSIZE64(r0, 0x80041272, &(0x7f0000000080)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x17e5}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x5c}}, 0x0) syz_usb_connect(0x2, 0x3e, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00000ee000/0xc00000)=nil, 0xc00000, 0x1000001, 0xfbf38a6097b73a1b, r2, 0x108000) quotactl_fd$Q_SYNC(r2, 0x80000303, 0x0, 0x0) 3.812323306s ago: executing program 4 (id=3106): syz_emit_ethernet(0x0, 0x0, 0x0) syz_io_uring_setup(0x34bc, &(0x7f0000000200)={0x0, 0xc3b0, 0x800, 0x1, 0x82}, &(0x7f00000001c0), &(0x7f0000000140), &(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)) sendmsg$nl_route(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$unix(0x1, 0x5, 0x0) socket(0x1e, 0x5, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$video(&(0x7f0000000140), 0x14, 0x303000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_CHANNEL(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x4040004) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0x10000f2}) syz_emit_ethernet(0x33, &(0x7f00000006c0)=ANY=[], 0x0) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r3, &(0x7f00000002c0)=ANY=[], 0x200002e6) fcntl$setpipe(r3, 0x407, 0x100000) 3.260432599s ago: executing program 1 (id=3108): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="020400000000000000223948"]) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x1, 0x1, {"c6b7b7e198082124066b72a4ca8bf843"}, 0x7, 0x7, 0x3}}}, 0xa0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) socket$inet_smc(0x2b, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r5 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_SET_PROPERTY(r5, 0x40086f52, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x17, '\x00', @data=0x14, 0x16}]}) r6 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00z\xab\xc5.\xfa\x15\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14F\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1<\xf8\xca\f\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_\r\x02\xeaM\xbe\x19\xea#\xff\xdd\xff\xb7z\xa3\xed$\x04&R\x983\xcc\xf9\'\x18A1\xc9\x9f\xb0\x14\xc2\xeb\xf8\xceE\xad\xa4\x92\f\xef\x870m\xb6\v\xd4g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\nvf3cB\x96\xdd\xcf\xc29$\n\r\x802\xd7\x1b$\x95t\x1c9e}\xfdT\xed\x7fud\x9c\xfeAO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#\x06\x00\x00\x00\x00\x80\x00\x00\xce\xc6r\x85\xcd[\x91\x90=v&\x9681\x94\x13\xb5\xd7p>$\x9f6\x8b\xa6<9\x89%\x16\x14\xb8\xfe\xd2$E\xd9:\x9erz\x04\x00B4 \x9b\xaaX\x01k\x01\x00\x00\x00\x04j\x85A\x1dDI\x02\xac\xd5\xf1\xd6\x9aB\xc5n\x10\xbfy\xec:8J\x12\xd1\xa4\x9fY\x8f\xad!si\x8e\xe2\xc6\x10\xae\xb8z\x1d=X\xc6\xaa\x86\xa3u\x7f\tx\x14r\x03j>f|k\xa3b\xd7<\x15\xe6}\xe6\xe8\xf2\x99\xf5\xec{\xd2\xa7\x97\xc8\xb1\x03T\xf5R\xe0\x1d\x86P\xe8\"k.@\x14<\xdd\xf6\xb2s\xe4\xbc\xba\x9aDsi\x05\xcc\xfd\xc4P\b\x99F\xf3?IP\xa4\x1e\xca\xa4\xca\r\xd6[\xb5l', 0x7) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$inet6(r1, &(0x7f000000a0c0), 0x800000000000193, 0x24010001) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4030000", @ANYRES16=r8, @ANYBLOB="010025bd7000000000003900000008000300", @ANYRES32=r9, @ANYBLOB="10005a800c000080070002004b0a190010005a800c000080050006000000000034015a802c00018005000700010000001e000100186c48030512121b05011203126c0c361848096c060636481b240000280003800500060002000000140005008100ffff0600000009000400ff00010005000700000000003c000280140005000900080000000900d60006000600faff14000500020000020600a183ba040000050006000e0001000c6c022436036c05301600006c000080140003000080090000000101ffff060004000500050007000200000014000500e500f7ff35050030020001809100080005000600000000000500070002000000200002005641570f022519252840130342433a3142350e4042220d3f5712503d05000700010000003400038014000300b500080086000900cb050100080000001100010002101816030418300a12013609000000050004000000000034005a803000018005000400020000000500060000000000140005000700ff7f55724202fbff0100060027cb0500070001000000dc005a80c00002800500040002000000410002001404272c0c2f33184f19301451201d0729364d244b07224013291e211f25195331482b484424184353321920114f1626144c1b1e064154514428304e0100000005000400020000000500040000000000050006000100000005000700000000003a0002003757491c2047240f0f1f3b31012806321f1742511f5551443024244a2c4d382947032b50553541440f04573321260e50321451024d410000140005000300030006000200fcffce00060003001800008014000500cc0006000800090001010200090068b7e8005a80400003800500060002000000150001000416161603161b771603ad1230030b020200000014000500050008000f00080005002d0000020500050006000100000014000380050006000200000005000400020000002c00008014000500040007000700050008000900a300ff031400030000000000080003004000040601040600340002801200010030601660301b020500010218160500001100010048027e126c0b16680b052436160000000700010001180500180003800500070000000000090001000c0416065800000018000080140003000300010005002e0701800500020009003c005a801400038005000400"], 0x3a4}, 0x1, 0x0, 0x0, 0x4000801}, 0x10) setresuid(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000180)={[0x8, 0x3, 0xffffffffffffffff, 0x980b, 0x7, 0x6, 0x2, 0x7fffffff, 0x8, 0x4, 0x3, 0x28000000, 0x1, 0x3, 0xfffffffffffffff8, 0x10000], 0xeeee8000, 0x200}) syz_fuse_handle_req(r10, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0xc8c, 0x16, 0x7, 0x1, 0x0, 0x0, 0x0, 0x60b0aa53c2fe5fc, 0xfffffffe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="44000000000801010000000002000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030006000000"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={0x0, 0x59}) 2.428122891s ago: executing program 4 (id=3109): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f00000004c0)={0x232, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) 2.167291591s ago: executing program 4 (id=3110): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="020400000000000000223948"]) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000980)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x1, 0x1, {"c6b7b7e198082124066b72a4ca8bf843"}, 0x7, 0x7, 0x3}}}, 0xa0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) socket$inet_smc(0x2b, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r5 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) ioctl$FE_SET_PROPERTY(r5, 0x40086f52, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x17, '\x00', @data=0x14, 0x16}]}) r6 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00z\xab\xc5.\xfa\x15\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14F\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1<\xf8\xca\f\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_\r\x02\xeaM\xbe\x19\xea#\xff\xdd\xff\xb7z\xa3\xed$\x04&R\x983\xcc\xf9\'\x18A1\xc9\x9f\xb0\x14\xc2\xeb\xf8\xceE\xad\xa4\x92\f\xef\x870m\xb6\v\xd4g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\nvf3cB\x96\xdd\xcf\xc29$\n\r\x802\xd7\x1b$\x95t\x1c9e}\xfdT\xed\x7fud\x9c\xfeAO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#\x06\x00\x00\x00\x00\x80\x00\x00\xce\xc6r\x85\xcd[\x91\x90=v&\x9681\x94\x13\xb5\xd7p>$\x9f6\x8b\xa6<9\x89%\x16\x14\xb8\xfe\xd2$E\xd9:\x9erz\x04\x00B4 \x9b\xaaX\x01k\x01\x00\x00\x00\x04j\x85A\x1dDI\x02\xac\xd5\xf1\xd6\x9aB\xc5n\x10\xbfy\xec:8J\x12\xd1\xa4\x9fY\x8f\xad!si\x8e\xe2\xc6\x10\xae\xb8z\x1d=X\xc6\xaa\x86\xa3u\x7f\tx\x14r\x03j>f|k\xa3b\xd7<\x15\xe6}\xe6\xe8\xf2\x99\xf5\xec{\xd2\xa7\x97\xc8\xb1\x03T\xf5R\xe0\x1d\x86P\xe8\"k.@\x14<\xdd\xf6\xb2s\xe4\xbc\xba\x9aDsi\x05\xcc\xfd\xc4P\b\x99F\xf3?IP\xa4\x1e\xca\xa4\xca\r\xd6[\xb5l', 0x7) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmmsg$inet6(r1, &(0x7f000000a0c0), 0x800000000000193, 0x24010001) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4030000", @ANYRES16=r8, @ANYBLOB="010025bd700000000000390000000800", @ANYRES32=r9, @ANYBLOB="10005a800c000080070002004b0a190010005a800c000080050006000000000034015a802c00018005000700010000001e000100186c48030512121b05011203126c0c361848096c060636481b240000280003800500060002000000140005008100ffff0600000009000400ff00010005000700000000003c000280140005000900080000000900d60006000600faff14000500020000020600a183ba040000050006000e0001000c6c022436036c05301600006c000080140003000080090000000101ffff060004000500050007000200000014000500e500f7ff35050030020001809100080005000600000000000500070002000000200002005641570f022519252840130342433a3142350e4042220d3f5712503d05000700010000003400038014000300b500080086000900cb050100080000001100010002101816030418300a12013609000000050004000000000034005a803000018005000400020000000500060000000000140005000700ff7f55724202fbff0100060027cb0500070001000000dc005a80c00002800500040002000000410002001404272c0c2f33184f19301451201d0729364d244b07224013291e211f25195331482b484424184353321920114f1626144c1b1e064154514428304e0100000005000400020000000500040000000000050006000100000005000700000000003a0002003757491c2047240f0f1f3b31012806321f1742511f5551443024244a2c4d382947032b50553541440f04573321260e50321451024d410000140005000300030006000200fcffce00060003001800008014000500cc0006000800090001010200090068b7e8005a80400003800500060002000000150001000416161603161b771603ad1230030b020200000014000500050008000f00080005002d0000020500050006000100000014000380050006000200000005000400020000002c00008014000500040007000700050008000900a300ff031400030000000000080003004000040601040600340002801200010030601660301b020500010218160500001100010048027e126c0b16680b052436160000000700010001180500180003800500070000000000090001000c0416065800000018000080140003000300010005002e0701800500020009003c005a80140003800500040001000000050006000100000024"], 0x3a4}, 0x1, 0x0, 0x0, 0x4000801}, 0x10) setresuid(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000180)={[0x8, 0x3, 0xffffffffffffffff, 0x980b, 0x7, 0x6, 0x2, 0x7fffffff, 0x8, 0x4, 0x3, 0x28000000, 0x1, 0x3, 0xfffffffffffffff8, 0x10000], 0xeeee8000, 0x200}) syz_fuse_handle_req(r10, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0xc8c, 0x16, 0x7, 0x1, 0x0, 0x0, 0x0, 0x60b0aa53c2fe5fc, 0xfffffffe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="44000000000801010000000002000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030006000000"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={0x0, 0x59}) 2.140304111s ago: executing program 1 (id=3111): bpf$MAP_CREATE(0x0, &(0x7f0000004080)=ANY=[@ANYBLOB="02000000040000000400000022bf000000040000", @ANYRES32, @ANYBLOB="0000000000e7ffffffe0fffb959e59b69e9833e1", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = socket(0x10, 0x3, 0x0) openat$fb0(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x4, 0xfe, 0x53, 0x3, 0x58, @mcast2, @mcast2={0xff, 0x5}, 0x8, 0x40, 0xe3a1, 0xcff}}) openat$drirender128(0xffffff9c, &(0x7f0000000040), 0x6b8c80, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00') syz_usb_connect(0x3, 0x24, &(0x7f0000001440)={{0x12, 0x1, 0x201, 0xaf, 0xbf, 0x8c, 0x8, 0xc45, 0x8001, 0x51e7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x70, 0x10, 0x7, "", [{{0x9, 0x4, 0x2d, 0x4, 0x0, 0x86, 0x28, 0x0, 0x1}}]}}]}}, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0}) lseek(r1, 0x4, 0x0) 1.873693694s ago: executing program 0 (id=3112): syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000000980)=""/61, 0x0, 0x2000}) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, 0x0, 0x10000}) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x30}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) fsopen(0x0, 0x1) fchdir(0xffffffffffffffff) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) openat$dsp(0xffffff9c, &(0x7f0000000100), 0x109042, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, [], [0xffffffff], [], [0xfffffffffffffffc]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="4220f6aa"], 0xa) 1.803866881s ago: executing program 4 (id=3113): pipe(&(0x7f0000000080)={0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x10, 0x1, 0x25dffbfe, {0x0, 0x0, 0x0, 0x0, {0xf, 0x5}, {0xa, 0xffff}, {0xe, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xf}, @TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240400c0}, 0x4048084) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = fsopen(&(0x7f0000000040)='tmpfs\x00', 0x1) flistxattr(r1, 0x0, 0xffde) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x0) sendmsg$key(r2, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) ioctl$XFS_IOC_DIOINFO(r2, 0x800c581e, &(0x7f00000001c0)) r3 = socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c) listen(r4, 0x100101) setsockopt$inet6_opts(r4, 0x29, 0x36, &(0x7f0000000180)=@srh={0x62, 0x0, 0x4, 0x0, 0xd4, 0x70, 0x800}, 0x8) accept4(r4, 0x0, 0x0, 0x80800) r5 = socket(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @loopback, 0x6}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="5e546507da93883e8c628a600b17cbe584d2e73c68141965f3fbcf0e16db6e759d420151c6c57504", 0x28}], 0x1}}], 0x1, 0x4046040) writev(r5, &(0x7f00000005c0), 0x34) r6 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000000000/0x4000)=nil) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x1b) shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) write$binfmt_misc(r0, &(0x7f0000000100)="089279a79057a63c65f03340f5fc351c6c6c5638cdc6814d0b9cc42d1905ad83d512e6c17baf5293fe8e6e6f39c039cb375f1de8f39411580ab736104ae792cce10fcfe26bc9f1b92b815380d7227db237e5d30b34c0903a900638de5e05ed7a4237c50e07385fe3696aa7af6104c6bff54ff74ae3df8330077a817d0a84a8dda230d87811dedfbe980ec0eb8cac2de3d2fb758b016c904eff00394ff9a82b45f1a30ac901139817716a49abfda96d1216e54469d894c01427647bd5", 0xbc) splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0) 842.056549ms ago: executing program 2 (id=3114): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x8) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x2000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @empty}}, 0xe4b, 0x8, 0x8000, 0x1, 0x10, 0x1, 0xe}, 0x9c) sendto$inet6(r4, &(0x7f0000000080)='I', 0x1, 0xc0, &(0x7f0000000000)={0xa, 0x4e20, 0xd5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80a}, 0x1c) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000100)={'erspan0\x00', 0x0, 0x10, 0x40, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x8, 0x14, 0x67, 0x0, 0x1, 0x4, 0x0, @remote, @multicast2}}}}) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c000000090601010000000000000000070000042c0008800c00078008000940000000020c0007800500150002000000100007800c0019400000000000000002080009c00000000605000100070000000900020073797a31"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x4010) setsockopt$inet6_int(r5, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) r7 = socket(0x1e, 0x4, 0x0) recvmmsg$unix(r7, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001bc0)=""/207, 0xcf}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000001cc0)=""/187, 0xbb}], 0x3}}, {{0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000001ec0)=""/194, 0xc2}, {&(0x7f0000000b80)=""/4096, 0x1000}, {&(0x7f0000000800)=""/135, 0x87}], 0x3}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000b40)=""/52, 0x34}, {&(0x7f0000002000)=""/164, 0xa4}, {&(0x7f00000009c0)=""/143, 0x8f}, {&(0x7f0000005940)=""/4083, 0xff3}], 0x4}}, {{0x0, 0x0, &(0x7f0000003540)=[{&(0x7f0000000040)=""/26, 0x1a}, {&(0x7f00000002c0)=""/17, 0x11}, {&(0x7f00000008c0)=""/240, 0xf0}, {&(0x7f00000034c0)=""/110, 0x6e}], 0x4}}, {{0x0, 0x0, &(0x7f00000052c0)=[{&(0x7f0000003a80)=""/234, 0xea}, {0x0}, {&(0x7f0000000440)=""/75, 0x4b}, {&(0x7f0000003fc0)=""/4096, 0x1000}, {&(0x7f0000004fc0)=""/230, 0xe6}, {&(0x7f00000050c0)=""/225, 0xe1}, {&(0x7f00000051c0)=""/181, 0xb5}, {&(0x7f0000005280)}], 0x8}}, {{0x0, 0x0, &(0x7f0000003f80)=[{&(0x7f0000006940)=""/4096, 0x1000}], 0x1}}], 0x6, 0x400123a0, 0x0) sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r5, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) setsockopt$inet6_int(r5, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r5, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4) sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000240)={0x3, 0x0, [{0x3, 0x0, 0x0, 0x8, 0x200000, 0xfffffffd, 0x1}, {0x0, 0x6, 0x6, 0x0, 0x7}, {0x5e2796afef1a2f31, 0xffffffff, 0x0, 0x333, 0x4, 0x80000001, 0x8}]}) 808.361288ms ago: executing program 4 (id=3115): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x5c}}, 0x10) sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000) recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d40)=""/4108, 0x100c}], 0x1}, 0x5}], 0x1, 0x10022, 0x0) (fail_nth: 2) 553.789408ms ago: executing program 1 (id=3116): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000280)={0x3, 0x100, 0x80000, 0x4, 0x80000, 0x2}) 0s ago: executing program 4 (id=3117): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000000200)=[0x1], 0x0, 0x2) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000085804184000000000000109022400010000402009040000020300010009210700000122050009058103"], 0x0) syz_open_dev$I2C(&(0x7f0000000140), 0x9, 0x48400) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x14, 0x0, 0x0, &(0x7f0000000380)=ANY=[], 0x0}, 0x0) openat$sndseq(0xffffff9c, &(0x7f0000000100), 0x60900) socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x705, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010102}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01030003000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2, 0x0, 0x0, 0x2, 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x4) sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x7400, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x18, &(0x7f0000000040)={0x20, 0xf, 0x4d, {0x4d, 