last executing test programs: 5m24.349913697s ago: executing program 3 (id=1387): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000080)) ioctl$MEDIA_REQUEST_IOC_REINIT(r1, 0x7c81, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000200)={&(0x7f0000001000)={[{&(0x7f00000000c0)="f4b4429febc5f01130a296886f3c97a50ce9ce638b2793aa16ee154007c91cd6c9fa0ad2b1547896c5fca49c43c6fcf0ae33dec02570d0be2ba5be8066d287556f040254ec66cdf9389d7caa71f4cec84993d3fea0c08f5bfd1ed9a83cc2be666a170dc5308abbdaa08d491a", 0x6c, 0x2}, {&(0x7f0000000140)="3f070810a48ad494255eacb3876b1b3bb43f941812c143706865b966b614e626d794a2e5", 0x24, 0x3}, {&(0x7f0000000180)="fed42db41211870866d057c598d3cfdf810fb5ab27ff4ad28460ccc1a9e5a9d3ef4d162879c0a878f58aeeebfd488f430aa62eff0e25b36bc7fc74935f3f3a95afde3226c358ca1587dada9eebe17c9c8159e0ce81e4c3c93c0460ec42238a21207092e3d3114be29527", 0x6a}]}, 0x3}, 0x1) add_key$fscrypt_v1(&(0x7f0000000240), &(0x7f0000000280)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "b05808f4e90648ba2352dedc0044f948020da7e76110613a9e7995d4fb25902fde48dcb0c6e12e304800ead14e9103f826a4dc980aece9426d76068739f7a943", 0x22}, 0x48, 0xfffffffffffffff9) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000700)={0x5, &(0x7f0000000640)=[{0xcb, 0x1000, &(0x7f0000002000)="a0c074aa6dd8512eecd74d86b47f0cea79d9087f2bc370af7684fb524123c6d6091cdd5b473b1dbb3150a2d5a32397d647ffd75f218505cc68b130847499364e4277833905816a55897b716ab715acf7f9b869a68f639ac587c029e07e791d0af83e079f32e6e77cb7c06b8f289d1225c821f71ddcec46c7a8f2dca9688aeaf0b287da11c4aa264ecc2eaf5c60df11cfa6f852b7eabc9c6ea5719c24a1ba79d6877c0899c58584b76815678f1f06c912969b1adc42687dbef121299c8bf351a4208366993fd3f91b7e6cf32e2fa9450c81dc1ca64d22e48aa0d6973fa2349abd2d4cd4a191f62b3cd991afcca1c03289444fc399212aec1afe314b08bd839677749fc48be64cfc0b56bdb4c8023444fc190692fcffdddd5382d93d1a80ed1d8995ebced648755644ae17458bae3e429f7f46df9cc2b1522a8062da5eaf43b0e1f191f39e0f3510ac9b8df0388d843ec123d69ce2e6b808d571c530b0fecf286e3b6a21cf5ff51aafacad97be8363f08624e9bf8e929250e550e4757ea1b0a578f620e790f0abcbc8d75e9d04a8b25d6f517e4983f66e7e159ce256291c0957065a94e450ff7affa715d471ab49552640d2fc0f67d8ff1a34959a3b2ae8ea1c50ed703a06bdbf05fe17d1f0ab814ebd8da9806fa9bccaf5198b1050c73f7b8cdb33715b27020f242d4be80e733ff8ddd8647dc3f61a33f896ee8e82ee7051183a7e2e550c54457dcaf6fe764551bf913d5ed6af25c585c591e052e344f7e07d21ace0e8c12c48ddc725d16a4112a692f9219fd7b718b6ec5dcbe80eeece22428a99fb913f8ed1dcd221108899f7821c0dde808791663ccca8f093d1f9d7cb1ede8197800aba37e7f5acbe4be5300bb9a14743ea4d93d0a59033a700d8e1493afaa3024506cab04d8236f2b918a23987ed78cd7f0815f578347907e2129ddf019fe6d5b74e0560c408910d4d0d3ec90051bfc33b73b39a3f87673eb4ef25675f1e7fd99b424dc07cd1f4012a64c7fa10e572e48d17f30487adf1f37b59366c3f6f1483923353e318c1483b6cb1a6504a33d3862846e39f7eca9fe70caf2db8ce65546c16887c9eea60ac551ea2f53964afd6990a9875d2036eec209a0138a263b1c0c46feff9bea043fed48012ee3decfffdc98635e411d27e9dbc110d76ad64bf46f64168ad44f2c5ef7bb5b0ae00ac87d95d95b2697becda046c18451d8df991aca20b6ddd62482366a45cd42d1cc738e5149480e7988b6acfead9cbd24d944e8d151a33c2e91553a87833ae1723e9b940829e07b71cdacee41050685c521a787f6c6b8e3e26a214c16a3f7097dca0247583b79d060d3635cdc2be4cdd66373cbce0939b68ce49ec34fefc375315ee84083e682ed49ea6ccb5697fcc146d73060559757ec3becd5e0b8ff7230c94db91ed5d0788a2d2f9b4a49e6489bafe57a4c7b8d728c0e346939f1093560553f9a06164d4ef8896d380fbe780068d128a521f109fc8587ad11a40ddcc1c50f6300c32306d2cb9eed82b534f9bc08d7b18207058f08945093e1e66ac2f50055386c83c09ed5c9ba6dae15472692502c73b2ab52f6ae9f7e745e2d97bb16905aecb57675cc8d1f3a2f4287549e854b5aa3d7418cdd5c0c8c560b03c3a2ceb726447b6ee64cd32e9af47e13cb76702d159ad83b5d2c22dd994effcde6daa48ea7860f8f906fdd2cb0acf92a89363173bb5bb22bcf68d72d4ed03e3f419a7ee5896087e7fa62d266b0d5f7c9435d7de818d1091864d4432de2120dcbf6f8221059b5bebd384628a733bf34665eea295020d33c266a5ac0ce967da8bc2f1aca352bb501668022b8ac2006aadd25300b8be6472797afda622af0467c781264c47019df7fc37ad2792cddf27c30ebb3602888f654590c464c110d2b02067bf004111d8aeeca7989fd429c3d3de05735c5d09d4b8db34529269fb8607863773145f5f677611c3bfc7dfbcfb553203747cea0b68608c1bd74bc19093e6f3fcf65bd691a2a93b3d9f03b9d29b43fe6d4d48a299d6238dad30cd7b76dc74365cf16715037de087e04a842ca8c56ff468f7b2c7d6e4090d9b0474da35132d35360467913303eda0365176740a6058d2cdcde5793bece595949ad9f010806107f5c7e3ee026a4651142555fc4fb9f005ed10d8de741f14da583f13a0b11550b5b0a55e3971a332a9451d42b2191f9ca84e803e890a89f70cf6fc9d94590bec9facce8b53cdace87ab7e22b7ac055d01d3100f260b574a4fc56ac2bea519a3d325206df4397642053a3974d06940a8654bfcb49bb3f687d75a47ec05fb8705672ee98ca61b103741a3f09421b00ce06026eb779a271e9b9962263881f598d15950fcf90cce03c7592bc890405b068bf394298b7e951a9c21a942e2849c211b9aaaa9d9e4ef61f9e5f979a8c692151bec9a8c6176adc3ea895b64a347c13eea8486f1a60b775a13b716a63d5677d293ca37e1e591c3c7177066e0c123f396b10940dfab957de83a3d4fa61ccc39f57619ebe5ccab447b0edfb23d7532f903eb5ce729758c356d5180de15511deab80a8f94814bc9aee2dc5ef9fd29017a01d0391c1f66e9620120877b2242209a2b88880d483ad0de0de3e6ec8fc140a9ce131908db322f7fc10607881b8379f2645e1a320f49be250ca2687f84fa3366d6f9549466b6f9b778f7fe678cf09835f231d28c6ee5088c5237cef17e62bf21f67968728bbff7b4068e5f0434af655fe8050245146d2185c45810557204b14d7608826f942d9c8c2ff9569b23303520c96efbf1d07fba722affbd3b22a0487ef28d8f63cbd2576d253506b557e2af0776920acbcec046c20d52e5749b52565fb631c399adaf5eabee6adb5a572c6e4da7d697ee1559c532e01115004c7dd43a0148dbe8f2672cd312837ce45a804fcf5ff331ec6255e2ea760e2b411553046f2d9b5defeb0a5f09edccdfb4016479b77f8efd15fa76faa8306a89d118c14328a04c07e48b872af77262f53941ef863c38ce71ea06692971710eab8b79559e8b577fb92487f2d0d8583736ca43b01bd550a17e4ca84f579246f9c75e21664628e4cc2caf752411e35ae9e33d14260eb48f085c7881a1cb4f0e4653c9c6f3548f03cb3a32a3089697c7d99249da427e01f5eb547f242fe19303f753ae87393bbc26309dd58e868acab97c93adcf4450455f62b47adb65f975f8be973cfdd9e837d8dff307c4cb9e5a99668eae14dbbd5ceba9d5fd151c44794810042e4cebb89f59427131c80a39373cd61a9eb9030fe955edd3684a7914f0bdabdee19792518ea9e48a23826ddd4d0e2d24c17e7bdad702e7c34fd57cde26216e33c0852558106888cfdcb18ff4e2e26dba2ffde50b48aeca27eda126cb9606521532ae74d89a2795b59b6f929e96c2f1ecc0dc87404685d7043a6051a1c3a4a72133f3553a2da589cd9da381b168c2de64f9a0420061a17cc974ea55f22fd731d6630e54cfdcd7a80137bab1218c4505ce6f5d40f5c8dd1dfd397c612da34a304927340da944fb5a7fcb361de75a9b025ee0af1f6f2dee08bd0cca9702ed02786e02007e7646ceb7e5402ad319f00457c2dbdc5339d03ceb250764f65152a2a9cc00b2c62923656e197a1ab1986462aebb276e720c820e553451a1727c5426ea013d3ef1820276d551af3aa1d63a25c45136c436a9d810b4a048f3d93fea9fe391b023c4db8118d67170ef3418cc810cb88aece362ffe6f076e52686c2d4f3f77df69dc22f0c817aa32a54ddf9ee2983467fb2ee34289d597217f1428d1494fe330213d0f66dd1e3c6ef44cf6b8f90846b22986d0cb9aca29fb804ae39e1c34caf8dbae37aa0ada95154fc054d7482dc6b1842949108ab49921790d432929af08147c4fbcc4d388632853c5d4985da80fa9cd75fe309f67997180a8da02e4452507046e53853fa1aa83230ec8a6dc6f5b572381f32f55f2b3066e1e6121846582199df20d23d9b771dc81ffb9e293c44e3965320d81f0eb9ed3da9fc44ac5bc64d32609a2e22b29c2ac2d83c4d35d0ca87d0818f46d1653b502d053417def8ccf15f00bc7e82a803bc65148223c9412e91a69bd121b72aeec3968d23ad50dc852b0576a572cc4258323eef5fbdffbb1e862709adbb74fa54e2ed9369ceb789f864ee12047cee0d278d0485de8f8b41b9bfb17dfeb7f955a523ac5c12e59cedc444e047e07d65427c7f5137f9811c5f7d6c9d72c62c196ad597027bc7ab53d6a80f198d2b3eb89e50e4f1aa3f6af59487c16dcf054252144cc0a2d6de20fe3cfbb4ede2017d8893b4073aa9cbe6730cb94c00c24756e9c0b38f8288330c519fad68b3d707fc0a9d5052fb281372672e14c77edac4f9bf4b98a09a294d9ed859756c27a40c75c3798e75134b8156efaebab6ec51cfc80c2b6fa8f559eb195fae3ecc985ef7d605994a7b8af02f341c26cba8ddb23a8cbb6ddd1b116b75e4d6731d3f447cb4f487254468ee482598100f97bc99777327711176b9e3b16bb3e4d9cc4bb5288bb0225a4c042d9f69a3e47beb2f3924bbdc8d92bd7070edc5b92f7ee379e386597fc0dfc71612d074ef7699a65f31c3bae05455b951a5d7fade8513dd740a5f91d2bd941dfffbd075b5c4d72d17c207c153cc121078d63427440fe3d789d54ec5631445eb3c1562425db172982e4d5aeecb1a3b336c0bd8e3adb9bfac3706f44cf8049312188b97d5a78f2e0ab5bb58780097542f77f3df5ab61d67bf5c8c6aa70232357e1ddce772c379695402337787166c3d00968fa0fbbf9b320f3b0dc18a13b226d391e9d1d448e04563b104a781fd2530d9b16d6112477a744855780e847828227b952b1cf99f111b56a3826544d40341127202ea9cc1e3e64cca1d2395a5da1d4c49821ffe9194af619cdd447f6d256daa790951a738acb17d4a3ff5933e84915f228503019f0a5e109a05b4a810aaaf936da3368dd5bc0bc4abc5e7467722bc97f840f585fa8993a9f47db80b06cd12870b83659f2d4fcd4c0b39d674af60f3af150eb4c3b285c9a38907d406beb8c96987983857df4b85c788763dc8440d96aa84a4056a000d372c49b9cd206662da3a14845333298e373d1442d68730aef8391112234a504a95291d1b81acf9267f0620f4bb1860f0651e31f444e50faa10444b404b976ebc448e0ffd552873d475a6662a1cde35e88dae27980c939c8a8583c4e970e379658f3bc7304cf843b3b0c305ce68abd1f896877e478edb184d81c635cd94317c70ae9d391beceba1d149b631937d394e4fc37bf9ebd51a75067fd925793885b36f685a4afc7a724eac51ac708dfae7e802178d5506bab93f35ef1881a5c8ce9dd543b86e23490eb798a9667ba9acb96ac445df6f2d09783d611916a49afd0983a93afc852ff5b2f2321e642ff2c46df3316943870f5143c78e8fef7c680d17ce78f1e5095c211e2ca9b6e8406caed3ef23daab26995b9fddfa70ca25e4fa190800ab5eff2c042a5352bf611f5539774a34121f0e6be0f4c13f11ab1b833708d9d398936b9cd3000f3aed8c502423f9512e688b95044a4d2d16f68e31fdffc46d53e3435970000d3ae0a9fd77943426f0d114dbc831d75f2a7931ceaffd313c253b4c98baf5de9547555e2845d6c943dcbe8fd99afaa5f0adc8a4eb901377c62993a38470a17dc24fb5e02136968b7ff037b7cdc25970e29a6117f6d78d779a090368cb0fca5b9ecc7048611b6c329ab284121dd581c8fee8c4d4e2f89ba84e5e1a35e2bca39c769d9b0b821ff63235a63516753c7", 0x1}, {0x9, 0x34, &(0x7f0000000340)="94bb771fe7721ed82b2f5d2c3ca4dadbae092a830e931bf2945e2996d72cddf28eea4526ce0717c5d8b842758c54cb688d590a39", 0x0, 0x1}, {0x1a7, 0xaa, &(0x7f0000000380)="8a94343eb16546fab21099955270d95e57220558e3406884aa2456224a0aff7411b0295311942949107963ff730ac2329cb0faaee8471960a31f749ded075a98f52b35b15923c9a498e8d0fdade4f67999968917e37f0114c9fd6f01329d5137f0b05acf1adaeb731cb1c7d451a4cc539a50ab78a04d58f637f0e1f41c4a65b342dc5403949829f8ae7029ea573ec4e368e2eafadbf0b61114b39b27d7ac0228b167665c4e68e11863fc", 0x1}, {0x9, 0xf6, &(0x7f0000000440)="161a6fcf1d0a93001bee41aec658fde971a0404e6a7ed8fa3934b8193a81782abc103ff4a30da5fbd58d60f5d6da3522d0c3256e1b375f726074a9507c083c1d1d67e8892e5a9ab21c724321c2d66576eba88263a2e3d7a2501405bb99f4644a47d3ab781d0c48e35dedf397d57d133713b90f1f29b20c177000cae4929fde390239a6a4a836b843910491238c893b508add84ea00f97549ae5fa63ef75d52db51b601fda193ce3f9bd9c9acf5658acd194113d4030db91b0f8f5715f0191fa9b4b1c8a700af6c2b1494ede8ae5fa5b2ba0d56e7c4de819d42af67c5e74cf3845dcd133fcd93a667c54e7f37a6d9b3abc45efb31b436", 0x0, 0x1}, {0x5a, 0xd3, &(0x7f0000000540)="eaac786c87c2d4cdc51bae2999762f890178f367e13ffce4aee616592c156f04eab1fc5e64417ca35683d89f2d81f15bd4848f1145d77a3861ed098a8e48ccf08171c49704b3ce6f8fe4c99a2d02676da9454db87aa5d6f69a0ba61fa14b1502afcd807132f83dce3ff851fd2f87b1273b77bc16896e015b05c5feff36ed31c9d1ef28423f70e76a47c65c44df591853ff40d39351f4ca03edbdb1077fc3ab83097eed100c84f10f6275e70971d700eaf144f4bd0914790fae233b8b1ed3771e6a4463a1eb3f392a980db325d26a324c1c26c3"}]}) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000740)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x9c, &(0x7f00000007c0)={[{0x95, 0x4e00, "2419b9e0b90cbda610ca74fe297165557c87ff0b37ab55d7d16e98f0f8d7e6d4abd84e1a539057f1aab04b30a9a2c33be1de7a27efdd35490aeba25e1f0f0036f983f1559cc486aa5499b7379668899886fc7fd2a2c0673a4bf48a1f23103be48699acb470688b4f3846a13c2cacfdc8d8b2ed64a4242bc9eb6d1b6e4da32a469978be48ad0488aeafe57339f3ca707283f556285a"}]}) sendfile(r0, r1, &(0x7f0000000880)=0x8000000000000001, 0xfffffffffffffffb) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f00000008c0)=0x8, 0x4) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x1b8, &(0x7f0000000900)={[{0xd2, 0x4e00, "b358ce092276de21b7e60abe3c5e8ca2ab43fb57b7a6830c7a3100e8e167359255591d8a0485c817bb892764c388bbf32f9a94a73c0636919498a9d7c905747cefeb66197a5c25b8830cc718856bc7cbfdf78e537fc7b315bc426f4cfebb0823ea103b2b97609d3553e27e28ceff55b6eddc6482818b55621ea0c61d414f4c4a0e4bc818320abc79a28146c62262e034d4ed0fe6c097e07cff683b7bb750a77e947709fa240dc13842eada2857c6eb64ef66c7929801318dda1d89679c051135537ab5e75ece15eede9d2c8db73ce95249dc"}, {0xdb, 0x4e00, "a79d0fbd2afe9a2c1ef44c94b5e15fbf654b1a548fb6a0e7cf2934a9334fe6d7a65a5b04f5c1fa94e22d7722666948e79ab17eb6ad4db81bf66539881792b1e75c21b6b1b508dad5c22a1c3da92a07a7dac024701d87b6f1f844dc1c9bc7301d75f6cabdd4c59da17472abf77f4d6e0cc5a74b9a3380d7e301621228a2c25598659783e835b80ed61b4b931fc65b39ea272d9ba71e48d1fb30da10649fe2468258d5527a68521b39ca801a1c47875f4fa983c8d81bdc4a22de0c768fb07859f92955a0e0925c61ffd2e009f1fe48eb395826ec5d03ff7372260d28"}]}) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000ac0)={0x6, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @hao={0xc9, 0x10, @private0}, @ra={0x5, 0x2, 0xfff7}]}, 0x28) socket$isdn(0x22, 0x3, 0x2) r3 = syz_open_dev$evdev(&(0x7f0000000b00), 0xffffffffffffad04, 0x101002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x26, &(0x7f0000000b40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ldst={0x1, 0x0, 0x2, 0xa, 0x4, 0x10c, 0xffffffffffffffff}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3c0}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xb}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x7, 0x0, 0xb, 0x9, 0x8, 0x18, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000c80)='GPL\x00', 0x8, 0xa6, &(0x7f0000000cc0)=""/166, 0x40f00, 0x2e, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000d80)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000dc0)={0x0, 0x5, 0x8, 0x1ff}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000e00)=[r3, r0, r1], &(0x7f0000000e40)=[{0x5, 0x5, 0xd, 0x2}, {0x0, 0x4, 0x6, 0xb}], 0x10, 0x80000000, @void, @value}, 0x94) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000f40), 0x2, 0x0) ioctl$VIDIOC_S_EDID(r4, 0xc0285629, &(0x7f0000000fc0)={0x0, 0x8001, 0x2, '\x00', &(0x7f0000000f80)=0x24}) iopl(0x8) ioctl$EVIOCSCLOCKID(r3, 0x400445a0, &(0x7f0000003880)=0x2) r5 = openat2(r1, &(0x7f00000038c0)='./file0\x00', &(0x7f0000003900)={0xa0800, 0x80, 0x35}, 0x18) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000003a80)=@security={'security\x00', 0xe, 0x4, 0x320, 0xffffffff, 0x0, 0x188, 0xb8, 0xffffffff, 0xffffffff, 0x288, 0x288, 0x288, 0xffffffff, 0x4, &(0x7f0000003a40), {[{{@ip={@multicast1, @local, 0xffffffff, 0x0, 'veth1_to_bridge\x00', 'team_slave_1\x00', {}, {0xff}, 0x89, 0x4, 0x8}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x4}}}, {{@ip={@remote, @loopback, 0xff, 0xffffffff, 'veth1\x00', 'pimreg1\x00', {}, {0xff}, 0x11, 0x1, 0x4e}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x9, 0x6, [0xe, 0x30, 0x16, 0xe, 0x3c, 0x9, 0x33, 0xe, 0x3, 0x1b, 0xd, 0x1e, 0x26, 0x3, 0x25, 0x3c], 0x2, 0x1, 0x4}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x2b}, 0xff, 0xff, 'macvlan1\x00', 'bridge_slave_1\x00', {0xff}, {}, 0x2f, 0xd5022c0d22e8e326}, 0x0, 0xc0, 0x100, 0x0, {}, [@common=@inet=@dscp={{0x28}, {0x10, 0x1}}, @common=@icmp={{0x28}, {0x3, "b032", 0x1}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x3d, "151804bec38c87d5dc11b1050a897ca5a020677c86572c5c254c7fe4421c"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x380) syz_usb_ep_write(r2, 0xe4, 0xd4, &(0x7f0000003e00)="80c5ed42a2aa8a754cb06a82b3e7aba70583c9b87ea9a33f98cc0363a2ad53b7650bb093986e4ea767142a65242387888c44cb2b35687950339afa16d253fef4d48449cda984b2315acf6d7e6785b404792ce858a3a8b65fb40c3528c550b1f3e6df19128572ece90c4a404136701b9602fbccc3a68e7c5e6e9ab87f83f211ccd1e113f840df76529d5b9da8f598131aeaf8bd44cbab7aeda2ab5d1f28aa211898b4deee57bf34a6766d6bd4f07ab0ab61db4f6edddd5990c7961e8735ec421ab95fb3896e1c10196ba296418e74c2db50f57f55") mount_setattr(0xffffffffffffffff, &(0x7f0000003f00)='./file0\x00', 0x100, &(0x7f0000003f40)={0x3, 0x8, 0x80000, {r0}}, 0x20) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000003f80)={{0x0, 0x680, 0x1, 0xbe29, 0x7, 0x81, 0x1, 0xc0, 0x6, 0xffff, 0x10000, 0x7, 0x200, 0xfffffffffffffffd, 0x4}, 0x30, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r5, 0xc0709411, &(0x7f0000004040)={{r6, 0x5, 0x4, 0x9, 0x6, 0x5, 0x5, 0xa632, 0xe, 0x80000001, 0x9, 0x4, 0x100000001, 0x7, 0x5}, 0x50, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 5m20.28664111s ago: executing program 3 (id=1399): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) r2 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0) read$msr(r3, &(0x7f000001b000)=""/102400, 0x19000) rseq(0x0, 0x0, 0x0, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x106f) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_flowlabel\x00') read$FUSE(r6, &(0x7f0000006440)={0x2020}, 0x27) preadv(r6, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffecf, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x60, 0x0, 0x0, r8, {0x0, 0xf}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000800) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) r9 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, 0x0) sendto$packet(r9, &(0x7f00000000c0)="3f03fe7feee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @random="b6ca7038c7e8"}, 0x14) openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) 5m14.248113004s ago: executing program 3 (id=1413): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) syz_usb_connect(0x1, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x46, 0x36, 0x56, 0x8, 0x4b4, 0x8613, 0x958f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd1, 0x6e, 0xa5}}]}}]}}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050014000900010073797a3000000000400000001b0a01030000000000000000050080000900010073797a3000000000090003"], 0x9c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfff7fffffffffff5}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) migrate_pages(0x0, 0x8, &(0x7f0000000100)=0x7cd, &(0x7f0000000180)=0x1) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{}, {@in6=@loopback, 0x0, 0x33}, @in=@local, {}, {0x400000000000000}, {}, 0x0, 0x0, 0x2, 0x1, 0x0, 0x60}, [@algo_auth={0x48, 0x1, {{'digest_null\x00'}}}]}, 0x138}}, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f) r8 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r8, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}], 0x1, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache']) 5m7.856376823s ago: executing program 3 (id=1426): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000a80)={0x1, 0x0, 0x0, 0x0, 'syz0\x00'}) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0xc1105511, &(0x7f00000007c0)={0x1, 0x0, 0x0, 0x0, 'syz0\x00'}) syz_usb_connect(0x0, 0x2c, &(0x7f0000000940)={{0x12, 0x1, 0x110, 0x7, 0xdb, 0xe2, 0x8, 0xb48, 0x2003, 0xd41b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49, 0x2, 0x5, 0x9, 0x30, 0x2, [{{0x9, 0x4, 0x23, 0xa, 0x2, 0x2e, 0xb9, 0x69, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x6, 0x52}, [@mixer_unit={0x5, 0x24, 0x4, 0x4, 0x9}, @selector_unit={0x7, 0x24, 0x5, 0x1, 0xc3, "451d"}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0xd9c, 0x8}]}], [{{0x9, 0x5, 0xa, 0x10, 0x8, 0x0, 0x8, 0xf8}}, {{0x9, 0x5, 0x5, 0x3, 0x200, 0x40, 0xbf, 0x8}}]}}, {{0x9, 0x4, 0x4, 0xc0, 0x0, 0xe6, 0x63, 0xe8, 0x80}}]}}]}}, 0x0) r2 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='mpol=default=']) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = gettid() sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r3, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r5], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) write$smackfs_netlabel(r2, 0x0, 0x57) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x18) 5m0.443904538s ago: executing program 3 (id=1443): openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x22000d0, 0x0) r0 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x400, 0xfffffffc, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000080)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 4m59.480718158s ago: executing program 3 (id=1445): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$unix(0x1, 0x2, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000940), 0x0, 0x101000) ioctl$CEC_ADAP_G_CAPS(r2, 0xc04c6100, &(0x7f0000000980)) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x897, 0x0, 0x0, &(0x7f0000000280)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) munmap(&(0x7f000093a000/0x3000)=nil, 0x3000) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) r4 = openat$nvme_fabrics(0xffffff9c, 0x0, 0x20a83, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x8080) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4m57.801636432s ago: executing program 32 (id=1445): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$unix(0x1, 0x2, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000940), 0x0, 0x101000) ioctl$CEC_ADAP_G_CAPS(r2, 0xc04c6100, &(0x7f0000000980)) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x897, 0x0, 0x0, &(0x7f0000000280)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) munmap(&(0x7f000093a000/0x3000)=nil, 0x3000) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) r4 = openat$nvme_fabrics(0xffffff9c, 0x0, 0x20a83, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x8080) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2m44.921215796s ago: executing program 2 (id=1766): gettid() timer_create(0x0, &(0x7f0000001100)={0x0, 0x21, 0x1, @thr={&(0x7f0000000500)="e81035c0717831dbb46e9b88443469d4e1c32a044fff0cfc502f46b1ad3db291ef21fe8318c9d8820621cdbf13ccbd981b995273f810ca0c37d8f4f8edcab855903e16eef7db3435551d39c1e80e163bce", &(0x7f0000000580)="c3351288d2add045264e33209f371754211d986e307067f82d56e85f4fec5ae748e814910e000a89360625e2b22d82a24518bacf7722c734ba39f489652ebfadb94e1ecefee4206631f1087c8f0f411404e08f324ea67c50c6b350840190003541c7188d3530257934874d07391ebe76467a94576e4dae70784ea54f4390ff959603f88105e7388eb58c618f03096556f80ad71b345b4153dc840c33ae0a885c86f1c7206274334c112894c2ff3a63eeea243c17cceea33fc9de503e382e1105aaee0c05873188e265b302d56e07e9d11c78d7905b69a948e4d6170df1e46a9db57435cc2fc1e58e8f33234a0ac94b"}}, &(0x7f0000bbdffc)) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mkdir(&(0x7f0000005740)='./file0\x00', 0x3b) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000300)=""/132, 0x84) lseek(0xffffffffffffffff, 0x1, 0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='cramfs\x00', 0x8000, 0x0) syz_open_dev$cec(0x0, 0x0, 0x44080) 2m43.855003231s ago: executing program 2 (id=1770): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000540)=0x401, 0x4) syz_usb_control_io$hid(r0, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f7a7e40720c860097220102010104"], 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) sendto(0xffffffffffffffff, 0x0, 0x0, 0x2000c090, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380), 0x0, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r4, 0x4020744f, &(0x7f00000003c0)=0xc446806) write$binfmt_aout(r4, &(0x7f0000000280)=ANY=[], 0xfce1) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000e40)={0x2c, &(0x7f0000000d00)={0x0, 0x7, 0x16, {0x16, 0x1, "5cd361119508687c0df6f679aa34272ba5ce66be"}}, &(0x7f0000000d40)={0x0, 0x3, 0x9, @string={0x9, 0x3, "0228b8b7ae0fad"}}, &(0x7f0000000d80)={0x0, 0xf, 0x27, {0x5, 0xf, 0x27, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0xb, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x0, 0x9, 0xfffa}, @ss_container_id={0x14, 0x10, 0x4, 0x4, "dd02eeb45475333ca89ad86166bf38a9"}]}}, &(0x7f0000000dc0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x18, 0xf3, 0x4, "3c5adc7f", "9f8f67ee"}}, &(0x7f0000000e00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x4, 0x7f, 0x0, 0x6, 0xfafb, 0x5}}}, &(0x7f0000001300)={0x84, &(0x7f0000000840)=ANY=[@ANYBLOB="00038b000000d03a7f6b86057d9b7f4bd3ae6271821bb9af167f94fbc18f4084dc179d4eb051553c04f2265b64512821e9f27d55aa44b3e0052f99bb3fd3fb8a27c3086f884cebb79eea6d823c5fdb7ab2af21e50d31a3ed54d4877896d66f14a62576d4cf8c433e7e1019c8781d2c7be6d9155cc59ebe68852625eb38ed43baca0a8d578ae8e6f846eea800"/151], &(0x7f0000000f40)={0x0, 0xa, 0x1, 0xe5}, &(0x7f0000000f80)={0x0, 0x8, 0x1}, &(0x7f0000000fc0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000001000)={0x20, 0x0, 0x4, {0x80, 0x2}}, &(0x7f0000001040)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000001080)={0x40, 0x9, 0x1, 0x9}, &(0x7f00000010c0)={0x40, 0xb, 0x2, '8B'}, &(0x7f0000001100)={0x40, 0xf, 0x2, 0x7fff}, 0x0, &(0x7f0000001180)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f00000011c0)={0x40, 0x19, 0x2, "e33d"}, &(0x7f0000001200)={0x40, 0x1a, 0x2, 0x2}, 0x0, &(0x7f0000001280)={0x40, 0x1e, 0x1, 0x7}, &(0x7f00000012c0)={0x40, 0x21, 0x1, 0x7}}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x1}, 0x6) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"]) getpid() syz_usb_control_io(r2, &(0x7f0000000240)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="400138000000381c168f68f834aeb5f5d389f361b8622d0af5253be5d85a1e2b56e7f2d06581e851ca9e2699d2b96b106eb9cb8bcd014539000000000000"], &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x416}}, &(0x7f0000000980)={0x0, 0xf, 0x183, {0x5, 0xf, 0x183, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0xa, 0x5, 0x6}, @generic={0x103, 0x10, 0x2, "e27c674fb55e1159a0cc0075eeaa21d92f779219793c73f2e28665fa9b2dcc5c7c5264bf2fa9fdcf45d19975f09f17cc53c581d97dc5b6b4456d4c312c5d7f1a02271d2247694588b4b2c673ec75c6d1c7969cbef1a19ba2a18dda4d750a3dcfdcfcf31ffaae6245b07f415be6531001df0088d13e54b95e452153ba928bdb790a7a08dda3de36056beaa483d9b323cd661a458e82867b18dedd4ebd53402443b272516ccd8c71196966dba401da5454364508e4dff4664c2b008d4c0db4f03cdde6e09271a645c924feaaa8ede1e2fa955c74fed31401000000dca6b712fe21638213269fc7da9c6500916146327b101747cc486fb45042c978ded0dc8da900"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xa, 0xc, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x5, 0x7, 0x2}, @ptm_cap={0x3}, @generic={0x60, 0x10, 0xb, "f29e081502bf12740f502d26621856224c923b5d86edb669a1ed91da5ce03e55c59e0a394342fe39eda0c4c8be9e06bad9cebd1e1d38a02aff727d9ff6e0684cdd612c7e0ba71b3106defb77f5a342010c064a632de2efab814ac84f0d"}]}}, &(0x7f00000000c0)={0x20, 0x29, 0xffffffffffffff38, {0xf, 0x29, 0x5a, 0x10, 0x80, 0x11, "cb9617be", "bc9011b9"}}, &(0x7f0000000100)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x2, 0x2, 0x7, 0x6, 0x8a0, 0x2}}}, &(0x7f0000000700)={0x84, &(0x7f0000000280)={0x40, 0xf, 0x7b, "f9f617262ccacc6756fd4b80a807a7a312352926193f7d6168124801faaffac3b12bfd25184f0210e449799104ad2f88150ce38b51850df9984351e3364ef716eb7ba98f464fa2b2f54f173ed7927242e9c8f866a386a0ae58be159bfadb920e4029ef8f0ddb7afc08d6bf3cbd1ee8f5c974ccda92f6ae54aaa61a"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0xf}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000400)={0x20, 0x0, 0x8, {0xc0, 0x2, [0x0]}}, &(0x7f0000000440)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000480)={0x40, 0x9, 0x1, 0xf7}, &(0x7f00000004c0)={0x40, 0xb, 0x2}, &(0x7f0000000500)={0x40, 0xf, 0x2}, &(0x7f0000000540)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000800)={0x40, 0x17, 0x6, @broadcast}, &(0x7f00000005c0)={0x40, 0x19, 0x2, "ec60"}, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0xff}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0x6}, &(0x7f00000006c0)={0x40, 0x21, 0x7, 0x2}}) 2m39.100539008s ago: executing program 2 (id=1784): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) socket(0x1e, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078) 2m37.056206426s ago: executing program 2 (id=1785): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f'], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1c, 0xf, &(0x7f00000011c0)=ANY=[@ANYBLOB="180000005e000000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000008b7000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x7, 0xe, &(0x7f0000000100)=""/14, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) 2m35.718749704s ago: executing program 2 (id=1788): inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84080) getsockname$packet(r3, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$inet6(0xffffffffffffffff, 0x0, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000040)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x5, 0x5, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r6}, 0x14) 2m34.641940444s ago: executing program 2 (id=1792): r0 = syz_open_dev$ndb(&(0x7f0000000500), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x582) 2m17.679148988s ago: executing program 33 (id=1792): r0 = syz_open_dev$ndb(&(0x7f0000000500), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x582) 1m55.126908039s ago: executing program 5 (id=1903): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00"/13], 0x48) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 1m54.656709745s ago: executing program 5 (id=1907): mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000140), 0x3200841, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e725f626c6f636b733d742c00160ca6bbfbd9b5d23e247b3654274e3ffafd579b415b3fb09c69679b7301910c7bf5bf20eb1392ff25e2c4d278be5d0363ea3826a6cbc205cf87ad06db1a601a749554c413e0997a880c3975f121ff962c663f89fe4f4a"]) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x4, &(0x7f0000000100)={0xffff, 0x7}) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) open$dir(0x0, 0x40000, 0x10a) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x58, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004859}, 0x4000) 1m53.368763648s ago: executing program 5 (id=1910): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, &(0x7f0000000000)={0x0}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4000003, 0x13, 0xffffffffffffffff, 0x0) chdir(0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) io_submit(0x0, 0x0, &(0x7f0000000440)) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r0) sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r2, 0x701}, 0x14}, 0x1, 0x2403}, 0x0) 1m43.497169697s ago: executing program 5 (id=1935): socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$inet6_icmp(0xa, 0x2, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000340)={0x1, @pix_mp={0x0, 0x0, 0x34324258, 0x0, 0x0, [{}, {0x1}, {}, {0xfffffffe}]}}) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xd) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) bind$tipc(r3, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x0, 0x0, &(0x7f0000000b80)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r6, 0x29, 0x11, &(0x7f0000000040)=0x5, 0x4) 1m40.321016528s ago: executing program 5 (id=1942): sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=@newlink={0x20, 0x10, 0x401, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400}}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 21.169847082s ago: executing program 0 (id=2122): mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000140), 0x3200841, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e725f626c6f636b733d742c00160ca6bbfbd9b5d23e247b3654274e3ffafd579b415b3fb09c69679b7301910c7bf5bf20eb1392ff25e2c4d278be5d0363ea3826a6cbc205cf87ad06db1a601a749554c413e0997a880c3975f121ff962c663f89fe4f4a"]) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x4, &(0x7f0000000100)={0xffff, 0x7}) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) open$dir(0x0, 0x40000, 0x10a) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x58, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004859}, 0x4000) 10.835953665s ago: executing program 0 (id=2147): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, 0x0, 0x0) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) listen(r1, 0xfffffffd) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001000), 0x581, 0x40000000, 0x0) keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0) syz_create_resource$binfmt(0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe) r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r5 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, r5, 0x0, 0x7, 'syz1\x00', 0x0}) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000080)="a0ba0041e10b8d60ba44709ef438b323df357759", 0x14}, {&(0x7f00000000c0)="3f4d1d6c8eed634643f06a52a9365ee5a0937e7b02ceda6a2e7ee6438b5dbb", 0x1f}, {0x0}, {&(0x7f0000000200)="5681c9635e158b8bd54a4b4e400b3fd9e6eb5676b61b9c6aeb389f7994947ad225c93a4186e2c76551cf7fd7c08ab8b3cac862261da810e4adea397eb9b96fc541e530bfe0669a3064490aa3df4ca0d7bd24910f1f18ef1242a2650d12d71a8d69d51831d4e8d2fec6ef543bd753caf7aa944b9e769fa5cd302994ac50ced144d25eb6e5930a2e9c7da6dc673693e93fea023192ed702c6d522888c9934545afbcb2880fc37f633a4e5663da8db4dbc647f71ce185404009cb96529da69390dcdb07", 