last executing test programs: 13.091090574s ago: executing program 3 (id=3630): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018100000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x198, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffffff, 'xfrm0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x49}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x3, 'kmp\x00', "00000100cbd047da9ca965f96ad58a1f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bf0bc37674024c183ebacdf741ceff00ed3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00000000000000000000000000000000000000000200", 0x79, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x9, 0x2, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, {0x0, [0x6, 0x0, 0x4, 0x0, 0x1], 0x0, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x396) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) msync(&(0x7f0000e37000/0x13000)=nil, 0x13000, 0x0) 11.479663512s ago: executing program 0 (id=3635): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000080)=0x1b, 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66) syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10) socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x400) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0485510, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc2c45512, &(0x7f0000000500)={{0x4, 0x4, 0x3, 0xfffffff8, 'syz0\x00', 0xfffffffc}, 0x1, [0x6, 0x81, 0x266d131a, 0x8, 0x8000, 0x3, 0xff, 0x1, 0x0, 0x175, 0xe, 0x8, 0x1, 0x2, 0x1, 0x2, 0x3, 0x384, 0x9, 0xf38, 0x64, 0x2, 0x6, 0x7, 0x6, 0x4, 0x4, 0x6, 0xa, 0x0, 0x5, 0x0, 0x3, 0x91, 0x800, 0xe, 0x6, 0x3, 0x5, 0x6e, 0x4, 0x7, 0x2, 0x4, 0x0, 0x0, 0x2, 0xa, 0x800, 0x0, 0x2, 0x100, 0x7, 0x3, 0x6, 0x2, 0xfffffff8, 0x81, 0x722c7a2d, 0xfffffff8, 0x0, 0xb, 0x9, 0xffffffff, 0xd, 0x9, 0xfffffff6, 0x8, 0x5, 0x2, 0x0, 0xc, 0x9, 0xeae, 0xfffffff7, 0x0, 0x9, 0xff, 0x2, 0x8, 0x7, 0x5, 0x4, 0x6, 0x8f, 0xffffffff, 0x3, 0x7, 0x9, 0x5, 0x9, 0x6, 0x29, 0x0, 0x6, 0x2d, 0x9a8, 0x6, 0x2, 0x2, 0x8eb3, 0x0, 0x8, 0x22f2, 0x3, 0x200, 0x4, 0xc, 0x92e, 0x10000000, 0x8, 0x1, 0xe, 0x7fffffff, 0xfdffffff, 0x4, 0x8, 0x8, 0x7e, 0xfffffffe, 0x7fffffff, 0xbe27, 0x9, 0x1, 0x7, 0xe, 0x5b9bc3b3, 0x269e]}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) openat$ttynull(0xffffff9c, &(0x7f0000000040), 0x800, 0x0) 11.028546159s ago: executing program 2 (id=3636): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x1000}], 0x1, 0x0, 0x0, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r0, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0) r1 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 10.259546841s ago: executing program 3 (id=3639): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) shutdown(r2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 10.159277635s ago: executing program 1 (id=3640): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 10.075417839s ago: executing program 2 (id=3641): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 9.795015603s ago: executing program 0 (id=3642): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 8.970104061s ago: executing program 4 (id=3643): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 7.792615008s ago: executing program 1 (id=3644): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 7.749195866s ago: executing program 3 (id=3645): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x28, 0x80, 0x0, 0x4}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840) sendmsg$rds(r2, 0x0, 0x0) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000001300)="92", 0x1, 0x10, &(0x7f0000000240)={0xa, 0x4e1c, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c30010", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}}}}}}}, 0x0) 7.368863141s ago: executing program 2 (id=3646): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 6.886643541s ago: executing program 0 (id=3647): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x1000}], 0x1, 0x0, 0x0, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r0, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000140)={0x0, 0x180, 0x380, 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0) r3 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r3, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 6.471189512s ago: executing program 4 (id=3648): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 6.091227126s ago: executing program 4 (id=3649): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018100000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r4, 0x0, 0x0}, 0x10) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x198, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffffff, 'xfrm0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x49}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x3, 'kmp\x00', "00000100cbd047da9ca965f96ad58a1f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bf0bc37674024c183ebacdf741ceff00ed3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00000000000000000000000000000000000000000200", 0x79, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x9, 0x2, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, {0x0, [0x6, 0x0, 0x4, 0x0, 0x1], 0x0, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x396) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) msync(&(0x7f0000e37000/0x13000)=nil, 0x13000, 0x0) 6.086670138s ago: executing program 3 (id=3650): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018100000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x198, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffffff, 'xfrm0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x49}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x3, 'kmp\x00', "00000100cbd047da9ca965f96ad58a1f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bf0bc37674024c183ebacdf741ceff00ed3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00000000000000000000000000000000000000000200", 0x79, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x9, 0x2, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, {0x0, [0x6, 0x0, 0x4, 0x0, 0x1], 0x0, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x396) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) msync(&(0x7f0000e37000/0x13000)=nil, 0x13000, 0x0) 5.997429315s ago: executing program 1 (id=3651): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 5.853455361s ago: executing program 2 (id=3652): socket$inet6(0xa, 0x3, 0xff) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x5, 0xffffffff}, 0x0) syz_open_dev$video(&(0x7f0000000140), 0x1d24, 0x23635de98487b93e) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) r4 = syz_open_dev$media(&(0x7f0000000040), 0x5, 0x141800) ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000100)) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES8=r3], 0xd0}}, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) ioctl$sock_inet_SIOCGARP(r0, 0x89a3, &(0x7f00000001c0)={{0x3a, 0x0, @multicast2}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x0, {0x2, 0x4e1d, @remote}}) shmget(0x3, 0x2000, 0x540020c4, &(0x7f0000002000/0x2000)=nil) r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000824) write$UHID_CREATE2(r7, 0x0, 0x118) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x6, 0x4) ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @pix_mp={0x12, 0x5be7, 0xb5315258, 0x6, 0xb, [{0x80000004, 0x7}, {0x7ff, 0x5}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x7, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd}) 5.548836422s ago: executing program 0 (id=3653): r0 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_G_TUNER(r3, 0xc054561d, &(0x7f0000000180)={0x0, "836d11f8a2f7337496bff2b4d43d400ebf870e7cf92542da0cbdf188dede83ee", 0x2, 0x20, 0x7fffffff, 0x7, 0x10, 0x1, 0x0, 0x3}) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) capset(0x0, &(0x7f0000000280)={0xfffffffc, 0x1, 0x4007, 0x81, 0x2}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffcc3, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0xc0d4}, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x10005, 0x1, 0xf27, 0x401, 0x7, 0x81, 0x8}, &(0x7f0000000200)={0x5, 0x0, 0x49a, 0x6, 0x8, 0x45a, 0xffffffff, 0x10000}, &(0x7f0000000240)={0x0, 0x1000, 0x744, 0x7, 0x9, 0x7ff, 0x0, 0xa}, &(0x7f00000002c0)={0x77359400}, &(0x7f0000000340)={&(0x7f0000000300)={[0xe78]}, 0x8}) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602200000000e000a00140000000280", 0x2a}, {&(0x7f0000000400)="6a718e5e", 0x4}], 0x2}, 0x0) io_uring_register$IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, &(0x7f0000000040), 0x1) 3.814837427s ago: executing program 1 (id=3654): r0 = socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_G_TUNER(r3, 0xc054561d, &(0x7f0000000180)={0x0, "836d11f8a2f7337496bff2b4d43d400ebf870e7cf92542da0cbdf188dede83ee", 0x2, 0x20, 0x7fffffff, 0x7, 0x10, 0x1, 0x0, 0x3}) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) capset(0x0, &(0x7f0000000280)={0xfffffffc, 0x1, 0x4007, 0x81, 0x2}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffcc3, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0xc0d4}, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000000)) pselect6(0x0, 0x0, &(0x7f0000000200)={0x5, 0x0, 0x49a, 0x6, 0x8, 0x45a, 0xffffffff, 0x10000}, &(0x7f0000000240)={0x0, 0x1000, 0x744, 0x7, 0x9, 0x7ff, 0x0, 0xa}, &(0x7f00000002c0)={0x77359400}, &(0x7f0000000340)={&(0x7f0000000300)={[0xe78]}, 0x8}) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602200000000e000a00140000000280", 0x2a}, {&(0x7f0000000400)="6a718e5e", 0x4}], 0x2}, 0x0) io_uring_register$IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, &(0x7f0000000040), 0x1) 3.539823318s ago: executing program 0 (id=3655): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffff0100aaaaaaaa86dd6002adf700083a00fc010000000000000000000000000001ff02000000000000000000000000000180"], 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) r4 = syz_open_dev$vbi(&(0x7f0000000f40), 0x3, 0x2) ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000040)={0x1, "60499b881e2835f8c764c758d6e60d81f4d541170d0664ff0afa791943c67af1", 0x3, 0x8, 0x5ff32f2f, 0xb000, 0x8}) write$tun(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="080086dd0001"], 0xfdef) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r5 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x201, 0x20, 0xe4, 0x6a, 0x58}) 3.480490877s ago: executing program 2 (id=3656): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 3.407487108s ago: executing program 3 (id=3657): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 3.319495781s ago: executing program 4 (id=3658): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) 1.706263196s ago: executing program 0 (id=3659): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 1.658673063s ago: executing program 2 (id=3660): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018100000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x198, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffffff, 'xfrm0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x49}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x3, 'kmp\x00', "00000100cbd047da9ca965f96ad58a1f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bf0bc37674024c183ebacdf741ceff00ed3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00000000000000000000000000000000000000000200", 0x79, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x9, 0x2, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, {0x0, [0x6, 0x0, 0x4, 0x0, 0x1], 0x0, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x396) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) msync(&(0x7f0000e37000/0x13000)=nil, 0x13000, 0x0) 1.48144974s ago: executing program 1 (id=3661): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x28, 0x80, 0x0, 0x4}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840) sendmsg$rds(r2, 0x0, 0x0) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000001300)="92", 0x1, 0x10, &(0x7f0000000240)={0xa, 0x4e1c, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c30010", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}}}}}}}, 0x0) 1.46403458s ago: executing program 3 (id=3662): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0xa2}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}], 0x1}], 0x1, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/71, 0x47}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x5c, 0x0, 0x400, 0x7fffffff, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1cc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x5b}, 0x1, 0x0, 0x0, 0x1}, 0x800) 1.297309674s ago: executing program 4 (id=3663): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x1000}], 0x1, 0x0, 0x0, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r0, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000140)={0x0, 0x180, 0x380, 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0) r4 = syz_open_dev$vbi(&(0x7f00000006c0), 0x3, 0x2) r5 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}}}}}}, 0x0) sendmsg(r5, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000dc0)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe89}, 0x94) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(r4, 0x80345631, &(0x7f0000000700)) 227.946226ms ago: executing program 4 (id=3664): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) 0s ago: executing program 1 (id=3665): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xe8, 0x30, 0x7, 0x2, 0x4, 0x5, 0x7, 0x8, 0xa, 0x5, 0x2, 0x52, 0x2, 0x3}, 0xe) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r5, 0x0}) syz_io_uring_setup(0x580a, &(0x7f0000000040)={0x0, 0xffffffff, 0x100, 0x0, 0x22d}, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(0x4) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x40000005, 0x3, 0x0, 0x1, [0x0], [0x4, 0x7, 0x77], [0x7, 0x80000002, 0x2, 0x7], [0x0, 0x0, 0x1, 0xfff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) kernel console output (not intermixed with test programs): transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 832.845573][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2301'. [ 832.942385][ T985] usb 3-1: new full-speed USB device number 88 using dummy_hcd [ 833.145336][ T985] usb 3-1: unable to get BOS descriptor or descriptor too short [ 833.170966][ T985] usb 3-1: not running at top speed; connect to a high speed hub [ 833.183140][ T985] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 833.193384][ T985] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 833.245821][ T985] usb 3-1: string descriptor 0 read error: -22 [ 833.304812][ T985] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 833.319446][ T985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 833.348145][ T985] usb 3-1: 0:2 : does not exist [ 834.361650][ T5877] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 834.671673][ T5877] usb 2-1: Using ep0 maxpacket: 32 [ 834.679856][ T5877] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 834.691241][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 834.754661][ T5877] usb 2-1: config 0 descriptor?? [ 834.966820][ T5877] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 835.033545][ T5877] usb 2-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 835.042656][ T5877] usb 2-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 835.280705][T14825] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2303'. [ 835.488068][ T5912] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 835.499396][T14827] wireguard0: entered promiscuous mode [ 835.505225][T14827] wireguard0: entered allmulticast mode [ 835.638283][T14829] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 835.659290][T14829] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.912095][ T5912] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 835.920629][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 835.940695][ T5912] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 835.952521][ T5912] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 835.960774][ T5912] usb 4-1: Manufacturer: syz [ 835.975775][ T5912] usb 4-1: config 0 descriptor?? [ 836.130420][ T5912] rc_core: IR keymap rc-hauppauge not found [ 836.159476][ T5912] Registered IR keymap rc-empty [ 836.180529][ T5912] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 836.250631][ T5912] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input60 [ 836.359887][T14836] netlink: 'syz.2.2306': attribute type 6 has an invalid length. [ 836.389171][T14836] QAT: failed to copy from user cfg_data. [ 837.855058][T14846] tap0: tun_chr_ioctl cmd 1074025677 [ 837.927476][T14846] tap0: linktype set to 778 [ 838.158830][T10691] usb 4-1: USB disconnect, device number 90 [ 838.586354][T14853] netlink: 'syz.0.2312': attribute type 21 has an invalid length. [ 838.843721][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 838.843742][ T30] audit: type=1326 audit(1769387059.233:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 838.931104][T14865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 838.942059][T14865] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 839.271693][ T30] audit: type=1326 audit(1769387059.253:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 839.347832][ T30] audit: type=1326 audit(1769387059.803:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 839.411232][ T30] audit: type=1326 audit(1769387059.843:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 839.464214][ T30] audit: type=1326 audit(1769387059.843:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 839.545201][ T30] audit: type=1326 audit(1769387059.993:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf717572b code=0x7ffc0000 [ 839.591472][ T30] audit: type=1326 audit(1769387059.993:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf717572b code=0x7ffc0000 [ 839.924452][ T30] audit: type=1326 audit(1769387059.993:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 839.993013][ T30] audit: type=1326 audit(1769387059.993:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 840.028079][ T30] audit: type=1326 audit(1769387059.993:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.3.2311" exe="/root/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf7f76539 code=0x7ffc0000 [ 840.297133][ T985] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 840.424846][ T985] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 840.439501][ T985] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 840.608811][ T985] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 842.027662][T14891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 842.060952][ T985] hid_parser_main: 5 callbacks suppressed [ 842.060971][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.102737][T14891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 842.139357][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.221907][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.229358][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.301645][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.555795][T14890] syz.1.2318 (14890): drop_caches: 2 [ 842.593662][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.611815][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.619569][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.631673][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.641660][ T985] hid-generic 00A0:0006:0003.0046: unknown main item tag 0x0 [ 842.658289][ T985] hid-generic 00A0:0006:0003.0046: hidraw0: HID v0.05 Device [syz1] on syz0 [ 843.544405][T14900] tipc: Enabling of bearer rejected, already enabled [ 845.178271][T14918] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 845.257141][T14918] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2323'. [ 845.823916][T14922] fuse: Unknown parameter 'usep_id' [ 846.102417][T14926] xt_bpf: check failed: parse error [ 846.651926][T14933] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2326'. [ 847.194359][T14939] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2328'. [ 847.746341][T14947] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2328'. [ 847.757731][T14947] bridge2: port 1(veth0_to_bond) entered blocking state [ 847.765857][T14947] bridge2: port 1(veth0_to_bond) entered disabled state [ 847.774028][T14947] veth0_to_bond: entered allmulticast mode [ 847.783293][T14947] veth0_to_bond: entered promiscuous mode [ 848.723966][T14951] lo: Caught tx_queue_len zero misconfig [ 848.925573][T14955] tipc: Enabled bearer , priority 0 [ 848.963767][T14961] syzkaller0: entered promiscuous mode [ 848.969243][T14961] syzkaller0: entered allmulticast mode [ 849.393219][T14951] tipc: Resetting bearer [ 849.420766][T14951] tipc: Resetting bearer [ 849.535813][T14951] tipc: Disabling bearer [ 849.633913][T14973] xt_bpf: check failed: parse error [ 849.819330][T14974] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2333'. [ 850.396056][T14975] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2333'. [ 851.599847][T14992] netlink: 'syz.1.2336': attribute type 7 has an invalid length. [ 852.169151][T14999] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2338'. [ 852.215047][T14999] netlink: 'syz.0.2338': attribute type 10 has an invalid length. [ 852.229876][T14999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2338'. [ 852.494396][T14999] team0 (unregistering): Port device team_slave_0 removed [ 852.552613][T14999] team0 (unregistering): Port device team_slave_1 removed [ 852.753415][T15002] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2337'. [ 852.769519][T15002] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2337'. [ 853.265004][T15010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'. [ 853.310632][T15010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'. [ 855.041493][T15033] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2342'. [ 855.692282][ T985] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 856.126675][ T985] usb 1-1: Using ep0 maxpacket: 32 [ 856.139998][ T985] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 856.156740][ T985] usb 1-1: config 0 has no interface number 0 [ 856.171219][ T985] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 856.202929][ T985] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 856.210957][ T985] usb 1-1: Product: syz [ 856.215974][ T985] usb 1-1: Manufacturer: syz [ 856.220668][ T985] usb 1-1: SerialNumber: syz [ 856.227332][ T985] usb 1-1: config 0 descriptor?? [ 856.344673][ T985] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 856.424171][ T985] usb 1-1: selecting invalid altsetting 1 [ 856.430120][ T985] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 856.440551][ T985] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 856.456720][ T985] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 856.466010][ T985] usb 1-1: media controller created [ 856.495760][ T985] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 856.538888][T15049] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2347'. [ 856.585860][T15049] netlink: 277 bytes leftover after parsing attributes in process `syz.2.2347'. [ 856.605848][T15049] netlink: 277 bytes leftover after parsing attributes in process `syz.2.2347'. [ 856.641727][ T985] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 856.651227][T15050] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2346'. [ 856.666478][ T985] zl10353_read_register: readreg error (reg=127, ret==-32) [ 857.872615][T15039] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 857.930666][ T985] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 857.970942][T15062] netlink: 'syz.3.2348': attribute type 2 has an invalid length. [ 858.054304][T15062] !: entered promiscuous mode [ 858.144450][ T985] usb 1-1: USB disconnect, device number 117 [ 858.440780][T15061] netlink: 'syz.3.2348': attribute type 2 has an invalid length. [ 859.061001][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 859.061018][ T30] audit: type=1326 audit(1769387079.513:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 859.096836][T15074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2351'. [ 859.105812][ T985] usb 5-1: new low-speed USB device number 94 using dummy_hcd [ 859.165016][ T30] audit: type=1326 audit(1769387079.513:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 859.191178][ T30] audit: type=1326 audit(1769387079.513:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 859.252267][ T985] usb 5-1: device descriptor read/64, error -71 [ 859.655446][ T30] audit: type=1326 audit(1769387079.513:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 859.771676][ T985] usb 5-1: new low-speed USB device number 95 using dummy_hcd [ 859.808989][T15083] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2354'. [ 859.866694][T15084] xt_bpf: check failed: parse error [ 859.966461][ T30] audit: type=1326 audit(1769387079.513:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 860.093725][ T30] audit: type=1326 audit(1769387079.513:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 860.121663][ T985] usb 5-1: device descriptor read/64, error -71 [ 860.169159][ T30] audit: type=1326 audit(1769387079.513:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 860.234856][ T30] audit: type=1326 audit(1769387079.513:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 860.503007][ T30] audit: type=1326 audit(1769387079.513:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 860.689714][ T985] usb usb5-port1: attempt power cycle [ 860.690285][ T30] audit: type=1326 audit(1769387079.513:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15068 comm="syz.2.2351" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7ffc0000 [ 861.001693][T15092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2355'. [ 861.060788][ T985] usb 5-1: new low-speed USB device number 96 using dummy_hcd [ 861.092417][ T985] usb 5-1: device descriptor read/8, error -71 [ 862.155995][ T985] usb 5-1: new full-speed USB device number 97 using dummy_hcd [ 862.340112][ T985] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 862.385308][ T985] usb 5-1: config 0 has no interface number 0 [ 862.414976][ T985] usb 5-1: config 0 interface 128 has no altsetting 0 [ 862.463144][ T985] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91 [ 862.501055][ T985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 862.528135][ T985] usb 5-1: Product: syz [ 862.544696][ T985] usb 5-1: Manufacturer: syz [ 862.898096][ T985] usb 5-1: SerialNumber: syz [ 862.914919][ T985] usb 5-1: config 0 descriptor?? [ 862.946978][ T985] radio-si470x 5-1:0.128: could not find interrupt in endpoint [ 862.972593][ T985] radio-si470x 5-1:0.128: probe with driver radio-si470x failed with error -5 [ 863.004553][ T985] usbhid 5-1:0.128: couldn't find an input interrupt endpoint [ 864.955189][T15106] batman_adv: batadv0: Interface deactivated: dummy0 [ 865.424916][T15142] sctp: [Deprecated]: syz.2.2365 (pid 15142) Use of struct sctp_assoc_value in delayed_ack socket option. [ 865.424916][T15142] Use struct sctp_sack_info instead [ 865.941131][T10691] usb 5-1: USB disconnect, device number 97 [ 866.223581][T15148] netlink: 'syz.0.2363': attribute type 2 has an invalid length. [ 866.237744][T15148] netlink: 'syz.0.2363': attribute type 2 has an invalid length. [ 867.129420][T15147] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2365'. [ 867.132555][T10691] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 867.544016][T10691] usb 5-1: Using ep0 maxpacket: 8 [ 867.560283][T10691] usb 5-1: config 1 interface 0 altsetting 9 bulk endpoint 0x3 has invalid maxpacket 8 [ 867.596188][T10691] usb 5-1: config 1 interface 0 has no altsetting 0 [ 867.607940][T10691] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 867.620268][T10691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.772263][T10691] usb 5-1: Product: syz [ 867.776468][T10691] usb 5-1: Manufacturer: syz [ 867.781046][T10691] usb 5-1: SerialNumber: syz [ 867.856357][T15155] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 869.541125][T15179] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2371'. [ 869.650336][T10691] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 869.669111][T10691] usb 5-1: USB disconnect, device number 98 [ 870.229093][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.242522][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.060253][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 871.060272][ T30] audit: type=1326 audit(1769387091.363:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15188 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 871.247675][ T30] audit: type=1326 audit(1769387091.363:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15188 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 873.711685][ T985] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 873.872217][ T985] usb 4-1: Using ep0 maxpacket: 32 [ 873.921942][ T985] usb 4-1: config index 0 descriptor too short (expected 44, got 36) [ 873.921970][ T985] usb 4-1: config 0 has an invalid interface number: 126 but max is 0 [ 873.921988][ T985] usb 4-1: config 0 has no interface number 0 [ 873.922029][ T985] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 873.922050][ T985] usb 4-1: config 0 interface 126 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0 [ 873.922071][ T985] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0 [ 873.922092][ T985] usb 4-1: config 0 interface 126 has no altsetting 0 [ 873.944329][ T985] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 873.944348][ T985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 873.944359][ T985] usb 4-1: Product: syz [ 873.944366][ T985] usb 4-1: Manufacturer: syz [ 873.944374][ T985] usb 4-1: SerialNumber: syz [ 873.945958][ T985] usb 4-1: config 0 descriptor?? [ 874.033314][T15215] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 874.219415][T15221] trusted_key: encrypted_key: insufficient parameters specified [ 874.246439][T15214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 874.265600][T15214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 874.482446][T10691] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 874.704001][T10691] usb 1-1: Using ep0 maxpacket: 16 [ 874.720589][T10691] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 874.733522][T10691] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 874.826042][T15230] binder: BINDER_SET_CONTEXT_MGR already set [ 874.834735][T15230] binder: 15225:15230 ioctl 4018620d 80000040 returned -16 [ 875.040487][T10691] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 875.096816][T10691] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 875.110070][T10691] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 875.146894][T10691] usb 1-1: SerialNumber: syz [ 875.170220][T10691] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 875.195085][T10691] cdc_acm 1-1:1.0: This needs exactly 3 endpoints [ 875.234582][T10691] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22 [ 876.150859][T15240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2383'. [ 876.376521][ T985] ir_usb 4-1:0.126: IR Dongle converter detected [ 876.399573][ T985] usb 4-1: IRDA class descriptor not found, device not bound [ 876.435370][ T985] usb 4-1: USB disconnect, device number 91 [ 877.293043][T15258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2387'. [ 878.396541][ T985] usb 1-1: USB disconnect, device number 118 [ 878.714679][T15269] GUP no longer grows the stack in syz.2.2390 (15269): 80009000-8000a000 (80005000) [ 878.726092][T15269] CPU: 1 UID: 0 PID: 15269 Comm: syz.2.2390 Tainted: G L syzkaller #0 PREEMPT(full) [ 878.726111][T15269] Tainted: [L]=SOFTLOCKUP [ 878.726116][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 