0xa, "d23e52e3e36cc7cc8ce3ac7d4dfdece0979b047d7a547dc12f778416859f38292155e9ebff340231198797d3ffd3f3a3bf9dffb3b5ae526a5392d18352df63651cb45d948d8dd397d4f773"}}, &(0x7f0000000840)=ANY=[@ANYBLOB="0003a2000000b203566d99a271f961792f14d4771ee6a9ff7ff650a8512d38df0cd86fe025c3c2d43a9e8bab25da122ce6668b404e60c48589030d4f4cd73b7f06e1930b167a64580696b3b42781a35d675ad0b466b85e2c3b3c1b4c9b99cb04cb95d17b1e9f49231488dc1c6444ed7eaf591d0887d7a01ae36bf882676afb0f29991d8380da75cc875df2cbfd1886cbb216e182016baf953f0ed8fd546fb0e777f0762ef8ad94723cfe032bfd473b9ac1080b8d1fb7d78ef43af8bf095e488ecf2d26126c2577a5ca030005a1af55e437090100000000000000b7483de3924a5f758112384ab9975acac905799fec4d56d2ab73d3a6a04b369b554db46d6cf79797caedb6e3dc36c325c773d1ee9ff9a9617e33c8271f4da902b1a957e3f0a106e0c119ad0987fdddea5c09e25245fae2ba5510455047aaa53a8cdf30bd2ec9b3ea5ef2a4c176a63e5dc901000000fd771205a740dfff7f00ff97c7d4ef89b8ed6039f0cf8ff046bc9ebccc727bca624ec54bfaac5b45f37f276bb84023b5cb1c62de34e8d7f9916639344fe706965803269844ee69b7e7aaa0382cd770d85b7dade667e1124c158588060f8a8f27a7c39cfa5341c4b390daab9f2d0684280d500ba5be874c967f28149abbca2541b323fd0bc4ef58c9ee588be1f097c341d1a24566c028962425986f332741de7ba45adaa19885bbeadff38d1b52e7edf4e90ff68b20b59f31af491669c102f96743835a3e077b262202e38f62bfbe5b4520753df343812fa93263d170cdc872cdd603bc86097de25885dd03bfd97991484f37084172b7842714f107369716faca25ef004550c6d41431b7ae0a179a0bcb8406bedd6641d5780c6a5b96e66a890c2e10bc9758c51a6bdaadef5a704933030fd0ed9ee41c0b1881d514d7f5188d9ec6cfe1e80b088c256562243ab380e3a88149ad821c6d6ec9c9ac26ad6ff1d53e2fa23b04ee2420f04737958d38be21a81d57607b51"], &(0x7f0000000240)=ANY=[@ANYBLOB="000f48000000050f48000607100204c9feff0a1003e9ffff0848060018100a02231000000f0f05007ffe00000f000000003f000003100b03100b14100a18a2ffffff0f1f0100c0000000f03fff00"], &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x75, 0x0, 0x8, 0x5, "b001f9fb", "145daca2"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x3, 0x6, 0x77, 0x4, 0x3, 0x401}}}, &(0x7f00000007c0)={0x44, &(0x7f0000000b40)=ANY=[@ANYBLOB="200f6e000000884720d990d428f8f16c0bb20f760b4decd01b4c98a71ba18a93891dd443f8663a33fedd31f37294ba455e19a7ef39bb701516bbaa9cc9914c523da06e8f856c79d7351f63bb59201ed78d1273618886bb12e0cef00328c8ae3a0cee1a9fa48ec0620215ed00979dea0abf841153bd52866a603e1917cef2b1eea7aac5b537986f23c5a492c962f01ae649941a73ee25b1a62bbbd1b7d44b4976888249358d984e4c150aa9a94e2db72274921215f8e81a7f35f88c1dc6ce78afdff815dd52c25e2a8210d3ef3ee86a4e8eb9687524f11a25975c8d7f52570621500355d91f3127f371f37193d4b7f4027999ef153728d41cba6db827e26096d4f83c9509b21c8a18e567a49a87181907bae6975f1f3f8b1ac8611567e8c68f6cb952b3bc15a053cb17f07e3322806abe7a43f4baaa55d84413dde1"], &(0x7f0000000400)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x400}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000580)={0x40, 0xb, 0x2, ' {'}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000600)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000640)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000680)={0x40, 0x19, 0x2, '\r8'}, &(0x7f00000006c0)={0x40, 0x1a, 0x2, 0xfffe}, &(0x7f0000000700)={0x40, 0x1c, 0x1, 0x81}, &(0x7f0000000740)={0x40, 0x1e, 0x1, 0xf}, &(0x7f0000000780)={0x40, 0x21, 0x1, 0x1}}) kernel console output (not intermixed with test programs): an invalid length. [ 763.998568][ T5721] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 764.018891][T14355] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2897'. [ 764.036585][ T5721] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 764.053632][ T995] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 764.100893][ T995] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 764.106393][T14301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.126610][ T5721] usb 3-1: USB disconnect, device number 63 [ 764.161390][ T995] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 764.217082][ T24] radio-raremono 1-1:0.35: raremono_cmd_main failed (-71) [ 764.277153][ T24] radio-raremono 1-1:0.35: V4L2 device registered as radio48 [ 764.326698][ T24] usb 1-1: USB disconnect, device number 33 [ 764.335093][ T4950] Bluetooth: hci0: command tx timeout [ 764.340937][ T24] radio-raremono 1-1:0.35: Thanko's Raremono disconnected [ 764.433366][T14301] team0: Port device team_slave_0 added [ 764.576011][ T995] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 764.683425][T14301] team0: Port device team_slave_1 added [ 764.747680][ T995] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 764.762608][ T995] usb 4-1: config 0 has no interface number 0 [ 764.806725][ T995] usb 4-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 764.841341][ T995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.876397][ T995] usb 4-1: Product: syz [ 764.893462][ T995] usb 4-1: Manufacturer: syz [ 764.908651][ T995] usb 4-1: SerialNumber: syz [ 764.942619][ T995] usb 4-1: config 0 descriptor?? [ 764.954619][ T42] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 764.967475][T14301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 764.978325][ T995] usb 4-1: selecting invalid altsetting 1 [ 765.000965][T14301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 765.028348][ T995] dvb_ttusb_budget: ttusb_init_controller: error [ 765.039829][ T995] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 765.052101][T14301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 765.098483][T14301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 765.115043][T14301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 765.115066][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 765.164559][T14301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 765.177532][ T995] DVB: Unable to find symbol stv0299_attach() [ 765.221459][ T42] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 765.275252][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 765.339448][ T42] pvrusb2: Hardware description: Terratec Grabster AV400 [ 765.361223][ T42] pvrusb2: ********** [ 765.383307][ T42] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 765.411385][ T12] hsr_slave_0: left promiscuous mode [ 765.419986][ T995] DVB: Unable to find symbol tda8083_attach() [ 765.428561][ T42] pvrusb2: Important functionality might not be entirely working. [ 765.452498][ T12] hsr_slave_1: left promiscuous mode [ 765.462971][ T42] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 765.477489][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 765.498693][ T995] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 765.500189][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 765.515162][ T42] pvrusb2: ********** [ 765.540102][ T2369] pvrusb2: Invalid write control endpoint [ 765.561974][ T995] usb 4-1: USB disconnect, device number 7 [ 765.792278][ T42] usb 3-1: USB disconnect, device number 64 [ 765.840290][ T2369] pvrusb2: Invalid write control endpoint [ 765.866194][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 765.900742][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 765.932152][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 765.968287][ T2369] pvrusb2: Device being rendered inoperable [ 765.991284][ T2369] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 766.025861][ T2369] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 766.046660][ T2369] pvrusb2: Attached sub-driver cx25840 [ 766.069388][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 766.102924][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 766.234563][ T995] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 766.407751][ T995] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 766.417168][ T4950] Bluetooth: hci0: command tx timeout [ 766.436801][ T995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.481796][ T995] usb 4-1: config 0 descriptor?? [ 766.733806][T14391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2903'. [ 766.787238][ T12] team0 (unregistering): Port device team_slave_1 removed [ 766.868716][ T12] team0 (unregistering): Port device team_slave_0 removed [ 766.893699][T14409] program syz.2.2906 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 767.035535][T14413] netlink: 'syz.2.2906': attribute type 7 has an invalid length. [ 767.048478][ T995] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 767.278520][ T995] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 767.286713][ T995] [drm] Initialized udl on minor 2 [ 767.418369][T14408] tipc: Enabling of bearer rejected, failed to enable media [ 767.448234][ T5296] 8021q: adding VLAN 0 to HW filter on device eth2 [ 767.469521][ T995] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 767.510194][ T995] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 767.529315][T14301] hsr_slave_0: entered promiscuous mode [ 767.546697][ T5721] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 767.564796][T14301] hsr_slave_1: entered promiscuous mode [ 767.590436][ T5721] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 767.598670][ T995] usb 4-1: USB disconnect, device number 8 [ 767.611171][T14301] debugfs: 'hsr0' already exists in 'hsr' [ 767.621799][T14301] Cannot create hsr debugfs directory [ 767.658455][ T5721] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 768.304843][T14427] batadv_slave_1: entered promiscuous mode [ 768.314547][ T24] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 768.372446][T14427] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 768.386931][ T12] IPVS: stop unused estimator thread 0... [ 768.534600][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 768.554974][ T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 768.580522][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.614107][T14435] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 768.659615][ T24] pvrusb2: Hardware description: Terratec Grabster AV400 [ 768.675748][T14427] batadv_slave_1: left promiscuous mode [ 768.711511][ T24] pvrusb2: ********** [ 768.727177][ T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 768.811204][ T24] pvrusb2: Important functionality might not be entirely working. [ 768.908683][ T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 768.930182][ T24] pvrusb2: ********** [ 768.948453][ T2369] pvrusb2: Invalid write control endpoint [ 769.218701][ T2369] pvrusb2: Invalid write control endpoint [ 769.252701][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 769.277301][ T42] usb 2-1: USB disconnect, device number 42 [ 769.305698][T14446] batadv_slave_1: entered promiscuous mode [ 769.311658][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 769.337315][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 769.380284][ T2369] pvrusb2: Device being rendered inoperable [ 769.403852][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 769.434758][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 769.463825][T14446] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 769.501261][ T2369] pvrusb2: Attached sub-driver cx25840 [ 769.518658][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 769.551436][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 769.683578][T14446] batadv_slave_1: left promiscuous mode [ 769.966599][ T5721] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 770.157692][ T5721] usb 1-1: Using ep0 maxpacket: 32 [ 770.177329][ T5721] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 770.206185][ T5721] usb 1-1: config 0 has no interface number 0 [ 770.232106][ T5721] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 770.274626][ T5721] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 770.288851][ T5721] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 770.320221][ T5721] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.363243][ T5721] usb 1-1: Product: syz [ 770.380963][ T5721] usb 1-1: Manufacturer: syz [ 770.412739][ T5721] usb 1-1: SerialNumber: syz [ 770.472393][ T5721] usb 1-1: config 0 descriptor?? [ 770.759437][ T5721] radio-si470x 1-1:0.35: this is not a si470x device. [ 770.813045][T14301] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 770.829137][ T5721] radio-raremono 1-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 770.907800][T14301] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 770.931785][T14301] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 771.021859][T14301] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 771.032610][T14301] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 771.091112][T14301] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 771.123728][T14301] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 771.191568][T14301] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 771.218965][T14453] netlink: 'syz.0.2911': attribute type 1 has an invalid length. [ 771.240786][T14453] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2911'. [ 771.285788][ T5721] radio-raremono 1-1:0.35: raremono_cmd_main failed (-71) [ 771.336103][ T5721] radio-raremono 1-1:0.35: V4L2 device registered as radio48 [ 771.372748][ T5721] usb 1-1: USB disconnect, device number 34 [ 771.403246][ T5721] radio-raremono 1-1:0.35: Thanko's Raremono disconnected [ 771.734647][T14301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 771.773886][T14301] 8021q: adding VLAN 0 to HW filter on device team0 [ 771.807494][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.814696][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 771.840944][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.848161][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 771.915719][ T5721] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 771.959324][T14301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.013084][T14301] veth0_vlan: entered promiscuous mode [ 772.031384][T14301] veth1_vlan: entered promiscuous mode [ 772.075028][ T5721] usb 3-1: Using ep0 maxpacket: 8 [ 772.087234][ T5721] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 772.108651][T14301] veth0_macvtap: entered promiscuous mode [ 772.117168][ T5721] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 772.141387][T14301] veth1_macvtap: entered promiscuous mode [ 772.149925][ T5721] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 772.189744][ T5721] usb 3-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 772.200462][T14301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 772.208996][ T5721] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.231653][ T5721] usb 3-1: config 0 descriptor?? [ 772.231875][T14301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 772.520633][ T1112] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.530202][ T1112] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.549912][ T1112] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.591664][ T1112] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 772.623460][T14488] ip6t_REJECT: ECHOREPLY is not supported [ 772.704239][T14475] netlink: 'syz.2.2913': attribute type 1 has an invalid length. [ 772.782898][T14481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2913'. [ 772.874198][T14475] bond5: entered promiscuous mode [ 772.905834][T14475] bond5: entered allmulticast mode [ 772.936585][ T5721] kye 0003:0458:4018.0022: reserved main item tag 0xd [ 772.946438][T14475] 8021q: adding VLAN 0 to HW filter on device bond5 [ 772.967800][ T5721] kye 0003:0458:4018.0022: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.2-1/input0 [ 773.070861][T14481] bond5 (unregistering): Released all slaves [ 773.323192][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.349589][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 773.482450][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.492057][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 773.622684][ T5704] usb 3-1: USB disconnect, device number 65 [ 774.194488][ T5939] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 774.364835][ T5939] usb 5-1: Using ep0 maxpacket: 8 [ 774.378425][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 774.393510][ T5634] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 774.404496][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 774.436899][ T5939] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 774.480776][ T5939] usb 5-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 774.516486][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 774.564556][ T5634] usb 2-1: Using ep0 maxpacket: 8 [ 774.573679][ T5939] usb 5-1: config 0 descriptor?? [ 774.594070][ T5634] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 774.661154][ T5634] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 774.707570][ T5634] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 774.752361][ T5634] usb 2-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 774.786768][ T5634] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 774.850003][ T5634] usb 2-1: config 0 descriptor?? [ 774.887839][T14518] batadv_slave_1: entered promiscuous mode [ 775.031429][T14504] netlink: 'syz.4.2884': attribute type 1 has an invalid length. [ 775.059596][T14518] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 775.074844][T14504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2884'. [ 775.109436][ T5939] kye 0003:0458:4018.0023: reserved main item tag 0xd [ 775.156484][ T5939] kye 0003:0458:4018.0023: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.4-1/input0 [ 775.345479][T14509] netlink: 'syz.1.2916': attribute type 1 has an invalid length. [ 775.392731][ T5939] usb 5-1: USB disconnect, device number 12 [ 775.452880][T14531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2916'. [ 775.570274][ T5634] kye 0003:0458:4018.0024: reserved main item tag 0xd [ 775.606649][ T5634] kye 0003:0458:4018.0024: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.1-1/input0 [ 775.733964][T14509] bond5: entered promiscuous mode [ 775.814826][T14509] bond5: entered allmulticast mode [ 775.838525][T14509] 8021q: adding VLAN 0 to HW filter on device bond5 [ 775.985196][T14531] bond5 (unregistering): Released all slaves [ 776.127060][T14545] program syz.4.2921 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 776.145630][ T995] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 776.170644][T14525] batadv_slave_1: left promiscuous mode [ 776.210369][ T5704] usb 2-1: USB disconnect, device number 43 [ 776.241616][T14545] netlink: 904 bytes leftover after parsing attributes in process `syz.4.2921'. [ 776.315386][ T995] usb 4-1: Using ep0 maxpacket: 8 [ 776.343645][ T995] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 776.355722][T14551] netlink: 'syz.4.2921': attribute type 7 has an invalid length. [ 776.372553][ T995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.438646][ T995] pvrusb2: Hardware description: Terratec Grabster AV400 [ 776.446517][ T995] pvrusb2: ********** [ 776.450577][ T995] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 776.529862][ T995] pvrusb2: Important functionality might not be entirely working. [ 776.558974][ T995] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 776.581249][ T995] pvrusb2: ********** [ 776.671411][ T2369] pvrusb2: Invalid write control endpoint [ 776.750196][ T2369] pvrusb2: Invalid write control endpoint [ 776.771104][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 776.805606][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 776.871425][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 776.884770][ T5634] usb 4-1: USB disconnect, device number 9 [ 776.951065][ T2369] pvrusb2: Device being rendered inoperable [ 776.974283][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 776.992900][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 777.021099][ T2369] pvrusb2: Attached sub-driver cx25840 [ 777.037869][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 777.051066][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 777.244988][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 777.405930][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 777.432347][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 777.482472][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 777.546186][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 777.628907][ T9] usb 2-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 777.659063][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.672243][T14574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2925'. [ 777.720716][ T9] usb 2-1: config 0 descriptor?? [ 777.872504][T14577] program syz.3.2926 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 778.002619][T14577] netlink: 292 bytes leftover after parsing attributes in process `syz.3.2926'. [ 778.109856][T14578] netlink: 'syz.3.2926': attribute type 7 has an invalid length. [ 778.196322][T14562] netlink: 'syz.1.2923': attribute type 1 has an invalid length. [ 778.284172][T14562] bond5: entered promiscuous mode [ 778.289936][T14562] bond5: entered allmulticast mode [ 778.296816][T14562] 8021q: adding VLAN 0 to HW filter on device bond5 [ 778.309153][T14580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2923'. [ 778.446693][T14580] bond5 (unregistering): Released all slaves [ 778.471891][ T9] kye 0003:0458:4018.0025: reserved main item tag 0xd [ 778.532306][ T9] kye 0003:0458:4018.0025: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.1-1/input0 [ 778.808338][ T9] usb 2-1: USB disconnect, device number 44 [ 779.384511][ T42] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 779.414546][ T5634] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 779.594898][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 779.606912][ T42] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 779.618690][ T5634] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 779.641043][ T5634] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.649388][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.675332][ T5634] usb 4-1: config 0 descriptor?? [ 779.711455][ T42] pvrusb2: Hardware description: Terratec Grabster AV400 [ 779.721560][ T42] pvrusb2: ********** [ 779.725830][ T42] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 779.739598][ T42] pvrusb2: Important functionality might not be entirely working. [ 779.750918][ T42] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 779.756836][ T5704] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 779.770264][ T42] pvrusb2: ********** [ 779.909672][ T2369] pvrusb2: Invalid write control endpoint [ 779.923466][T14589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2930'. [ 779.952800][ T5704] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 779.982154][ T5704] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.013816][T14589] tipc: Enabling of bearer rejected, failed to enable media [ 780.027036][ T5704] usb 2-1: config 0 descriptor?? [ 780.077109][ T5634] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 780.099882][ T2369] pvrusb2: Invalid write control endpoint [ 780.110083][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 780.122441][ T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 780.144114][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 780.166998][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 780.190711][ T2369] pvrusb2: Device being rendered inoperable [ 780.205799][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 780.209153][T14587] pvrusb2: Attempted to execute control transfer when device not ok [ 780.225199][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 780.241504][ T42] usb 3-1: USB disconnect, device number 66 [ 780.260827][T14591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2931'. [ 780.274155][ T2369] pvrusb2: Attached sub-driver cx25840 [ 780.293314][ T9] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 780.310628][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 780.332849][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.346877][T14591] tipc: Enabling of bearer rejected, failed to enable media [ 780.355317][ T5634] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 780.363615][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 780.373732][ T5634] [drm] Initialized udl on minor 2 [ 780.393469][ T9] usb 1-1: config 0 descriptor?? [ 780.422937][ T5704] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 780.491822][ T5634] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 780.506015][ T5634] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 780.513799][ T5939] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 780.529683][ T5939] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 780.544465][ T5634] usb 4-1: USB disconnect, device number 10 [ 780.618004][T14595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2933'. [ 780.645405][T14595] tipc: Enabling of bearer rejected, failed to enable media [ 780.659379][ T9] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 780.684088][ T5704] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 3 [ 780.706146][ T5704] [drm] Initialized udl on minor 3 [ 780.849092][ T5704] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 780.878117][ T5704] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 780.889377][ T9] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 4 [ 780.910156][ T5721] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 780.920390][ T9] [drm] Initialized udl on minor 4 [ 780.939436][ T5721] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 780.956498][ T5704] usb 2-1: USB disconnect, device number 45 [ 781.072770][ T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 781.083515][ T9] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 781.158106][ T5721] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 781.172493][ T9] usb 1-1: USB disconnect, device number 35 [ 781.187372][T14606] ip6t_REJECT: ECHOREPLY is not supported [ 781.196749][ T5721] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 781.399400][T14611] ip6t_REJECT: ECHOREPLY is not supported [ 781.707012][T14615] ip6t_REJECT: ECHOREPLY is not supported [ 781.930376][T14619] ip6t_REJECT: ECHOREPLY is not supported [ 784.386583][T14638] batadv_slave_1: entered promiscuous mode [ 784.414643][ T9] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 784.486137][T14638] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 784.577032][ T9] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 784.602904][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.649991][ T9] usb 2-1: config 0 descriptor?? [ 784.784594][ T5634] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 784.799379][T14638] batadv_slave_1: left promiscuous mode [ 784.881659][T14636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2944'. [ 784.926689][T14636] tipc: Enabling of bearer rejected, failed to enable media [ 784.977918][ T9] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 784.986414][ T5634] usb 1-1: config 0 has no interfaces? [ 784.994071][ T5634] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 785.012326][ T5634] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.036505][ T5634] usb 1-1: config 0 descriptor?? [ 785.233720][ T9] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 785.247045][ T9] [drm] Initialized udl on minor 2 [ 785.274524][T14643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 785.301299][T14643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 785.373339][T14643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 785.400775][T14643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 785.412222][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 785.443712][ T5634] usb 1-1: USB disconnect, device number 36 [ 785.454731][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 785.500122][ T5721] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 785.521333][ T9] usb 2-1: USB disconnect, device number 46 [ 785.532477][ T5721] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 785.994497][ T5634] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 786.147820][ T5634] usb 1-1: Using ep0 maxpacket: 8 [ 786.156654][ T5634] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 786.174821][ T5634] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 786.207214][ T5634] usb 1-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 786.221276][ T5634] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.258899][ T5634] usb 1-1: Product: syz [ 786.278407][ T5634] usb 1-1: Manufacturer: syz [ 786.290233][ T5634] usb 1-1: SerialNumber: syz [ 786.309541][ T5634] usb 1-1: config 0 descriptor?? [ 786.354488][ T5704] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 786.524403][ T5704] usb 2-1: Using ep0 maxpacket: 32 [ 786.546637][ T5704] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 786.561994][ T5634] usb 1-1: USB disconnect, device number 37 [ 786.598144][ T5704] usb 2-1: config 0 has no interface number 0 [ 786.617408][ T5704] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 786.647883][ T5704] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 786.683750][ T5704] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 786.713929][ T5704] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.739591][ T5704] usb 2-1: Product: syz [ 786.751447][ T5704] usb 2-1: Manufacturer: syz [ 786.762410][ T5704] usb 2-1: SerialNumber: syz [ 786.783379][ T5704] usb 2-1: config 0 descriptor?? [ 787.008125][ T5704] radio-si470x 2-1:0.35: this is not a si470x device. [ 787.056650][ T5704] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 787.282378][T14648] sit0: entered promiscuous mode [ 787.307649][T14648] netlink: 'syz.1.2947': attribute type 1 has an invalid length. [ 787.324535][T14648] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2947'. [ 787.395452][T14653] batadv_slave_1: entered promiscuous mode [ 787.430192][ T5704] radio-raremono 2-1:0.35: raremono_cmd_main failed (-71) [ 787.496949][ T5704] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 787.517114][T14659] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2950'. [ 787.544401][ T5704] usb 2-1: USB disconnect, device number 47 [ 787.559084][ T5704] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 787.673224][T14662] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 787.977260][T14653] batadv_slave_1: left promiscuous mode [ 788.029206][T14667] ip6t_REJECT: ECHOREPLY is not supported [ 788.441995][T14673] program syz.1.2954 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 788.486920][T14673] fuse: Bad value for 'fd' [ 788.510209][T14673] netlink: 'syz.1.2954': attribute type 7 has an invalid length. [ 788.749430][T14675] program syz.1.2955 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 788.796526][T14675] fuse: Bad value for 'fd' [ 788.807988][T14675] netlink: 'syz.1.2955': attribute type 7 has an invalid length. [ 789.376315][ T5634] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 789.544840][ T5634] usb 5-1: Using ep0 maxpacket: 8 [ 789.552063][ T5634] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 789.564477][ T5634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.603531][ T5634] pvrusb2: Hardware description: Terratec Grabster AV400 [ 789.626284][ T5634] pvrusb2: ********** [ 789.638720][ T5634] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 789.662874][ T5634] pvrusb2: Important functionality might not be entirely working. [ 789.683196][ T5634] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 789.709412][ T5634] pvrusb2: ********** [ 789.797591][ T2369] pvrusb2: Invalid write control endpoint [ 789.913445][ T2369] pvrusb2: Invalid write control endpoint [ 789.941035][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 789.966553][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 789.983647][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 790.004065][ T2369] pvrusb2: Device being rendered inoperable [ 790.024521][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 790.038850][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 790.050044][T14679] pvrusb2: Attempted to execute control transfer when device not ok [ 790.055193][ T5721] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 790.084646][ T2369] pvrusb2: Attached sub-driver cx25840 [ 790.089114][ T42] usb 5-1: USB disconnect, device number 13 [ 790.097022][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 790.109088][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 790.229293][ T5721] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 790.251405][ T5721] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.279825][ T5721] usb 4-1: config 0 descriptor?? [ 790.296707][ T5634] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 790.500909][ T5634] usb 2-1: config 0 has no interfaces? [ 790.518323][T14686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2959'. [ 790.536808][ T5634] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 790.547134][ T5634] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.565003][ T5634] usb 2-1: config 0 descriptor?? [ 790.643542][T14686] tipc: Enabling of bearer rejected, failed to enable media [ 790.690319][ T5721] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 790.790888][T14689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.821094][T14689] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.840295][T14696] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2962'. [ 790.859092][T14689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.892864][T14689] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.920784][ T5721] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 790.934872][ T5704] usb 2-1: USB disconnect, device number 48 [ 790.953124][ T5721] [drm] Initialized udl on minor 2 [ 791.105502][ T5721] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 791.130771][ T5721] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 791.163012][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 791.178188][ T5721] usb 4-1: USB disconnect, device number 11 [ 791.185885][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 791.394737][ T5704] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 791.565631][ T5704] usb 2-1: Using ep0 maxpacket: 8 [ 791.575124][ T5704] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 791.603182][ T5704] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 791.641584][ T5704] usb 2-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 791.662492][ T5704] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.687252][ T5704] usb 2-1: Product: syz [ 791.704148][ T5704] usb 2-1: Manufacturer: syz [ 791.722558][ T5704] usb 2-1: SerialNumber: syz [ 791.755567][ T5704] usb 2-1: config 0 descriptor?? [ 791.849362][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2966'. [ 791.866404][ T5939] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 791.981644][ T42] usb 2-1: USB disconnect, device number 49 [ 792.049203][ T5939] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 792.059197][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.076871][ T5939] usb 5-1: config 0 descriptor?? [ 792.308292][T14703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2965'. [ 792.339990][ T29] audit: type=1326 audit(1781249110.252:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.391054][T14703] tipc: Enabling of bearer rejected, failed to enable media [ 792.401510][ T29] audit: type=1326 audit(1781249110.282:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.429014][ T29] audit: type=1326 audit(1781249110.282:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.454997][ T29] audit: type=1326 audit(1781249110.282:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.485103][ T29] audit: type=1326 audit(1781249110.282:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.516508][ T5939] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 792.525020][T14707] syzkaller0: entered promiscuous mode [ 792.530898][T14707] syzkaller0: entered allmulticast mode [ 792.541721][ T29] audit: type=1326 audit(1781249110.302:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.593683][ T29] audit: type=1326 audit(1781249110.342:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.621585][ T29] audit: type=1326 audit(1781249110.352:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.669973][ T29] audit: type=1326 audit(1781249110.352:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.771609][ T5939] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 792.788378][ T5939] [drm] Initialized udl on minor 2 [ 792.904853][ T29] audit: type=1326 audit(1781249110.352:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.3.2967" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fef01c code=0x7ffc0000 [ 792.930610][ T5939] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 792.947496][ T5939] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 792.955689][ T5634] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 792.990757][ T5939] usb 5-1: USB disconnect, device number 14 [ 792.998174][ T5634] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 793.016808][ T5634] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 793.444430][ T9] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 793.619546][ T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 793.668083][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.698984][T14730] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2973'. [ 