0xc2}, {&(0x7f0000000300)="33df77a45eaf94603464522cbe310d1ae65feffaaf0b0191d058cd3bf8100203fe51ebb6aeb1b23f4ce875f2f3b586e57568b58ecca298e798defa7dbb7201b65c29b584db6f2c87b8658cd085530ec615dfa93f3ac51e2c6a4d314f0ffbcbda451e3b27f94ab8a4805a91618b2c85cf7a0f3f1a429817e6ed554b741a6cb132d722c1d76e0da04fa1c99b49246a2c16d273c3ee225a37f495660656653f6d413bf6d5478be277d2c7cd38c42c8971a14a9b95850c355481459546071930377ae58cfba9119d0de9d2641ab61f868d73042f13168100d59964afc7086c057c2768f77334f01ed90b4c00492f0e24628b60476457d15f7704b2ca167002fe0cd0b593738a6792d0b2464e901ebc13dabf89785015999763b83f69dcacf7f8514c6704cb7de8135144813aaa777256f6a2977ccdee84891ce0be332b0150afc9023b1adfe124b8ff4457638c58cef734ace225fa7ef0e377b5c257ad2381ee16c27e88a08c078ed95f8a08d8472c9d9e8098b68d25b4bf906b305f23c06f420493ab8cd8f31ff6489648b139d0e6243eb0cd9de5515a530ffc4f641f1d1387c842a15e480e3a709a42336f4df2acdbf589dea5e20de704770c4d9af302ff6e105468afec6404e3f5df3af95f0e6a404ee08ac93ae6e38f56c65998a6ffe7df67f30d34935c2025e022393c6dec997b2595177b3a169afe30b125da691e473ff84a5e5f0e54ab0d36cacfa974aabba075ab7682c39c1f13e29e838b20efd4a2a6e4ee26f5f6f200cdf6a27e54dedd8ae5c278d556f306b2a6978a31f75cff821a7506d1cb23525e16d0bc847a231d3135094345e57533c25e93d5343e94a42dc6678c59ca592e8543ac1a15836c558e08fc216d834f970820a9b85744d1582ea19cd2836c3cd767fedc53a6521776f6287afc601ba596b7dde175422ff543e8da9bda8222c1c087dbc862dc34a471224ede214b9d83d3589c059065be5ded78b63aa71acddb57a0a9f766defc7e2e843d8a64a8c92efd1cc9e334856d7a7a1c7226034ba0a8f384dff88ff4e2ca6a13f63a66d123b5b7581976894093d22b07bd618becc3c5f812d0f87e5d9e96a8b9e042e5f3e41a89ff8e7c6015b18edbf31b5a38712cd53a2cfdb5039d4140766215aa13013c77f7c79a32a66986c0e45ab14eb9ec0a4712e0bdf397d4610581610d7abd6b299d82c963c99bd2f57d212902ea9db6cf4c080374a5e16653fba77eed4fe0dc6f63f0913d8216f6c17b64a7db7001ecea6c62e94da1e462cfb6284ed13819a072f0c5f348bc0f7ea7a2c73ff96395db41405d95fc3544029afdec7795bcc1d50112a4383c9d1f1000b59387e4cc67c2d7a511adb8270e69acebfb8cf94ef03540829ae70bda578a9e6cc13318e9173d9be92546b312956e56539eb9cc3fc4e89cfafc03802f5caf12f65133559898afdf5d25529b4ce5d6333fae21919c076ef9aaca6f1e1d93715f9d04b80e49f2d258e9fe7fdfc875c0231bce29d4a52372580f6591f2564ea99d281fde5523dfa65e5d9cd7ead36f1455203b0af0c9c9f303a4454291e2cd01f3a9457aac6cdacbbfd4aab9943272107cb11e96d5796c6152ee60eba2f8300255289d4e62dc75d5d36164be88df016ad59e064969544557e0f11e0981d8d3dcbfce3842c3d70ae4c3c44fdcc304418aa1c5d3fc493ca97b517502bc29d16983973f2bb2df21168b2e3097e7e456b2a37c56439b840539eb116fad3157707e523a05199c28ccd25d7117e999c45e80a9a21462eaad144a32e331a003272854c4649a3c7954a6c2e6aa5c81d7cce30c905383189f1177e33632b3b6c2572bb1a43321b8645b38b6d449514b746784fc8ff08e22424373f1bc015605c862134de23a9d374150d7f0c31b4c944589814b3074073b1518bcf5035b15b5b54e731402e68128f96b7cb58db9fbb6153b0f406c979c6226bd9260bee649d43835f448249e58a539f00eeb99368d1b5da0a5967142cc8ab3f976ddb14cca29fef02f49882ab9f9b8972241509ff2d1dbfc19ac35e2403046bd80433381468eb3a55fd63708c3eed6e6e6f279c8597977610a38bc7f3ebe1902c0fe85ef1ec1d56afa4c741fe0fd1f0c86f224577459fad33bd34e096253ebd5426c444e370a3156d4dd284b69545b4e43ef8b7240c79d386c2befc25112d136167bc4f84e95be75ebf30d46e70bfc6b7939badb44606fe966955e8f2fadb2b24c6df656e439564ebe0f9bfbb1c13b2b5ab08da5269cb8daf782a336d956048014c08dbe184f1474e6305d26c63a90adb06cd56180675002334a474295a2b99572eaaf37846bd533ce80a0099c55716faf64b8a7e5c8b300aab56b3f6d8279de148143a89b1e0db3ef4f339962aae0d6d81c3c0ee9a113d260439ea866c4e981611644f4e43562bec91aa0de27bbddb2974c02082cff22e5186f53e82659c44f5347456828441b6f910d8de51c8c21f57895d1e653dc4ab46b6422132529677352ddd215757edad3a718921c41a517c3df2730089e14ce35975e7fed1f659d97f7be400175fcf06ea2f0c22eed03f2f24ca2aaf490367914288f6f638a829002a5644a2a8876b7df68b9cf63a9cbd57e85aadf0e3f7dfdb5cf68b1af5e9b6f4f758d93bf4529c4e12fbbe63e7253abab43fa6aea40f01bf8817784e03f654c0891e69f881742bf7cb4d87d68fbf9fef24c46330183f8d25a2f5d702f2cde98e4616b660eadad2ac74e8cef0977aed251cfd79d8f3ce0a88ffe20c43bd577c29ccbdc7751c49ff087e6632920d15f2f6537eecf3fabfa7172ff36b13c414d786f1255334bdc6435172d3d0eab8d604ad33aec7dd28385e5c105034f596fd08697d329e29b0f52cd79fdf48fdb0cdec18ab4a27dc5e7517bf37fdcfbd34d8862980612a9779751ba2d0bce6642dcf64b848970869a7aec5efba75f6f01ec0606b2f0d292c8b666a174619caf4f61a98f16f4c9bbbf838349f3b2b6c232b794a018ebc9f8171870d3d193f8b41a04b9e9b23f01ffd487e362310d1e7d3750438ac22707f3b97ffe6507eb8ebd6beb3bd1c5414bc1e3e8862c25111268ad15adac4b60439d183ada469169ca5922f0670af295ee108cab6687224af2c3c95f7c2fe6115d96b5df51558ec05b478a7666257209a03df8b814a123d12da5bfc38bf5a24fe72653ab812d3ff29f404e91b2bd28d4cbfd18149065dfcc997d7b2d073f5e547e9519f19039d411399db1034fa65eb30f38cb3d23242dbc9c9df5a0f65f22a0f89761fb490f450e20ba228e2a3afae4081bd577b937d39d5fb78d9ca1469fcbced8afde965bef0834448c8d0efc7e47c1b8e5a5001a0dd883afd479c81de1f4c7de313d5e56f10b45d303d8ce57803f1bd2962be6a56b3013e6d47fa251e171800374d177520421cf4d6b3b4236d664d1fb84f0f8138e975bf147ee7b3d76298c764a599f6694dfe1761178eb2c31f54051dc95379015fa1a7ab8be60b7807f29ae56b67047b7dd3130351c0b2772e17c47d6a6fb4ad605453c86f0c26eb759a829543b789056fc4f95a0b9c27e41e883e8a94c7edb5d9d62ce6c2d29971e933bdaabc63e58b36cbca2f42a00580f36f20dd2fa991f38f5d5747229c6ec723a2b60fc6b2daa0a91e6bd6e55cf5c97107038435b6cbb0f7bbf5cfb70079a4d501854f839acd16510ab0a45ede674818c49a15b35c35761f3588eb35c13a5cfa82a5cc83872791801675fbcb23a52d184718cc583b851d6cd0618208b3b675e93e89269e8e614b13a9656c2cacb26db51f71a7d612f73f96391d03a7242f426a9f699b1ea916c752b46ab53f17e92323fe54bfacea393184aa1132ea6190317fbee57694d6909230dae357f72a813f6817ffd353918a154d55b688079a6ce4e79d436c6d40c033565c3b128c1c188af031b8b11db679ea26864fcaa4e650dde84869c228392104427f785bfd4371c2c0da4c785114e60a2a63085027059e76a6ccca8ed244f28e0943c5febd84f38f513782419110c507b3836a580fa4a71ab7e37c4e4c488abaeaebb0eedae2e2f6f194e3169889e8c9efe8d26384c2d45c9ff216392ec6e98689a900a9202037258dee0f699eb5ca036b49e5dffb2125cf3ca1cd2870f93fe5ff68829a74bc6354c67aebd09231fb9b110f124f264116bf2aa29a6f813bc1f7c2ea71e5e486ec03ce861dc3fb2049e45f8da1b241b0e6086f91e17895824949f5e1da5ebfdfe9a4232ce858350f2d53937f382b521c389847784f4cead8b1cc22422c7a4c3af7d331f755826bfe89a9a91570ba0a4ff38b23b7965e5b141fb7d83df7675957a97031fd562325a13a80a5fa2af43208cb79c56bcfb7ef559053ed3d665a20d98cbc8e7b3a34ee86e262e25d1c24fae4606929d3ccc5f91a2624ccacdd75e42788b5a2f66e010629fe549117d273b17454dc3aaf3f9f7a8e152f85aa0825138a53c7cbb0df35d2b0ca78d3d0f023458ee75ad843edd61c69567311d720db2cf0ea96d63035f2ef3cba2791f53849aaee5148564bca6f7b5f484c95c1b3712d9d892f73b4b85dbbc6b1d12d4bc5b7a72ed3d6966452a15b12c1da0ad5897ce5f6ddfe4f886e49a42aafb62a6763e3126645c2d2bc5386d6964a40fd08db64d80489eda7c910255fe20858053f45c39e7b7d6272ab92743b72c5dc5e13caafc1e3632789787733388445a461e960d1c8e999293f2773faf9b6337b5b8942121eb3383391b54f1359696aeda9a3c57df49dce6459d1d7a785aeba48bf1d6f9841136f509ad284ea8c72f44cbb1c67826c4505710e0cb8964a372e40d40963dfc7233725b6772790b450983f928e0a2f3aa2010a84963fa17ad53ec3cca9dfada8391e38825a857ee6e17119f68c2f207fc41ba28a428e724b69f7951342d4032c9dd542dd395252f96429282578354843f1fa192189edd714a55d3b8a2df4f5e7ee5461b4a5ddf15725262d23e0b5849e1bc61aa01ca0df32d400af2ebcf1d89f75cb0c3dce9ce5b8c2316b501f47f1a5fec3a4804238a16121d9db3287153a5a8a8f3be8806f8d948567256a0fc60c50a7ebd2c97ae10cb581de3b864c3820b1b28dcc46178fa90a2709d6ea93b4943e574b8fabe10239ec1b359d3fd61e11b8ec70f06baf6433a60f58535e2fc769d844ae83183120dffe9c3adc7ab273b0ea15c5476e543fee3784b7c43b0efda5e892acfc81762f06f644a4757d08e83b08b75e8f75cecb1e286d381110d8deda9208a2381c5f208e990d164db6d4021357f889bea8e85384ac39ce88acf5c68587716a0ff21cd8ccd10e83aed23d9d48d2a7c9b5d9f0cfc097df2e311c7a413a84df492ca5a27bea6abd9847f444bbd27588a29c5ad60f801becfb929456f6acc6e0ce1147f82e0845011ed72d1380758f3f1e376948aff4781302f727083ecc592e5115a03b31caa0565f620af37cbbf33e963b5b27b4853755480892ea2f4a96f7856088a99e564f547806dfb6089ca8b834f348bc06621bf4634adc85a9bc8d264ee39bfe139fa67bebb67718df894d3b6c380b8f64696444409cb5eb943caa733ef46ed25f39947af0135d8d211c5910c63eb1d089887051325e294276dcc8d72bb8514d7640cce2a5f73e70611fee01694d1a9139acf19d49d15a2e566e685d6987cb617eadbbca8aa29210c59db8bea7108729ad8d2d694e263cdc6cd7ead3a24e4c09a24a95c692eadafc27f963a317db873b2162dbdbc79ec423653ba6813b2ceed9585afa13820ed5786a134a9c33ab5aa", 0x1000}, {&(0x7f0000001300)="c6e39344f625bd46779584fc1571fb4a9c55e8d151bfe26baad8015bb8e2c88efc6837342b0781ac7b9494647fbf6e76937f466b594c2bec051f3b32f158f572870bfd81627b7be8b7c6cc545816d7783e5cf95c1f1bff4371c6227740b7bb8151da145b63d152021390e25a2ec9c29fb428fc6d8fe0", 0x76}, {0x0}, {&(0x7f0000001480)="c0e747fac3932e9186ec774595d5771c37f334b22b0f848a34d7498c82eaa44dabdd8a521a0bfaeca17a8a7f92e26262669f6f0cae7ddf3f156083d53757b5537983bcbbd0cf68f2774d0b49000d2a4e57c89c92fa0280a89b3b32203ba4b34e41", 0x61}, {&(0x7f0000001500)="c32c2ac1fcee6846d09103ea0f51420080da601d04cbb01b4658357f4bd4dc5162434c9a4cb7b52f5b55464bb57b9b383acb934af1a9db81b3593e029bf1f7b3e4fca39b6903bc5235f55b09495741659e7deb4a6021e7f7b3be2dbbd7e2", 0x5e}], 0x9}}], 0x1, 0x4001c00) 9.843095075s ago: executing program 1 (id=2148): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./bus\x00') setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 9.646420266s ago: executing program 6 (id=2150): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1, 0x5}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x400a101) 8.268103016s ago: executing program 0 (id=2151): syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000200)={0x8e, "00005c02ac56f967e45706449300004ed82ff400"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65"}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) 8.24253561s ago: executing program 1 (id=2153): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001f00), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) unshare(0x2c020400) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) 8.115138158s ago: executing program 7 (id=2154): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = socket(0x10, 0x3, 0x0) syncfs(r1) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) munlockall() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f00000001c0)={0x6c, 0x2, 0xa, 0x8, 0x80}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0x54, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@broadcast, 0x0, 0x0, 0x0, 0x1, 0xa, 0x0, 0xa0}}, [@migrate={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r5 = open(0x0, 0x0, 0x0) read$msr(r5, &(0x7f0000000240)=""/11, 0xb) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100), &(0x7f0000000180)=[0x0], 0x8, 0x6, 0x0, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r6 = io_uring_setup(0x7691, &(0x7f0000000140)={0x0, 0x58fb, 0x10, 0x801, 0x23f}) close_range(r6, 0xffffffffffffffff, 0x0) 8.049481786s ago: executing program 6 (id=2155): r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0xc, 0x20400) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f0000000040)={0x1, 0x0, 0x3, 0x4, {0x7fffffff, 0x2, 0x10000, 0x59}}) 6.915309666s ago: executing program 0 (id=2157): mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000140), 0x3200841, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e725f626c6f636b733d742c00160ca6bbfbd9b5d23e247b3654274e3ffafd579b415b3fb09c69679b7301910c7bf5bf20eb1392ff25e2c4d278be5d0363ea3826a6cbc205cf87ad06db1a601a749554c413e0997a880c3975f121ff962c663f89fe4f4a"]) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x4, &(0x7f0000000100)={0xffff, 0x7}) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) open$dir(0x0, 0x40000, 0x10a) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x58, r4, 0x1, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004859}, 0x4000) 6.787804224s ago: executing program 1 (id=2158): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x19, 0x18, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(0xffffffffffffffff, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r5, 0x3b82, &(0x7f00000000c0)={0x18, 0x0, 0x1, 0x0, &(0x7f0000000280)=[{0x0, 0x1542}]}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000000)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1}) 6.75235672s ago: executing program 6 (id=2159): syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0x80}, 0x1, 0x7}, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x4, &(0x7f0000000180), 0x4) 6.751739201s ago: executing program 7 (id=2160): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000340)={{0x8, @loopback, 0x4e2c, 0x1, 'ovf\x00', 0x14, 0x2, 0x19}, {@empty, 0x4e22, 0x3, 0x10001, 0x400fc1a, 0x8}}, 0x44) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) socket$inet_udplite(0x2, 0x2, 0x88) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x50) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000002c0)={0x4000, r1}, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 5.734939473s ago: executing program 1 (id=2162): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x6) syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\n\b0', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000140600fe8000000000000000000000000000bbfe800000001d00000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='T'], 0x0) 5.557883017s ago: executing program 7 (id=2163): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./bus\x00') setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 5.537055606s ago: executing program 1 (id=2164): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x40, 0x572, 0xcb01, 0x2665, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xaa, 0x75, 0xb7}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="000304000000d403"]}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000500)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x2d, @string={0x2d, 0x3, "fff7b790e99277cdb04ddda6e769dfb184f2d92378b84ee1f9906b65715279b98174973f8a0f2ee8c091a2"}}}, 0x0) 5.006540362s ago: executing program 7 (id=2165): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendto$packet(r1, &(0x7f0000000180)="0b031200e0ff64000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100}, 0x14) 4.630791898s ago: executing program 4 (id=2166): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x19, 0x18, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(0xffffffffffffffff, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r8, 0x3b85, &(0x7f0000000000)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x148, r7, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x124, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0xb3, {0x5, 0x97, 0x5, "840713d363c6724d98bf35001c09bfc3ef576ef4cbdedd44f1719d86e7202598ad5ab2b4e5dff62ed61751909b8422ef7be7fa9aeee03cce1881434df3bc53402458604b55890de2298e22ae5eb55d3e14358d8172d3caffea4c3165a9936a26aa4560071601df38cfb687a86ed61c704879c02c575dcc5f792ca84bd70fc9a24035370ffe3e5d14541c8831eed97732a996891591391a05b51387596e4634cf9ec3255fc6c4d68b86c2b73f110f4dc0"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0x0, 0xfd, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x148}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 4.423882048s ago: executing program 7 (id=2167): syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000200)={0x8e, "00005c02ac56f967e45706449300004ed82ff400"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65"}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) 3.581970367s ago: executing program 4 (id=2168): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001f00), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) unshare(0x2c020400) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) 2.716042906s ago: executing program 4 (id=2169): ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x40187013, &(0x7f0000000040)) 2.671056006s ago: executing program 7 (id=2170): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xcc, 0x2c, 0xdf, 0x40, 0x763, 0x2030, 0x7979, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5f, 0x65, 0x60, 0x70, [{{0x9, 0x4, 0x1, 0x8, 0x0, 0xff, 0xa2, 0x7d, 0x9}}]}}]}}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000002800)={0x84, &(0x7f0000002380)={0x0, 0x7}, 0x0, 0x0, &(0x7f00000024c0)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000002500)={0x20, 0x0, 0x4, {0x140, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002680)={0x40, 0x17, 0x6}, 0x0, &(0x7f0000002700)={0x40, 0x1a, 0x2, 0x9}, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000001080)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820000, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) write$binfmt_script(r3, &(0x7f0000000500)={'#! ', './file0'}, 0xb) close_range(r2, r3, 0x0) 2.487984828s ago: executing program 4 (id=2171): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) 2.394983336s ago: executing program 6 (id=2172): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x19, 0x18, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(0xffffffffffffffff, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c) close(0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r6, 0x3b82, &(0x7f00000000c0)={0x18, 0x0, 0x1, 0x0, &(0x7f0000000280)=[{0x0, 0x1542}]}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1}) 2.255544134s ago: executing program 4 (id=2173): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000340)={{0x8, @loopback, 0x4e2c, 0x1, 'ovf\x00', 0x14, 0x2, 0x19}, {@empty, 0x4e22, 0x3, 0x10001, 0x400fc1a, 0x8}}, 0x44) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) socket$inet_udplite(0x2, 0x2, 0x88) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x50) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000002c0)={0x4000, r1}, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 1.25212552s ago: executing program 6 (id=2174): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r2) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) 1.171158324s ago: executing program 4 (id=2175): syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) mkdirat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x11c) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r4, 0x0, 0x0) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') socket(0x5, 0x80000, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x4553, 0xa2ae, 0x1, &(0x7f0000000000), 0x8) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10) 1.163789858s ago: executing program 1 (id=2176): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, 0x0, 0x0) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) listen(r1, 0xfffffffd) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001000), 0x581, 0x40000000, 0x0) keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0) syz_create_resource$binfmt(0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe) r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r5 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, r5, 0x0, 0x7, 'syz1\x00', 0x0}) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000080)="a0ba0041e10b8d60ba44709ef438b323df357759", 0x14}, {&(0x7f00000000c0)="3f4d1d6c8eed634643f06a52a9365ee5a0937e7b02ceda6a2e7ee6438b5dbb", 