878.726125][T15269] Call Trace: [ 878.726130][T15269] [ 878.726135][T15269] dump_stack_lvl+0xe8/0x150 [ 878.726154][T15269] __get_user_pages+0x2453/0x29d0 [ 878.726180][T15269] ? __gup_longterm_locked+0xc4e/0x1630 [ 878.726193][T15269] ? down_read_killable+0x1bb/0x340 [ 878.726202][T15269] ? try_get_folio+0xec/0x650 [ 878.726217][T15269] __gup_longterm_locked+0xdcf/0x1630 [ 878.726242][T15269] gup_fast_fallback+0x1d82/0x22e0 [ 878.726270][T15269] ? __pfx_gup_fast_fallback+0x10/0x10 [ 878.726283][T15269] ? is_valid_gup_args+0x11f/0x200 [ 878.726297][T15269] ? get_user_pages_fast+0x4d/0xb0 [ 878.726310][T15269] __iov_iter_get_pages_alloc+0x3b6/0xb10 [ 878.726326][T15269] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 878.726339][T15269] ? wait_for_space+0x247/0x2c0 [ 878.726352][T15269] iov_iter_get_pages2+0x5e/0xa0 [ 878.726364][T15269] __se_sys_vmsplice+0x5d7/0x1220 [ 878.726384][T15269] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 878.726397][T15269] ? __pfx_futex_wait+0x10/0x10 [ 878.726443][T15269] __do_fast_syscall_32+0x1d2/0x540 [ 878.726451][T15269] ? do_fast_syscall_32+0x33/0x70 [ 878.726465][T15269] ? irqentry_exit+0x10e/0x620 [ 878.726480][T15269] do_fast_syscall_32+0x33/0x70 [ 878.726501][T15269] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 878.726516][T15269] RIP: 0023:0xf7f67539 [ 878.726531][T15269] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 878.726540][T15269] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 000000000000013c [ 878.726552][T15269] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000280 [ 878.726559][T15269] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 878.726565][T15269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 878.726570][T15269] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 878.726577][T15269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 878.726592][T15269] [ 878.730035][T15269] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2390'. [ 879.056377][T15270] syz.0.2388 (15270): drop_caches: 2 [ 879.167791][T15273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 879.177075][T15273] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 879.222898][T15269] netlink: 31 bytes leftover after parsing attributes in process `syz.2.2390'. [ 879.341180][T15269] netlink: 'syz.2.2390': attribute type 3 has an invalid length. [ 879.611696][T15269] netlink: 'syz.2.2390': attribute type 2 has an invalid length. [ 879.649557][T15269] netlink: 31 bytes leftover after parsing attributes in process `syz.2.2390'. [ 879.774456][T15271] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 879.806080][T15279] netlink: 'syz.1.2391': attribute type 10 has an invalid length. [ 879.817693][T15279] netlink: 'syz.1.2391': attribute type 10 has an invalid length. [ 879.826643][T15279] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2391'. [ 881.634714][T15300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 881.647237][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 881.673624][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 881.696284][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 881.965634][T15288] netlink: 'syz.0.2394': attribute type 20 has an invalid length. [ 882.002582][T15288] IPv6: NLM_F_CREATE should be specified when creating new route [ 882.025062][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2392'. [ 882.351841][T15306] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2396'. [ 883.367146][T15317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 883.385637][T15317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 884.839570][T15334] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2402'. [ 884.878039][T15334] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2402'. [ 884.899460][T15334] xt_bpf: check failed: parse error [ 886.315646][T15354] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[15354] [ 886.461719][ T985] usb 1-1: new full-speed USB device number 119 using dummy_hcd [ 886.568036][T15355] QAT: failed to copy from user. [ 886.875297][ T985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 886.974196][ T985] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 887.392709][ T985] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 887.421660][ T985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.440437][ T985] usb 1-1: config 0 descriptor?? [ 887.480586][T15347] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 887.978436][ T985] usbhid 1-1:0.0: can't add hid device: -71 [ 888.092744][ T985] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 888.198757][ T985] usb 1-1: USB disconnect, device number 119 [ 888.452688][T15378] fuse: Bad value for 'fd' [ 888.725558][ T985] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 889.291670][ T985] usb 1-1: Using ep0 maxpacket: 32 [ 889.322598][ T985] usb 1-1: device descriptor read/all, error -71 [ 892.007776][T15409] syz.4.2416 (15409): drop_caches: 2 [ 892.980576][T15423] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2422'. [ 892.990797][T15423] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2422'. [ 895.813726][ T5877] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 895.929043][ T5877] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 896.071865][T15455] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 896.096728][ T30] audit: type=1326 audit(1769387116.473:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 896.210449][ T5877] usb 2-1: USB disconnect, device number 100 [ 896.616341][ T30] audit: type=1326 audit(1769387116.473:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 896.721089][ T30] audit: type=1326 audit(1769387116.473:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 896.924530][ T30] audit: type=1326 audit(1769387116.483:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 897.269435][ T30] audit: type=1326 audit(1769387116.483:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 897.519890][ T30] audit: type=1326 audit(1769387116.483:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=281 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 897.625466][ T30] audit: type=1326 audit(1769387116.483:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 897.804624][ T30] audit: type=1326 audit(1769387116.483:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 897.890093][ T30] audit: type=1326 audit(1769387116.483:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 898.094819][ T30] audit: type=1326 audit(1769387116.483:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15439 comm="syz.0.2436" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x7ffc0000 [ 898.133508][T15467] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2432'. [ 898.786624][T15475] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2432'. [ 898.805029][T15475] bridge2: port 1(veth0_to_bond) entered blocking state [ 898.814782][T15475] bridge2: port 1(veth0_to_bond) entered disabled state [ 898.853556][T15475] veth0_to_bond: entered allmulticast mode [ 898.872079][T15475] veth0_to_bond: entered promiscuous mode [ 899.764210][T10691] usb 5-1: new low-speed USB device number 99 using dummy_hcd [ 901.047896][T15503] fuse: Bad value for 'fd' [ 903.081803][ T985] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 903.220848][T15525] QAT: Invalid ioctl 21531 [ 903.381632][ T985] usb 1-1: Using ep0 maxpacket: 32 [ 903.420928][ T985] usb 1-1: config 0 has an invalid interface number: 79 but max is 0 [ 903.447960][ T985] usb 1-1: config 0 has no interface number 0 [ 903.505558][ T985] usb 1-1: New USB device found, idVendor=16dc, idProduct=0015, bcdDevice=84.53 [ 903.527744][ T985] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 903.556264][ T985] usb 1-1: Product: syz [ 903.566571][ T985] usb 1-1: Manufacturer: syz [ 903.873063][ T5877] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 904.030621][ T985] usb 1-1: SerialNumber: syz [ 904.062474][ T985] usb 1-1: config 0 descriptor?? [ 904.102356][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 904.109436][ T5877] usb 2-1: config 166 has an invalid interface number: 177 but max is 1 [ 904.119349][ T5877] usb 2-1: config 166 has an invalid interface number: 34 but max is 1 [ 904.127924][ T5877] usb 2-1: config 166 has an invalid descriptor of length 0, skipping remainder of the config [ 904.142775][ T5877] usb 2-1: config 166 has no interface number 0 [ 904.151434][ T5877] usb 2-1: config 166 has no interface number 1 [ 904.161025][ T5877] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 904.179670][ T5877] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 904.191395][ T5877] usb 2-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 904.233138][ T5877] usb 2-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 904.275422][ T5877] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid wMaxPacketSize 0 [ 904.286317][ T5877] usb 2-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 0 [ 904.351741][ T5877] usb 2-1: config 166 interface 177 has no altsetting 0 [ 904.359559][ T5877] usb 2-1: config 166 interface 34 has no altsetting 0 [ 904.575586][ T5877] usb 2-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 904.595823][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.618900][ T5877] usb 2-1: Product: syz [ 904.628390][ T5877] usb 2-1: Manufacturer: syz [ 904.635301][ T5877] usb 2-1: SerialNumber: syz [ 906.056590][ T5877] ums-realtek 2-1:166.177: USB Mass Storage device detected [ 906.188281][ T5877] ums-realtek 2-1:166.34: USB Mass Storage device detected [ 906.281502][ T5877] uvcvideo 2-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 906.296155][ T5877] uvcvideo 2-1:166.34: No valid video chain found. [ 906.334858][ T5877] usb 2-1: USB disconnect, device number 101 [ 906.516213][T15567] trusted_key: encrypted_key: insufficient parameters specified [ 906.792733][T10691] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 906.874920][ T985] cp210x 1-1:0.79: cp210x converter detected [ 906.940466][ T985] cp210x 1-1:0.79: failed to get vendor val 0x370b size 1: -71 [ 906.977529][ T985] cp210x 1-1:0.79: querying part number failed [ 907.009077][ T985] usb 1-1: cp210x converter now attached to ttyUSB0 [ 907.058796][ T985] usb 1-1: USB disconnect, device number 122 [ 907.148857][T10691] usb 5-1: Using ep0 maxpacket: 16 [ 907.215851][T15583] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 907.392225][T15586] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2462'. [ 907.407938][ T985] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 907.437637][T10691] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 907.470692][ T985] cp210x 1-1:0.79: device disconnected [ 907.565845][T10691] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 907.619825][T10691] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 907.716876][T10691] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 907.810699][T10691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 907.853579][T10691] usb 5-1: SerialNumber: syz [ 907.902352][ T985] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 908.050489][T10691] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 908.080206][T10691] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 908.101734][ T985] usb 1-1: Using ep0 maxpacket: 16 [ 908.109913][ T985] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 908.120024][ T985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 908.146067][ T985] usb 1-1: config 0 descriptor?? [ 908.165457][T10691] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 908.201814][ T985] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 908.920874][T15599] QAT: Invalid ioctl 21531 [ 909.388886][T10691] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 909.477038][T15609] netlink: 'syz.2.2470': attribute type 10 has an invalid length. [ 909.586983][ T10] usb 5-1: USB disconnect, device number 100 [ 909.601338][T10691] usb 4-1: Using ep0 maxpacket: 16 [ 909.664617][T10691] usb 4-1: config 166 has an invalid interface number: 177 but max is 1 [ 909.685416][T10691] usb 4-1: config 166 has an invalid interface number: 34 but max is 1 [ 909.709366][T10691] usb 4-1: config 166 has an invalid descriptor of length 0, skipping remainder of the config [ 909.762728][T10691] usb 4-1: config 166 has no interface number 0 [ 909.784211][T10691] usb 4-1: config 166 has no interface number 1 [ 909.832477][T10691] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 909.858345][T10691] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 909.896211][T10691] usb 4-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 909.931389][T10691] usb 4-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 909.992179][T10691] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid wMaxPacketSize 0 [ 910.038432][T10691] usb 4-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 0 [ 910.313289][T10691] usb 4-1: config 166 interface 177 has no altsetting 0 [ 910.369088][T10691] usb 4-1: config 166 interface 34 has no altsetting 0 [ 910.410821][T10691] usb 4-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 910.472753][T10691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.483980][T10691] usb 4-1: Product: syz [ 910.490049][T10691] usb 4-1: Manufacturer: syz [ 910.504287][T10691] usb 4-1: SerialNumber: syz [ 910.676663][T15620] fuse: Bad value for 'fd' [ 910.767363][ T985] usb 1-1: Detected FT232A [ 910.773470][ T985] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 910.800738][ T985] usb 1-1: USB disconnect, device number 123 [ 910.837059][ T985] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 911.130861][ T985] ftdi_sio 1-1:0.0: device disconnected [ 911.359285][T15632] QAT: failed to copy from user. [ 911.734356][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2483'. [ 911.753035][T15641] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 911.760315][T15641] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 911.768947][T15641] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2483'. [ 912.025095][T10691] ums-realtek 4-1:166.177: USB Mass Storage device detected [ 912.293073][T10691] ums-realtek 4-1:166.34: USB Mass Storage device detected [ 912.333484][T15659] netlink: 'syz.3.2490': attribute type 10 has an invalid length. [ 912.367391][T15658] xt_CT: You must specify a L4 protocol and not use inversions on it [ 912.385674][T10691] uvcvideo 4-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 912.409322][T10691] uvcvideo 4-1:166.34: No valid video chain found. [ 912.524502][T10691] usb 4-1: USB disconnect, device number 92 [ 912.845538][T15670] netlink: 'syz.0.2494': attribute type 4 has an invalid length. [ 912.889829][T15670] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.2494'. [ 913.127669][T15676] fuse: Bad value for 'fd' [ 913.393214][T15680] usb 3-1: USB disconnect, device number 88 [ 914.605552][T15706] QAT: failed to copy from user. [ 914.718210][ T5877] usb 1-1: new full-speed USB device number 124 using dummy_hcd [ 914.934372][ T5877] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 914.950087][ T5877] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 2 [ 914.977000][ T5877] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 915.014157][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 915.033866][ T5877] usb 1-1: config 0 descriptor?? [ 915.433512][ T5877] usb 1-1: USB disconnect, device number 124 [ 915.899003][T15739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 915.908219][T15739] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 916.257900][T15742] netlink: 140 bytes leftover after parsing attributes in process `syz.3.2522'. [ 916.268077][T15742] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2522'. [ 917.109665][T15766] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[15766] [ 918.261135][T15781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 