793.715812][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.746917][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 793.790517][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 793.820174][ T9] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 793.824064][T14732] batadv_slave_1: entered promiscuous mode [ 793.888366][ T9] usb 2-1: Manufacturer: syz [ 793.897342][T14732] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 793.916371][ T9] usb 2-1: config 0 descriptor?? [ 794.107003][T14732] batadv_slave_1: left promiscuous mode [ 794.224539][ T5634] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 794.406120][ T5634] usb 5-1: Using ep0 maxpacket: 8 [ 794.429710][ T5634] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 794.430454][T14739] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2976'. [ 794.477296][ T5634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.486552][ T5939] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 794.507900][ T5634] pvrusb2: Hardware description: Terratec Grabster AV400 [ 794.521169][ T5634] pvrusb2: ********** [ 794.531559][ T5634] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 794.570923][ T5634] pvrusb2: Important functionality might not be entirely working. [ 794.589483][ T5634] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 794.613918][ T5634] pvrusb2: ********** [ 794.713251][ T2369] pvrusb2: Invalid write control endpoint [ 794.847624][ T2369] pvrusb2: Invalid write control endpoint [ 794.879007][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 794.903788][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 794.920053][ T5634] usb 5-1: USB disconnect, device number 15 [ 794.932375][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 794.959829][ T2369] pvrusb2: Device being rendered inoperable [ 794.971632][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 794.998534][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 795.026908][ T2369] pvrusb2: Attached sub-driver cx25840 [ 795.037745][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 795.060412][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 795.073559][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 795.085084][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 795.098567][ T9] usb 2-1: USB disconnect, device number 50 [ 795.614579][ T5939] usb 1-1: device descriptor read/64, error -71 [ 795.809136][T14751] input: syz0 as /devices/virtual/input/input67 [ 795.847191][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 795.875649][ T5939] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 796.036400][ T9] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 796.052664][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.076135][T14755] netlink: 'syz.3.2982': attribute type 1 has an invalid length. [ 796.086203][ T5939] usb 1-1: config 0 has no interfaces? [ 796.092632][ T5939] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 796.093143][ T9] usb 5-1: config 0 descriptor?? [ 796.130196][ T5939] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.151808][T14757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2982'. [ 796.167254][ T5939] usb 1-1: config 0 descriptor?? [ 796.230316][T14755] bond3: entered promiscuous mode [ 796.238830][T14755] bond3: entered allmulticast mode [ 796.249627][T14755] 8021q: adding VLAN 0 to HW filter on device bond3 [ 796.286861][T14757] bond3 (unregistering): Released all slaves [ 796.344278][T14750] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2980'. [ 796.396623][T14745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 796.416516][T14745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 796.455927][T14745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 796.482475][T14745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 796.493421][T14750] tipc: Enabling of bearer rejected, failed to enable media [ 796.516638][ T10] usb 1-1: USB disconnect, device number 39 [ 796.563252][ T9] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 796.788930][ T9] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 796.805412][ T9] [drm] Initialized udl on minor 2 [ 796.966375][ T5939] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 796.981014][ T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 797.003194][ T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 797.013529][ T5721] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 797.028977][ T9] usb 5-1: USB disconnect, device number 16 [ 797.038714][ T5721] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 797.136498][ T5939] usb 1-1: Using ep0 maxpacket: 8 [ 797.146598][ T5939] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 797.163317][ T5939] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 797.178114][ T5939] usb 1-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 797.194377][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.202649][ T5939] usb 1-1: Product: syz [ 797.207438][ T5939] usb 1-1: Manufacturer: syz [ 797.212152][ T5939] usb 1-1: SerialNumber: syz [ 797.225378][ T5939] usb 1-1: config 0 descriptor?? [ 797.284609][ T24] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 797.434278][ T9] usb 1-1: USB disconnect, device number 40 [ 797.453689][ T24] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 797.462927][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.471190][ T24] usb 3-1: Product: syz [ 797.477158][ T24] usb 3-1: Manufacturer: syz [ 797.481807][ T24] usb 3-1: SerialNumber: syz [ 797.491210][ T24] usb 3-1: config 0 descriptor?? [ 797.500431][ T24] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 067 [ 797.665486][ T5939] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 797.845719][ T5939] usb 4-1: Using ep0 maxpacket: 8 [ 797.853027][ T5939] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 797.862430][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.864954][ T5721] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 797.886867][ T5939] pvrusb2: Hardware description: Terratec Grabster AV400 [ 797.894089][ T5939] pvrusb2: ********** [ 797.900971][ T5939] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 797.911280][ T5939] pvrusb2: Important functionality might not be entirely working. [ 797.919420][ T5939] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 797.931014][ T5939] pvrusb2: ********** [ 797.947445][T14769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 797.960243][T14769] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.037576][ T5721] usb 5-1: config 0 has an invalid interface number: 106 but max is 0 [ 798.039142][ T24] (null): failure reading functionality [ 798.055961][ T5721] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 798.088992][ T5721] usb 5-1: config 0 has no interface number 0 [ 798.096050][ T24] i2c i2c-1: failure reading functionality [ 798.102660][ T2369] pvrusb2: Invalid write control endpoint [ 798.113996][ T24] i2c i2c-1: connected i2c-tiny-usb device [ 798.132582][ T5721] usb 5-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 798.148708][ T24] usb 3-1: USB disconnect, device number 67 [ 798.175136][ T5721] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 798.203268][ T5721] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.240742][ T5721] usb 5-1: config 0 descriptor?? [ 798.272554][ T2369] pvrusb2: Invalid write control endpoint [ 798.290026][ T5721] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 798.312740][ T5939] usb 4-1: USB disconnect, device number 12 [ 798.314707][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 798.329675][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 798.341160][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 798.359164][ T2369] pvrusb2: Device being rendered inoperable [ 798.366870][ T2369] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 798.374069][ T2369] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 798.385073][ T2369] pvrusb2: Attached sub-driver cx25840 [ 798.390865][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 798.403065][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 798.416503][ T42] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 798.480833][T14785] block device autoloading is deprecated and will be removed. [ 798.501943][ T1177] usb 5-1: Failed to submit usb control message: -71 [ 798.514942][ T9] usb 5-1: USB disconnect, device number 17 [ 798.532500][ T1177] usb 5-1: unable to send the bmi data to the device: -71 [ 798.548294][ T1177] usb 5-1: unable to get target info from device [ 798.559240][ T1177] usb 5-1: could not get target info (-71) [ 798.565425][ T1177] usb 5-1: could not probe fw (-71) [ 798.596452][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 798.633545][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 798.645982][ T42] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 798.662612][ T42] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 798.673209][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.691781][ T42] usb 1-1: config 0 descriptor?? [ 799.120060][ T42] hid_parser_main: 23 callbacks suppressed [ 799.120085][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.155829][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.172552][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.200093][T14799] ip6t_REJECT: ECHOREPLY is not supported [ 799.207320][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.229838][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.248924][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.280984][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.342713][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.394188][ T42] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 799.477899][ T42] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 799.557264][ T42] usb 1-1: USB disconnect, device number 41 [ 799.564156][T11471] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 799.581926][T11471] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 799.592448][T11471] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 799.602573][T11471] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 799.614952][T11471] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 799.866574][T14802] fido_id[14802]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 799.920412][T14806] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2998'. [ 800.263931][T14811] FAULT_INJECTION: forcing a failure. [ 800.263931][T14811] name failslab, interval 1, probability 0, space 0, times 0 [ 800.306588][T14811] CPU: 1 UID: 0 PID: 14811 Comm: syz.0.3000 Not tainted syzkaller #0 PREEMPT(full) [ 800.306620][T14811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 800.306630][T14811] Call Trace: [ 800.306637][T14811] [ 800.306645][T14811] dump_stack_lvl+0xe8/0x150 [ 800.306668][T14811] should_fail_ex+0x412/0x560 [ 800.306689][T14811] should_failslab+0xa8/0x100 [ 800.306705][T14811] __kmalloc_noprof+0xe8/0x760 [ 800.306727][T14811] ? tomoyo_encode+0x28b/0x550 [ 800.306811][T14811] tomoyo_encode+0x28b/0x550 [ 800.306829][T14811] tomoyo_realpath_from_path+0x58d/0x5d0 [ 800.306846][T14811] ? tomoyo_domain+0xd7/0x130 [ 800.306865][T14811] ? tomoyo_path_number_perm+0x219/0x630 [ 800.306902][T14811] tomoyo_path_number_perm+0x246/0x630 [ 800.306925][T14811] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 800.306945][T14811] ? __lock_acquire+0x6b5/0x2cf0 [ 800.306991][T14811] ? __fget_files+0x2a/0x420 [ 800.307012][T14811] ? __fget_files+0x3a0/0x420 [ 800.307030][T14811] ? __fget_files+0x2a/0x420 [ 800.307057][T14811] security_file_ioctl_compat+0xc3/0x2a0 [ 800.307096][T14811] __ia32_compat_sys_ioctl+0x139/0x950 [ 800.307122][T14811] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 800.307149][T14811] ? __fget_files+0x3a0/0x420 [ 800.307172][T14811] ? fput+0xa0/0xd0 [ 800.307189][T14811] ? ksys_write+0x242/0x270 [ 800.307219][T14811] __do_fast_syscall_32+0x23e/0x6f0 [ 800.307238][T14811] ? do_fast_syscall_32+0x33/0x70 [ 800.307253][T14811] ? lockdep_hardirqs_on+0x7a/0x110 [ 800.307268][T14811] ? asm_int80_emulation+0x1a/0x20 [ 800.307283][T14811] ? do_int80_emulation+0x29f/0x550 [ 800.307299][T14811] ? trace_irq_disable+0x3b/0x140 [ 800.307323][T14811] do_fast_syscall_32+0x33/0x70 [ 800.307340][T14811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 800.307358][T14811] RIP: 0023:0xf70bf01c [ 800.307372][T14811] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 800.307385][T14811] RSP: 002b:00000000f54ad50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 800.307401][T14811] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89 [ 800.307412][T14811] RDX: 00000000800005c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 800.307423][T14811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 800.307432][T14811] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 800.307441][T14811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 800.307462][T14811] [ 800.310475][T14811] ERROR: Out of memory at tomoyo_realpath_from_path. [ 800.963434][T14817] program syz.0.3002 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 801.047580][T14817] fuse: Bad value for 'fd' [ 801.563278][T14804] bridge0: port 1(bridge_slave_0) entered blocking state [ 801.574826][ T5634] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 801.603929][T14804] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.621644][T14831] program syz.3.3006 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 801.633200][T14804] bridge_slave_0: entered allmulticast mode [ 801.649482][T14831] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3006'. [ 801.662129][T14804] bridge_slave_0: entered promiscuous mode [ 801.680735][T14804] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.691249][T14804] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.701758][T11471] Bluetooth: hci5: command tx timeout [ 801.707344][T14804] bridge_slave_1: entered allmulticast mode [ 801.710283][T14804] bridge_slave_1: entered promiscuous mode [ 801.732505][T14832] netlink: 'syz.3.3006': attribute type 7 has an invalid length. [ 801.766518][ T5634] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 801.792318][T14804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 801.803148][ T5634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 801.824552][ T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 801.835322][T14804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 801.848653][ T5634] usb 5-1: config 0 descriptor?? [ 801.938359][T14804] team0: Port device team_slave_0 added [ 801.970004][T14804] team0: Port device team_slave_1 added [ 801.986479][ T10] usb 1-1: config 2 has an invalid interface number: 79 but max is 0 [ 802.013145][ T10] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 802.046281][ T10] usb 1-1: config 2 has no interface number 0 [ 802.062685][ T10] usb 1-1: config 2 interface 79 altsetting 13 endpoint 0x1 has invalid wMaxPacketSize 0 [ 802.081720][T14822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3004'. [ 802.091253][T14804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.098453][ T10] usb 1-1: config 2 interface 79 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 802.112178][T14804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 802.147163][ T10] usb 1-1: config 2 interface 79 has no altsetting 0 [ 802.154954][T14804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 802.168050][ T10] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=ca.fb [ 802.178977][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 802.189962][ T10] usb 1-1: Product: syz [ 802.197194][T14822] tipc: Enabling of bearer rejected, failed to enable media [ 802.207182][ T10] usb 1-1: Manufacturer: syz [ 802.216464][ T10] usb 1-1: SerialNumber: syz [ 802.222681][T14804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 802.250002][T14804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 802.286717][T14804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.303177][ T5634] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 802.513190][ T10] usb 1-1: USB disconnect, device number 42 [ 802.553232][ T5634] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 802.560117][T14837] ip6t_REJECT: ECHOREPLY is not supported [ 802.600419][T14804] hsr_slave_0: entered promiscuous mode [ 802.636199][T14804] hsr_slave_1: entered promiscuous mode [ 802.649093][T14804] debugfs: 'hsr0' already exists in 'hsr' [ 802.659074][ T5634] [drm] Initialized udl on minor 2 [ 802.673951][T14804] Cannot create hsr debugfs directory [ 802.705569][ T5634] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 802.716835][ T5634] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 802.726515][ T24] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 802.736971][ T5634] usb 5-1: USB disconnect, device number 18 [ 802.743818][T14839] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3008'. [ 802.753286][ T24] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 803.558967][T14851] program syz.0.3012 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 803.620314][T14851] fuse: Bad value for 'fd' [ 803.777544][T11471] Bluetooth: hci5: command tx timeout [ 804.017472][T14855] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.3014'. [ 804.484404][ T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 804.511250][T14804] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 804.554715][T14804] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 804.575066][T14804] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 804.615540][T14804] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 804.635560][T14804] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 804.680079][T14804] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 804.704201][ T24] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 804.716225][T14804] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 804.732073][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 804.749546][T14804] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 804.773467][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 804.803419][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 804.823032][ T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 804.836331][ T24] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 804.847421][ T24] usb 1-1: Manufacturer: syz [ 804.861891][ T24] usb 1-1: config 0 descriptor?? [ 805.212493][T14804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 805.289097][T14804] 8021q: adding VLAN 0 to HW filter on device team0 [ 805.353834][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 805.361044][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 805.412925][T14874] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 805.438545][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 805.445782][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 805.698401][T14804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 805.855499][T11471] Bluetooth: hci5: command tx timeout [ 805.892553][T14804] veth0_vlan: entered promiscuous mode [ 805.943468][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 805.974466][T14804] veth1_vlan: entered promiscuous mode [ 805.982489][ T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 806.049259][ T24] usb 1-1: USB disconnect, device number 43 [ 806.126441][T14804] veth0_macvtap: entered promiscuous mode [ 806.160145][T14804] veth1_macvtap: entered promiscuous mode [ 806.211605][T14804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 806.283948][T14804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 806.365745][ T1177] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.411727][ T1177] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.474237][ T1177] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.491014][T14887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3021'. [ 806.529655][T14888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3020'. [ 806.558350][ T1177] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.568970][T14888] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3020'. [ 806.909262][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.942947][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 807.061578][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 807.086999][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 807.934901][T11471] Bluetooth: hci5: command tx timeout [ 808.008040][T14895] program syz.2.3023 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 808.098769][T14896] fuse: Invalid rootmode [ 808.120314][T14895] netlink: 'syz.2.3023': attribute type 7 has an invalid length. [ 808.153554][ T4950] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 808.170944][ T4950] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 808.185803][ T4950] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 808.207862][ T4950] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 808.217087][ T4950] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 808.581281][T14901] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.3024'. [ 808.668580][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.682294][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.034546][ T5634] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 809.207453][ T5634] usb 3-1: Using ep0 maxpacket: 32 [ 809.224104][ T5634] usb 3-1: unable to get BOS descriptor or descriptor too short [ 809.243606][ T5634] usb 3-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice= 0.40 [ 809.261750][ T5634] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.283614][ T5634] usb 3-1: Product: ≠[ 809.292747][ T5634] usb 3-1: Manufacturer: à “ [ 809.314980][T14914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3029'. [ 809.330633][ T5634] usb 3-1: SerialNumber: 䘾뱈ïºî¨™ë©ˆìš¯è”¸ç¥å‹Ÿã‚¿ê½„ã»´ï·Â¹å¶ã­šÞ©ç©˜íŸçŸ„嶔鄠윭îŽâª¿â¾€ãœ¾ä¶ŠåŠ½á¬—禢é½ä°†é’‡Ï„㿉䂣䩮ç†åœ†î»ˆíŸ¬é‚¤å¶†æ­²ì¹¡íƒˆä¥®ã½œê–³áŒƒå­¤íš¿éŠæ¤æ¾‘曦轂镧⓭᳛ìžã¬Šä³£íŒ½â•™å®‹ã©«ï€”铔矼ë»â†’ሀ桜뤉秆͞븮ä­ê‹ƒï¾˜ç¤„펲匸㜶줷Ċↈ紸㎊ﵮꈤও [ 809.671788][ T5634] usb 3-1: 1:1 : unsupported sample bitwidth 3 in 230 bytes [ 809.690991][ T5634] usb 3-1: 1:1 : unsupported format bits 0x2002 [ 809.729533][ T5634] usb 3-1: unit 37 not found! [ 809.734437][ T5634] usb 3-1: unit 0 not found! [ 809.791844][T14919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3030'. [ 809.871783][ T5634] usb 3-1: invalid MIDI EP [ 809.889425][ T5634] usb 3-1: snd-bcd2000: error during probing [ 809.965579][ T5634] snd-bcd2000 3-1:1.2: probe with driver snd-bcd2000 failed with error -22 [ 810.001551][ T5634] usb 3-1: USB disconnect, device number 68 [ 810.061612][ T6142] udevd[6142]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 810.093075][T14898] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.100713][T14898] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.111771][T14898] bridge_slave_0: entered allmulticast mode [ 810.136653][T14898] bridge_slave_0: entered promiscuous mode [ 810.162283][T14898] bridge0: port 2(bridge_slave_1) entered blocking state [ 810.179020][T14898] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.207132][T14898] bridge_slave_1: entered allmulticast mode [ 810.240408][T14898] bridge_slave_1: entered promiscuous mode [ 810.246769][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 810.342235][ T4950] Bluetooth: hci4: command tx timeout [ 810.367891][T14898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 810.381789][T14898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.406765][ T9] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 810.426700][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.447714][T14898] team0: Port device team_slave_0 added [ 810.456092][T14931] program syz.2.3034 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 810.468705][ T9] usb 4-1: config 0 descriptor?? [ 810.471615][T14898] team0: Port device team_slave_1 added [ 810.533998][T14931] fuse: Invalid rootmode [ 810.544912][T14931] netlink: 'syz.2.3034': attribute type 7 has an invalid length. [ 810.572663][T14898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 810.583655][T14898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 810.613464][T14898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 810.622833][ T5939] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 810.636134][T14898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 810.644227][T14898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 810.676499][T14898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 810.706852][T14925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3031'. [ 810.739660][T14935] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.3036'. [ 810.783641][T14925] tipc: Enabling of bearer rejected, failed to enable media [ 810.836808][ T5939] usb 1-1: config 64 has an invalid interface number: 155 but max is 1 [ 810.848514][ T5939] usb 1-1: config 64 has no interface number 0 [ 810.849428][ T9] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 810.861031][ T5939] usb 1-1: config 64 interface 1 has no altsetting 0 [ 810.884621][ T5939] usb 1-1: config 64 interface 155 has no altsetting 0 [ 810.908907][ T5939] usb 1-1: New USB device found, idVendor=16d8, idProduct=6006, bcdDevice=12.b4 [ 810.936536][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 810.948242][T14898] hsr_slave_0: entered promiscuous mode [ 810.958835][T14898] hsr_slave_1: entered promiscuous mode [ 810.968445][ T5939] usb 1-1: Product: syz [ 810.976573][T14898] debugfs: 'hsr0' already exists in 'hsr' [ 810.977958][ T5939] usb 1-1: Manufacturer: syz [ 810.989273][T14898] Cannot create hsr debugfs directory [ 811.000642][ T5939] usb 1-1: SerialNumber: syz [ 811.078484][ T9] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 811.102646][ T9] [drm] Initialized udl on minor 2 [ 811.230447][ T5939] option 1-1:64.1: GSM modem (1-port) converter detected [ 811.257438][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 811.265986][ T5939] rndis_host 1-1:64.155: rndis: master #0/0000000000000000 slave #1/ffff888053c66000 [ 811.270691][ T5939] option 1-1:64.155: GSM modem (1-port) converter detected [ 811.306724][ T5939] usb 1-1: USB disconnect, device number 44 [ 811.308998][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 811.330367][ T5721] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 811.338817][ T5939] option 1-1:64.1: device disconnected [ 811.349563][ T5721] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 811.359341][ T5939] option 1-1:64.155: device disconnected [ 811.377190][ T9] usb 4-1: USB disconnect, device number 13 [ 811.483530][T14898] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 41389 - 0 [ 811.563594][T14898] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 41389 - 0 [ 811.633232][T14898] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 41389 - 0 [ 811.724107][T14898] netdevsim netdevsim1 €Â (unregistering): unset [1, 0] type 2 family 0 port 41389 - 0 [ 811.826371][T14946] FAULT_INJECTION: forcing a failure. [ 811.826371][T14946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 811.839803][T14946] CPU: 0 UID: 0 PID: 14946 Comm: syz.2.3040 Not tainted syzkaller #0 PREEMPT(full) [ 811.839830][T14946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 811.839843][T14946] Call Trace: [ 811.839851][T14946] [ 811.839861][T14946] dump_stack_lvl+0xe8/0x150 [ 811.839889][T14946] should_fail_ex+0x412/0x560 [ 811.839917][T14946] strncpy_from_user+0x36/0x2b0 [ 811.840032][T14946] do_getname+0x77/0x250 [ 811.840059][T14946] __se_sys_renameat2+0x34/0x2c0 [ 811.840085][T14946] __do_fast_syscall_32+0x23e/0x6f0 [ 811.840109][T14946] ? do_fast_syscall_32+0x33/0x70 [ 811.840130][T14946] ? lockdep_hardirqs_on+0x7a/0x110 [ 811.840150][T14946] ? asm_int80_emulation+0x1a/0x20 [ 811.840170][T14946] ? do_int80_emulation+0x29f/0x550 [ 811.840191][T14946] ? trace_irq_disable+0x3b/0x140 [ 811.840225][T14946] do_fast_syscall_32+0x33/0x70 [ 811.840249][T14946] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 811.840273][T14946] RIP: 0023:0xf7fd801c [ 811.840292][T14946] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 811.840310][T14946] RSP: 002b:00000000f549650c EFLAGS: 00000206 ORIG_RAX: 0000000000000161 [ 811.840330][T14946] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000600 [ 811.840345][T14946] RDX: 00000000ffffff9c RSI: 0000000080000640 RDI: 0000000000000002 [ 811.840359][T14946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 811.840370][T14946] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 811.840383][T14946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 811.840413][T14946] [ 812.170329][T14951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 812.197279][T14951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 812.269320][T14951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 812.311058][T14951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 812.384805][ T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 812.418778][ T4950] Bluetooth: hci4: command tx timeout [ 812.466760][T14961] program syz.0.3046 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 812.531949][T14961] fuse: Invalid rootmode [ 812.562105][T14898] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 812.570729][ T5721] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 812.599247][T14898] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 812.615356][T14898] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 812.660989][T14898] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 812.696465][T14898] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 812.717277][ T42] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 812.727398][T14898] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 812.737012][T14898] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 812.739008][ T5721] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 812.755398][ T5721] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.767309][T14898] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 812.787007][ T5721] usb 3-1: config 0 descriptor?? [ 812.886630][ T42] usb 5-1: Using ep0 maxpacket: 32 [ 812.894751][ T42] usb 5-1: unable to get BOS descriptor or descriptor too short [ 812.913544][ T42] usb 5-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40 [ 812.932944][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.956294][T14898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 812.963051][ T42] usb 5-1: Product: syz [ 812.969380][ T42] usb 5-1: Manufacturer: syz [ 812.975979][ T42] usb 5-1: SerialNumber: syz [ 813.014081][T14898] 8021q: adding VLAN 0 to HW filter on device team0 [ 813.037217][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 813.044487][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 813.049776][T14958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3043'. [ 813.067011][ T5939] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 813.081332][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.088545][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 813.119741][T14958] tipc: Enabling of bearer rejected, failed to enable media [ 813.152326][ T5721] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 813.244968][ T5939] usb 1-1: Using ep0 maxpacket: 8 [ 813.267903][ T5939] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.295879][ T5939] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 813.309039][T14898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 813.330617][ T5939] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 813.362408][ T5939] usb 1-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 813.397840][ T5939] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.416455][ T5721] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 813.436925][ T5939] usb 1-1: config 0 descriptor?? [ 813.453551][ T5721] [drm] Initialized udl on minor 2 [ 813.523121][T14898] veth0_vlan: entered promiscuous mode [ 813.549756][T14898] veth1_vlan: entered promiscuous mode [ 813.566977][ T42] usb 5-1: USB disconnect, device number 19 [ 813.581654][ T5721] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 813.605101][ T5721] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 813.638190][ T5704] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 813.653038][T14898] veth0_macvtap: entered promiscuous mode [ 813.663796][ T5721] usb 3-1: USB disconnect, device number 69 [ 813.671686][ T5704] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 813.731658][T14898] veth1_macvtap: entered promiscuous mode [ 813.755498][ T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 813.810878][T14898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 813.829077][T14898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 813.880708][ T5865] udevd[5865]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 813.916124][T14969] netlink: 'syz.0.3050': attribute type 1 has an invalid length. [ 813.925989][ T1112] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.937887][ T1112] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.948657][ T24] usb 4-1: config 0 interface 0 altsetting 255 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 813.961228][ T24] usb 4-1: config 0 interface 0 altsetting 255 endpoint 0x4 has invalid maxpacket 40960, setting to 1024 [ 813.979568][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 813.996752][ T24] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 814.006811][ T24] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 814.016296][ T24] usb 4-1: Product: syz [ 814.020722][ T24] usb 4-1: Manufacturer: syz [ 814.028774][ T24] usb 4-1: SerialNumber: syz [ 814.050464][T14986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3050'. [ 814.057332][ T24] usb 4-1: config 0 descriptor?? [ 814.088302][ T24] usb 4-1: selecting invalid altsetting 0 [ 814.115826][ T5939] kye 0003:0458:4018.0027: reserved main item tag 0xd [ 814.124814][T14969] bond2: entered promiscuous mode [ 814.133770][T14969] bond2: entered allmulticast mode [ 814.140448][T14969] 8021q: adding VLAN 0 to HW filter on device bond2 [ 814.149216][ T1112] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.161260][ T1112] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.170136][ T5939] kye 0003:0458:4018.0027: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.0-1/input0 [ 814.201768][T14986] bond2 (unregistering): Released all slaves [ 814.247749][T14989] kernel read not supported for file / œ7³ÏüâW)ës“§Ç!Qöì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 14989 comm: syz.4.3052) [ 814.300476][ T29] kauditd_printk_skb: 42 callbacks suppressed [ 814.300498][ T29] audit: type=1800 audit(1781249132.212:82): pid=14989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3052" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=67956 res=0 errno=0 [ 814.486050][ T24] usb 4-1: USB disconnect, device number 15 [ 814.486067][ C0] usb 4-1: Unable to submit urb #1: -19 at snd_usb_queue_pending_output_urbs [ 814.504825][ T4950] Bluetooth: hci4: command tx timeout [ 814.516510][T14983] usb 4-1: cannot submit urb 0, error -19: no device [ 814.680769][T14984] usb 1-1: USB disconnect, device number 45 [ 814.751074][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 814.769774][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 814.877710][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 814.885925][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 815.142870][T15003] batadv_slave_1: entered promiscuous mode [ 815.222422][T15003] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 815.236604][ T5939] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 815.418713][ T5939] usb 2-1: Using ep0 maxpacket: 8 [ 815.553648][ T5939] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 815.583597][T15009] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3058'. [ 815.658473][T11471] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 815.664504][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.698136][T11471] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 815.707658][T11471] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 815.723006][T11471] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 815.733329][T11471] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 815.806912][T15006] batadv_slave_1: left promiscuous mode [ 815.820910][ T5939] pvrusb2: Hardware description: Terratec Grabster AV400 [ 815.870971][ T5939] pvrusb2: ********** [ 