0x1f}, {0x0}, {&(0x7f0000000200)="5681c9635e158b8bd54a4b4e400b3fd9e6eb5676b61b9c6aeb389f7994947ad225c93a4186e2c76551cf7fd7c08ab8b3cac862261da810e4adea397eb9b96fc541e530bfe0669a3064490aa3df4ca0d7bd24910f1f18ef1242a2650d12d71a8d69d51831d4e8d2fec6ef543bd753caf7aa944b9e769fa5cd302994ac50ced144d25eb6e5930a2e9c7da6dc673693e93fea023192ed702c6d522888c9934545afbcb2880fc37f633a4e5663da8db4dbc647f71ce185404009cb96529da69390dcdb07", 0xc2}, {&(0x7f0000000300)="33df77a45eaf94603464522cbe310d1ae65feffaaf0b0191d058cd3bf8100203fe51ebb6aeb1b23f4ce875f2f3b586e57568b58ecca298e798defa7dbb7201b65c29b584db6f2c87b8658cd085530ec615dfa93f3ac51e2c6a4d314f0ffbcbda451e3b27f94ab8a4805a91618b2c85cf7a0f3f1a429817e6ed554b741a6cb132d722c1d76e0da04fa1c99b49246a2c16d273c3ee225a37f495660656653f6d413bf6d5478be277d2c7cd38c42c8971a14a9b95850c355481459546071930377ae58cfba9119d0de9d2641ab61f868d73042f13168100d59964afc7086c057c2768f77334f01ed90b4c00492f0e24628b60476457d15f7704b2ca167002fe0cd0b593738a6792d0b2464e901ebc13dabf89785015999763b83f69dcacf7f8514c6704cb7de8135144813aaa777256f6a2977ccdee84891ce0be332b0150afc9023b1adfe124b8ff4457638c58cef734ace225fa7ef0e377b5c257ad2381ee16c27e88a08c078ed95f8a08d8472c9d9e8098b68d25b4bf906b305f23c06f420493ab8cd8f31ff6489648b139d0e6243eb0cd9de5515a530ffc4f641f1d1387c842a15e480e3a709a42336f4df2acdbf589dea5e20de704770c4d9af302ff6e105468afec6404e3f5df3af95f0e6a404ee08ac93ae6e38f56c65998a6ffe7df67f30d34935c2025e022393c6dec997b2595177b3a169afe30b125da691e473ff84a5e5f0e54ab0d36cacfa974aabba075ab7682c39c1f13e29e838b20efd4a2a6e4ee26f5f6f200cdf6a27e54dedd8ae5c278d556f306b2a6978a31f75cff821a7506d1cb23525e16d0bc847a231d3135094345e57533c25e93d5343e94a42dc6678c59ca592e8543ac1a15836c558e08fc216d834f970820a9b85744d1582ea19cd2836c3cd767fedc53a6521776f6287afc601ba596b7dde175422ff543e8da9bda8222c1c087dbc862dc34a471224ede214b9d83d3589c059065be5ded78b63aa71acddb57a0a9f766defc7e2e843d8a64a8c92efd1cc9e334856d7a7a1c7226034ba0a8f384dff88ff4e2ca6a13f63a66d123b5b7581976894093d22b07bd618becc3c5f812d0f87e5d9e96a8b9e042e5f3e41a89ff8e7c6015b18edbf31b5a38712cd53a2cfdb5039d4140766215aa13013c77f7c79a32a66986c0e45ab14eb9ec0a4712e0bdf397d4610581610d7abd6b299d82c963c99bd2f57d212902ea9db6cf4c080374a5e16653fba77eed4fe0dc6f63f0913d8216f6c17b64a7db7001ecea6c62e94da1e462cfb6284ed13819a072f0c5f348bc0f7ea7a2c73ff96395db41405d95fc3544029afdec7795bcc1d50112a4383c9d1f1000b59387e4cc67c2d7a511adb8270e69acebfb8cf94ef03540829ae70bda578a9e6cc13318e9173d9be92546b312956e56539eb9cc3fc4e89cfafc03802f5caf12f65133559898afdf5d25529b4ce5d6333fae21919c076ef9aaca6f1e1d93715f9d04b80e49f2d258e9fe7fdfc875c0231bce29d4a52372580f6591f2564ea99d281fde5523dfa65e5d9cd7ead36f1455203b0af0c9c9f303a4454291e2cd01f3a9457aac6cdacbbfd4aab9943272107cb11e96d5796c6152ee60eba2f8300255289d4e62dc75d5d36164be88df016ad59e064969544557e0f11e0981d8d3dcbfce3842c3d70ae4c3c44fdcc304418aa1c5d3fc493ca97b517502bc29d16983973f2bb2df21168b2e3097e7e456b2a37c56439b840539eb116fad3157707e523a05199c28ccd25d7117e999c45e80a9a21462eaad144a32e331a003272854c4649a3c7954a6c2e6aa5c81d7cce30c905383189f1177e33632b3b6c2572bb1a43321b8645b38b6d449514b746784fc8ff08e22424373f1bc015605c862134de23a9d374150d7f0c31b4c944589814b3074073b1518bcf5035b15b5b54e731402e68128f96b7cb58db9fbb6153b0f406c979c6226bd9260bee649d43835f448249e58a539f00eeb99368d1b5da0a5967142cc8ab3f976ddb14cca29fef02f49882ab9f9b8972241509ff2d1dbfc19ac35e2403046bd80433381468eb3a55fd63708c3eed6e6e6f279c8597977610a38bc7f3ebe1902c0fe85ef1ec1d56afa4c741fe0fd1f0c86f224577459fad33bd34e096253ebd5426c444e370a3156d4dd284b69545b4e43ef8b7240c79d386c2befc25112d136167bc4f84e95be75ebf30d46e70bfc6b7939badb44606fe966955e8f2fadb2b24c6df656e439564ebe0f9bfbb1c13b2b5ab08da5269cb8daf782a336d956048014c08dbe184f1474e6305d26c63a90adb06cd56180675002334a474295a2b99572eaaf37846bd533ce80a0099c55716faf64b8a7e5c8b300aab56b3f6d8279de148143a89b1e0db3ef4f339962aae0d6d81c3c0ee9a113d260439ea866c4e981611644f4e43562bec91aa0de27bbddb2974c02082cff22e5186f53e82659c44f5347456828441b6f910d8de51c8c21f57895d1e653dc4ab46b6422132529677352ddd215757edad3a718921c41a517c3df2730089e14ce35975e7fed1f659d97f7be400175fcf06ea2f0c22eed03f2f24ca2aaf490367914288f6f638a829002a5644a2a8876b7df68b9cf63a9cbd57e85aadf0e3f7dfdb5cf68b1af5e9b6f4f758d93bf4529c4e12fbbe63e7253abab43fa6aea40f01bf8817784e03f654c0891e69f881742bf7cb4d87d68fbf9fef24c46330183f8d25a2f5d702f2cde98e4616b660eadad2ac74e8cef0977aed251cfd79d8f3ce0a88ffe20c43bd577c29ccbdc7751c49ff087e6632920d15f2f6537eecf3fabfa7172ff36b13c414d786f1255334bdc6435172d3d0eab8d604ad33aec7dd28385e5c105034f596fd08697d329e29b0f52cd79fdf48fdb0cdec18ab4a27dc5e7517bf37fdcfbd34d8862980612a9779751ba2d0bce6642dcf64b848970869a7aec5efba75f6f01ec0606b2f0d292c8b666a174619caf4f61a98f16f4c9bbbf838349f3b2b6c232b794a018ebc9f8171870d3d193f8b41a04b9e9b23f01ffd487e362310d1e7d3750438ac22707f3b97ffe6507eb8ebd6beb3bd1c5414bc1e3e8862c25111268ad15adac4b60439d183ada469169ca5922f0670af295ee108cab6687224af2c3c95f7c2fe6115d96b5df51558ec05b478a7666257209a03df8b814a123d12da5bfc38bf5a24fe72653ab812d3ff29f404e91b2bd28d4cbfd18149065dfcc997d7b2d073f5e547e9519f19039d411399db1034fa65eb30f38cb3d23242dbc9c9df5a0f65f22a0f89761fb490f450e20ba228e2a3afae4081bd577b937d39d5fb78d9ca1469fcbced8afde965bef0834448c8d0efc7e47c1b8e5a5001a0dd883afd479c81de1f4c7de313d5e56f10b45d303d8ce57803f1bd2962be6a56b3013e6d47fa251e171800374d177520421cf4d6b3b4236d664d1fb84f0f8138e975bf147ee7b3d76298c764a599f6694dfe1761178eb2c31f54051dc95379015fa1a7ab8be60b7807f29ae56b67047b7dd3130351c0b2772e17c47d6a6fb4ad605453c86f0c26eb759a829543b789056fc4f95a0b9c27e41e883e8a94c7edb5d9d62ce6c2d29971e933bdaabc63e58b36cbca2f42a00580f36f20dd2fa991f38f5d5747229c6ec723a2b60fc6b2daa0a91e6bd6e55cf5c97107038435b6cbb0f7bbf5cfb70079a4d501854f839acd16510ab0a45ede674818c49a15b35c35761f3588eb35c13a5cfa82a5cc83872791801675fbcb23a52d184718cc583b851d6cd0618208b3b675e93e89269e8e614b13a9656c2cacb26db51f71a7d612f73f96391d03a7242f426a9f699b1ea916c752b46ab53f17e92323fe54bfacea393184aa1132ea6190317fbee57694d6909230dae357f72a813f6817ffd353918a154d55b688079a6ce4e79d436c6d40c033565c3b128c1c188af031b8b11db679ea26864fcaa4e650dde84869c228392104427f785bfd4371c2c0da4c785114e60a2a63085027059e76a6ccca8ed244f28e0943c5febd84f38f513782419110c507b3836a580fa4a71ab7e37c4e4c488abaeaebb0eedae2e2f6f194e3169889e8c9efe8d26384c2d45c9ff216392ec6e98689a900a9202037258dee0f699eb5ca036b49e5dffb2125cf3ca1cd2870f93fe5ff68829a74bc6354c67aebd09231fb9b110f124f264116bf2aa29a6f813bc1f7c2ea71e5e486ec03ce861dc3fb2049e45f8da1b241b0e6086f91e17895824949f5e1da5ebfdfe9a4232ce858350f2d53937f382b521c389847784f4cead8b1cc22422c7a4c3af7d331f755826bfe89a9a91570ba0a4ff38b23b7965e5b141fb7d83df7675957a97031fd562325a13a80a5fa2af43208cb79c56bcfb7ef559053ed3d665a20d98cbc8e7b3a34ee86e262e25d1c24fae4606929d3ccc5f91a2624ccacdd75e42788b5a2f66e010629fe549117d273b17454dc3aaf3f9f7a8e152f85aa0825138a53c7cbb0df35d2b0ca78d3d0f023458ee75ad843edd61c69567311d720db2cf0ea96d63035f2ef3cba2791f53849aaee5148564bca6f7b5f484c95c1b3712d9d892f73b4b85dbbc6b1d12d4bc5b7a72ed3d6966452a15b12c1da0ad5897ce5f6ddfe4f886e49a42aafb62a6763e3126645c2d2bc5386d6964a40fd08db64d80489eda7c910255fe20858053f45c39e7b7d6272ab92743b72c5dc5e13caafc1e3632789787733388445a461e960d1c8e999293f2773faf9b6337b5b8942121eb3383391b54f1359696aeda9a3c57df49dce6459d1d7a785aeba48bf1d6f9841136f509ad284ea8c72f44cbb1c67826c4505710e0cb8964a372e40d40963dfc7233725b6772790b450983f928e0a2f3aa2010a84963fa17ad53ec3cca9dfada8391e38825a857ee6e17119f68c2f207fc41ba28a428e724b69f7951342d4032c9dd542dd395252f96429282578354843f1fa192189edd714a55d3b8a2df4f5e7ee5461b4a5ddf15725262d23e0b5849e1bc61aa01ca0df32d400af2ebcf1d89f75cb0c3dce9ce5b8c2316b501f47f1a5fec3a4804238a16121d9db3287153a5a8a8f3be8806f8d948567256a0fc60c50a7ebd2c97ae10cb581de3b864c3820b1b28dcc46178fa90a2709d6ea93b4943e574b8fabe10239ec1b359d3fd61e11b8ec70f06baf6433a60f58535e2fc769d844ae83183120dffe9c3adc7ab273b0ea15c5476e543fee3784b7c43b0efda5e892acfc81762f06f644a4757d08e83b08b75e8f75cecb1e286d381110d8deda9208a2381c5f208e990d164db6d4021357f889bea8e85384ac39ce88acf5c68587716a0ff21cd8ccd10e83aed23d9d48d2a7c9b5d9f0cfc097df2e311c7a413a84df492ca5a27bea6abd9847f444bbd27588a29c5ad60f801becfb929456f6acc6e0ce1147f82e0845011ed72d1380758f3f1e376948aff4781302f727083ecc592e5115a03b31caa0565f620af37cbbf33e963b5b27b4853755480892ea2f4a96f7856088a99e564f547806dfb6089ca8b834f348bc06621bf4634adc85a9bc8d264ee39bfe139fa67bebb67718df894d3b6c380b8f64696444409cb5eb943caa733ef46ed25f39947af0135d8d211c5910c63eb1d089887051325e294276dcc8d72bb8514d7640cce2a5f73e70611fee01694d1a9139acf19d49d15a2e566e685d6987cb617eadbbca8aa29210c59db8bea7108729ad8d2d694e263cdc6cd7ead3a24e4c09a24a95c692eadafc27f963a317db873b2162dbdbc79ec423653ba6813b2ceed9585afa13820ed5786a134a9c33ab5aa", 0x1000}, {&(0x7f0000001300)="c6e39344f625bd46779584fc1571fb4a9c55e8d151bfe26baad8015bb8e2c88efc6837342b0781ac7b9494647fbf6e76937f466b594c2bec051f3b32f158f572870bfd81627b7be8b7c6cc545816d7783e5cf95c1f1bff4371c6227740b7bb8151da145b63d152021390e25a2ec9c29fb428fc6d8fe0", 0x76}, {0x0}, {&(0x7f0000001480)="c0e747fac3932e9186ec774595d5771c37f334b22b0f848a34d7498c82eaa44dabdd8a521a0bfaeca17a8a7f92e26262669f6f0cae7ddf3f156083d53757b5537983bcbbd0cf68f2774d0b49000d2a4e57c89c92fa0280a89b3b32203ba4b34e41", 0x61}, {&(0x7f0000001500)="c32c2ac1fcee6846d09103ea0f51420080da601d04cbb01b4658357f4bd4dc5162434c9a4cb7b52f5b55464bb57b9b383acb934af1a9db81b3593e029bf1f7b3e4fca39b6903bc5235f55b09495741659e7deb4a6021e7f7b3be2dbbd7e2", 0x5e}], 0x9}}], 0x1, 0x4001c00) 0s ago: executing program 6 (id=2177): r0 = syz_open_dev$media(&(0x7f0000002340), 0xa, 0xed07983fff27406c) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xca, 0x9b, 0xd4, 0x10, 0x1199, 0xb000, 0xa898, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x30, 0x2, 0x2, 0x17, 0xb5, 0x1b, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x3) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x200, 0x40) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x2000000000000088}}, 0x40) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000200)={0x30, 0x5, 0x0, {0x0, 0x6, 0x5, 0x1}}, 0x30) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES32=0x1, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRESOCT=r5, @ANYBLOB="0100070000800000020000000000000100"/28], 0x50) r7 = fcntl$dupfd(r6, 0x0, r0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0) pwritev(r7, &(0x7f00000024c0), 0x0, 0x7f, 0x10) geteuid() kernel console output (not intermixed with test programs): 1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 591.335123][ T5886] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 591.376719][ T5886] usb 1-1: Product: syz [ 591.415856][ T5886] usb 1-1: Manufacturer: syz [ 591.426117][ T5886] usb 1-1: SerialNumber: syz [ 591.468127][ T5878] usbhid 3-1:0.1: can't add hid device: -71 [ 591.496568][ T5878] usbhid 3-1:0.1: probe with driver usbhid failed with error -71 [ 591.565475][ T5878] usb 3-1: USB disconnect, device number 41 [ 591.664709][ T5886] usb 1-1: Invalid connection information received from device [ 591.921236][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 591.943439][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 592.579661][ T5930] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 592.756908][ T5930] usb 5-1: Using ep0 maxpacket: 32 [ 592.828536][ T5930] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 592.869001][ T5930] usb 5-1: config 0 has no interface number 0 [ 592.895619][ T5930] usb 5-1: config 0 interface 12 has no altsetting 0 [ 592.897043][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 592.924544][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 592.931622][ T5930] usb 5-1: New USB device found, idVendor=2c42, idProduct=1222, bcdDevice=85.40 [ 592.962022][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.976951][ T5930] usb 5-1: Product: syz [ 592.981167][ T5930] usb 5-1: Manufacturer: syz [ 592.981622][T10532] ceph: No mds server is up or the cluster is laggy [ 592.994376][ T5930] usb 5-1: SerialNumber: syz [ 593.007396][ T5930] usb 5-1: config 0 descriptor?? [ 593.311073][ T10] usb 1-1: USB disconnect, device number 46 [ 593.317454][ T5930] usb 5-1: USB disconnect, device number 37 [ 593.780384][ T24] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 594.663952][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 594.784208][ T24] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 594.804797][ T24] usb 3-1: config 179 has no interface number 0 [ 594.812309][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 594.823551][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 594.840662][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 594.866450][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 594.907761][ T24] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 594.943926][ T24] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 594.961053][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.183470][T10593] ptrace attach of "./syz-executor exec"[5820] was attempted by " eth0 #®uŕűu0*óiÝŮƇ޿_ ößkż.\x22¦Ŕ#pÍ/¦ňĽyL…aµ»~+>Ľ“ř«š3…l{@!2¶!®÷9k\x0b8I$ýQ=rŘŔŘ\x09/ŤvÓ§ŘJý”#KTÝÓáľ_$A=zî˝/XľmOX)s”Ţľ_N¸Ţë)ÍĹ6m\x0a\x0bľë»‘zÂ|d\x1bŇůyx˛\x1bLTrw|0\x09Ćâśí\x5cŘ[Č ó¬]V:üĂž\x07xďţ.TTĎżő€a%ÜQłCuTĚę‘čŘYZyć!‰śŃ¦7Švs˛\x07ţłj*­IĚéŞ{]ď·ňî*ů5JtĐsÄŞČ~˛ň0˝fŰ®Găűď”ď:Q\x1b㣤}ď`eÍL«Ű\x0dňyźg1ô\x09i/!ń,ŚuŞż~)”\x1b2“†çšňj¨–¦˘üNŻThł\x1bo:č\x0bq7SäHóL ś—BťŞqą(ö±[„aF›ÚëÄ*q˛’ Śv¬ ANąŞŕť—TeLţ—+uÓ^±đŕ˝\x07»ĺťsha ë„™ĆńŐLD¨7 DQŠ2!8,Ľ%$ńňÖśyěKÚĹÜúÝöĆ´ś’…°˘%:đô0´¦d´äLWŐ÷l\x1bţŢ\x0bh—=m‚.¬\x0bhţ„Q}8/ëPľÖ+:ÎE\x5c•Ô¬’‡×—ăě­Ő¬€C„Rr^gşQ(š>⺨=\x0c04Źň*@vçŃîłÂŤTÚgŮ:hzW6s)x®ňÍ\x [ 595.436562][T10478] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 595.924185][T10566] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 596.187801][T10566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 596.237447][T10566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.248814][T10478] usb 4-1: Using ep0 maxpacket: 32 [ 596.265886][T10478] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 596.274662][T10478] usb 4-1: config 0 has no interface number 0 [ 596.300792][T10478] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.316727][ T5879] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input42 [ 596.385640][T10478] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.438788][T10478] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 596.492718][T10478] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.519714][ T10] usb 3-1: USB disconnect, device number 42 [ 596.519743][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 596.534354][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 596.549073][ T10] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 596.610010][T10478] usb 4-1: config 0 descriptor?? [ 596.694463][T10605] FAULT_INJECTION: forcing a failure. [ 596.694463][T10605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.751537][T10605] CPU: 0 UID: 0 PID: 10605 Comm: syz.1.1319 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 596.751564][T10605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.751573][T10605] Call Trace: [ 596.751580][T10605] [ 596.751588][T10605] dump_stack_lvl+0x189/0x250 [ 596.751617][T10605] ? __pfx____ratelimit+0x10/0x10 [ 596.751645][T10605] ? __pfx_dump_stack_lvl+0x10/0x10 [ 596.751668][T10605] ? __pfx__printk+0x10/0x10 [ 596.751695][T10605] should_fail_ex+0x414/0x560 [ 596.751717][T10605] _copy_to_user+0x31/0xb0 [ 596.751742][T10605] simple_read_from_buffer+0xe1/0x170 [ 596.751771][T10605] proc_fail_nth_read+0x1df/0x250 [ 596.751792][T10605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 596.751813][T10605] ? rw_verify_area+0x258/0x650 [ 596.751835][T10605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 596.751854][T10605] vfs_read+0x1fd/0x980 [ 596.751888][T10605] ? __pfx___mutex_lock+0x10/0x10 [ 596.751906][T10605] ? __pfx_vfs_read+0x10/0x10 [ 596.751928][T10605] ? __fget_files+0x2a/0x420 [ 596.751948][T10605] ? __fget_files+0x3a0/0x420 [ 596.751962][T10605] ? __fget_files+0x2a/0x420 [ 596.751984][T10605] ksys_read+0x145/0x250 [ 596.752008][T10605] ? __pfx_ksys_read+0x10/0x10 [ 596.752027][T10605] ? rcu_is_watching+0x15/0xb0 [ 596.752051][T10605] ? do_syscall_64+0xbe/0x3b0 [ 596.752071][T10605] do_syscall_64+0xfa/0x3b0 [ 596.752086][T10605] ? lockdep_hardirqs_on+0x9c/0x150 [ 596.752101][T10605] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.752117][T10605] ? clear_bhb_loop+0x60/0xb0 [ 596.752139][T10605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.752155][T10605] RIP: 0033:0x7f30fdb8d37c [ 596.752170][T10605] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 596.752182][T10605] RSP: 002b:00007f30fe957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 596.752200][T10605] RAX: ffffffffffffffda RBX: 00007f30fddb5fa0 RCX: 00007f30fdb8d37c [ 596.752212][T10605] RDX: 000000000000000f RSI: 00007f30fe9570a0 RDI: 0000000000000004 [ 596.752221][T10605] RBP: 00007f30fe957090 R08: 0000000000000000 R09: 0000000000000000 [ 596.752230][T10605] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 596.752239][T10605] R13: 0000000000000000 R14: 00007f30fddb5fa0 R15: 00007ffc97955e68 [ 596.752264][T10605] [ 596.989232][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.776786][ T5878] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 597.956570][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 597.978849][ T5878] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 598.009102][ T5878] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 