918.282961][T15781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 919.490908][T15806] QAT: Invalid ioctl 21531 [ 919.817708][T15806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 919.950619][T15815] fuse: Bad value for 'fd' [ 919.972176][T15806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 921.031598][ T985] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 921.171920][ T985] usb 5-1: device descriptor read/64, error -71 [ 921.222960][ T10] usb 1-1: new full-speed USB device number 125 using dummy_hcd [ 921.442618][ T985] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 921.500969][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 921.536322][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 921.553150][ T10] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 921.569702][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.581642][ T985] usb 5-1: device descriptor read/64, error -71 [ 921.596277][ T10] usb 1-1: config 0 descriptor?? [ 921.614938][ T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 921.627226][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 921.649701][ T10] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 921.660693][ T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 921.669713][ T10] usb 1-1: media controller created [ 921.929533][ T985] usb usb5-port1: attempt power cycle [ 921.973780][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 922.010766][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 922.050843][ T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 922.132934][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input62 [ 922.166513][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 922.179238][ T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 922.198903][ T10] usb 1-1: USB disconnect, device number 125 [ 922.254879][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 922.302031][ T985] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 922.322271][ T985] usb 5-1: device descriptor read/8, error -71 [ 922.591700][ T985] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 922.620086][T15860] raw_sendmsg: syz.1.2563 forgot to set AF_INET. Fix it! [ 922.656275][ T985] usb 5-1: device descriptor read/8, error -71 [ 922.802920][ T985] usb usb5-port1: unable to enumerate USB device [ 923.153292][T15871] trusted_key: encrypted_key: insufficient parameters specified [ 923.621649][ T985] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 923.913199][ T985] usb 2-1: Using ep0 maxpacket: 16 [ 924.000485][T15887] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2573'. [ 924.055065][ T985] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 924.065569][ T985] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 924.108599][ T985] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 924.183703][ T985] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 924.193318][ T985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 924.212297][ T985] usb 2-1: SerialNumber: syz [ 924.251008][ T985] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 924.270449][ T985] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 924.289242][ T985] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 926.033794][ T10] usb 2-1: USB disconnect, device number 102 [ 926.495565][ T5877] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 926.867108][ T5877] usb 4-1: Using ep0 maxpacket: 16 [ 926.992414][ T5877] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 927.000447][ T5877] usb 4-1: config 0 has no interface number 0 [ 927.006851][ T5877] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 927.020626][ T5877] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 927.030753][ T5877] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 927.098687][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.163107][ T5877] usb 4-1: config 0 descriptor?? [ 927.186580][T15949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2596'. [ 927.856542][ T5877] uclogic 0003:28BD:0071.0047: failed retrieving string descriptor #100: -71 [ 927.869553][ T5877] uclogic 0003:28BD:0071.0047: failed retrieving pen parameters: -71 [ 927.898229][ T5877] uclogic 0003:28BD:0071.0047: pen probing failed: -71 [ 927.916683][ T5877] uclogic 0003:28BD:0071.0047: failed probing parameters: -71 [ 927.941653][ T5877] uclogic 0003:28BD:0071.0047: probe with driver uclogic failed with error -71 [ 927.980108][ T5877] usb 4-1: USB disconnect, device number 93 [ 928.643514][T15980] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2606'. [ 928.922071][T10691] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 929.092669][T10691] usb 4-1: Using ep0 maxpacket: 16 [ 929.149922][T10691] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 929.193391][T10691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 929.308358][T10691] usb 4-1: config 0 descriptor?? [ 929.327469][T10691] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 929.750763][T15990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 929.764874][T15990] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 930.151115][T16003] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2617'. [ 930.176064][T16003] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2617'. [ 931.452617][ T10] usb 5-1: new low-speed USB device number 105 using dummy_hcd [ 931.642193][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.648599][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.733535][ T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 931.742288][ T10] usb 5-1: config 0 has no interface number 0 [ 931.749755][ T10] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 931.762469][T10691] usb 4-1: Detected FT232A [ 931.848648][ T10] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 931.860732][ T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 931.870956][T10691] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 931.880377][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 931.896456][T10691] usb 4-1: USB disconnect, device number 94 [ 931.916897][T10691] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 931.993512][T10691] ftdi_sio 4-1:0.0: device disconnected [ 932.004374][ T10] usb 5-1: config 0 descriptor?? [ 932.059145][T16026] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 932.126994][ T10] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 932.341316][ T10] usb 5-1: USB disconnect, device number 105 [ 934.301613][ T985] usb 4-1: new low-speed USB device number 95 using dummy_hcd [ 935.365319][T16113] fuse: Bad value for 'fd' [ 937.601612][ T985] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 937.763770][ T985] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 937.776389][ T985] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 937.794908][ T985] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 937.810930][ T985] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 937.822588][ T985] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 937.836235][ T985] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 937.850513][ T985] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 937.864807][ T985] usb 1-1: Product: syz [ 937.871389][ T985] usb 1-1: Manufacturer: syz [ 937.892946][ T985] cdc_wdm 1-1:1.0: skipping garbage [ 937.898891][ T985] cdc_wdm 1-1:1.0: skipping garbage [ 937.909624][ T985] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 937.917197][ T985] cdc_wdm 1-1:1.0: Unknown control protocol [ 938.183527][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 938.183927][ T985] usb 1-1: USB disconnect, device number 126 [ 938.190168][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 938.190194][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 938.832179][ T10] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 938.988836][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 939.000313][ T10] usb 2-1: config 0 has no interfaces? [ 939.007075][ T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 939.032626][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 939.043435][ T10] usb 2-1: config 0 descriptor?? [ 939.255795][ T985] usb 2-1: USB disconnect, device number 103 [ 939.472791][T16211] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2699'. [ 939.483106][T16211] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2699'. [ 939.538757][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2700'. [ 939.935276][T16230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2709'. [ 939.974090][T16230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2709'. [ 940.251633][ T985] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 940.412278][ T985] usb 2-1: Using ep0 maxpacket: 32 [ 940.559247][ T985] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 940.574777][ T985] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 940.588404][ T985] usb 2-1: Product: syz [ 940.597499][ T985] usb 2-1: Manufacturer: syz [ 940.606371][ T985] usb 2-1: SerialNumber: syz [ 940.624938][ T985] usb 2-1: config 0 descriptor?? [ 940.848163][ T985] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 104 [ 940.958635][T16257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 940.967457][T16257] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 941.125620][T16239] i2c i2c-1: failure reading data [ 941.146124][ T10] usb 2-1: USB disconnect, device number 104 [ 941.765705][T16283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 941.779557][T16283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 943.640463][ T985] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 943.828759][T16338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 943.848875][T16338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 943.878198][ T985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 943.889317][ T985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 943.908425][ T985] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 943.938919][ T985] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 943.955835][ T985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 943.981687][ T985] usb 1-1: config 0 descriptor?? [ 944.428571][ T985] plantronics 0003:047F:FFFF.0048: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 945.636050][T16369] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 945.681268][ C1] plantronics 0003:047F:FFFF.0048: usb_submit_urb(ctrl) failed: -1 [ 945.821713][ T5877] usb 1-1: reset high-speed USB device number 127 using dummy_hcd [ 946.693304][ T985] usb 1-1: USB disconnect, device number 127 [ 947.711116][T16410] loop8: detected capacity change from 0 to 8 [ 947.729547][T13767] Dev loop8: unable to read RDB block 8 [ 947.736987][T13767] loop8: unable to read partition table [ 947.743186][T16412] syzkaller1: entered promiscuous mode [ 947.743207][T16412] syzkaller1: entered allmulticast mode [ 947.756985][T13767] loop8: partition table beyond EOD, truncated [ 947.766529][T16410] Dev loop8: unable to read RDB block 8 [ 947.776976][T16410] loop8: unable to read partition table [ 947.785225][T16410] loop8: partition table beyond EOD, truncated [ 947.799626][T16410] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 948.773258][T16448] trusted_key: encrypted_key: insufficient parameters specified [ 949.021595][ T985] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 949.621809][ T985] usb 4-1: Using ep0 maxpacket: 16 [ 949.889078][ T985] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 949.929295][ T985] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 950.002855][ T985] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 950.038641][ T985] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 950.050612][ T985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 950.084749][T16465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2790'. [ 950.098869][ T985] usb 4-1: SerialNumber: syz [ 950.193731][ T985] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 950.207677][ T985] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 950.215560][ T985] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 952.502604][ T10] usb 4-1: USB disconnect, device number 96 [ 952.651847][ T985] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 952.804556][ T985] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 952.815855][ T985] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 952.830703][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 952.830718][ T30] audit: type=1326 audit(1769387173.283:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16521 comm="syz.2.2814" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x0 [ 952.866332][ T985] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 952.896232][ T985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 953.116286][ T985] usb 1-1: usb_control_msg returned -32 [ 953.129593][ T985] usbtmc 1-1:16.0: can't read capabilities [ 953.426294][T16538] vhci_hcd vhci_hcd.0: port 0 already used [ 953.692138][ T985] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 953.854103][ T985] usb 5-1: config 0 has an invalid descriptor of length 53, skipping remainder of the config [ 953.874712][ T985] usb 5-1: config 0 has no interfaces? [ 953.888357][ T985] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 953.907265][ T985] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 953.915610][ T985] usb 5-1: Manufacturer: syz [ 953.931446][ T985] usb 5-1: config 0 descriptor?? [ 954.004172][T16550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 954.024987][T16550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 954.160111][ T985] usb 5-1: USB disconnect, device number 106 [ 955.125680][T16574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2831'. [ 955.142204][T16574] bridge_slave_1: left promiscuous mode [ 955.149249][T16574] bridge0: port 2(bridge_slave_1) entered disabled state [ 955.171196][T16574] bridge_slave_0: left allmulticast mode [ 955.179881][T16574] bridge_slave_0: left promiscuous mode [ 955.187867][T16574] bridge0: port 1(bridge_slave_0) entered disabled state [ 955.411680][ T985] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 955.504610][ T43] usb 1-1: USB disconnect, device number 2 [ 955.692023][ T985] usb 5-1: Using ep0 maxpacket: 16 [ 955.699871][ T985] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 955.722998][ T985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 955.740005][ T985] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 955.752652][ T985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.760642][ T985] usb 5-1: Product: syz [ 956.114805][ T985] usb 5-1: Manufacturer: syz [ 956.133950][ T985] usb 5-1: SerialNumber: syz [ 956.164560][ T985] usb 5-1: config 0 descriptor?? [ 956.191241][ T985] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 956.211121][ T985] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 956.295254][T16599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2840'. [ 956.966217][ T985] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 956.973580][ T985] em28xx 5-1:0.0: Config register raw data: 0x76 [ 957.008009][ T985] em28xx 5-1:0.0: I2S Audio (3 sample rate(s)) [ 957.033822][ T985] em28xx 5-1:0.0: No AC97 audio processor [ 957.685760][T16632] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 957.697359][T16632] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 957.788735][ T10] usb 5-1: USB disconnect, device number 107 [ 958.016040][T16639] kvm: emulating exchange as write [ 958.745073][T16676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 958.763007][T16676] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 960.291436][T16707] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2881'. [ 961.821701][ T985] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 962.021633][ T985] usb 4-1: Using ep0 maxpacket: 