815.893341][ T5939] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 815.956386][T15015] program syz.2.3059 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 815.967771][ T5939] pvrusb2: Important functionality might not be entirely working. [ 815.998352][ T5939] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 816.048205][ T5939] pvrusb2: ********** [ 816.070031][ T2369] pvrusb2: Invalid write control endpoint [ 816.192614][T15015] fuse: Bad value for 'rootmode' [ 816.238406][T15015] netlink: 'syz.2.3059': attribute type 7 has an invalid length. [ 816.282619][ T2369] pvrusb2: Invalid write control endpoint [ 816.311479][ T5939] usb 2-1: USB disconnect, device number 51 [ 816.322687][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 816.367716][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 816.406671][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 816.447612][ T2369] pvrusb2: Device being rendered inoperable [ 816.469349][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 816.489486][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 816.511762][ T2369] pvrusb2: Attached sub-driver cx25840 [ 816.525170][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 816.582635][T11471] Bluetooth: hci4: command tx timeout [ 816.605000][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 817.325131][ T5939] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 817.562880][ T5939] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 817.632956][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.661897][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.689741][ T5939] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 817.752896][ T5939] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 817.778392][T11471] Bluetooth: hci3: command tx timeout [ 817.793461][ T5939] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 817.840450][ T5939] usb 3-1: Manufacturer: syz [ 817.894261][ T5939] usb 3-1: config 0 descriptor?? [ 818.348837][T15013] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.361568][T15013] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.392328][T15013] bridge_slave_0: entered allmulticast mode [ 818.408261][T15013] bridge_slave_0: entered promiscuous mode [ 818.523845][T15013] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.535442][T15013] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.550468][T15013] bridge_slave_1: entered allmulticast mode [ 818.567264][T15013] bridge_slave_1: entered promiscuous mode [ 818.622905][ T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 818.721312][T15013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 818.750424][T15013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 818.784494][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 818.799680][ T9] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 818.817148][ T9] usb 4-1: config 0 has no interface number 0 [ 818.837951][ T9] usb 4-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 818.858929][T15013] team0: Port device team_slave_0 added [ 818.864862][ T9] usb 4-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 818.878728][T15013] team0: Port device team_slave_1 added [ 818.892678][ T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 818.923099][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.954948][ T9] usb 4-1: Product: syz [ 818.971565][ T9] usb 4-1: Manufacturer: syz [ 818.989862][ T9] usb 4-1: SerialNumber: syz [ 819.012213][ T9] usb 4-1: config 0 descriptor?? [ 819.029337][T15013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 819.037036][T15013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 819.072861][T15013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 819.120290][ T5939] usbhid 3-1:0.0: can't add hid device: -71 [ 819.131888][ T5939] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 819.139400][T15013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 819.164131][T15013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 819.237979][T15013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 819.238134][ T5939] usb 3-1: USB disconnect, device number 70 [ 819.283078][ T9] radio-si470x 4-1:0.35: this is not a si470x device. [ 819.335167][ T9] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 819.646577][T15040] sit0: entered promiscuous mode [ 819.651985][T15040] netlink: 'syz.3.3064': attribute type 1 has an invalid length. [ 819.662399][T15040] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3064'. [ 819.680339][ T9] radio-raremono 4-1:0.35: raremono_cmd_main failed (-71) [ 819.699414][T15013] hsr_slave_0: entered promiscuous mode [ 819.707990][T15055] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.3068'. [ 819.724557][ T9] radio-raremono 4-1:0.35: V4L2 device registered as radio48 [ 819.733720][T15013] hsr_slave_1: entered promiscuous mode [ 819.747191][T15013] debugfs: 'hsr0' already exists in 'hsr' [ 819.759084][T15013] Cannot create hsr debugfs directory [ 819.765513][ T9] usb 4-1: USB disconnect, device number 16 [ 819.787422][ T9] radio-raremono 4-1:0.35: Thanko's Raremono disconnected [ 819.855320][T11471] Bluetooth: hci3: command tx timeout [ 820.082474][T15062] program syz.4.3069 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 820.189613][T15062] fuse: Bad value for 'rootmode' [ 820.202787][T15062] netlink: 'syz.4.3069': attribute type 7 has an invalid length. [ 820.238256][ T1177] bridge_slave_1: left allmulticast mode [ 820.250980][ T1177] bridge_slave_1: left promiscuous mode [ 820.269422][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state [ 820.300333][ T1177] bridge_slave_0: left allmulticast mode [ 820.308094][ T1177] bridge_slave_0: left promiscuous mode [ 820.321055][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state [ 820.747388][ T995] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 820.924460][ T9] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 820.934551][ T995] usb 4-1: Using ep0 maxpacket: 8 [ 820.947926][ T995] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 820.978536][ T995] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 820.988536][ T995] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 821.004024][ T995] usb 4-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 821.014072][ T995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 821.027989][ T995] usb 4-1: config 0 descriptor?? [ 821.087565][ T9] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 821.097881][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 821.135636][ T9] usb 3-1: config 0 descriptor?? [ 821.369704][T15077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3072'. [ 821.473576][T15071] netlink: 'syz.3.3071': attribute type 1 has an invalid length. [ 821.540873][T15090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3071'. [ 821.555241][ T5721] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 821.588416][ T9] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 821.619460][ T995] kye 0003:0458:4018.0028: reserved main item tag 0xd [ 821.634030][ T995] kye 0003:0458:4018.0028: hidraw0: USB HID v0.07 Device [HID 0458:4018] on usb-dummy_hcd.3-1/input0 [ 821.725722][ T5721] usb 2-1: Using ep0 maxpacket: 32 [ 821.738958][ T5721] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 821.771580][ T5721] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 821.802065][ T5721] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 821.831801][ T9] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 821.841943][ T5721] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.870620][ T9] [drm] Initialized udl on minor 2 [ 821.879915][ T5721] usb 2-1: Product: syz [ 821.911801][ T5721] usb 2-1: Manufacturer: syz [ 821.935109][T11471] Bluetooth: hci3: command tx timeout [ 821.942875][ T5721] usb 2-1: SerialNumber: syz [ 821.959200][ T5721] usb 2-1: config 0 descriptor?? [ 822.688391][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 822.699497][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 822.710932][ T1177] bond0 (unregistering): Released all slaves [ 822.728226][ T1177] bond1 (unregistering): Released all slaves [ 822.777474][ T5296] 8021q: adding VLAN 0 to HW filter on device eth1 [ 822.791059][T15088] tipc: Enabling of bearer rejected, failed to enable media [ 822.839346][T15071] bond3: entered promiscuous mode [ 822.846086][T15071] bond3: entered allmulticast mode [ 822.851807][T15071] 8021q: adding VLAN 0 to HW filter on device bond3 [ 822.871904][ T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 822.930659][T15090] bond3 (unregistering): Released all slaves [ 822.945666][ T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 822.959091][ T5721] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 822.993937][ T5721] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 823.011713][ T9] usb 3-1: USB disconnect, device number 71 [ 823.035777][ T5721] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 823.087683][T15096] fuse: Unknown parameter 'ƒÅÔ ½ºEg}' [ 823.149579][ T1177] tipc: Left network mode [ 823.156340][ T5721] usb 4-1: USB disconnect, device number 17 [ 823.395079][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 823.595892][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 823.626379][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 823.671073][ T24] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 823.704463][ T9] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 823.711676][ T24] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 823.759453][ T24] usb 5-1: Manufacturer: syz [ 823.798140][ T24] usb 5-1: config 0 descriptor?? [ 823.877145][ T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 823.909082][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 823.954940][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 823.983851][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 824.016229][T11471] Bluetooth: hci3: command tx timeout [ 824.038114][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 824.059573][T15110] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3076'. [ 824.070181][ T9] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 824.091659][ T9] usb 3-1: Manufacturer: syz [ 824.122009][ T9] usb 3-1: config 0 descriptor?? [ 824.207613][T14984] usb 2-1: USB disconnect, device number 52 [ 824.825783][T15125] program syz.1.3079 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 824.842837][T15123] ip6t_REJECT: ECHOREPLY is not supported [ 824.877841][ T1177] hsr_slave_0: left promiscuous mode [ 824.912886][ T1177] hsr_slave_1: left promiscuous mode [ 824.938675][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 824.990445][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 825.048855][T15125] fuse: Bad value for 'rootmode' [ 825.112248][T15125] netlink: 'syz.1.3079': attribute type 7 has an invalid length. [ 825.689032][ T1177] team0 (unregistering): Port device team_slave_1 removed [ 825.733847][ T1177] team0 (unregistering): Port device team_slave_0 removed [ 826.129882][ T24] uclogic 0003:256C:006D.0029: failed retrieving Huion firmware version: -71 [ 826.181139][ T24] uclogic 0003:256C:006D.0029: failed probing parameters: -71 [ 826.228820][ T24] uclogic 0003:256C:006D.0029: probe with driver uclogic failed with error -71 [ 826.343009][ T24] usb 5-1: USB disconnect, device number 20 [ 826.822414][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 826.829501][T15013] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 826.847285][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 826.882027][ T9] usb 3-1: USB disconnect, device number 72 [ 826.932575][T15013] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 826.964508][ T995] usb 2-1: new low-speed USB device number 53 using dummy_hcd [ 826.981317][T15013] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 827.044265][T15013] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 827.071611][T15013] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 827.109128][T15013] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 827.131746][T15013] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 827.140935][ T995] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 827.169064][ T995] usb 2-1: config 0 has no interface number 0 [ 827.181760][ T995] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 827.202225][ T995] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 827.236888][ T995] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 827.262293][ T995] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 827.264848][T15013] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 827.284133][ T995] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 827.331239][ T29] audit: type=1326 audit(1781249145.242:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 827.346004][ T995] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 827.447098][ T995] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 827.461743][ T29] audit: type=1326 audit(1781249145.242:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 827.469134][ T995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.469284][ T29] audit: type=1326 audit(1781249145.242:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 827.558816][T15143] syzkaller0: entered promiscuous mode [ 827.581653][T15143] syzkaller0: entered allmulticast mode [ 827.636602][ T995] usb 2-1: config 0 descriptor?? [ 827.662170][ T29] audit: type=1326 audit(1781249145.242:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 827.667297][T15137] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 827.697724][T15161] FAULT_INJECTION: forcing a failure. [ 827.697724][T15161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 827.725593][T15137] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 827.733743][T15161] CPU: 1 UID: 0 PID: 15161 Comm: syz.3.3085 Not tainted syzkaller #0 PREEMPT(full) [ 827.733772][T15161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 827.733785][T15161] Call Trace: [ 827.733795][T15161] [ 827.733803][T15161] dump_stack_lvl+0xe8/0x150 [ 827.733833][T15161] should_fail_ex+0x412/0x560 [ 827.733863][T15161] _copy_from_iter+0x1d3/0x1670 [ 827.733970][T15161] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 827.734008][T15161] ? __pfx_policy_nodemask+0x10/0x10 [ 827.734032][T15161] ? __pfx__copy_from_iter+0x10/0x10 [ 827.734057][T15161] ? alloc_pages_mpol+0x3c0/0x490 [ 827.734085][T15161] copy_page_from_iter+0x220/0x2d0 [ 827.734122][T15161] tun_get_user+0x1bf7/0x43e0 [ 827.734188][T15161] ? tun_get_user+0x8aa/0x43e0 [ 827.734229][T15161] ? aa_file_perm+0x50e/0x15e0 [ 827.734250][T15161] ? __pfx_tun_get_user+0x10/0x10 [ 827.734274][T15161] ? __lock_acquire+0x6b5/0x2cf0 [ 827.734308][T15161] ? ref_tracker_alloc+0x35c/0x4c0 [ 827.734335][T15161] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 827.734360][T15161] ? tun_get+0x1c/0x2f0 [ 827.734381][T15161] ? tun_get+0x1c/0x2f0 [ 827.734406][T15161] ? tun_get+0x1c/0x2f0 [ 827.734425][T15161] ? tun_get+0x1c/0x2f0 [ 827.734449][T15161] tun_chr_write_iter+0x113/0x200 [ 827.734474][T15161] vfs_write+0x61d/0xb90 [ 827.734512][T15161] ? __pfx_vfs_write+0x10/0x10 [ 827.734551][T15161] ? __fget_files+0x2a/0x420 [ 827.734585][T15161] ksys_write+0x150/0x270 [ 827.734617][T15161] ? __pfx_ksys_write+0x10/0x10 [ 827.734651][T15161] ? asm_int80_emulation+0x1a/0x20 [ 827.734677][T15161] do_int80_emulation+0x19a/0x550 [ 827.734701][T15161] ? trace_irq_disable+0x3b/0x140 [ 827.734730][T15161] ? asm_int80_emulation+0x1a/0x20 [ 827.734749][T15161] ? clear_bhb_loop+0x40/0x90 [ 827.734769][T15161] ? clear_bhb_loop+0x40/0x90 [ 827.734795][T15161] asm_int80_emulation+0x1a/0x20 [ 827.734815][T15161] RIP: 0023:0xf71261ab [ 827.734834][T15161] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 827.734852][T15161] RSP: 002b:00000000f53dd44c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 827.734874][T15161] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000340 [ 827.734888][T15161] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000000 [ 827.734900][T15161] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 827.734913][T15161] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 827.734925][T15161] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 827.734955][T15161] [ 827.995123][ T29] audit: type=1326 audit(1781249145.242:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.020854][ T29] audit: type=1326 audit(1781249145.252:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.048046][ T29] audit: type=1326 audit(1781249145.342:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.073337][ T29] audit: type=1326 audit(1781249145.342:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.097602][ T29] audit: type=1326 audit(1781249145.382:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.121842][ T29] audit: type=1326 audit(1781249145.382:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15140 comm="syz.2.3083" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd801c code=0x7ffc0000 [ 828.160445][ T995] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 828.417753][T15169] ldusb 2-1:0.55: Write buffer overflow, 1 bytes dropped [ 828.453593][T15170] netlink: 'syz.3.3086': attribute type 5 has an invalid length. [ 828.533227][ T5939] usb 2-1: USB disconnect, device number 53 [ 828.548013][ T5939] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 828.767784][T15171] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 828.813745][T15013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 828.894008][T15013] 8021q: adding VLAN 0 to HW filter on device team0 [ 829.041584][T15013] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 829.054610][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 829.084369][T15013] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 829.267676][ T24] usb 4-1: config 0 has no interfaces? [ 829.283881][ T24] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 829.302127][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.309377][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 829.348506][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.415414][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.422610][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 