598.048303][ T5878] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 598.072066][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.108025][ T5878] usb 3-1: Product: syz [ 598.122117][ T5878] usb 3-1: Manufacturer: syz [ 598.134513][ T5878] usb 3-1: SerialNumber: syz [ 598.317638][ T5886] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 598.335839][T10478] usbhid 4-1:0.1: can't add hid device: -71 [ 598.353992][T10478] usbhid 4-1:0.1: probe with driver usbhid failed with error -71 [ 598.386879][ T5878] usb 3-1: 0:2 : does not exist [ 598.391907][ T5878] usb 3-1: unit 9 not found! [ 598.395975][T10478] usb 4-1: USB disconnect, device number 39 [ 598.434744][ T5878] usb 3-1: 4:0: cannot get min/max values for control 1 (id 4) [ 598.656553][ T5886] usb 1-1: Using ep0 maxpacket: 8 [ 598.667367][ T5886] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 598.685615][ T5878] usb 3-1: USB disconnect, device number 43 [ 599.314648][ T5886] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 599.324760][ T5886] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 599.352117][ T5886] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 599.480108][ T6771] udevd[6771]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 599.511158][ T5886] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 599.546464][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.816723][ T5886] usb 1-1: GET_CAPABILITIES returned 0 [ 599.946901][ T5886] usbtmc 1-1:16.0: can't read capabilities [ 600.023447][T10623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'. [ 600.362207][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1325'. [ 601.156343][ T5886] usb 1-1: USB disconnect, device number 47 [ 601.313859][T10657] netlink: 'syz.4.1333': attribute type 10 has an invalid length. [ 601.322101][T10657] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1333'. [ 601.331911][T10657] bond0: entered promiscuous mode [ 601.337989][T10657] bond_slave_0: entered promiscuous mode [ 601.344060][T10657] bond_slave_1: entered promiscuous mode [ 601.368989][T10657] bridge0: port 3(bond0) entered blocking state [ 601.375619][T10657] bridge0: port 3(bond0) entered disabled state [ 601.386933][T10657] bond0: entered allmulticast mode [ 601.392230][T10657] bond_slave_0: entered allmulticast mode [ 601.398727][T10657] bond_slave_1: entered allmulticast mode [ 601.411799][T10657] bridge0: port 3(bond0) entered blocking state [ 601.418407][T10657] bridge0: port 3(bond0) entered forwarding state [ 604.599874][T10692] FAULT_INJECTION: forcing a failure. [ 604.599874][T10692] name failslab, interval 1, probability 0, space 0, times 0 [ 604.850179][T10692] CPU: 0 UID: 0 PID: 10692 Comm: syz.1.1346 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 604.850209][T10692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 604.850221][T10692] Call Trace: [ 604.850230][T10692] [ 604.850239][T10692] dump_stack_lvl+0x189/0x250 [ 604.850274][T10692] ? __pfx____ratelimit+0x10/0x10 [ 604.850307][T10692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 604.850335][T10692] ? __pfx__printk+0x10/0x10 [ 604.850361][T10692] ? __pfx___might_resched+0x10/0x10 [ 604.850391][T10692] should_fail_ex+0x414/0x560 [ 604.850430][T10692] should_failslab+0xa8/0x100 [ 604.850464][T10692] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 604.850496][T10692] ? __alloc_skb+0x112/0x2d0 [ 604.850533][T10692] __alloc_skb+0x112/0x2d0 [ 604.850563][T10692] netlink_sendmsg+0x5c6/0xb30 [ 604.850601][T10692] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.850637][T10692] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 604.850657][T10692] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.850683][T10692] __sock_sendmsg+0x219/0x270 [ 604.850708][T10692] ____sys_sendmsg+0x505/0x830 [ 604.850742][T10692] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.850781][T10692] ? import_iovec+0x74/0xa0 [ 604.850814][T10692] ___sys_sendmsg+0x21f/0x2a0 [ 604.850844][T10692] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.850911][T10692] ? __fget_files+0x2a/0x420 [ 604.850930][T10692] ? __fget_files+0x3a0/0x420 [ 604.850960][T10692] __x64_sys_sendmsg+0x19b/0x260 [ 604.850992][T10692] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 604.851031][T10692] ? __pfx_ksys_write+0x10/0x10 [ 604.851056][T10692] ? rcu_is_watching+0x15/0xb0 [ 604.851085][T10692] ? do_syscall_64+0xbe/0x3b0 [ 604.851111][T10692] do_syscall_64+0xfa/0x3b0 [ 604.851133][T10692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.851152][T10692] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 604.851170][T10692] ? clear_bhb_loop+0x60/0xb0 [ 604.851196][T10692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.851219][T10692] RIP: 0033:0x7f30fdb8e969 [ 604.851237][T10692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.851255][T10692] RSP: 002b:00007f30fe957038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 604.851277][T10692] RAX: ffffffffffffffda RBX: 00007f30fddb5fa0 RCX: 00007f30fdb8e969 [ 604.851293][T10692] RDX: 0000000000004054 RSI: 00002000000002c0 RDI: 0000000000000003 [ 604.851305][T10692] RBP: 00007f30fe957090 R08: 0000000000000000 R09: 0000000000000000 [ 604.851317][T10692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.851329][T10692] R13: 0000000000000000 R14: 00007f30fddb5fa0 R15: 00007ffc97955e68 [ 604.851361][T10692] [ 605.119106][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.697759][T10693] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1338'. [ 605.749309][T10693] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1338'. [ 605.764100][T10693] tipc: MTU too low for tipc bearer [ 606.096694][ T5878] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 606.179977][T10710] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1351'. [ 606.267302][ T5878] usb 4-1: Using ep0 maxpacket: 8 [ 606.281157][ T5878] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 606.466259][ T5878] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 606.476804][ T5878] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 606.487111][ T5878] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 606.503600][ T5878] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 606.505871][T10715] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1352'. [ 606.513200][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.543120][T10717] FAULT_INJECTION: forcing a failure. [ 606.543120][T10717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.610628][T10717] CPU: 0 UID: 0 PID: 10717 Comm: syz.0.1353 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 606.610657][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 606.610670][T10717] Call Trace: [ 606.610678][T10717] [ 606.610687][T10717] dump_stack_lvl+0x189/0x250 [ 606.610725][T10717] ? __pfx____ratelimit+0x10/0x10 [ 606.610758][T10717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 606.610787][T10717] ? __pfx__printk+0x10/0x10 [ 606.610807][T10717] ? __might_fault+0xb0/0x130 [ 606.610850][T10717] should_fail_ex+0x414/0x560 [ 606.610878][T10717] _copy_from_user+0x2d/0xb0 [ 606.610907][T10717] ___sys_sendmsg+0x158/0x2a0 [ 606.610940][T10717] ? __pfx____sys_sendmsg+0x10/0x10 [ 606.611008][T10717] ? __fget_files+0x2a/0x420 [ 606.611027][T10717] ? __fget_files+0x3a0/0x420 [ 606.611057][T10717] __x64_sys_sendmsg+0x19b/0x260 [ 606.611088][T10717] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 606.611126][T10717] ? __pfx_ksys_write+0x10/0x10 [ 606.611152][T10717] ? rcu_is_watching+0x15/0xb0 [ 606.611195][T10717] ? do_syscall_64+0xbe/0x3b0 [ 606.611220][T10717] do_syscall_64+0xfa/0x3b0 [ 606.611239][T10717] ? lockdep_hardirqs_on+0x9c/0x150 [ 606.611258][T10717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.611277][T10717] ? clear_bhb_loop+0x60/0xb0 [ 606.611301][T10717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.611319][T10717] RIP: 0033:0x7f531598e969 [ 606.611336][T10717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.611353][T10717] RSP: 002b:00007f53168a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 606.611375][T10717] RAX: ffffffffffffffda RBX: 00007f5315bb5fa0 RCX: 00007f531598e969 [ 606.611389][T10717] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 606.611402][T10717] RBP: 00007f53168a4090 R08: 0000000000000000 R09: 0000000000000000 [ 606.611414][T10717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 606.611426][T10717] R13: 0000000000000000 R14: 00007f5315bb5fa0 R15: 00007fffbf6cdcf8 [ 606.611457][T10717] [ 606.818771][ C0] vkms_vblank_simulate: vblank timer overrun [ 607.085310][ T5878] usb 4-1: GET_CAPABILITIES returned 0 [ 607.123536][ T5878] usbtmc 4-1:16.0: can't read capabilities [ 607.657667][T10703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1347'. [ 607.725717][T10703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1347'. [ 608.536946][ T5879] usb 4-1: USB disconnect, device number 40 [ 609.268682][T10746] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1360'. [ 609.301295][T10743] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1359'. [ 610.157723][T10754] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1363'. [ 610.551338][T10762] netlink: 'syz.2.1366': attribute type 5 has an invalid length. [ 610.624813][T10762] netlink: 'syz.2.1366': attribute type 7 has an invalid length. [ 612.116357][T10762] : entered promiscuous mode [ 612.281353][T10767] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1367'. [ 618.748112][T10834] netlink: 'syz.4.1383': attribute type 21 has an invalid length. [ 618.758275][T10834] netlink: 'syz.4.1383': attribute type 1 has an invalid length. [ 618.773395][T10834] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1383'. [ 618.821937][T10834] 9pnet_fd: Insufficient options for proto=fd [ 618.945457][T10838] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1382'. [ 619.486578][ T5879] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 619.664034][ T5879] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 619.686315][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.705206][ T5879] usb 1-1: Product: syz [ 619.724329][ T5879] usb 1-1: Manufacturer: syz [ 619.789404][ T5879] usb 1-1: SerialNumber: syz [ 619.797706][ T5879] usb 1-1: config 0 descriptor?? [ 620.359849][ T5879] hso 1-1:0.0: Failed to find BULK IN ep [ 620.388183][ T5879] usb-storage 1-1:0.0: USB Mass Storage device detected [ 620.851215][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 620.851233][ T30] audit: type=1326 audit(1748766345.535:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 620.955140][ T30] audit: type=1326 audit(1748766345.585:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 620.976778][ T10] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 620.986618][T10842] fuse: Bad value for 'user_id' [ 621.020574][ T30] audit: type=1326 audit(1748766345.585:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.060468][T10842] fuse: Bad value for 'user_id' [ 621.063757][T10869] 9pnet_fd: Insufficient options for proto=fd [ 621.087211][ T5877] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 621.117519][ T977] usb 1-1: USB disconnect, device number 48 [ 621.171935][ T30] audit: type=1326 audit(1748766345.585:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.205147][ T10] usb 3-1: config 6 has an invalid interface number: 57 but max is 0 [ 621.223221][ T10] usb 3-1: config 6 has no interface number 0 [ 621.265939][ T10] usb 3-1: config 6 interface 57 has no altsetting 0 [ 621.378088][ T5877] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 621.386644][ T30] audit: type=1326 audit(1748766345.585:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.424842][T10875] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1390'. [ 621.522361][ T30] audit: type=1326 audit(1748766345.585:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.526723][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.546826][ T30] audit: type=1326 audit(1748766345.585:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.557365][ T10] usb 3-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00 [ 621.882401][ T30] audit: type=1326 audit(1748766345.585:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.886873][ T5877] usb 4-1: Product: syz [ 621.912548][ T30] audit: type=1326 audit(1748766345.585:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 621.916516][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.988495][ T5877] usb 4-1: Manufacturer: syz [ 621.993167][ T5877] usb 4-1: SerialNumber: syz [ 622.009934][ T10] usb 3-1: Product: syz [ 622.022095][ T10] usb 3-1: Manufacturer: syz [ 622.033746][ T30] audit: type=1326 audit(1748766345.585:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10860 comm="syz.4.1388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc81d32ab39 code=0x7ffc0000 [ 622.035278][ T5877] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 622.077298][ T10] usb 3-1: SerialNumber: syz [ 622.108111][ T977] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 622.348753][ T10] usb-storage 3-1:6.57: USB Mass Storage device detected [ 622.531927][ T10] usb 3-1: USB disconnect, device number 44 [ 623.006492][ T5879] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 623.207017][ T977] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 623.388423][ T977] ath9k_htc: Failed to initialize the device [ 623.579308][T10478] usb 4-1: USB disconnect, device number 41 [ 623.639741][T10478] usb 4-1: ath9k_htc: USB layer deinitialized [ 623.699012][ T5879] usb 5-1: Using ep0 maxpacket: 16 [ 623.763314][ T5879] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 623.796482][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 623.856482][ T5879] usb 5-1: config 0 has no interface number 0 [ 623.871428][ T5879] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 623.891051][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.917760][T10903] FAULT_INJECTION: forcing a failure. [ 623.917760][T10903] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 623.941664][ T5879] usb 5-1: Product: syz [ 623.945902][ T5879] usb 5-1: Manufacturer: syz [ 623.956540][ T5879] usb 5-1: SerialNumber: syz [ 623.965922][ T5879] usb 5-1: config 0 descriptor?? [ 623.966566][T10903] CPU: 0 UID: 0 PID: 10903 Comm: syz.1.1396 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 623.966595][T10903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 623.966609][T10903] Call Trace: [ 623.966618][T10903] [ 623.966628][T10903] dump_stack_lvl+0x189/0x250 [ 623.966666][T10903] ? __pfx____ratelimit+0x10/0x10 [ 623.966701][T10903] ? __pfx_dump_stack_lvl+0x10/0x10 [ 623.966731][T10903] ? __pfx__printk+0x10/0x10 [ 623.966753][T10903] ? __might_fault+0xb0/0x130 [ 623.966799][T10903] should_fail_ex+0x414/0x560 [ 623.966829][T10903] _copy_to_iter+0x1db/0x16f0 [ 623.966867][T10903] ? __pfx_call_rcu+0x10/0x10 [ 623.966894][T10903] ? __pfx__copy_to_iter+0x10/0x10 [ 623.966918][T10903] ? _raw_spin_lock_irq+0xae/0xf0 [ 623.966959][T10903] ? _raw_spin_unlock_irq+0x23/0x50 [ 623.966990][T10903] ? lockdep_hardirqs_on+0x9c/0x150 [ 623.967014][T10903] seq_read_iter+0xbeb/0xe10 [ 623.967065][T10903] proc_reg_read_iter+0x1b7/0x280 [ 623.967096][T10903] do_iter_readv_writev+0x518/0x6e0 [ 623.967132][T10903] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 623.967176][T10903] ? rw_verify_area+0x258/0x650 [ 623.967210][T10903] vfs_readv+0x253/0x850 [ 623.967239][T10903] ? __pfx_vfs_readv+0x10/0x10 [ 623.967278][T10903] ? __fget_files+0x2a/0x420 [ 623.967305][T10903] ? __fget_files+0x3a0/0x420 [ 623.967323][T10903] ? __fget_files+0x2a/0x420 [ 623.967354][T10903] __x64_sys_preadv+0x197/0x2a0 [ 623.967391][T10903] ? __pfx___x64_sys_preadv+0x10/0x10 [ 623.967421][T10903] ? rcu_is_watching+0x15/0xb0 [ 623.967459][T10903] ? do_syscall_64+0xbe/0x3b0 [ 623.967487][T10903] do_syscall_64+0xfa/0x3b0 [ 623.967508][T10903] ? lockdep_hardirqs_on+0x9c/0x150 [ 623.967527][T10903] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.967549][T10903] ? clear_bhb_loop+0x60/0xb0 [ 623.967575][T10903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.967596][T10903] RIP: 0033:0x7f30fdb8e969 [ 623.967617][T10903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.967635][T10903] RSP: 002b:00007f30fe957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 623.967659][T10903] RAX: ffffffffffffffda RBX: 00007f30fddb5fa0 RCX: 00007f30fdb8e969 [ 623.967676][T10903] RDX: 0000000000000001 RSI: 0000200000004ec0 RDI: 0000000000000006 [ 623.967690][T10903] RBP: 00007f30fe957090 R08: 0000000000000000 R09: 0000000000000000 [ 623.967702][T10903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.967714][T10903] R13: 0000000000000000 R14: 00007f30fddb5fa0 R15: 00007ffc97955e68 [ 623.967749][T10903] [ 624.086572][ T5877] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 624.194827][ T5879] usb 5-1: Found UVC 0.00 device syz (046d:08f3) [ 624.313376][ T5879] usb 5-1: No valid video chain found. [ 624.462657][ T977] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 624.520048][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.789395][ T10] usb 5-1: USB disconnect, device number 38 [ 624.801713][ T977] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 624.816672][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.840154][ T977] usb 1-1: config 0 descriptor?? [ 624.846700][ T5877] usb 3-1: Using ep0 maxpacket: 32 [ 624.865932][ T5877] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 624.877727][ T5877] usb 3-1: config 0 has no interface number 0 [ 624.911376][ T977] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 624.923728][ T5877] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 624.936543][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.949723][ T5877] usb 3-1: Product: syz [ 624.956252][ T5877] usb 3-1: Manufacturer: syz [ 624.963962][ T5877] usb 3-1: SerialNumber: syz [ 624.972930][ T5877] usb 3-1: config 0 descriptor?? [ 624.984463][ T5877] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 625.012197][ T5877] usb 3-1: selecting invalid altsetting 1 [ 625.022198][ T5877] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 625.051114][ T5877] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 625.131593][ T5877] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 625.162894][ T5877] usb 3-1: media controller created [ 625.338418][ T977] gspca_cpia1: usb_control_msg 03, error -71 [ 625.356673][T10911] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1399'. [ 625.370201][ T977] gspca_cpia1: usb_control_msg 01, error -71 [ 625.452002][T10915] rdma_op ffff8880241ba9f0 conn xmit_rdma 0000000000000000 [ 625.478863][T10915] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[10915] [ 625.497033][T10915] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1400'. [ 625.866672][ T5879] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 626.013045][ T977] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 626.021852][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 626.035986][ T977] usb 1-1: USB disconnect, device number 49 [ 626.233298][ T5879] usb 2-1: too many configurations: 69, using maximum allowed: 8 [ 626.261018][ T5879] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 626.478955][ T5877] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 627.415034][ T5879] usb 2-1: can't read configurations, error -61 [ 627.556548][ T5879] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 627.716816][ T5877] usb 3-1: USB disconnect, device number 45 [ 628.001804][ T5879] usb 2-1: too many configurations: 69, using maximum allowed: 8 [ 628.066814][ T5879] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 628.111346][ T5879] usb 2-1: can't read configurations, error -61 [ 628.115530][T10935] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1403'. [ 628.262626][ T5879] usb usb2-port1: attempt power cycle [ 630.536612][T10957] netlink: 'syz.4.1411': attribute type 2 has an invalid length. [ 630.720095][T10959] netlink: 'syz.4.1412': attribute type 2 has an invalid length. [ 630.911313][T10961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1414'. [ 631.055218][T10961] bond1: entered promiscuous mode [ 631.106529][T10961] bond1: entered allmulticast mode [ 631.256624][ T5879] usb 4-1: new low-speed USB device number 42 using dummy_hcd [ 632.229609][T10974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1417'. [ 632.297027][ T5879] usb 4-1: string descriptor 0 read error: -22 [ 632.303294][ T5879] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 632.323677][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.357506][ T5879] usb 4-1: config 0 descriptor?? [ 632.417144][ T5879] usbtest 4-1:0.0: FX2 device [ 632.464964][ T5879] usbtest 4-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 632.478336][T10974] bond1: entered promiscuous mode [ 632.483396][T10974] bond1: entered allmulticast mode [ 632.535173][T10978] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 632.586948][T10978] bond1: (slave vcan1): Error -95 calling set_mac_address [ 632.650176][T10964] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1413'. [ 636.877145][ T5879] usb 4-1: USB disconnect, device number 42 [ 637.119409][T10478] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 637.135202][T11001] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1425'. [ 637.155686][T11002] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1423'. [ 637.265022][T11001] bond4: entered promiscuous mode [ 637.273149][T11001] bond4: entered allmulticast mode [ 637.356838][T10478] usb 3-1: Using ep0 maxpacket: 8 [ 637.377487][T10478] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 637.399999][T10478] usb 3-1: config 0 has no interface number 0 [ 637.432566][T10478] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 637.484102][T10478] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 637.503476][T10478] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 637.515483][T10478] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 637.530311][ T5879] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 637.552646][T10478] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 637.562721][T10478] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.631523][T10478] usb 3-1: config 0 descriptor?? [ 637.702737][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 637.738478][T10478] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 637.791933][ T5879] usb 4-1: config index 0 descriptor too short (expected 73, got 26) [ 637.845453][ T5879] usb 4-1: config 5 has an invalid interface number: 35 but max is 1 [ 637.866309][ T5879] usb 4-1: config 5 has an invalid descriptor of length 10, skipping remainder of the config [ 637.904035][ T5879] usb 4-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 637.948187][ T5879] usb 4-1: config 5 has no interface number 0 [ 637.963247][ T5877] usb 3-1: USB disconnect, device number 46 [ 637.976934][ T5879] usb 4-1: config 5 interface 35 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 638.031226][ T5879] usb 4-1: config 5 interface 35 has no altsetting 0 [ 638.032151][ T5877] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 638.075022][ T5879] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 638.115551][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.522362][ T5879] usb 4-1: Product: syz [ 639.538032][ T5879] usb 4-1: Manufacturer: syz [ 639.569855][ T5879] usb 4-1: SerialNumber: syz [ 642.409238][ T5930] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 642.594597][ T5930] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 642.624544][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.633771][ T5877] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 642.661735][ T5930] usb 5-1: Product: syz [ 642.664248][ T5879] ttusbir 4-1:5.35: cannot find expected altsetting [ 642.673105][ T5930] usb 5-1: Manufacturer: syz [ 642.837086][ T5930] usb 5-1: SerialNumber: syz [ 642.864152][ T5930] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 642.886717][ T5879] usb 4-1: USB disconnect, device number 43 [ 643.649729][ T977] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 643.710410][ T5877] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 643.742331][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.757198][ T5877] usb 2-1: Product: syz [ 643.785183][ T5877] usb 2-1: Manufacturer: syz [ 643.790972][ T5877] usb 2-1: SerialNumber: syz [ 644.398512][ T5877] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 644.457049][ T5930] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 644.573749][T11061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 644.587253][T11061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 644.642557][ T5879] usb 5-1: USB disconnect, device number 39 [ 644.882790][ T977] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 644.893846][ T977] ath9k_htc: Failed to initialize the device [ 644.912058][ T5879] usb 5-1: ath9k_htc: USB layer deinitialized [ 645.132643][T11053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.168196][T11053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.371922][ T24] usb 2-1: USB disconnect, device number 37 [ 645.517238][ T5930] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 645.567499][ T5930] ath9k_htc: Failed to initialize the device [ 645.732555][ T24] usb 2-1: ath9k_htc: USB layer deinitialized [ 645.839445][T11068] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1444'. [ 646.167066][ T1043] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 646.870866][ T1043] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.119120][ T1043] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.621093][ T1043] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.315178][T11083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 648.325015][T11083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 648.333406][T11083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 648.342067][T11083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 648.349901][T11083] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 648.523036][ T1043] bridge_slave_1: left allmulticast mode [ 648.538243][ T1043] bridge_slave_1: left promiscuous mode [ 648.545824][ T1043] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.595946][ T1043] bridge_slave_0: left allmulticast mode [ 648.608301][ T1043] bridge_slave_0: left promiscuous mode [ 648.614127][ T1043] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.756599][ T977] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 649.253821][ T977] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 649.272481][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.308004][ T977] usb 5-1: Product: syz [ 649.312870][ T977] usb 5-1: Manufacturer: syz [ 649.330157][ T977] usb 5-1: SerialNumber: syz [ 649.413835][ T977] usb 5-1: config 0 descriptor?? [ 649.797360][ T977] hso 5-1:0.0: Failed to find BULK IN ep [ 649.865638][ T977] usb-storage 5-1:0.0: USB Mass Storage device detected [ 650.047543][T11087] fuse: Bad value for 'user_id' [ 650.080808][T11087] fuse: Bad value for 'user_id' [ 650.125574][T11087] 9pnet_fd: Insufficient options for proto=fd [ 650.278348][ T977] usb 5-1: USB disconnect, device number 40 [ 650.396502][ T51] Bluetooth: hci0: command tx timeout [ 650.689751][ T1043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 650.716752][ T1043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 650.761795][ T1043] bond0 (unregistering): Released all slaves [ 650.845062][T11090] netlink: 'syz.1.1452': attribute type 29 has an invalid length. [ 652.480257][ T51] Bluetooth: hci0: command tx timeout [ 654.607819][ T51] Bluetooth: hci0: command tx timeout [ 654.785156][ T977] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 655.086814][ T977] usb 2-1: Using ep0 maxpacket: 8 [ 655.518656][ T977] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 655.549237][T11080] chnl_net:caif_netlink_parms(): no params data found [ 655.556343][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 655.586507][ T977] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 655.616559][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 655.676772][ T1043] hsr_slave_0: left promiscuous mode [ 655.691251][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 655.784743][ T977] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 655.837199][ T1043] hsr_slave_1: left promiscuous mode [ 655.843464][ T1043] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 656.010712][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 656.031262][ T1043] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 656.041379][ T977] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 656.710505][ T51] Bluetooth: hci0: command tx timeout [ 656.716025][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 656.727349][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 656.773018][ T1043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 656.806536][ T1043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 656.811898][ T977] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 656.822338][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 656.837178][ T977] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 656.851412][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 656.882603][ T977] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 656.902583][ T977] usb 2-1: string descriptor 0 read error: -22 [ 657.048973][ T977] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 657.069837][ T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.096932][ T977] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 658.234138][ T5879] usb 2-1: USB disconnect, device number 38 [ 658.669720][T11172] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1470'. [ 660.299575][ T1043] team0 (unregistering): Port device team_slave_1 removed [ 660.425426][ T1043] team0 (unregistering): Port device team_slave_0 removed [ 661.270671][T11158] smc: net device bond0 applied user defined pnetid SYZ0 [ 663.438625][T11080] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.482141][T11080] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.514334][T11080] bridge_slave_0: entered allmulticast mode [ 663.558914][T11080] bridge_slave_0: entered promiscuous mode [ 663.597776][T11080] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.635376][T11080] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.922517][T11080] bridge_slave_1: entered allmulticast mode [ 664.775622][T11213] serio: Serial port ptm0 [ 664.831848][T11080] bridge_slave_1: entered promiscuous mode [ 665.470659][T11223] ptrace attach of "./syz-executor exec"[5835] was attempted by ""[11223] [ 666.055583][T11215] geneve2: entered promiscuous mode [ 666.060972][T11215] geneve2: entered allmulticast mode [ 666.254480][T11080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 666.391132][T11080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.961250][ T5877] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 667.135935][ T5877] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 667.278110][T11080] team0: Port device team_slave_0 added [ 667.328384][T11080] team0: Port device team_slave_1 added [ 667.435876][T11248] Bluetooth: MGMT ver 1.23 [ 667.687851][T11241] fido_id[11241]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 668.486471][ T5886] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 668.746198][ T5886] usb 1-1: Using ep0 maxpacket: 8 [ 669.497935][T11267] input: syz1 as /devices/virtual/input/input46 [ 669.523763][ T5886] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 17 [ 669.548027][ T5886] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07 [ 669.557424][ T5886] usb 1-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60 [ 669.565987][ T5886] usb 1-1: Product: syz [ 669.572393][ T5886] usb 1-1: Manufacturer: syz [ 669.578403][ T5886] usb 1-1: SerialNumber: syz [ 669.697139][T11080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.765660][ T5886] usb 1-1: config 0 descriptor?? [ 669.787026][T11080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.829694][T11080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.907315][T11080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 669.914572][T11080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 670.014100][ T5886] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 670.038747][T11080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 670.884180][T11080] hsr_slave_0: entered promiscuous mode [ 670.891234][T11080] hsr_slave_1: entered promiscuous mode [ 670.899515][T11080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 670.909556][T11080] Cannot create hsr debugfs directory [ 671.537469][ T5886] gspca_sunplus: reg_w_riv err -110 [ 671.796848][ T5886] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 672.089773][ T5886] usb 1-1: USB disconnect, device number 50 [ 674.092400][T11304] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1499'. [ 674.119487][T11080] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 674.343259][T11080] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 674.435058][T11080] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 674.555898][T11080] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 675.442591][T11080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 675.553890][T11080] 8021q: adding VLAN 0 to HW filter on device team0 [ 675.629609][ T6784] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.636837][ T6784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 676.349677][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.356898][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.181759][T11354] fuse: Bad value for 'fd' [ 680.139306][T11080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 680.377034][T11387] Invalid ELF header type: 0 != 1 [ 682.146840][T11394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 682.172241][T11394] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 682.251631][T11394] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 682.999445][T11080] veth0_vlan: entered promiscuous mode [ 683.168833][T11080] veth1_vlan: entered promiscuous mode [ 684.156545][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 684.177094][T11080] veth0_macvtap: entered promiscuous