32 [ 962.345295][ T985] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 962.376993][ T985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.415482][ T985] usb 4-1: config 0 descriptor?? [ 962.794214][ T985] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 962.880296][ T985] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 962.924487][ T985] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 963.082324][ T985] usb 4-1: media controller created [ 963.110326][ T985] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 964.371831][ T985] stb0899_attach: Driver disabled by Kconfig [ 964.377857][ T985] az6027: no front-end attached [ 964.377857][ T985] [ 964.398702][ T985] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 964.411447][ T985] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input63 [ 964.428418][ T985] dvb-usb: schedule remote query interval to 400 msecs. [ 964.436902][ T985] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 964.629329][ T10] usb 4-1: USB disconnect, device number 97 [ 964.768542][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 966.783585][T16809] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2915'. [ 967.250075][ T30] audit: type=1804 audit(1769387187.703:789): pid=16819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2917" name="/newroot/578/bus" dev="tmpfs" ino=2998 res=1 errno=0 [ 967.777902][T16822] syzkaller0: entered promiscuous mode [ 967.783981][T16822] syzkaller0: entered allmulticast mode [ 967.987474][T16826] syzkaller0: entered promiscuous mode [ 967.993773][T16826] syzkaller0: entered allmulticast mode [ 968.014430][T16826] tipc: Enabled bearer , priority 0 [ 968.023273][T16825] tipc: Resetting bearer [ 968.066522][T16825] tipc: Disabling bearer [ 968.120842][T16830] syzkaller0: entered promiscuous mode [ 968.128509][T16830] syzkaller0: entered allmulticast mode [ 968.349909][T16836] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2926'. [ 968.379738][T16836] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2926'. [ 968.964376][T16842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2929'. [ 973.284516][T16910] syzkaller0: entered promiscuous mode [ 973.309393][T16910] syzkaller0: entered allmulticast mode [ 975.203582][T16928] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2949'. [ 975.471143][T16939] tipc: Enabled bearer , priority 0 [ 975.498573][T16939] syzkaller0: entered promiscuous mode [ 975.527399][T16939] syzkaller0: entered allmulticast mode [ 975.615456][T16944] tipc: Resetting bearer [ 975.799115][T16941] syzkaller0: entered promiscuous mode [ 975.805408][T16941] syzkaller0: entered allmulticast mode [ 975.814893][T16938] tipc: Resetting bearer [ 975.986714][T16938] tipc: Disabling bearer [ 976.202493][ T30] audit: type=1326 audit(1769387196.663:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16953 comm="syz.0.2956" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x0 [ 976.393101][T16959] netlink: 'syz.0.2956': attribute type 4 has an invalid length. [ 976.454484][T16961] netlink: 'syz.0.2956': attribute type 4 has an invalid length. [ 976.698698][T16970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2959'. [ 976.708840][T16970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2959'. [ 978.484413][T16970] dummy0: entered promiscuous mode [ 978.494356][T16970] team0: entered promiscuous mode [ 978.499420][T16970] team_slave_0: entered promiscuous mode [ 978.505619][T16970] team_slave_1: entered promiscuous mode [ 978.742166][T16984] syzkaller0: entered promiscuous mode [ 978.764428][T16984] syzkaller0: entered allmulticast mode [ 978.878109][T16990] netlink: 'syz.2.2963': attribute type 10 has an invalid length. [ 978.944712][T16991] fuse: Bad value for 'group_id' [ 978.949785][T16991] fuse: Bad value for 'group_id' [ 978.972687][ T5877] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 979.174818][ T5877] usb 1-1: device descriptor read/64, error -71 [ 979.532943][T16996] dummy0: left allmulticast mode [ 979.537906][T16996] dummy0: left promiscuous mode [ 979.542929][ T5877] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 979.595791][T16996] bridge0: port 4(dummy0) entered disabled state [ 979.616930][T16996] batman_adv: batadv0: Adding interface: dummy0 [ 979.654239][T16996] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 979.705939][T16996] batman_adv: batadv0: Interface activated: dummy0 [ 979.751672][ T5877] usb 1-1: device descriptor read/64, error -71 [ 979.864873][T16997] batadv0: mtu less than device minimum [ 979.872320][ T5877] usb usb1-port1: attempt power cycle [ 979.883578][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.894877][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.906009][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.917275][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.929060][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.940898][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.952717][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.964506][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 979.976461][T16997] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 980.343288][ T5877] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 980.372533][ T5877] usb 1-1: device descriptor read/8, error -71 [ 981.012723][ T5877] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 981.202527][ T5877] usb 1-1: device descriptor read/8, error -71 [ 981.231124][T17010] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2969'. [ 981.241002][T17010] batman_adv: batadv0: Interface deactivated: dummy0 [ 981.353483][T17010] batman_adv: batadv0: Removing interface: dummy0 [ 981.382040][ T5877] usb usb1-port1: unable to enumerate USB device [ 981.696062][T17019] syzkaller0: entered promiscuous mode [ 981.702776][T17019] syzkaller0: entered allmulticast mode [ 981.911925][ T5877] usb 4-1: new full-speed USB device number 98 using dummy_hcd [ 982.113425][ T5877] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 982.122023][ T5877] usb 4-1: config 0 has no interface number 0 [ 982.132692][ T5877] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 982.159771][ T5877] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 982.183131][ T5877] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.00 [ 982.200688][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 982.231618][ T5877] usb 4-1: Product: syz [ 982.235903][ T5877] usb 4-1: Manufacturer: syz [ 982.244470][ T5877] usb 4-1: SerialNumber: syz [ 982.268805][ T5877] usb 4-1: config 0 descriptor?? [ 982.285696][T17016] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 982.295404][ T5877] ums-sddr09 4-1:0.20: USB Mass Storage device detected [ 982.501443][ T5877] ums-sddr09 4-1:0.20: probe with driver ums-sddr09 failed with error -22 [ 983.026392][T17042] syzkaller0: entered promiscuous mode [ 983.032216][T17042] syzkaller0: entered allmulticast mode [ 983.149533][T17044] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2973'. [ 983.733337][T17052] fuse: Bad value for 'group_id' [ 983.738328][T17052] fuse: Bad value for 'group_id' [ 984.255852][T17057] QAT: failed to copy from user. [ 984.401682][T17061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 984.530161][T17061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 984.552958][ T5877] usb 4-1: USB disconnect, device number 98 [ 985.015973][T17073] netlink: 'syz.0.2983': attribute type 13 has an invalid length. [ 986.467295][T17089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2986'. [ 987.029492][T17095] net_ratelimit: 10 callbacks suppressed [ 987.029504][T17095] TC_ACT_REPEAT abuse ? [ 987.041611][ T5877] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 987.201607][ T5877] usb 2-1: Using ep0 maxpacket: 8 [ 987.223576][ T5877] usb 2-1: config 0 has no interfaces? [ 987.233988][ T5877] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 987.244517][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.252803][ T5877] usb 2-1: Product: syz [ 987.257142][ T5877] usb 2-1: Manufacturer: syz [ 987.262138][ T5877] usb 2-1: SerialNumber: syz [ 987.270289][ T5877] usb 2-1: config 0 descriptor?? [ 987.534611][T17101] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode [ 987.592786][T17101] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode [ 987.678270][T10691] usb 2-1: USB disconnect, device number 105 [ 989.028792][T17125] netlink: 'syz.1.2996': attribute type 4 has an invalid length. [ 990.905586][T17151] netdevsim netdevsim4 : renamed from netdevsim0 [ 991.296385][T17154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 991.305773][T17154] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 992.033377][T17164] usb usb8: usbfs: process 17164 (syz.0.3005) did not claim interface 0 before use [ 992.072387][ T30] audit: type=1400 audit(1769387212.483:791): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=17156 comm="syz.0.3005" [ 993.081383][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.089661][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.032694][ T5877] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 994.301597][ T24] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 994.393584][ T5877] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 994.440062][ T5877] usb 2-1: config 0 interface 0 has no altsetting 0 [ 994.458591][ T5877] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 994.478496][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 994.503820][ T5877] usb 2-1: Product: syz [ 994.508269][ T5877] usb 2-1: Manufacturer: syz [ 994.518611][ T5877] usb 2-1: SerialNumber: syz [ 994.525295][ T5877] usb 2-1: config 0 descriptor?? [ 994.550360][ T5877] usb 2-1: selecting invalid altsetting 0 [ 994.561952][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 994.573952][ T24] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 994.591417][ T24] usb 5-1: config 0 has no interface number 0 [ 994.613705][ T24] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 994.633730][ T24] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 994.643712][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 994.655535][ T24] usb 5-1: Product: syz [ 994.706124][ T24] usb 5-1: Manufacturer: syz [ 994.821612][ T24] usb 5-1: SerialNumber: syz [ 994.876360][ T24] usb 5-1: config 0 descriptor?? [ 994.891430][ T24] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 994.909192][ T24] em28xx 5-1:0.132: Video interface 132 found: [ 994.963569][ T10] usb 2-1: USB disconnect, device number 106 [ 995.404253][ T24] em28xx 5-1:0.132: chip ID is em2884 [ 995.540564][T17201] could not allocate digest TFM handle md5 [ 995.706227][T17181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 995.724716][T17181] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 995.836410][ T24] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 995.874584][ T24] em28xx 5-1:0.132: board has no eeprom [ 995.975948][ T24] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 995.995203][ T24] em28xx 5-1:0.132: analog set to bulk mode. [ 996.009527][ T5877] em28xx 5-1:0.132: Registering V4L2 extension [ 996.050424][ T24] usb 5-1: USB disconnect, device number 108 [ 996.092621][ T24] em28xx 5-1:0.132: Disconnecting em28xx [ 996.627893][ T5877] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 996.639253][ T5877] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 996.690524][ T5877] em28xx 5-1:0.132: No AC97 audio processor [ 996.724210][ T5877] usb 5-1: Decoder not found [ 996.739277][ T5877] em28xx 5-1:0.132: failed to create media graph [ 996.771652][ T5877] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 996.842838][ T5877] em28xx 5-1:0.132: Remote control support is not available for this card. [ 996.877554][ T24] em28xx 5-1:0.132: Closing input extension [ 997.022605][ T24] em28xx 5-1:0.132: Freeing device [ 997.416595][T17231] binder: 17226:17231 ioctl c018620c 800002c0 returned -1 [ 1000.370138][T17265] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1001.358481][T17276] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1001.368236][ T24] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 1001.565280][ T24] usb 1-1: config 1 has an invalid descriptor of length 216, skipping remainder of the config [ 1001.576115][ T24] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1001.595168][ T24] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1001.626365][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1001.643135][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1001.706462][ T24] usb 1-1: SerialNumber: syz [ 1001.738014][ T24] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 1001.756387][ T24] cdc_acm 1-1:1.0: This needs exactly 3 endpoints [ 1001.770426][ T24] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22 [ 1001.958236][ T10] usb 1-1: USB disconnect, device number 7 [ 1002.034563][T10691] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1002.286467][T10691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1002.301217][T10691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1002.483432][T10691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1002.526192][T10691] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1002.548849][T10691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.699843][T10691] usb 5-1: config 0 descriptor?? [ 1003.215707][T10691] plantronics 0003:047F:FFFF.0049: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1004.718851][ T24] usb 5-1: USB disconnect, device number 109 [ 1007.729971][T17342] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1008.722768][T17362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3044'. [ 1008.870517][T17363] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3044'. [ 1010.392288][ T10] usb 2-1: new full-speed USB device number 107 using dummy_hcd [ 1010.465637][T17389] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3060'. [ 1010.574345][ T10] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 1010.584002][ T10] usb 2-1: config 0 has no interface number 0 [ 1010.590189][ T10] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1010.604136][ T10] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1010.718440][ T10] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.00 [ 1010.728921][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.750899][ T10] usb 2-1: Product: syz [ 1010.814635][ T10] usb 2-1: Manufacturer: syz [ 1010.829302][ T10] usb 2-1: SerialNumber: syz [ 1010.864253][ T10] usb 2-1: config 0 descriptor?? [ 1010.871956][T17377] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1010.880620][ T10] ums-sddr09 2-1:0.20: USB Mass Storage device detected [ 1010.975614][ T10] ums-sddr09 2-1:0.20: probe with driver ums-sddr09 failed with error -22 [ 1011.661213][T17400] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3052'. [ 1013.269743][ T24] usb 2-1: USB disconnect, device number 107 [ 1014.150618][T17412] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3056'. [ 1014.711627][ T24] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1015.132518][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 1015.145514][ T24] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1015.405294][ T24] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1015.482395][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1015.505419][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1015.514722][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1015.583284][ T24] usbtmc 2-1:16.0: bulk endpoints not found [ 1016.272124][T17446] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 1016.280416][T17446] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 1016.288958][T17446] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 1017.108313][ T30] audit: type=1326 audit(1769387237.483:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1017.170347][ T30] audit: type=1326 audit(1769387237.483:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1017.253405][ T30] audit: type=1326 audit(1769387237.483:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1017.356575][ T30] audit: type=1326 audit(1769387237.483:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1017.381630][ T30] audit: type=1326 audit(1769387237.483:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1017.728462][ T24] usb 2-1: USB disconnect, device number 108 [ 1018.432369][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1018.469693][ T30] audit: type=1326 audit(1769387237.493:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1018.472649][T10691] usb 4-1: new full-speed USB device number 99 using dummy_hcd [ 1018.635488][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1018.647541][ T30] audit: type=1326 audit(1769387237.493:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1018.670750][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1018.686015][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1018.696090][ T30] audit: type=1326 audit(1769387237.503:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1018.725202][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.736863][ T30] audit: type=1326 audit(1769387237.503:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1018.779741][ T10] usb 1-1: config 0 descriptor?? [ 1018.792577][T10691] usb 4-1: config 0 has an invalid interface number: 133 but max is 0 [ 1018.811096][T10691] usb 4-1: config 0 has no interface number 0 [ 1018.823728][T10691] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1018.956564][T10691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1018.976066][ T30] audit: type=1326 audit(1769387237.503:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17455 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f11539 code=0x7ffc0000 [ 1019.013044][T10691] usb 4-1: Product: syz [ 1019.017276][T10691] usb 4-1: Manufacturer: syz [ 1019.024596][T10691] usb 4-1: SerialNumber: syz [ 1019.050056][T10691] usb 4-1: config 0 descriptor?? [ 1019.477533][T17469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1019.490528][T17469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1021.608970][ T10] usb 1-1: string descriptor 0 read error: -71 [ 1021.638920][ T10] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1021.668807][T10691] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected [ 1021.684922][ T10] usb 1-1: USB disconnect, device number 8 [ 1021.700037][T10691] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81 [ 1021.718160][T10691] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1 [ 1021.740984][T10691] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2 [ 1021.783857][T10691] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1021.810923][T10691] usb 4-1: USB disconnect, device number 99 [ 1022.022778][T10691] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1022.130379][T10691] keyspan 4-1:0.133: device disconnected [ 1023.510952][T17512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3077'. [ 1023.673344][T17519] vimc link validate: Scaler:src:16x16 (0x33424752, 12, 0, 4, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1024.011555][T17525] trusted_key: encrypted_key: key user:syz not found [ 1024.164751][T17529] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 1024.197306][T17529] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 1024.247601][T17529] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 1026.123534][T17541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3081'. [ 1026.454498][T17541] netlink: 'syz.3.3081': attribute type 10 has an invalid length. [ 1026.785095][T17551] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3084'. [ 1027.886469][T17571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3087'. [ 1029.576575][T17591] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3091'. [ 1029.693029][T17591] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3091'. [ 1029.827175][T17591] netlink: 'syz.3.3091': attribute type 3 has an invalid length. [ 1029.851617][ T24] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1029.873994][T17591] netlink: 11 bytes leftover after parsing attributes in process `syz.3.3091'. [ 1029.888047][T17593] : renamed from bridge_slave_0 [ 1030.025335][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 1030.038846][ T24] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 1030.049787][ T24] usb 2-1: config 0 has no interface number 0 [ 1030.074253][ T24] usb 2-1: config 0 interface 12 has no altsetting 0 [ 1030.097377][ T24] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1030.106683][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.115402][ T24] usb 2-1: Product: syz [ 1030.163505][ T24] usb 2-1: Manufacturer: syz [ 1030.168123][ T24] usb 2-1: SerialNumber: syz [ 1030.198333][ T24] usb 2-1: config 0 descriptor?? [ 1030.213866][ T24] f81534 2-1:0.12: required endpoints missing [ 1030.918957][T17604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3094'. [ 1030.932815][T17604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3094'. [ 1031.790671][T17611] trusted_key: encrypted_key: master key parameter '0000000004093' is invalid [ 1032.574406][T17615] netlink: 'syz.2.3096': attribute type 10 has an invalid length. [ 1032.657530][T17615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3096'. [ 1032.829763][T17618] netlink: 'syz.2.3096': attribute type 12 has an invalid length. [ 1032.877580][ T5877] usb 2-1: USB disconnect, device number 109 [ 1033.121688][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1033.121870][ T30] audit: type=1326 audit(1769387253.453:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.0.3097" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745d539 code=0x0 [ 1033.660140][T17635] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3098'. [ 1035.916313][ T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1036.211809][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1036.233058][ T24] usb 1-1: config 0 has an invalid interface number: 98 but max is 0 [ 1036.291580][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1036.311541][ T24] usb 1-1: config 0 has no interface number 0 [ 1036.327964][ T24] usb 1-1: config 0 interface 98 altsetting 2 bulk endpoint 0x8 has invalid maxpacket 16 [ 1036.374887][ T24] usb 1-1: config 0 interface 98 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1036.412331][ T24] usb 1-1: config 0 interface 98 has no altsetting 0 [ 1036.440409][ T24] usb 1-1: New USB device found, idVendor=0846, idProduct=1040, bcdDevice=d0.c9 [ 1036.462487][T17677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1036.472081][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1036.489012][T17677] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1036.501551][ T24] usb 1-1: Product: syz [ 1036.505769][ T24] usb 1-1: Manufacturer: syz [ 1036.510381][ T24] usb 1-1: SerialNumber: syz [ 1036.566226][ T24] usb 1-1: config 0 descriptor?? [ 1036.572401][T17669] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1036.580176][T17669] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1036.655950][T17673] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3108'. [ 1036.795937][T17668] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1036.804151][T17668] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1037.159612][T17683] netlink: 'syz.3.3110': attribute type 16 has an invalid length. [ 1037.172504][T17683] netlink: 'syz.3.3110': attribute type 17 has an invalid length. [ 1037.256220][T17683] 8021q: adding VLAN 0 to HW filter on device team0 [ 1037.272751][T17683] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1037.547011][T17693] usb usb8: usbfs: process 17693 (syz.1.3111) did not claim interface 0 before use [ 1037.592376][ T30] audit: type=1400 audit(1769387258.003:828): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=17684 comm="syz.1.3111" [ 1037.742123][T17697] netlink: 'syz.2.3114': attribute type 16 has an invalid length. [ 1037.760211][T17697] netlink: 'syz.2.3114': attribute type 17 has an invalid length. [ 1037.845372][T17697] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1038.023310][ T24] asix 1-1:0.98 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1039.291652][ T30] audit: type=1326 audit(1769387259.723:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17703 comm="syz.2.3115" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x0 [ 1039.929084][T17713] netlink: 'syz.1.3117': attribute type 16 has an invalid length. [ 1039.966335][T17713] netlink: 'syz.1.3117': attribute type 17 has an invalid length. [ 1039.999742][T17713] erspan0: entered promiscuous mode [ 1040.037426][T17713] 8021q: adding VLAN 0 to HW filter on device team0 [ 1040.725844][T17724] netlink: 'syz.3.3119': attribute type 16 has an invalid length. [ 1040.755583][T17724] netlink: 'syz.3.3119': attribute type 17 has an invalid length. [ 1041.033069][T17713] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1041.056423][ T24] asix 1-1:0.98 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1041.073351][ T24] asix 1-1:0.98 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1041.132282][ T24] asix 1-1:0.98: probe with driver asix failed with error -71 [ 1041.164028][ T24] usb 1-1: USB disconnect, device number 9 [ 1041.229245][T17724] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1041.270215][T17731] netlink: 'syz.1.3122': attribute type 16 has an invalid length. [ 1041.280383][T17731] netlink: 'syz.1.3122': attribute type 17 has an invalid length. [ 1041.627986][T17731] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1041.818872][T17740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3123'. [ 1042.533611][T17745] netlink: 'syz.0.3125': attribute type 16 has an invalid length. [ 1042.554993][T17745] netlink: 'syz.0.3125': attribute type 17 has an invalid length. [ 1042.675661][ T30] audit: type=1326 audit(1769387263.103:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1042.842923][ T30] audit: type=1326 audit(1769387263.103:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1042.868213][ T30] audit: type=1326 audit(1769387263.103:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1042.892677][ T30] audit: type=1326 audit(1769387263.103:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.026082][ T30] audit: type=1326 audit(1769387263.103:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.063006][T17745] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1043.098713][ T30] audit: type=1326 audit(1769387263.103:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.132327][ T30] audit: type=1326 audit(1769387263.103:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.305006][ T30] audit: type=1326 audit(1769387263.103:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.364939][ T30] audit: type=1326 audit(1769387263.103:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17742 comm="syz.1.3124" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85539 code=0x7ffc0000 [ 1043.467634][T17754] netlink: 'syz.2.3128': attribute type 16 has an invalid length. [ 1043.488308][T17754] netlink: 'syz.2.3128': attribute type 17 has an invalid length. [ 1043.637287][T17754] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1043.686052][T17760] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1043.766614][T17761] netlink: 'syz.1.3129': attribute type 16 has an invalid length. [ 1043.801615][T17761] netlink: 'syz.1.3129': attribute type 17 has an invalid length. [ 1043.863114][T17761] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1044.342654][T17770] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3130'. [ 1044.358656][T17770] netlink: 'syz.2.3130': attribute type 10 has an invalid length. [ 1044.370537][T17770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3130'. [ 1044.781262][T17770] team0 (unregistering): left promiscuous mode [ 1044.799976][T17770] team_slave_0: left promiscuous mode [ 1044.808048][T17770] team_slave_1: left promiscuous mode [ 1044.862359][T17770] team0 (unregistering): Port device team_slave_0 removed [ 1044.918964][T17770] team0 (unregistering): Port device team_slave_1 removed [ 1045.756445][T17783] netlink: 'syz.0.3135': attribute type 16 has an invalid length. [ 1045.764743][T17783] netlink: 'syz.0.3135': attribute type 17 has an invalid length. [ 1045.792857][T17783] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1045.888326][T17785] netlink: 'syz.4.3134': attribute type 16 has an invalid length. [ 1045.912101][T17785] netlink: 'syz.4.3134': attribute type 17 has an invalid length. [ 1045.937801][T17785] 8021q: adding VLAN 0 to HW filter on device team0 [ 1045.965370][T17785] batman_adv: batadv0: Interface activated: dummy0 [ 1045.981000][T17785] batadv0: mtu less than device minimum [ 1045.998289][T17785] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1046.010106][T17785] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1046.021883][T17785] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1046.033162][T17785] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1046.044226][T17785] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1048.369904][T17821] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3143'. [ 1049.347925][T17831] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1049.586366][ T43] usb 5-1: new full-speed USB device number 110 using dummy_hcd [ 1050.137975][ T43] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1050.147163][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.159008][ T43] usb 5-1: config 0 descriptor?? [ 1050.786031][T17838] netlink: 'syz.0.3148': attribute type 16 has an invalid length. [ 1050.794742][T17838] netlink: 'syz.0.3148': attribute type 17 has an invalid length. [ 1050.825321][T17838] net_ratelimit: 15 callbacks suppressed [ 1050.825331][T17838] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1051.646496][T17830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1051.656100][T17830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1051.953518][T17854] usb usb8: usbfs: process 17854 (syz.3.3149) did not claim interface 0 before use [ 1051.971296][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1051.971316][ T30] audit: type=1400 audit(1769387272.403:860): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=17843 comm="syz.3.3149" [ 1052.069735][ T43] pegasus 5-1:0.0: can't reset MAC [ 1052.087285][ T43] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 1052.149625][ T43] usb 5-1: USB disconnect, device number 110 [ 1052.456934][T17856] netlink: 'syz.1.3151': attribute type 16 has an invalid length. [ 1052.492486][T17856] netlink: 'syz.1.3151': attribute type 17 has an invalid length. [ 1052.702516][T17856] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1053.035289][T17860] netlink: 'syz.4.3153': attribute type 16 has an invalid length. [ 1053.054397][T17860] netlink: 'syz.4.3153': attribute type 17 has an invalid length. [ 1053.092005][T17860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1053.888008][T17876] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3157'. [ 1054.082617][T17880] netlink: 179596 bytes leftover after parsing attributes in process `syz.4.3157'. [ 1054.113895][ T43] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1054.342495][ T43] usb 1-1: device descriptor read/64, error -71 [ 1054.515371][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.522445][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.622616][ T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1054.784250][T17887] netlink: 'syz.2.3160': attribute type 16 has an invalid length. [ 1054.798907][T17887] netlink: 'syz.2.3160': attribute type 17 has an invalid length. [ 1054.825671][T17887] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1054.841265][ T43] usb 1-1: device descriptor read/64, error -71 [ 1054.952310][ T43] usb usb1-port1: attempt power cycle [ 1055.050576][T17892] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1055.311857][ T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1055.729514][ T43] usb 1-1: device descriptor read/8, error -71 [ 1056.041618][ T43] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1056.063281][ T43] usb 1-1: device descriptor read/8, error -71 [ 1056.211975][ T43] usb usb1-port1: unable to enumerate USB device [ 1057.062697][T17908] netlink: 'syz.2.3165': attribute type 16 has an invalid length. [ 1057.079206][T17904] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1057.132077][T17908] netlink: 'syz.2.3165': attribute type 17 has an invalid length. [ 1057.612262][T17908] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1057.654035][T17914] netlink: 'syz.0.3166': attribute type 16 has an invalid length. [ 1057.662457][T17914] netlink: 'syz.0.3166': attribute type 17 has an invalid length. [ 1057.675227][T17914] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1058.434805][T17926] netlink: 'syz.4.3170': attribute type 16 has an invalid length. [ 1058.534531][ T43] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 1058.602459][T17926] netlink: 'syz.4.3170': attribute type 17 has an invalid length. [ 1058.642826][T17931] usb usb8: usbfs: process 17931 (syz.2.3167) did not claim interface 0 before use [ 1058.652665][T17926] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1058.679131][ T30] audit: type=1400 audit(1769387279.093:861): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=17916 comm="syz.2.3167" [ 1058.771079][ T43] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 1058.781483][ T43] usb 1-1: config 0 has no interface number 0 [ 1058.813970][ T43] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1058.847246][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1058.874803][ T43] usb 1-1: Product: syz [ 1058.885846][ T43] usb 1-1: Manufacturer: syz [ 1058.890969][ T43] usb 1-1: SerialNumber: syz [ 1058.973377][T17933] netlink: 'syz.4.3171': attribute type 16 has an invalid length. [ 1058.985510][ T43] usb 1-1: config 0 descriptor?? [ 1059.172420][T17933] netlink: 'syz.4.3171': attribute type 17 has an invalid length. [ 1059.206760][T17933] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1059.824368][T17935] netlink: 'syz.4.3173': attribute type 16 has an invalid length. [ 1059.840302][T17935] netlink: 'syz.4.3173': attribute type 17 has an invalid length. [ 1059.867228][T17935] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1060.353753][T17944] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1060.469092][T17946] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1061.164435][T17952] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1061.435229][T17956] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1061.489270][ T43] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected [ 1061.558185][ T43] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81 [ 1061.578547][ T43] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1 [ 1061.630567][ T43] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2 [ 1061.649932][ T43] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1061.687107][T17960] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1061.703277][ T43] usb 1-1: USB disconnect, device number 14 [ 1061.712858][ T43] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1061.773176][ T43] keyspan 1-1:0.133: device disconnected [ 1062.022491][T17962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1062.976900][T17980] validate_nla: 10 callbacks suppressed [ 1062.976921][T17980] netlink: 'syz.0.3188': attribute type 16 has an invalid length. [ 1063.005984][T17982] netlink: 'syz.1.3187': attribute type 16 has an invalid length. [ 1063.017786][T17980] netlink: 'syz.0.3188': attribute type 17 has an invalid length. [ 1063.033176][T17985] trusted_key: encrypted_key: insufficient parameters specified [ 1063.170045][T17982] netlink: 'syz.1.3187': attribute type 17 has an invalid length. [ 1063.180284][T17980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1063.220816][T17982] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1063.417637][T17989] netlink: 'syz.0.3190': attribute type 16 has an invalid length. [ 1063.454896][T17989] netlink: 'syz.0.3190': attribute type 17 has an invalid length. [ 1063.480547][T17989] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1063.928725][T17996] netlink: 'syz.0.3192': attribute type 16 has an invalid length. [ 1063.959656][T17996] netlink: 'syz.0.3192': attribute type 17 has an invalid length. [ 1064.085062][T17996] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1064.337227][T17999] netlink: 'syz.0.3193': attribute type 16 has an invalid length. [ 1064.345885][T17999] netlink: 'syz.0.3193': attribute type 17 has an invalid length. [ 1064.532903][T17999] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1064.667180][T18001] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1065.512576][T18012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3198'. [ 1065.649254][T18017] netlink: 179596 bytes leftover after parsing attributes in process `syz.1.3198'. [ 1066.132461][T18020] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1066.517502][T18022] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1067.002806][T18026] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1067.500419][T18040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3204'. [ 1067.517375][T18040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3204'. [ 1068.003978][ T43] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1068.216707][ T43] usb 4-1: device descriptor read/64, error -71 [ 1068.501770][ T43] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1068.533038][T18051] validate_nla: 8 callbacks suppressed [ 1068.533051][T18051] netlink: 'syz.0.3208': attribute type 16 has an invalid length. [ 1068.590932][T18051] netlink: 'syz.0.3208': attribute type 17 has an invalid length. [ 1068.611186][T18047] trusted_key: encrypted_key: insufficient parameters specified [ 1068.650545][ T43] usb 4-1: device descriptor read/64, error -71 [ 1068.666385][T18051] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1068.792723][ T43] usb usb4-port1: attempt power cycle [ 1069.392722][ T43] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1069.432318][ T43] usb 4-1: device descriptor read/8, error -71 [ 1069.713031][ T43] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1069.772454][ T43] usb 4-1: device descriptor read/8, error -71 [ 1069.963269][ T43] usb usb4-port1: unable to enumerate USB device [ 1070.303912][T18065] netlink: 'syz.3.3211': attribute type 16 has an invalid length. [ 1070.325388][T18065] netlink: 'syz.3.3211': attribute type 17 has an invalid length. [ 1070.388381][T18065] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1072.993022][T18090] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1074.039971][T18101] netlink: 'syz.4.3219': attribute type 16 has an invalid length. [ 1074.087828][T18101] netlink: 'syz.4.3219': attribute type 17 has an invalid length. [ 1074.100690][T18102] netlink: 'syz.1.3220': attribute type 16 has an invalid length. [ 1074.174929][T18101] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1074.176013][T18102] netlink: 'syz.1.3220': attribute type 17 has an invalid length. [ 1074.315239][T18102] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1074.878113][ T5890] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1075.092762][ T5890] usb 5-1: device descriptor read/64, error -71 [ 1075.422074][ T5890] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 1075.786559][ T5890] usb 5-1: device descriptor read/64, error -71 [ 1076.093110][ T5890] usb usb5-port1: attempt power cycle [ 1076.442860][ T5890] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 1076.479196][ T5890] usb 5-1: device descriptor read/8, error -71 [ 1076.832565][ T5890] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 1077.109009][ T5890] usb 5-1: device descriptor read/8, error -71 [ 1077.247652][ T5890] usb usb5-port1: unable to enumerate USB device [ 1078.833121][T18158] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1088.385401][T18244] netlink: 'syz.3.3252': attribute type 16 has an invalid length. [ 1088.398798][T18244] netlink: 'syz.3.3252': attribute type 17 has an invalid length. [ 1088.665936][T18244] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1093.058949][T18301] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3262'. [ 1093.642705][T18301] netlink: 'syz.2.3262': attribute type 16 has an invalid length. [ 1093.650724][T18301] netlink: 'syz.2.3262': attribute type 17 has an invalid length. [ 1093.706643][T18301] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1095.252792][T18318] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3267'. [ 1095.289904][T18318] netlink: 'syz.3.3267': attribute type 16 has an invalid length. [ 1095.301690][T18318] netlink: 'syz.3.3267': attribute type 17 has an invalid length. [ 1095.318912][T18318] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1095.786370][T18323] fuse: Unknown parameter 'group_id00000000000000000000' [ 1098.572832][T18345] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1101.766027][T18387] netlink: 'syz.0.3282': attribute type 16 has an invalid length. [ 1101.795328][T18387] netlink: 'syz.0.3282': attribute type 17 has an invalid length. [ 1102.198136][T18387] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1108.370577][T18445] netlink: 'syz.0.3297': attribute type 16 has an invalid length. [ 1108.378705][T18445] netlink: 'syz.0.3297': attribute type 17 has an invalid length. [ 1108.458618][T18445] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1108.764997][T18447] netlink: 'syz.3.3298': attribute type 16 has an invalid length. [ 1108.773490][T18447] netlink: 'syz.3.3298': attribute type 17 has an invalid length. [ 1108.819289][T18447] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1111.230931][T18475] netlink: 'syz.0.3305': attribute type 16 has an invalid length. [ 1111.315879][T18475] netlink: 'syz.0.3305': attribute type 17 has an invalid length. [ 1111.344324][T18475] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1115.687793][T18516] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1115.728916][T18516] netlink: 'syz.1.3315': attribute type 16 has an invalid length. [ 1115.798301][T18516] netlink: 'syz.1.3315': attribute type 17 has an invalid length. [ 1115.844797][T18516] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1115.904902][T18521] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3317'. [ 1116.069853][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.076756][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.188371][T18521] netlink: 'syz.2.3317': attribute type 16 has an invalid length. [ 1116.204251][T18521] netlink: 'syz.2.3317': attribute type 17 has an invalid length. [ 1116.313274][T18525] netlink: 'syz.3.3318': attribute type 16 has an invalid length. [ 1116.328108][T18525] netlink: 'syz.3.3318': attribute type 17 has an invalid length. [ 1116.358782][T18521] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.415964][T18525] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.858185][T18538] netlink: 'syz.3.3321': attribute type 16 has an invalid length. [ 1116.866580][T18538] netlink: 'syz.3.3321': attribute type 17 has an invalid length. [ 1116.920515][T18538] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.948821][T18541] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3322'. [ 1117.058991][T18542] netlink: 'syz.4.3322': attribute type 16 has an invalid length. [ 1117.109206][T18542] netlink: 'syz.4.3322': attribute type 17 has an invalid length. [ 1117.572495][T18542] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1121.489641][T18587] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3333'. [ 1121.499935][T18587] netlink: 'syz.2.3333': attribute type 16 has an invalid length. [ 1121.508191][T18587] netlink: 'syz.2.3333': attribute type 17 has an invalid length. [ 1121.573571][T18587] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1121.974015][T18592] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3335'. [ 1121.990668][T18592] netlink: 'syz.0.3335': attribute type 16 has an invalid length. [ 1121.999124][T18592] netlink: 'syz.0.3335': attribute type 17 has an invalid length. [ 1122.044758][T18592] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1136.203558][T18758] netlink: 'syz.4.3377': attribute type 16 has an invalid length. [ 1137.843570][T18771] netlink: 'syz.3.3379': attribute type 10 has an invalid length. [ 1137.854252][T18771] batman_adv: batadv0: Adding interface: netdevsim0 [ 1137.861033][T18771] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1137.924523][T18771] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active [ 1140.559003][T18800] netlink: 'syz.0.3387': attribute type 10 has an invalid length. [ 1142.684893][T18822] netlink: 'syz.3.3392': attribute type 10 has an invalid length. [ 1144.147332][T18832] netlink: 'syz.1.3394': attribute type 10 has an invalid length. [ 1145.480596][T18846] netlink: 'syz.4.3399': attribute type 16 has an invalid length. [ 1145.491474][T18846] netlink: 'syz.4.3399': attribute type 17 has an invalid length. [ 1145.890297][T18846] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1146.067267][T18852] netlink: 'syz.3.3400': attribute type 10 has an invalid length. [ 1146.360120][T18856] netlink: 'syz.4.3401': attribute type 10 has an invalid length. [ 1146.370009][T18856] batman_adv: batadv0: Adding interface:  [ 1146.458508][T18856] batman_adv: batadv0: The MTU of interface  is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1146.573377][T18856] batman_adv: batadv0: Not using interface  (retrying later): interface not active [ 1146.800304][T18861] netlink: 'syz.0.3402': attribute type 10 has an invalid length. [ 1147.765769][T18869] netlink: 'syz.3.3405': attribute type 10 has an invalid length. [ 1149.091309][T18884] netlink: 'syz.0.3408': attribute type 10 has an invalid length. [ 1149.209149][T18886] netlink: 'syz.4.3409': attribute type 10 has an invalid length. [ 1149.733043][T18892] netlink: 'syz.3.3410': attribute type 10 has an invalid length. [ 1150.419518][T18899] netlink: 'syz.1.3412': attribute type 10 has an invalid length. [ 1151.302506][T18903] netlink: 'syz.4.3413': attribute type 10 has an invalid length. [ 1152.691067][T18922] netlink: 'syz.1.3418': attribute type 10 has an invalid length. [ 1152.876737][T18930] netlink: 'syz.4.3419': attribute type 10 has an invalid length. [ 1155.148797][T18949] netlink: 'syz.1.3426': attribute type 10 has an invalid length. [ 1155.430731][T18954] netlink: 'syz.4.3427': attribute type 10 has an invalid length. [ 1155.907474][T18961] netlink: 'syz.1.3429': attribute type 10 has an invalid length. [ 1160.045623][T19010] netlink: 'syz.4.3441': attribute type 10 has an invalid length. [ 1160.180223][T19012] netlink: 'syz.2.3442': attribute type 10 has an invalid length. [ 1160.516398][T19020] fuse: Invalid rootmode [ 1161.331958][T19028] netlink: 'syz.1.3446': attribute type 10 has an invalid length. [ 1162.556034][T19047] netlink: 'syz.3.3451': attribute type 10 has an invalid length. [ 1162.635543][T19051] netlink: 'syz.0.3450': attribute type 10 has an invalid length. [ 1162.793617][T19053] netlink: 'syz.2.3452': attribute type 10 has an invalid length. [ 1164.469960][T19069] fuse: Invalid rootmode [ 1167.476893][T19106] netlink: 'syz.0.3467': attribute type 10 has an invalid length. [ 1168.358442][T19110] netlink: 'syz.1.3468': attribute type 10 has an invalid length. [ 1168.834550][T19124] netlink: 'syz.4.3472': attribute type 10 has an invalid