829.464221][T15190] program syz.1.3089 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 829.494622][ T24] usb 4-1: config 0 descriptor?? [ 829.581494][T15190] fuse: Unknown parameter 'use00000000000000000000' [ 829.593399][T15190] netlink: 'syz.1.3089': attribute type 7 has an invalid length. [ 829.643943][T15195] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 829.658589][T15192] batadv_slave_1: entered promiscuous mode [ 829.770234][T15175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 829.828816][T15013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 829.842739][T15175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 829.887084][T15175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 829.936450][T15175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 829.971730][ T5721] usb 4-1: USB disconnect, device number 18 [ 830.066513][T15013] veth0_vlan: entered promiscuous mode [ 830.109898][T15013] veth1_vlan: entered promiscuous mode [ 830.132184][T15199] FAULT_INJECTION: forcing a failure. [ 830.132184][T15199] name failslab, interval 1, probability 0, space 0, times 0 [ 830.154526][T15199] CPU: 1 UID: 0 PID: 15199 Comm: syz.1.3090 Not tainted syzkaller #0 PREEMPT(full) [ 830.154554][T15199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 830.154567][T15199] Call Trace: [ 830.154576][T15199] [ 830.154585][T15199] dump_stack_lvl+0xe8/0x150 [ 830.154614][T15199] should_fail_ex+0x412/0x560 [ 830.154642][T15199] should_failslab+0xa8/0x100 [ 830.154664][T15199] __kmalloc_noprof+0xe8/0x760 [ 830.154694][T15199] ? tomoyo_encode+0x28b/0x550 [ 830.154718][T15199] tomoyo_encode+0x28b/0x550 [ 830.154743][T15199] tomoyo_realpath_from_path+0x58d/0x5d0 [ 830.154775][T15199] ? tomoyo_path_number_perm+0x219/0x630 [ 830.154804][T15199] tomoyo_path_number_perm+0x246/0x630 [ 830.154834][T15199] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 830.154860][T15199] ? __lock_acquire+0x6b5/0x2cf0 [ 830.154926][T15199] ? __fget_files+0x2a/0x420 [ 830.154954][T15199] ? __fget_files+0x3a0/0x420 [ 830.154985][T15199] ? __fget_files+0x2a/0x420 [ 830.155010][T15199] security_file_ioctl_compat+0xc3/0x2a0 [ 830.155035][T15199] __ia32_compat_sys_ioctl+0x139/0x950 [ 830.155067][T15199] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 830.155107][T15199] ? __fget_files+0x3a0/0x420 [ 830.155138][T15199] ? fput+0xa0/0xd0 [ 830.155161][T15199] ? ksys_write+0x242/0x270 [ 830.155204][T15199] __do_fast_syscall_32+0x23e/0x6f0 [ 830.155229][T15199] ? do_fast_syscall_32+0x33/0x70 [ 830.155251][T15199] ? lockdep_hardirqs_on+0x7a/0x110 [ 830.155272][T15199] ? asm_int80_emulation+0x1a/0x20 [ 830.155291][T15199] ? do_int80_emulation+0x29f/0x550 [ 830.155312][T15199] ? trace_irq_disable+0x3b/0x140 [ 830.155343][T15199] do_fast_syscall_32+0x33/0x70 [ 830.155366][T15199] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 830.155391][T15199] RIP: 0023:0xf7f0901c [ 830.155410][T15199] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 830.155427][T15199] RSP: 002b:00000000f53c650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 830.155448][T15199] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0185500 [ 830.155462][T15199] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000 [ 830.155475][T15199] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 830.155487][T15199] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 830.155499][T15199] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 830.155530][T15199] [ 830.155580][T15199] ERROR: Out of memory at tomoyo_realpath_from_path. [ 830.516244][T15013] veth0_macvtap: entered promiscuous mode [ 830.554475][ T5721] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 830.565971][T15013] veth1_macvtap: entered promiscuous mode [ 830.603629][T15192] batadv_slave_1: left promiscuous mode [ 830.716983][T15013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 830.739150][ T5721] usb 4-1: Using ep0 maxpacket: 8 [ 830.755493][ T5721] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 830.788886][T15013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 830.835323][ T5721] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 830.873005][ T5721] usb 4-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 830.891015][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.923629][ T5721] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.939957][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.953989][ T5721] usb 4-1: Product: syz [ 830.960602][ T5721] usb 4-1: Manufacturer: syz [ 830.988248][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.003204][ T5721] usb 4-1: SerialNumber: syz [ 831.019807][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.041977][ T5721] usb 4-1: config 0 descriptor?? [ 831.288604][ T5939] usb 4-1: USB disconnect, device number 19 [ 831.557046][T15217] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 831.737741][T15213] batadv_slave_1: entered promiscuous mode [ 832.129347][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 832.170151][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 832.299977][T15052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 832.318124][T15052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 832.344499][ T1234] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 832.556210][ T1234] usb 4-1: Using ep0 maxpacket: 32 [ 832.573763][ T1234] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 832.604075][ T1234] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 832.656569][ T1234] usb 4-1: config 0 has no interface number 0 [ 832.682588][ T1234] usb 4-1: config 0 interface 184 altsetting 7 endpoint 0x6 has invalid wMaxPacketSize 0 [ 832.721649][ T1234] usb 4-1: config 0 interface 184 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 832.739091][T15234] program syz.0.3056 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 832.785172][ T1234] usb 4-1: config 0 interface 184 has no altsetting 0 [ 832.810423][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3056'. [ 832.830717][ T1234] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 832.852570][ T1234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.873239][T15234] netlink: 18 bytes leftover after parsing attributes in process `syz.0.3056'. [ 832.891931][ T1234] usb 4-1: Product: syz [ 832.900875][ T1234] usb 4-1: Manufacturer: syz [ 832.920212][ T1234] usb 4-1: SerialNumber: syz [ 832.963475][ T1234] usb 4-1: config 0 descriptor?? [ 832.979954][T15236] netlink: 'syz.0.3056': attribute type 7 has an invalid length. [ 833.019872][ T1234] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 833.084002][ T1234] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 833.366398][T15207] batadv_slave_1: left promiscuous mode [ 833.644493][ T5721] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 833.742306][T15252] program syz.1.3099 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 833.762276][T15252] fuse: Unknown parameter 'use00000000000000000000' [ 833.771077][T15252] netlink: 'syz.1.3099': attribute type 7 has an invalid length. [ 833.785203][ T10] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 833.816772][ T5721] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 833.827528][ T5721] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 833.841434][ T5721] usb 3-1: config 0 has no interface number 0 [ 833.847744][ T5721] usb 3-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 833.861492][ T5721] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 833.877338][ T5721] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 833.891053][ T5721] usb 3-1: config 0 descriptor?? [ 833.939139][T15258] input: syz0 as /devices/virtual/input/input68 [ 833.950723][ T5721] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 833.972224][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 833.988079][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 833.999649][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 834.012933][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 834.022303][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 834.050798][ T10] usb 5-1: config 0 descriptor?? [ 834.177989][ T132] usb 3-1: Failed to submit usb control message: -71 [ 834.182994][T14984] usb 3-1: USB disconnect, device number 73 [ 834.205144][ T132] usb 3-1: unable to send the bmi data to the device: -71 [ 834.226652][ T132] usb 3-1: unable to get target info from device [ 834.250987][ T132] usb 3-1: could not get target info (-71) [ 834.284787][ T132] usb 3-1: could not probe fw (-71) [ 834.490611][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.524453][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.542417][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.552700][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.563933][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.584008][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.601113][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.622732][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.646137][ T10] plantronics 0003:047F:FFFF.002A: unknown main item tag 0x0 [ 834.686404][ T10] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 834.706942][ T10] usb 5-1: USB disconnect, device number 21 [ 834.982161][T15288] ip6t_REJECT: ECHOREPLY is not supported [ 834.996398][T15284] fido_id[15284]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 835.019259][T15286] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3104'. [ 835.251846][T14984] usb 4-1: USB disconnect, device number 20 [ 835.374754][ T995] usb 3-1: new full-speed USB device number 74 using dummy_hcd [ 835.537855][ T995] usb 3-1: device descriptor read/64, error -71 [ 835.786082][ T995] usb 3-1: new full-speed USB device number 75 using dummy_hcd [ 835.934495][ T995] usb 3-1: device descriptor read/64, error -71 [ 836.023006][T15310] program syz.1.3108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 836.067364][ T995] usb usb3-port1: attempt power cycle [ 836.088762][T15310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3108'. [ 836.131378][T15310] netlink: 18 bytes leftover after parsing attributes in process `syz.1.3108'. [ 836.225409][T15310] netlink: 'syz.1.3108': attribute type 7 has an invalid length. [ 836.334525][T11471] Bluetooth: hci2: command 0x0406 tx timeout [ 836.341507][ T1234] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 836.368091][ T1234] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 836.444626][ T995] usb 3-1: new full-speed USB device number 76 using dummy_hcd [ 836.485432][ T995] usb 3-1: device descriptor read/8, error -71 [ 836.737536][ T995] usb 3-1: new full-speed USB device number 77 using dummy_hcd [ 836.787519][ T995] usb 3-1: device descriptor read/8, error -71 [ 836.904952][ T995] usb usb3-port1: unable to enumerate USB device [ 837.057024][T15325] program syz.4.3110 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 837.123616][T15325] fuse: Unknown parameter 'use00000000000000000000' [ 837.146197][T15325] netlink: 'syz.4.3110': attribute type 7 has an invalid length. [ 837.324472][ T995] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 837.484400][ T995] usb 2-1: Using ep0 maxpacket: 8 [ 837.503877][ T995] usb 2-1: unable to get BOS descriptor or descriptor too short [ 837.515344][ T5939] usb 1-1: new low-speed USB device number 46 using dummy_hcd [ 837.528552][ T995] usb 2-1: config 8 has an invalid interface number: 45 but max is 0 [ 837.539076][ T995] usb 2-1: config 8 has no interface number 0 [ 837.545874][ T995] usb 2-1: config 8 interface 45 has no altsetting 0 [ 837.562786][ T995] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=51.e7 [ 837.572317][ T995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.580790][ T995] usb 2-1: Product: syz [ 837.585442][ T995] usb 2-1: Manufacturer: syz [ 837.590168][ T995] usb 2-1: SerialNumber: syz [ 837.687980][ T5939] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 837.698266][ T5939] usb 1-1: config 179 has no interface number 0 [ 837.711280][ T5939] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 837.722801][ T5939] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 837.737058][ T5939] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 837.748629][ T5939] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 837.761430][ T5939] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 837.783810][ T5939] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 837.793428][ T5939] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.807447][T15334] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 837.826912][T15334] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 837.837014][ T995] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 837.848571][ T995] gspca_sn9c2028: read1 error -71 [ 837.854214][ T995] gspca_sn9c2028: read1 error -71 [ 837.862720][ T995] gspca_sn9c2028: read1 error -71 [ 837.873240][ T995] sn9c2028 2-1:8.45: probe with driver sn9c2028 failed with error -71 [ 837.888089][ T995] usb 2-1: USB disconnect, device number 54 [ 838.494647][T11471] Bluetooth: hci0: command 0x0c1a tx timeout [ 838.500732][ T1234] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 838.541444][T15359] FAULT_INJECTION: forcing a failure. [ 838.541444][T15359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 838.564349][ T1234] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 838.594440][T15359] CPU: 0 UID: 0 PID: 15359 Comm: syz.4.3115 Not tainted syzkaller #0 PREEMPT(full) [ 838.594470][T15359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 838.594482][T15359] Call Trace: [ 838.594492][T15359] [ 838.594501][T15359] dump_stack_lvl+0xe8/0x150 [ 838.594531][T15359] should_fail_ex+0x412/0x560 [ 838.594561][T15359] _copy_to_iter+0x1e4/0x17d0 [ 838.594583][T15359] ? unwind_next_frame+0xa6/0x2550 [ 838.594612][T15359] ? is_bpf_text_address+0x26/0x2b0 [ 838.594656][T15359] ? __pfx__copy_to_iter+0x10/0x10 [ 838.594681][T15359] ? __lock_acquire+0x6b5/0x2cf0 [ 838.594709][T15359] ? kernel_text_address+0xa5/0xe0 [ 838.594741][T15359] __skb_datagram_iter+0x41a/0x980 [ 838.594766][T15359] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 838.594798][T15359] skb_copy_datagram_iter+0xb5/0x240 [ 838.594825][T15359] tcp_peek_sndq+0xb7/0x230 [ 838.594853][T15359] tcp_recvmsg_locked+0x33cc/0x3720 [ 838.594882][T15359] ? ima_match_policy+0x2146/0x21e0 [ 838.595017][T15359] ? process_measurement+0x451/0x1c80 [ 838.595044][T15359] ? process_measurement+0x451/0x1c80 [ 838.595094][T15359] ? __lock_acquire+0x6b5/0x2cf0 [ 838.595117][T15359] ? __pfx_tcp_recvmsg_locked+0x10/0x10 [ 838.595158][T15359] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 838.595208][T15359] ? process_measurement+0x195e/0x1c80 [ 838.595233][T15359] ? process_measurement+0x2d1/0x1c80 [ 838.595271][T15359] ? do_raw_spin_lock+0x12b/0x2f0 [ 838.595299][T15359] ? lock_sock_nested+0x6a/0x100 [ 838.595327][T15359] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 838.595360][T15359] ? tcp_recvmsg+0x1e4/0x7e0 [ 838.595392][T15359] ? __local_bh_enable_ip+0xd0/0x130 [ 838.595422][T15359] tcp_recvmsg+0x205/0x7e0 [ 838.595454][T15359] ? __pfx_aa_sk_perm+0x10/0x10 [ 838.595482][T15359] ? __pfx_tcp_recvmsg+0x10/0x10 [ 838.595513][T15359] ? sock_rps_record_flow+0x19/0x350 [ 838.595540][T15359] ? inet_recvmsg+0xb3/0x120 [ 838.595563][T15359] ? __pfx_inet_recvmsg+0x10/0x10 [ 838.595588][T15359] sock_recvmsg+0x155/0x1b0 [ 838.595624][T15359] ____sys_recvmsg+0x1e6/0x4a0 [ 838.595656][T15359] ? __pfx_____sys_recvmsg+0x10/0x10 [ 838.595675][T15359] ? get_compat_msghdr+0x34b/0x4c0 [ 838.595710][T15359] ? __lock_acquire+0x6b5/0x2cf0 [ 838.595741][T15359] ___sys_recvmsg+0x215/0x590 [ 838.595761][T15359] ? __lock_acquire+0x6b5/0x2cf0 [ 838.595788][T15359] ? __pfx____sys_recvmsg+0x10/0x10 [ 838.595816][T15359] ? __fget_files+0x2a/0x420 [ 838.595861][T15359] ? __fget_files+0x3a0/0x420 [ 838.595897][T15359] do_recvmmsg+0x3a5/0x800 [ 838.595929][T15359] ? __pfx_do_recvmmsg+0x10/0x10 [ 838.595966][T15359] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 838.595999][T15359] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 838.596031][T15359] __sys_recvmmsg+0x1a5/0x290 [ 838.596057][T15359] ? __pfx___sys_recvmmsg+0x10/0x10 [ 838.596080][T15359] ? ksys_write+0x242/0x270 [ 838.596125][T15359] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 838.596154][T15359] __do_fast_syscall_32+0x23e/0x6f0 [ 838.596179][T15359] ? do_fast_syscall_32+0x33/0x70 [ 838.596202][T15359] ? lockdep_hardirqs_on+0x7a/0x110 [ 838.596223][T15359] ? asm_int80_emulation+0x1a/0x20 [ 838.596242][T15359] ? do_int80_emulation+0x29f/0x550 [ 838.596265][T15359] ? trace_irq_disable+0x3b/0x140 [ 838.596299][T15359] do_fast_syscall_32+0x33/0x70 [ 838.596323][T15359] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 838.596350][T15359] RIP: 0023:0xf7fe401c [ 838.596370][T15359] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 838.596388][T15359] RSP: 002b:00000000f54a650c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 838.596410][T15359] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000d00 [ 838.596424][T15359] RDX: 0000000000000001 RSI: 0000000000010022 RDI: 0000000000000000 [ 838.596437][T15359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 838.596449][T15359] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 838.596462][T15359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 838.596493][T15359] [ 839.134433][ T5704] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 839.287900][ T5704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 839.304402][ T5704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 839.314192][ T5704] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 839.327767][ T5704] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 839.337780][ T5704] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 839.355370][ T5704] usb 2-1: config 0 descriptor?? [ 839.369547][ T995] usb 1-1: USB disconnect, device number 46 [ 839.369554][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 839.369683][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 839.392701][ C1] ================================================================== [ 839.400800][ C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x28b/0x2f0 [ 839.408651][ C1] Read of size 4 at addr ffff88802da7605c by task udevd/5001 [ 839.416050][ C1] [ 839.418410][ C1] CPU: 1 UID: 0 PID: 5001 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) [ 839.418438][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 839.418452][ C1] Call Trace: [ 839.418463][ C1] [ 839.418473][ C1] dump_stack_lvl+0xe8/0x150 [ 839.418503][ C1] print_address_description+0x55/0x1e0 [ 839.418528][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 839.418558][ C1] print_report+0x58/0x70 [ 839.418579][ C1] kasan_report+0x117/0x150 [ 839.418601][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 839.418643][ C1] do_raw_spin_lock+0x28b/0x2f0 [ 839.418674][ C1] ? __wake_up_common_lock+0x2f/0x1f0 [ 839.418708][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 839.418742][ C1] _raw_spin_lock_irqsave+0x4c/0x60 [ 839.418777][ C1] __wake_up_common_lock+0x2f/0x1f0 [ 839.418811][ C1] __usb_hcd_giveback_urb+0x3b0/0x540 [ 839.418922][ C1] dummy_timer+0xbc0/0x4650 [ 839.419002][ C1] ? handle_softirqs+0x22a/0x840 [ 839.419025][ C1] ? nsim_dev_trap_report_work+0x7d6/0xb90 [ 839.419092][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 839.419116][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 839.419139][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 839.419172][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 839.419205][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 839.419239][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 839.419269][ C1] __hrtimer_run_queues+0x3c0/0xa20 [ 839.419306][ C1] hrtimer_run_softirq+0x17a/0x240 [ 839.419338][ C1] handle_softirqs+0x22a/0x840 [ 839.419362][ C1] ? __irq_exit_rcu+0xca/0x220 [ 839.419387][ C1] __irq_exit_rcu+0xca/0x220 [ 839.419409][ C1] irq_exit_rcu+0x9/0x30 [ 839.419429][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 839.419452][ C1] [ 839.419460][ C1] [ 839.419469][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 839.419494][ C1] RIP: 0010:unwind_next_frame+0x19f8/0x2550 [ 839.419523][ C1] Code: 89 e6 e8 1b 0e 00 00 84 c0 0f 84 46 01 00 00 48 bd 00 00 00 00 00 fc ff df 48 8b 44 24 20 0f b6 04 28 84 c0 0f 85 6a 08 00 00 01 8b 84 24 8c 00 00 00 41 39 06 4c 8b 7c 24 50 48 8b 7c 24 78 [ 839.419544][ C1] RSP: 0018:ffffc9000305f0b8 EFLAGS: 00000246 [ 839.419565][ C1] RAX: 0000000000000000 RBX: ffffffff90d1841c RCX: 0000000000000001 [ 839.419581][ C1] RDX: ffffc9000305f1c8 RSI: dffffc0000000000 RDI: ffffc9000305f590 [ 839.419598][ C1] RBP: dffffc0000000000 R08: ffffc9000305f590 R09: 0000000000000000 [ 839.419642][ C1] R10: ffffc9000305f1d8 R11: fffff5200060be3d R12: ffffc9000305f590 [ 839.419659][ C1] R13: 1ffff9200060be33 R14: ffffc9000305f188 R15: 1ffffffff21a3083 [ 839.419686][ C1] ? unwind_next_frame+0x19d5/0x2550 [ 839.419715][ C1] ? unwind_next_frame+0xa6/0x2550 [ 839.419762][ C1] ? __kmalloc_noprof+0x35c/0x760 [ 839.419793][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 839.419826][ C1] arch_stack_walk+0x11b/0x150 [ 839.419855][ C1] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 839.419880][ C1] stack_trace_save+0xa9/0x100 [ 839.419911][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 839.419948][ C1] kasan_save_track+0x3e/0x80 [ 839.419976][ C1] ? kasan_save_track+0x3e/0x80 [ 839.420004][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 839.420033][ C1] ? __kmalloc_noprof+0x35c/0x760 [ 839.420090][ C1] __kasan_kmalloc+0x93/0xb0 [ 839.420121][ C1] __kmalloc_noprof+0x35c/0x760 [ 839.420150][ C1] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 839.420171][ C1] ? __kmalloc_noprof+0x1b8/0x760 [ 839.420202][ C1] tomoyo_realpath_from_path+0xe3/0x5d0 [ 839.420231][ C1] tomoyo_check_open_permission+0x229/0x470 [ 839.420261][ C1] ? tomoyo_check_open_permission+0x1d3/0x470 [ 839.420289][ C1] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 839.420319][ C1] ? __asan_memset+0x22/0x50 [ 839.420362][ C1] ? mnt_get_write_access+0x66/0x280 [ 839.420393][ C1] ? tomoyo_file_open+0x163/0x220 [ 839.420417][ C1] security_file_open+0xa9/0x240 [ 839.420445][ C1] do_dentry_open+0x4a8/0x13a0 [ 839.420473][ C1] ? vfs_open+0x31/0x340 [ 839.420498][ C1] vfs_open+0x3b/0x340 [ 839.420520][ C1] ? path_openat+0x2df0/0x3860 [ 839.420552][ C1] path_openat+0x2e08/0x3860 [ 839.420590][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 839.420631][ C1] ? stack_depot_save_flags+0x33/0x810 [ 839.420661][ C1] ? __pfx_path_openat+0x10/0x10 [ 839.420689][ C1] ? __x64_sys_openat+0x138/0x170 [ 839.420717][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 839.420746][ C1] do_file_open+0x23e/0x4a0 [ 839.420779][ C1] ? __pfx_do_file_open+0x10/0x10 [ 839.420820][ C1] ? _raw_spin_unlock+0x28/0x50 [ 839.420851][ C1] ? alloc_fd+0x64b/0x6c0 [ 839.420880][ C1] do_sys_openat2+0x113/0x200 [ 839.420907][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 839.420934][ C1] ? __irq_exit_rcu+0xca/0x220 [ 839.420955][ C1] ? lockdep_softirqs_on+0x11d/0x180 [ 839.420977][ C1] ? handle_softirqs+0x715/0x840 [ 839.421000][ C1] __x64_sys_openat+0x138/0x170 [ 839.421027][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.421051][ C1] do_syscall_64+0x174/0x580 [ 839.421075][ C1] ? clear_bhb_loop+0x40/0x90 [ 839.421099][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.421121][ C1] RIP: 0033:0x7fb5bb6a7407 [ 839.421141][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 839.421160][ C1] RSP: 002b:00007fffb494e020 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 839.421184][ C1] RAX: ffffffffffffffda RBX: 00007fb5bbe59880 RCX: 00007fb5bb6a7407 [ 839.421201][ C1] RDX: 0000000000080141 RSI: 0000558b1f49b02e RDI: ffffffffffffff9c [ 839.421217][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 839.421231][ C1] R10: 00000000000001a4 R11: 0000000000000202 R12: 00000000ffffffff [ 839.421245][ C1] R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000000 [ 839.421269][ C1] [ 839.421277][ C1] [ 839.991471][ C1] Allocated by task 5939: [ 839.995810][ C1] kasan_save_track+0x3e/0x80 [ 840.000513][ C1] __kasan_kmalloc+0x93/0xb0 [ 840.005130][ C1] __kmalloc_cache_noprof+0x31c/0x660 [ 840.010525][ C1] xpad_probe+0x428/0x1fc0 [ 840.015050][ C1] usb_probe_interface+0x659/0xc70 [ 840.020408][ C1] really_probe+0x267/0xaf0 [ 840.024988][ C1] __driver_probe_device+0x1ef/0x380 [ 840.030295][ C1] driver_probe_device+0x4f/0x240 [ 840.035423][ C1] __device_attach_driver+0x279/0x430 [ 840.040816][ C1] bus_for_each_drv+0x258/0x2f0 [ 840.045795][ C1] __device_attach+0x2c5/0x450 [ 840.050579][ C1] device_initial_probe+0xa1/0xd0 [ 840.055620][ C1] bus_probe_device+0x12a/0x220 [ 840.060494][ C1] device_add+0x7e9/0xbb0 [ 840.064840][ C1] usb_set_configuration+0x1a87/0x2110 [ 840.070316][ C1] usb_generic_driver_probe+0x8d/0x150 [ 840.075877][ C1] usb_probe_device+0x1c4/0x3b0 [ 840.080770][ C1] really_probe+0x267/0xaf0 [ 840.085472][ C1] __driver_probe_device+0x1ef/0x380 [ 840.090862][ C1] driver_probe_device+0x4f/0x240 [ 840.095904][ C1] __device_attach_driver+0x279/0x430 [ 840.101297][ C1] bus_for_each_drv+0x258/0x2f0 [ 840.106177][ C1] __device_attach+0x2c5/0x450 [ 840.110962][ C1] device_initial_probe+0xa1/0xd0 [ 840.116005][ C1] bus_probe_device+0x12a/0x220 [ 840.120882][ C1] device_add+0x7e9/0xbb0 [ 840.125261][ C1] usb_new_device+0xa08/0x16f0 [ 840.130135][ C1] hub_event+0x2a1c/0x4f30 [ 840.134578][ C1] process_scheduled_works+0xb5d/0x1860 [ 840.140138][ C1] worker_thread+0xa53/0xfc0 [ 840.144744][ C1] kthread+0x389/0x470 [ 840.148835][ C1] ret_from_fork+0x514/0xb70 [ 840.153449][ C1] ret_from_fork_asm+0x1a/0x30 [ 840.158247][ C1] [ 840.160582][ C1] Freed by task 995: [ 840.164489][ C1] kasan_save_track+0x3e/0x80 [ 840.169193][ C1] kasan_save_free_info+0x46/0x50 [ 840.174232][ C1] __kasan_slab_free+0x5c/0x80 [ 840.179040][ C1] kfree+0x1c5/0x640 [ 840.182967][ C1] xpad_disconnect+0x350/0x480 [ 840.187752][ C1] usb_unbind_interface+0x26e/0x910 [ 840.192975][ C1] device_release_driver_internal+0x4d9/0x870 [ 840.199064][ C1] bus_remove_device+0x455/0x570 [ 840.204023][ C1] device_del+0x527/0x8f0 [ 840.208371][ C1] usb_disable_device+0x3d4/0x8d0 [ 840.213421][ C1] usb_disconnect+0x32f/0x990 [ 840.218123][ C1] hub_event+0x1cc9/0x4f30 [ 840.222562][ C1] process_scheduled_works+0xb5d/0x1860 [ 840.228125][ C1] worker_thread+0xa53/0xfc0 [ 840.232735][ C1] kthread+0x389/0x470 [ 840.236824][ C1] ret_from_fork+0x514/0xb70 [ 840.241428][ C1] ret_from_fork_asm+0x1a/0x30 [ 840.246210][ C1] [ 840.248551][ C1] The buggy address belongs to the object at ffff88802da76000 [ 840.248551][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 840.262616][ C1] The buggy address is located 92 bytes inside of [ 840.262616][ C1] freed 1024-byte region [ffff88802da76000, ffff88802da76400) [ 840.276429][ C1] [ 840.278771][ C1] The buggy address belongs to the physical page: [ 840.285210][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2da70 [ 840.293981][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 840.302492][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 840.310048][ C1] page_type: f5(slab) [ 840.314052][ C1] raw: 00fff00000000040 ffff88813fe17dc0 dead000000000100 dead000000000122 [ 840.322647][ C1] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 840.331256][ C1] head: 00fff00000000040 ffff88813fe17dc0 dead000000000100 dead000000000122 [ 840.339949][ C1] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 840.348640][ C1] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 840.357328][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 840.366008][ C1] page dumped because: kasan: bad access detected [ 840.372450][ C1] page_owner tracks the page as allocated [ 840.378195][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5487, tgid 5487 (sh), ts 69419682367, free_ts 69316201649 [ 840.397919][ C1] post_alloc_hook+0x22d/0x280 [ 840.402715][ C1] get_page_from_freelist+0x2593/0x2610 [ 840.408282][ C1] __alloc_frozen_pages_noprof+0x18d/0x380 [ 840.414111][ C1] allocate_slab+0x77/0x660 [ 840.418629][ C1] refill_objects+0x339/0x3d0 [ 840.423343][ C1] __pcs_replace_empty_main+0x321/0x720 [ 840.428913][ C1] __kmalloc_noprof+0x474/0x760 [ 840.433793][ C1] tomoyo_init_log+0x1aae/0x1fb0 [ 840.438753][ C1] tomoyo_supervisor+0x353/0x1570 [ 840.443795][ C1] tomoyo_env_perm+0x151/0x1f0 [ 840.448581][ C1] tomoyo_find_next_domain+0x15cb/0x1aa0 [ 840.454228][ C1] tomoyo_bprm_check_security+0x11b/0x180 [ 840.459963][ C1] security_bprm_check+0x85/0x240 [ 840.465123][ C1] bprm_execve+0x8a4/0x1510 [ 840.469653][ C1] do_execveat_common+0x50d/0x690 [ 840.474700][ C1] __x64_sys_execve+0x97/0xc0 [ 840.479397][ C1] page last free pid 5485 tgid 5485 stack trace: [ 840.485731][ C1] __free_frozen_pages+0xc1c/0xd30 [ 840.490861][ C1] __slab_free+0x274/0x2c0 [ 840.495302][ C1] qlist_free_all+0x99/0x100 [ 840.499916][ C1] kasan_quarantine_reduce+0x148/0x160 [ 840.505389][ C1] __kasan_slab_alloc+0x22/0x80 [ 840.510266][ C1] __kmalloc_noprof+0x316/0x760 [ 840.515135][ C1] tomoyo_realpath_from_path+0xe3/0x5d0 [ 840.520690][ C1] tomoyo_path_perm+0x283/0x560 [ 840.525555][ C1] security_inode_getattr+0x12b/0x310 [ 840.530945][ C1] __x64_sys_newfstat+0x13b/0x270 [ 840.535985][ C1] do_syscall_64+0x174/0x580 [ 840.540609][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.546521][ C1] [ 840.548888][ C1] Memory state around the buggy address: [ 840.554531][ C1] ffff88802da75f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 840.562632][ C1] ffff88802da75f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 840.570713][ C1] >ffff88802da76000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 840.578783][ C1] ^ [ 840.585725][ C1] ffff88802da76080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 840.593809][ C1] ffff88802da76100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 840.601889][ C1] ================================================================== [ 840.610091][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 840.617317][ C1] CPU: 1 UID: 0 PID: 5001 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) [ 840.626209][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 840.636289][ C1] Call Trace: [ 840.639591][ C1] [ 840.642461][ C1] vpanic+0x56c/0xa60 [ 840.646470][ C1] ? __pfx_vpanic+0x10/0x10 [ 840.651008][ C1] panic+0xc5/0xd0 [ 840.654774][ C1] ? __pfx_panic+0x10/0x10 [ 840.659222][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.664276][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.669332][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.674382][ C1] check_panic_on_warn+0x89/0xb0 [ 840.679350][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.684411][ C1] end_report+0x73/0x170 [ 840.688681][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.693726][ C1] kasan_report+0x128/0x150 [ 840.698246][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 840.703294][ C1] do_raw_spin_lock+0x28b/0x2f0 [ 840.708163][ C1] ? __wake_up_common_lock+0x2f/0x1f0 [ 840.713563][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 840.718967][ C1] _raw_spin_lock_irqsave+0x4c/0x60 [ 840.724190][ C1] __wake_up_common_lock+0x2f/0x1f0 [ 840.729418][ C1] __usb_hcd_giveback_urb+0x3b0/0x540 [ 840.734835][ C1] dummy_timer+0xbc0/0x4650 [ 840.739388][ C1] ? handle_softirqs+0x22a/0x840 [ 840.744347][ C1] ? nsim_dev_trap_report_work+0x7d6/0xb90 [ 840.750184][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 840.755139][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 840.760108][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 840.765507][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 840.770478][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 840.776307][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 840.781269][ C1] __hrtimer_run_queues+0x3c0/0xa20 [ 840.786503][ C1] hrtimer_run_softirq+0x17a/0x240 [ 840.791634][ C1] handle_softirqs+0x22a/0x840 [ 840.796413][ C1] ? __irq_exit_rcu+0xca/0x220 [ 840.801208][ C1] __irq_exit_rcu+0xca/0x220 [ 840.805815][ C1] irq_exit_rcu+0x9/0x30 [ 840.810068][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 840.815731][ C1] [ 840.818676][ C1] [ 840.821635][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 840.827633][ C1] RIP: 0010:unwind_next_frame+0x19f8/0x2550 [ 840.833546][ C1] Code: 89 e6 e8 1b 0e 00 00 84 c0 0f 84 46 01 00 00 48 bd 00 00 00 00 00 fc ff df 48 8b 44 24 20 0f b6 04 28 84 c0 0f 85 6a 08 00 00 01 8b 84 24 8c 00 00 00 41 39 06 4c 8b 7c 24 50 48 8b 7c 24 78 [ 840.853179][ C1] RSP: 0018:ffffc9000305f0b8 EFLAGS: 00000246 [ 840.859278][ C1] RAX: 0000000000000000 RBX: ffffffff90d1841c RCX: 0000000000000001 [ 840.867270][ C1] RDX: ffffc9000305f1c8 RSI: dffffc0000000000 RDI: ffffc9000305f590 [ 840.875262][ C1] RBP: dffffc0000000000 R08: ffffc9000305f590 R09: 0000000000000000 [ 840.883334][ C1] R10: ffffc9000305f1d8 R11: fffff5200060be3d R12: ffffc9000305f590 [ 840.891333][ C1] R13: 1ffff9200060be33 R14: ffffc9000305f188 R15: 1ffffffff21a3083 [ 840.899351][ C1] ? unwind_next_frame+0x19d5/0x2550 [ 840.904688][ C1] ? unwind_next_frame+0xa6/0x2550 [ 840.909847][ C1] ? __kmalloc_noprof+0x35c/0x760 [ 840.914918][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 840.921109][ C1] arch_stack_walk+0x11b/0x150 [ 840.925907][ C1] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 840.931653][ C1] stack_trace_save+0xa9/0x100 [ 840.936454][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 840.941871][ C1] kasan_save_track+0x3e/0x80 [ 840.946587][ C1] ? kasan_save_track+0x3e/0x80 [ 840.951466][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 840.956260][ C1] ? __kmalloc_noprof+0x35c/0x760 [ 840.961328][ C1] __kasan_kmalloc+0x93/0xb0 [ 840.965979][ C1] __kmalloc_noprof+0x35c/0x760 [ 840.970859][ C1] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 840.976608][ C1] ? __kmalloc_noprof+0x1b8/0x760 [ 840.981698][ C1] tomoyo_realpath_from_path+0xe3/0x5d0 [ 840.987290][ C1] tomoyo_check_open_permission+0x229/0x470 [ 840.993226][ C1] ? tomoyo_check_open_permission+0x1d3/0x470 [ 840.999329][ C1] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 841.005802][ C1] ? __asan_memset+0x22/0x50 [ 841.010435][ C1] ? mnt_get_write_access+0x66/0x280 [ 841.015768][ C1] ? tomoyo_file_open+0x163/0x220 [ 841.020830][ C1] security_file_open+0xa9/0x240 [ 841.025793][ C1] do_dentry_open+0x4a8/0x13a0 [ 841.030585][ C1] ? vfs_open+0x31/0x340 [ 841.034846][ C1] vfs_open+0x3b/0x340 [ 841.038935][ C1] ? path_openat+0x2df0/0x3860 [ 841.043737][ C1] path_openat+0x2e08/0x3860 [ 841.048359][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 841.053763][ C1] ? stack_depot_save_flags+0x33/0x810 [ 841.059247][ C1] ? __pfx_path_openat+0x10/0x10 [ 841.064213][ C1] ? __x64_sys_openat+0x138/0x170 [ 841.069261][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 841.074222][ C1] do_file_open+0x23e/0x4a0 [ 841.078748][ C1] ? __pfx_do_file_open+0x10/0x10 [ 841.083809][ C1] ? _raw_spin_unlock+0x28/0x50 [ 841.088686][ C1] ? alloc_fd+0x64b/0x6c0 [ 841.093033][ C1] do_sys_openat2+0x113/0x200 [ 841.097736][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 841.102963][ C1] ? __irq_exit_rcu+0xca/0x220 [ 841.107752][ C1] ? lockdep_softirqs_on+0x11d/0x180 [ 841.113062][ C1] ? handle_softirqs+0x715/0x840 [ 841.118038][ C1] __x64_sys_openat+0x138/0x170 [ 841.122913][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.129008][ C1] do_syscall_64+0x174/0x580 [ 841.133619][ C1] ? clear_bhb_loop+0x40/0x90 [ 841.138406][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.144316][ C1] RIP: 0033:0x7fb5bb6a7407 [ 841.148766][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 841.168391][ C1] RSP: 002b:00007fffb494e020 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 841.176823][ C1] RAX: ffffffffffffffda RBX: 00007fb5bbe59880 RCX: 00007fb5bb6a7407 [ 841.184810][ C1] RDX: 0000000000080141 RSI: 0000558b1f49b02e RDI: ffffffffffffff9c [ 841.192800][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 841.200789][ C1] R10: 00000000000001a4 R11: 0000000000000202 R12: 00000000ffffffff [ 841.208774][ C1] R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000000 [ 841.216874][ C1] [ 841.220517][ C1] Kernel Offset: disabled [ 841.224850][ C1] Rebooting in 86400 seconds..