length. [ 1169.155690][T19125] netlink: 'syz.2.3471': attribute type 10 has an invalid length. [ 1170.263826][T19136] fuse: Invalid rootmode [ 1170.629033][T19148] netlink: 'syz.4.3476': attribute type 10 has an invalid length. [ 1170.927340][T19157] netlink: 'syz.3.3481': attribute type 10 has an invalid length. [ 1171.428253][T19161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3484'. [ 1172.393809][T19176] netlink: 'syz.4.3486': attribute type 10 has an invalid length. [ 1172.601795][T19180] netlink: 'syz.0.3488': attribute type 10 has an invalid length. [ 1174.226333][T19204] fuse: Bad value for 'rootmode' [ 1174.544070][T19211] netlink: 'syz.2.3497': attribute type 10 has an invalid length. [ 1176.524056][T19236] netlink: 'syz.1.3502': attribute type 10 has an invalid length. [ 1177.055504][T19244] netlink: 'syz.0.3505': attribute type 10 has an invalid length. [ 1177.436332][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.444060][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.942034][T19252] netlink: 'syz.1.3507': attribute type 10 has an invalid length. [ 1178.340139][T19260] program syz.4.3509 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1178.808740][T19267] netlink: 'syz.1.3511': attribute type 10 has an invalid length. [ 1179.318266][T19275] fuse: Bad value for 'rootmode' [ 1180.966871][T19293] netlink: 'syz.3.3517': attribute type 10 has an invalid length. [ 1181.363324][T19296] faux_driver vgem: [drm] Unknown color mode 2054; guessing buffer size. [ 1181.913993][T19302] program syz.1.3519 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1183.821435][T19321] netlink: 'syz.4.3524': attribute type 10 has an invalid length. [ 1191.442730][T19400] program syz.1.3541 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1191.654972][T19403] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1191.839742][T19408] netlink: 'syz.3.3543': attribute type 16 has an invalid length. [ 1191.857638][T19408] netlink: 'syz.3.3543': attribute type 17 has an invalid length. [ 1191.879226][T19408] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1193.251890][T19424] netlink: 'syz.4.3547': attribute type 10 has an invalid length. [ 1195.207998][T19454] netlink: 'syz.2.3556': attribute type 10 has an invalid length. [ 1195.807619][T19465] program syz.0.3557 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1197.867259][T19483] netlink: 'syz.4.3561': attribute type 10 has an invalid length. [ 1199.326812][T19495] netlink: 'syz.2.3565': attribute type 10 has an invalid length. [ 1199.750352][T19500] netlink: 'syz.1.3566': attribute type 10 has an invalid length. [ 1200.110546][T19506] netlink: 'syz.2.3567': attribute type 10 has an invalid length. [ 1200.533668][T19508] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3569'. [ 1200.642733][T19510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3570'. [ 1200.680111][T19513] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3571'. [ 1200.726734][T19510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3570'. [ 1201.039945][T19510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3570'. [ 1201.374846][T19527] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1201.908919][T19540] program syz.4.3576 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1202.324587][T19539] netlink: 'syz.0.3575': attribute type 10 has an invalid length. [ 1203.274612][T19560] netlink: 'syz.2.3581': attribute type 16 has an invalid length. [ 1203.312741][T19560] netlink: 'syz.2.3581': attribute type 17 has an invalid length. [ 1203.415684][T19560] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1204.907504][T19581] netlink: 'syz.0.3586': attribute type 10 has an invalid length. [ 1208.909836][T19631] netlink: 'syz.2.3596': attribute type 10 has an invalid length. [ 1209.203456][T19634] netlink: 'syz.4.3597': attribute type 10 has an invalid length. [ 1209.450890][T19637] netlink: 'syz.0.3599': attribute type 10 has an invalid length. [ 1212.035677][T19668] netlink: 'syz.3.3604': attribute type 10 has an invalid length. [ 1212.323633][T19675] program syz.1.3606 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1212.854428][T19678] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1212.912279][T19679] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3607'. [ 1216.005483][T19723] netlink: 'syz.0.3619': attribute type 10 has an invalid length. [ 1216.452039][T19735] netlink: 'syz.1.3622': attribute type 10 has an invalid length. [ 1217.354699][T19738] program syz.3.3624 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1217.373709][T19742] netlink: 'syz.2.3623': attribute type 10 has an invalid length. [ 1217.628456][T19749] netlink: 'syz.1.3627': attribute type 16 has an invalid length. [ 1217.638342][T19749] netlink: 'syz.1.3627': attribute type 17 has an invalid length. [ 1217.653339][T19749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1219.542841][T19771] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 1219.569888][T19771] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3633'. [ 1220.850611][T19790] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 1221.339356][T19796] netlink: 'syz.1.3638': attribute type 16 has an invalid length. [ 1221.459834][T19796] netlink: 'syz.1.3638': attribute type 17 has an invalid length. [ 1221.518209][T19796] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1223.295770][T19823] program syz.4.3643 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1224.280852][T19830] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1224.865094][T19834] program syz.1.3644 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1225.264964][T19843] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 1225.933986][T19856] program syz.1.3651 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1226.962772][T19870] netlink: 'syz.0.3653': attribute type 10 has an invalid length. [ 1228.156056][T19878] netlink: 'syz.1.3654': attribute type 10 has an invalid length. [ 1228.640985][T19894] program syz.3.3657 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1230.352267][T19904] program syz.0.3659 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1230.707510][T19915] program syz.3.3662 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1230.872561][T19918] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 1230.965440][T19918] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3663'. [ 1231.801682][ T31] INFO: task kworker/1:7:5915 blocked for more than 143 seconds. [ 1231.809893][ T31] Tainted: G L syzkaller #0 [ 1232.194837][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1232.226216][ T31] task:kworker/1:7 state:D stack:25240 pid:5915 tgid:5915 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1232.260677][ T31] Workqueue: usb_hub_wq hub_event [ 1232.275816][ T31] Call Trace: [ 1232.280313][ T31] [ 1232.292324][ T31] __schedule+0x14ef/0x4fb0 [ 1232.312029][ T31] ? __pfx___schedule+0x10/0x10 [ 1232.327774][ T31] ? schedule+0x90/0x360 [ 1232.356385][ T31] schedule+0x164/0x360 [ 1232.368954][ T31] usb_kill_urb+0x1cf/0x2f0 [ 1232.376458][ T31] ? __pfx_usb_kill_urb+0x10/0x10 [ 1232.395833][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1232.411255][ T31] usb_start_wait_urb+0x1a3/0x510 [ 1232.433640][ T31] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 1232.447764][ T31] usb_control_msg+0x232/0x3e0 [ 1232.453809][ T31] hub_port_init+0xb1e/0x28d0 [ 1232.470251][ T31] hub_event+0x2593/0x4f30 [ 1232.480513][ T31] ? __pfx_hub_event+0x10/0x10 [ 1232.485395][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 1232.499054][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 1232.552172][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 1232.557946][ T31] process_scheduled_works+0xaec/0x17a0 [ 1232.569628][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1232.575678][ T31] ? do_raw_spin_lock+0x12b/0x2f0 [ 1232.580701][ T31] ? assign_work+0x3d3/0x440 [ 1232.587806][ T31] worker_thread+0x89f/0xd90 [ 1232.603003][ T31] ? __kthread_parkme+0x7a/0x1f0 [ 1232.608077][ T31] kthread+0x726/0x8b0 [ 1232.613694][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1232.679378][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.690883][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1232.702469][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.711822][ T31] ret_from_fork+0x51b/0xa40 [ 1232.718764][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1232.729060][ T31] ? __switch_to+0xc82/0x1410 [ 1232.739201][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.749474][ T31] ret_from_fork_asm+0x1a/0x30 [ 1232.755691][ T31] [ 1232.761693][ T31] [ 1232.761693][ T31] Showing all locks held in the system: [ 1232.786844][ T31] 1 lock held by khungtaskd/31: [ 1232.797137][ T31] #0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1232.817637][ T31] 2 locks held by getty/5585: [ 1232.828964][ T31] #0: ffff88814dd850a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1232.849224][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 1232.869791][ T31] 5 locks held by kworker/1:7/5915: [ 1232.880906][ T31] #0: ffff88801dae8148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 [ 1232.904773][ T31] #1: ffffc90005397bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 [ 1232.925594][ T31] #2: ffff888144bbf198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 1232.935436][ T31] #3: ffff8881453b2518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30 [ 1232.945436][ T31] #4: ffff888144f3eb68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21a2/0x4f30 [ 1232.955240][ T31] [ 1232.957597][ T31] ============================================= [ 1232.957597][ T31] [ 1232.966228][ T31] NMI backtrace for cpu 1 [ 1232.966244][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1232.966258][ T31] Tainted: [L]=SOFTLOCKUP [ 1232.966261][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1232.966267][ T31] Call Trace: [ 1232.966271][ T31] [ 1232.966276][ T31] dump_stack_lvl+0xe8/0x150 [ 1232.966293][ T31] nmi_cpu_backtrace+0x274/0x2d0 [ 1232.966306][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1232.966317][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1232.966330][ T31] sys_info+0x135/0x170 [ 1232.966339][ T31] watchdog+0xf90/0xfe0 [ 1232.966355][ T31] ? watchdog+0x209/0xfe0 [ 1232.966394][ T31] kthread+0x726/0x8b0 [ 1232.966409][ T31] ? __pfx_watchdog+0x10/0x10 [ 1232.966422][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.966435][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1232.966447][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.966460][ T31] ret_from_fork+0x51b/0xa40 [ 1232.966471][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1232.966479][ T31] ? __switch_to+0xc82/0x1410 [ 1232.966496][ T31] ? __pfx_kthread+0x10/0x10 [ 1232.966508][ T31] ret_from_fork_asm+0x1a/0x30 [ 1232.966527][ T31] [ 1232.966531][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1233.091781][ C0] NMI backtrace for cpu 0 [ 1233.091800][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 1233.091822][ C0] Tainted: [L]=SOFTLOCKUP [ 1233.091828][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1233.091838][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1233.091866][ C0] Code: 89 44 11 20 c3 cc cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d b8 01 0d 11 65 8b 15 d9 01 0d 11 81 e2 00 01 ff 00 74 [ 1233.091880][ C0] RSP: 0018:ffffc90000007b80 EFLAGS: 00000293 [ 1233.091895][ C0] RAX: ffffffff89878db6 RBX: 00000010c6f7a0b5 RCX: ffffffff8e0953c0 [ 1233.091907][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 00000010c6f7a0b5 [ 1233.091917][ C0] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 1233.091927][ C0] R10: dffffc0000000000 R11: fffff52000000f74 R12: 00000015798ee228 [ 1233.091938][ C0] R13: 0019999999999998 R14: ffffc9001de233d0 R15: 0000000225c17d04 [ 1233.091950][ C0] FS: 0000000000000000(0000) GS:ffff888125926000(0000) knlGS:0000000000000000 [ 1233.091963][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1233.091974][ C0] CR2: 00000000f7206d10 CR3: 000000007ef52000 CR4: 00000000003526f0 [ 1233.091989][ C0] Call Trace: [ 1233.091998][ C0] [ 1233.092003][ C0] pie_calculate_probability+0x266/0x7e0 [ 1233.092034][ C0] fq_pie_timer+0x288/0x5b0 [ 1233.092056][ C0] ? fq_pie_timer+0x4d/0x5b0 [ 1233.092079][ C0] call_timer_fn+0x192/0x5a0 [ 1233.092096][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1233.092116][ C0] ? call_timer_fn+0xd4/0x5a0 [ 1233.092133][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1233.092154][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1233.092173][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1233.092194][ C0] __run_timer_base+0x652/0x8b0 [ 1233.092217][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1233.092231][ C0] ? clockevents_program_event+0x247/0x350 [ 1233.092252][ C0] ? sched_clock_cpu+0x74/0x440 [ 1233.092271][ C0] run_timer_softirq+0xb7/0x170 [ 1233.092287][ C0] handle_softirqs+0x22a/0x7c0 [ 1233.092312][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 1233.092332][ C0] __irq_exit_rcu+0x5f/0x150 [ 1233.092347][ C0] irq_exit_rcu+0x9/0x30 [ 1233.092362][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1233.092383][ C0] [ 1233.092389][ C0] [ 1233.092395][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1233.092412][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1233.092432][ C0] Code: 28 5f 02 e9 d3 e5 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 b7 10 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 1233.092446][ C0] RSP: 0018:ffffffff8e007dc0 EFLAGS: 00000246 [ 1233.092458][ C0] RAX: 000000000192e0cf RBX: ffffffff8198427d RCX: 0000000080000001 [ 1233.092469][ C0] RDX: 0000000000000001 RSI: ffffffff8dacfb53 RDI: ffffffff8be73880 [ 1233.092480][ C0] RBP: ffffffff8e007eb0 R08: ffff8880b86336db R09: 1ffff110170c66db [ 1233.092492][ C0] R10: dffffc0000000000 R11: ffffed10170c66dc R12: ffffffff8fceef70 [ 1233.092504][ C0] R13: 1ffffffff1c12a78 R14: 0000000000000000 R15: 0000000000000000 [ 1233.092515][ C0] ? do_idle+0x1bd/0x500 [ 1233.092536][ C0] default_idle+0x9/0x20 [ 1233.092550][ C0] default_idle_call+0x72/0xb0 [ 1233.092564][ C0] do_idle+0x1bd/0x500 [ 1233.092580][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 1233.092602][ C0] ? __pfx_do_idle+0x10/0x10 [ 1233.092623][ C0] cpu_startup_entry+0x43/0x60 [ 1233.092640][ C0] rest_init+0x2de/0x300 [ 1233.092656][ C0] start_kernel+0x380/0x3d0 [ 1233.092675][ C0] x86_64_start_reservations+0x24/0x30 [ 1233.092696][ C0] x86_64_start_kernel+0x143/0x1c0 [ 1233.092717][ C0] common_startup_64+0x13e/0x147 [ 1233.092743][ C0] [ 1233.462778][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1233.469634][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1233.480416][ T31] Tainted: [L]=SOFTLOCKUP [ 1233.484737][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1233.494796][ T31] Call Trace: [ 1233.498071][ T31] [ 1233.500989][ T31] vpanic+0x1e0/0x670 [ 1233.504969][ T31] panic+0xc5/0xd0 [ 1233.508682][ T31] ? __pfx_panic+0x10/0x10 [ 1233.513102][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1233.518520][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 1233.524781][ T31] watchdog+0xfda/0xfe0 [ 1233.528947][ T31] ? watchdog+0x209/0xfe0 [ 1233.533287][ T31] kthread+0x726/0x8b0 [ 1233.537355][ T31] ? __pfx_watchdog+0x10/0x10 [ 1233.542020][ T31] ? __pfx_kthread+0x10/0x10 [ 1233.546626][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1233.551836][ T31] ? __pfx_kthread+0x10/0x10 [ 1233.556525][ T31] ret_from_fork+0x51b/0xa40 [ 1233.561114][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1233.566224][ T31] ? __switch_to+0xc82/0x1410 [ 1233.570913][ T31] ? __pfx_kthread+0x10/0x10 [ 1233.575510][ T31] ret_from_fork_asm+0x1a/0x30 [ 1233.580298][ T31] [ 1233.583669][ T31] Kernel Offset: disabled [ 1233.587984][ T31] Rebooting in 86400 seconds..