mode [ 684.472072][T11080] veth1_macvtap: entered promiscuous mode [ 684.787700][T11080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 684.812411][T11080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 684.820267][T11426] input: syz0 as /devices/virtual/input/input48 [ 684.842700][T11080] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.854781][T11080] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.871075][T11080] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.880655][T11080] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.567337][ T5879] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 685.847087][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.877934][ T5879] usb 3-1: Using ep0 maxpacket: 32 [ 686.236496][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 686.649585][ T5879] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 686.658076][ T5879] usb 3-1: config 0 has no interface number 0 [ 686.670477][ T5879] usb 3-1: config 0 interface 184 has no altsetting 0 [ 686.699414][ T5879] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 686.996467][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.395044][T11451] overlayfs: overlapping lowerdir path [ 687.510931][T11452] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 688.012132][ T5879] usb 3-1: Product: syz [ 688.092498][ T5879] usb 3-1: Manufacturer: syz [ 688.324960][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 688.401012][ T5879] usb 3-1: SerialNumber: syz [ 688.435705][ T6784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.473977][ T5879] usb 3-1: config 0 descriptor?? [ 688.499407][ T6784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.524165][ T5879] smsc75xx v1.0.0 [ 688.658741][ T8193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 688.727452][ T5879] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 688.756616][ T8193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 688.826700][ T5879] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 688.921168][ T5879] usb 3-1: USB disconnect, device number 47 [ 689.267978][T11461] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1447'. [ 689.296889][ T5878] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 689.346262][T11465] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1447'. [ 689.470240][ T5878] usb 5-1: Using ep0 maxpacket: 16 [ 689.482841][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 689.555651][ T5878] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 689.598286][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.612438][ T5878] usb 5-1: Product: syz [ 689.618116][ T5878] usb 5-1: Manufacturer: syz [ 689.622861][ T5878] usb 5-1: SerialNumber: syz [ 689.644835][ T5878] usb 5-1: config 0 descriptor?? [ 689.673215][ T5878] hub 5-1:0.0: bad descriptor, ignoring hub [ 689.710668][ T5878] hub 5-1:0.0: probe with driver hub failed with error -5 [ 689.733566][ T5878] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input49 [ 690.463278][T11458] overlayfs: failed to resolve './file0': -2 [ 691.300349][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 691.300367][ T30] audit: type=1326 audit(1748766415.985:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 691.426615][ T30] audit: type=1326 audit(1748766415.985:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 691.448219][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.468943][ T30] audit: type=1326 audit(1748766416.025:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 691.677731][ T30] audit: type=1326 audit(1748766416.025:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 691.699383][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.707334][ T30] audit: type=1326 audit(1748766416.035:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 691.728894][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.502267][ T30] audit: type=1326 audit(1748766416.035:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 692.528894][ T30] audit: type=1326 audit(1748766416.035:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 692.584359][ T30] audit: type=1326 audit(1748766416.035:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 693.737845][ T30] audit: type=1326 audit(1748766416.035:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 694.589460][ T30] audit: type=1326 audit(1748766416.035:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 694.611124][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.761688][T11507] netlink: 'syz.1.1534': attribute type 10 has an invalid length. [ 694.770352][T11507] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1534'. [ 694.820693][T11508] CUSE: unknown device info "˙" [ 694.825707][T11508] CUSE: zero length info key specified [ 696.677093][ T30] audit: type=1326 audit(1748766416.035:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 696.703657][ T30] audit: type=1326 audit(1748766416.035:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 696.951631][ T30] audit: type=1326 audit(1748766416.035:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 696.974951][ T30] audit: type=1326 audit(1748766416.035:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 697.661431][ T30] audit: type=1326 audit(1748766416.035:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 697.697693][T11507] team0: Port device geneve0 added [ 697.714012][ T30] audit: type=1326 audit(1748766416.035:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 697.761902][ T30] audit: type=1326 audit(1748766416.035:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 697.803219][ T30] audit: type=1326 audit(1748766416.035:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 698.057665][ T30] audit: type=1326 audit(1748766416.055:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 698.283532][ T30] audit: type=1326 audit(1748766416.135:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11457 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc81d38e969 code=0x7ffc0000 [ 698.414479][T11530] hub 8-0:1.0: USB hub found [ 698.422616][T11530] hub 8-0:1.0: 1 port detected [ 701.258406][T11527] kvm: kvm [11521]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1a1000075f7 [ 701.346601][T11527] kvm: kvm [11521]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x1a1000035f7 [ 701.394113][T11527] kvm: kvm [11521]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x1ed00005900 [ 701.757028][ T5886] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 701.803993][T11527] kvm: kvm [11521]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x1ed00001900 [ 702.015345][ T5886] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 702.065236][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 702.119396][ T5886] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 702.146451][ T5886] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 702.184980][ T5886] usb 3-1: Manufacturer: syz [ 702.210783][ T5886] usb 3-1: config 0 descriptor?? [ 703.257047][T11578] Bluetooth: MGMT ver 1.23 [ 703.436872][ T5886] rc_core: IR keymap rc-hauppauge not found [ 703.442873][ T5886] Registered IR keymap rc-empty [ 703.491763][ T5886] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 703.576664][ T5886] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input50 [ 703.680313][ T5878] usb 5-1: USB disconnect, device number 41 [ 704.166719][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 704.174770][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 704.469172][T10478] usb 3-1: USB disconnect, device number 48 [ 704.578500][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 706.091406][T11609] ptrace attach of "./syz-executor exec"[11610] was attempted by "./syz-executor exec"[11609] [ 708.377570][T11601] syz.1.1557 (11601): drop_caches: 2 [ 708.403299][T11601] syz.1.1557 (11601): drop_caches: 2 [ 712.782349][ T5886] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 713.104054][ T5886] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 713.117101][ T5886] usb 6-1: config 0 has no interface number 0 [ 713.285905][ T5886] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 713.311803][ T5886] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 713.367478][ T977] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 713.431490][T11658] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 714.006511][ T5886] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 714.025889][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.037098][ T5886] usb 6-1: config 0 descriptor?? [ 714.043853][T11643] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 714.061796][ T5886] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 714.220210][ T977] usb 1-1: Using ep0 maxpacket: 16 [ 714.243602][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 714.255139][ T977] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 714.284356][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.328377][ T977] usb 1-1: config 0 descriptor?? [ 714.335671][ T5886] usb 6-1: USB disconnect, device number 2 [ 714.806715][T11671] IPv6: sit1: Disabled Multicast RS [ 714.820437][T11671] sit1: entered allmulticast mode [ 715.610731][ T977] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0 [ 715.619180][ T977] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0 [ 715.626276][ T977] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0 [ 715.634995][ T977] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0 [ 715.642390][ T977] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0 [ 715.688179][ T977] mcp2221 0003:04D8:00DD.0009: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 716.381814][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 716.381833][ T30] audit: type=1326 audit(1748766441.045:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 716.469129][T11679] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 716.678352][ T30] audit: type=1326 audit(1748766441.045:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 717.369060][ T30] audit: type=1326 audit(1748766441.155:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 717.474928][ T5878] usb 1-1: USB disconnect, device number 51 [ 717.665971][ T30] audit: type=1326 audit(1748766441.155:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 718.469234][ T30] audit: type=1326 audit(1748766441.155:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 718.593755][ T30] audit: type=1326 audit(1748766441.155:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 719.238404][ T30] audit: type=1326 audit(1748766441.155:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 719.261323][ T30] audit: type=1326 audit(1748766441.155:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 719.283453][ T30] audit: type=1326 audit(1748766441.155:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 719.623804][ T30] audit: type=1326 audit(1748766441.155:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11678 comm="syz.1.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 720.181105][ T51] Bluetooth: hci0: unexpected event for opcode 0x080d [ 720.382983][ T5886] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 720.986507][ T5886] usb 3-1: Using ep0 maxpacket: 8 [ 721.135631][ T5886] usb 3-1: config 0 has an invalid interface number: 122 but max is 0 [ 721.145311][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 721.155881][ T5886] usb 3-1: config 0 has no interface number 0 [ 721.165639][ T5886] usb 3-1: config 0 interface 122 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 721.194479][ T5886] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7 [ 721.232771][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.298346][ T5886] usb 3-1: Product: syz [ 721.332169][ T5886] usb 3-1: Manufacturer: syz [ 721.353028][ T5886] usb 3-1: SerialNumber: syz [ 721.377547][ T5886] usb 3-1: config 0 descriptor?? [ 721.636979][ T5886] usb 3-1: NFC: intf ffff888011e58000 id ffffffff8eb3e480 [ 721.679715][ T5886] usb 3-1: USB disconnect, device number 49 [ 723.912767][T11740] tmpfs: Bad value for 'mpol' [ 725.146530][T10478] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 725.478110][T10478] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 725.489548][T10478] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 725.516412][T10478] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 725.529734][T10478] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 725.551538][T10478] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.292883][T10478] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 726.329316][T11790] hfs: unable to load iocharset "io#harset" [ 726.418316][T11792] netlink: 'syz.0.1604': attribute type 10 has an invalid length. [ 726.426291][T11792] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1604'. [ 726.502752][T10478] usb 2-1: invalid MIDI out EP 0 [ 726.666783][T11792] team0: Port device geneve0 added [ 728.176866][ T43] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 728.592591][ T43] usb 6-1: Using ep0 maxpacket: 32 [ 728.820875][ T43] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 729.022174][ T43] usb 6-1: config 0 has no interface number 0 [ 729.208509][ T43] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 729.390352][T10478] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 729.422099][ T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.639620][ T43] usb 6-1: Product: syz [ 729.643851][ T43] usb 6-1: Manufacturer: syz [ 729.649932][T10478] usb 2-1: USB disconnect, device number 39 [ 729.663463][ T43] usb 6-1: SerialNumber: syz [ 730.466932][ T43] usb 6-1: config 0 descriptor?? [ 730.475871][ T43] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 731.121948][ T43] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 731.127002][T11805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 731.293699][ T43] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 731.349674][T11805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.574548][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 734.796030][ T977] usb 6-1: USB disconnect, device number 3 [ 735.477578][ T977] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 736.337173][ T977] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 736.419628][ T977] quatech2 6-1:0.51: device disconnected [ 737.019310][T11866] ubi31: attaching mtd0 [ 737.057166][T11875] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1620'. [ 737.863936][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 737.863976][ T30] audit: type=1800 audit(1748766462.545:198): pid=11887 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1623" name="[kvm-gmem]" dev="anon_inodefs" ino=30885 res=0 errno=0 [ 738.860013][T11902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1630'. [ 738.946594][ T2097] usb 3-1: new full-speed USB device number 50 using dummy_hcd [ 740.279770][ T2097] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 740.289083][ T2097] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.300438][ T2097] usb 3-1: config 0 descriptor?? [ 740.308861][ T2097] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 740.598182][ T2097] usb 3-1: Detected FT232B [ 741.142382][ T2097] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 741.347139][ T2097] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 741.413617][ T2097] usb 3-1: USB disconnect, device number 50 [ 741.478087][ T2097] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 741.507131][ T2097] ftdi_sio 3-1:0.0: device disconnected [ 741.626570][ T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 742.231734][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 742.260071][ T10] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 742.296745][ T10] usb 2-1: can't read configurations, error -71 [ 742.631574][ T5879] IPVS: starting estimator thread 0... [ 742.767829][T11947] IPVS: using max 38 ests per chain, 91200 per kthread [ 744.282171][T11972] Invalid ELF header type: 0 != 1 [ 747.601091][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.237516][T11992] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1653'. [ 748.675384][T12007] netlink: 'syz.2.1659': attribute type 1 has an invalid length. [ 749.296543][ T5879] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 749.297304][T12012] bond3: entered promiscuous mode [ 749.387086][T12012] 8021q: adding VLAN 0 to HW filter on device bond3 [ 749.464848][T12012] bond2: (slave bond3): making interface the new active one [ 749.474945][T12012] bond2: (slave bond3): Enslaving as an active interface with an up link [ 749.622027][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 749.648344][ T5879] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 749.686930][ T5879] usb 5-1: config 0 has no interface number 0 [ 749.706724][ T5879] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 749.751837][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.810228][ T5879] usb 5-1: Product: syz [ 749.845052][ T5879] usb 5-1: Manufacturer: syz [ 749.866177][ T5879] usb 5-1: SerialNumber: syz [ 749.898052][ T5879] usb 5-1: config 0 descriptor?? [ 749.919285][ T5879] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 750.197889][ T5879] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 750.295946][T12030] Invalid ELF header type: 0 != 1 [ 750.811530][T12017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 750.842459][ T5879] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 750.852966][T12017] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 751.617274][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 751.627390][ T5879] usb 5-1: USB disconnect, device number 42 [ 751.664798][ T5879] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 751.742885][T12038] netlink: 'syz.0.1665': attribute type 1 has an invalid length. [ 751.833135][ T5879] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 752.672508][ T5879] quatech2 5-1:0.51: device disconnected [ 753.805592][T12038] 8021q: adding VLAN 0 to HW filter on device bond2 [ 753.910811][T12049] bond2: (slave veth0_to_bond): making interface the new active one [ 753.973594][T12049] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 754.213621][T12052] vlan2: entered allmulticast mode [ 754.226736][T12052] veth1: entered allmulticast mode [ 754.233781][T12052] veth1: entered promiscuous mode [ 754.244900][T12052] veth1: left promiscuous mode [ 754.421055][T12052] bond2: (slave vlan2): Enslaving as an active interface with an up link [ 754.460206][T12080] input: syz1 as /devices/virtual/input/input51 [ 756.260264][T12091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1675'. [ 756.274748][T12087] Invalid ELF header type: 0 != 1 [ 757.176855][ T30] audit: type=1326 audit(1748766481.865:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12089 comm="syz.5.1677" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7e5758e969 code=0x0 [ 757.235569][T12095] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 757.242214][T12095] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 757.287779][T12095] vhci_hcd vhci_hcd.0: Device attached [ 757.455739][T12099] vhci_hcd: connection closed [ 757.467154][ T2972] vhci_hcd: stop threads [ 757.754060][ T2972] vhci_hcd: release socket [ 757.904292][ T10] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 758.092638][ T5878] vhci_hcd: vhci_device speed not set [ 758.187320][ T5878] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 758.259656][ T2972] vhci_hcd: disconnect device [ 758.390459][ T5878] usb 43-1: enqueue for inactive port 0 [ 758.398205][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 758.407418][ T10] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 758.415123][ T10] usb 2-1: can't read configurations, error -71 [ 758.482324][ T5878] vhci_hcd: vhci_device speed not set [ 766.207209][T12210] block nbd0: shutting down sockets [ 768.657882][T12236] hugetlbfs: Unknown parameter 'nrGs' [ 768.903198][T12257] fuse: Unknown parameter 'fd0x0000000000000003' [ 769.036437][ T5886] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 769.046902][ T5878] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 769.232143][ T5878] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 769.262330][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.268696][ T5886] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 769.340707][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 769.363051][ T5886] usb 3-1: config 0 has no interface number 0 [ 769.399457][ T5886] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 769.429418][ T5878] usb 5-1: config 0 descriptor?? [ 770.048996][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.095901][ T5886] usb 3-1: Product: syz [ 770.528405][ T5878] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 770.532262][ T5886] usb 3-1: Manufacturer: syz [ 770.532282][ T5886] usb 3-1: SerialNumber: syz [ 770.573724][ T5878] usb 5-1: Detected FT232B [ 770.597654][ T5886] usb 3-1: config 0 descriptor?? [ 770.663888][ T5886] usb 3-1: can't set config #0, error -71 [ 770.713593][ T5886] usb 3-1: USB disconnect, device number 51 [ 771.806718][ T5878] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 771.824198][ T5878] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 771.912670][ T5878] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 771.961240][ T5878] usb 5-1: USB disconnect, device number 43 [ 772.165732][ T5878] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 772.223247][ T5878] ftdi_sio 5-1:0.0: device disconnected [ 772.506513][ T5886] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 772.606543][ T5878] IPVS: starting estimator thread 0... [ 772.837957][ T5886] usb 3-1: Using ep0 maxpacket: 8 [ 773.006633][T12303] IPVS: using max 25 ests per chain, 60000 per kthread [ 773.016933][ T5886] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 773.038495][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.056388][ T5886] usb 3-1: Product: syz [ 773.067104][ T5886] usb 3-1: Manufacturer: syz [ 773.111248][ T5886] usb 3-1: SerialNumber: syz [ 773.687265][ T5886] usb 3-1: config 0 descriptor?? [ 773.916626][ T5886] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 773.986753][ T5879] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 774.958979][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 775.917591][T12331] serio: Serial port ptm0 [ 776.010602][ T5886] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 776.555034][ T5879] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 776.985847][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.002044][ T5886] usb 3-1: USB disconnect, device number 52 [ 777.087014][ T5879] usb 5-1: config 0 descriptor?? [ 777.118151][ T5879] usb 5-1: can't set config #0, error -71 [ 777.143181][T12345] orangefs_mount: mount request failed with -4 [ 777.318173][ T5879] usb 5-1: USB disconnect, device number 44 [ 780.040068][ T5886] usb 1-1: new full-speed USB device number 52 using dummy_hcd [ 780.235334][ T5886] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 780.255253][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.468095][ T5886] usb 1-1: config 0 descriptor?? [ 780.527070][ T5886] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 781.147594][ T5886] usb 1-1: Detected FT232A [ 781.217197][ T5886] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 781.326479][ T5886] usb 1-1: USB disconnect, device number 52 [ 781.541415][ T5886] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 781.578735][ T5886] ftdi_sio 1-1:0.0: device disconnected [ 781.679297][T12405] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 781.691052][T12405] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 782.346434][ T5878] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 782.512903][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 782.559189][ T5878] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 782.577894][ T5878] usb 3-1: config 0 has no interface number 0 [ 782.595982][ T5878] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 782.622237][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.671197][ T5878] usb 3-1: Product: syz [ 782.685784][ T5878] usb 3-1: Manufacturer: syz [ 782.723213][ T5878] usb 3-1: SerialNumber: syz [ 782.750424][ T5878] usb 3-1: config 0 descriptor?? [ 782.761527][ T5878] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 783.819689][ T5878] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 783.894586][ T5878] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 784.065074][T12401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.126958][T12401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.882713][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 784.886828][ T43] usb 3-1: USB disconnect, device number 53 [ 784.935550][ T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 785.082908][ T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 785.119931][ T43] quatech2 3-1:0.51: device disconnected [ 786.186414][ T5878] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 786.385514][T12449] IPv6: sit1: Disabled Multicast RS [ 786.391995][T12449] sit1: entered allmulticast mode [ 787.228954][ T5878] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 787.372479][T12451] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 787.384290][T12451] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 787.748940][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.773536][ T5878] usb 6-1: config 0 descriptor?? [ 787.804201][ T5878] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 788.025383][ T5878] usb 6-1: Detected FT232B [ 788.245569][ T5878] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 788.305842][ T5878] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 788.488927][ T5878] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 788.517988][ T5878] usb 6-1: USB disconnect, device number 4 [ 788.527025][ T5878] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 789.141205][ T5878] ftdi_sio 6-1:0.0: device disconnected [ 790.498725][T12484] nbd2: detected capacity change from 0 to 4294967296 [ 790.792185][T12489] nbd2: detected capacity change from 4294967296 to 2820 [ 791.365405][ T51] block nbd2: Receive control failed (result -104) [ 792.644135][T12504] IPv6: sit1: Disabled Multicast RS [ 792.650636][T12504] sit1: entered allmulticast mode [ 800.775204][T12580] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1823'. [ 800.786990][T12580] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1823'. [ 804.216220][T12609] ubi31: attaching mtd0 [ 808.201360][T12627] tmpfs: Bad value for 'mpol' [ 808.777392][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.985187][T12656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1850'. [ 810.031458][ T5877] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 810.837943][T11083] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 810.866702][T11083] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 810.920252][T11083] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 810.928535][T11083] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 810.937805][T11083] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 810.966568][ T5877] usb 5-1: Using ep0 maxpacket: 32 [ 811.099981][ T51] Bluetooth: hci0: connection err: -111 [ 811.186803][ T5877] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 811.418687][ T5877] usb 5-1: config 0 has no interface number 0 [ 811.578635][ T5877] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 811.602978][T12650] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1849'. [ 811.630365][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.870367][ T5877] usb 5-1: Product: syz [ 811.874608][ T5877] usb 5-1: Manufacturer: syz [ 811.882810][ T5877] usb 5-1: SerialNumber: syz [ 812.567245][ T5877] usb 5-1: config 0 descriptor?? [ 812.648900][ T5877] usb 5-1: can't set config #0, error -71 [ 812.782836][ T5877] usb 5-1: USB disconnect, device number 45 [ 812.967473][T12678] smc: net device bond0 erased user defined pnetid SYZ0 [ 813.037037][ T5886] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 813.046405][ T51] Bluetooth: hci5: command tx timeout [ 813.078547][T12658] chnl_net:caif_netlink_parms(): no params data found [ 813.198530][ T5886] usb 1-1: Using ep0 maxpacket: 16 [ 813.306005][ T5886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 813.316825][ T5886] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.328183][ T5886] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 813.339649][ T5886] usb 1-1: config 0 interface 0 has no altsetting 0 [ 813.347478][ T5886] usb 1-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 813.357308][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.373601][ T5886] usb 1-1: config 0 descriptor?? [ 813.496134][T12658] bridge0: port 1(bridge_slave_0) entered blocking state [ 813.540931][T12658] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.569547][T12658] bridge_slave_0: entered allmulticast mode [ 813.591633][T12658] bridge_slave_0: entered promiscuous mode [ 813.605187][T12658] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.615739][T12658] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.665500][T12658] bridge_slave_1: entered allmulticast mode [ 813.693179][T12658] bridge_slave_1: entered promiscuous mode [ 813.853125][ T5886] kye 0003:0458:0153.000A: unexpected long global item [ 813.883785][ T5886] kye 0003:0458:0153.000A: parse failed [ 813.903185][T12658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 813.912061][ T5886] kye 0003:0458:0153.000A: probe with driver kye failed with error -22 [ 813.924996][T12658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 814.051859][ T5886] usb 1-1: USB disconnect, device number 53 [ 814.462413][T12658] team0: Port device team_slave_0 added [ 815.116473][ T51] Bluetooth: hci5: command tx timeout [ 815.147944][T12658] team0: Port device team_slave_1 added [ 815.308909][T12658] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 815.342394][T12658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.368323][ C0] vkms_vblank_simulate: vblank timer overrun [ 815.438686][T12658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 815.457537][T12658] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 815.465922][T12658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.529390][T12658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 815.680571][T12658] hsr_slave_0: entered promiscuous mode [ 815.697338][T12658] hsr_slave_1: entered promiscuous mode [ 815.715492][T12658] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 815.716420][ T5879] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 815.735951][T12658] Cannot create hsr debugfs directory [ 815.977927][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 816.007807][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 816.275824][T12727] Invalid ELF header type: 0 != 1 [ 816.283979][ T10] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 816.516767][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 816.687140][ T5879] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 816.713434][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.736424][ T5879] usb 1-1: Product: syz [ 816.746669][ T5879] usb 1-1: Manufacturer: syz [ 816.764224][ T5879] usb 1-1: SerialNumber: syz [ 816.822495][ T10] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 816.822859][ T5879] usb 1-1: config 0 descriptor?? [ 816.833619][ T10] usb 5-1: config 2 has no interface number 0 [ 816.842838][ T10] usb 5-1: config 2 interface 31 has no altsetting 0 [ 816.857630][ T10] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 816.867162][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.875232][ T10] usb 5-1: Product: syz [ 816.880405][ T10] usb 5-1: Manufacturer: syz [ 816.886507][ T10] usb 5-1: SerialNumber: syz [ 816.913673][ T5879] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 817.139112][ T5879] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 817.208721][ T51] Bluetooth: hci5: command tx timeout [ 817.894919][ T5879] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 818.437282][ T10] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22 [ 818.681979][ T10] usb 5-1: USB disconnect, device number 46 [ 818.701659][T12658] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 818.743315][T12658] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 818.779270][ T5879] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 818.809099][T12658] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 818.811934][ T5879] em28xx 1-1:0.0: board has no eeprom [ 818.826108][T12658] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 818.897843][ T5879] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 818.926242][ T5879] em28xx 1-1:0.0: dvb set to bulk mode. [ 818.944547][ T5886] em28xx 1-1:0.0: Binding DVB extension [ 818.977670][ T5879] usb 1-1: USB disconnect, device number 54 [ 818.997970][ T5879] em28xx 1-1:0.0: Disconnecting em28xx [ 819.034736][ T5886] em28xx 1-1:0.0: Registering input extension [ 819.092039][ T5879] em28xx 1-1:0.0: Closing input extension [ 819.125251][T12658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 819.178538][ T5879] em28xx 1-1:0.0: Freeing device [ 819.199720][T12658] 8021q: adding VLAN 0 to HW filter on device team0 [ 819.244071][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.251331][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 819.276414][ T51] Bluetooth: hci5: command tx timeout [ 819.324885][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.332131][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 819.708581][T12658] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 820.879904][ T94] block nbd2: Possible stuck request ffff888026085080: control (read@0,4096B). Runtime 30 seconds [ 822.168909][T12785] Invalid ELF header type: 0 != 1 [ 824.235027][T12658] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 824.484562][T12806] 9pnet_virtio: no channels available for device syz [ 826.078752][T12824] Invalid ELF header type: 0 != 1 [ 828.728595][T12840] vivid-007: ================= START STATUS ================= [ 828.736530][T12840] vivid-007: Generate PTS: true [ 828.742062][T12840] vivid-007: Generate SCR: true [ 828.747497][T12840] tpg source WxH: 320x240 (Y'CbCr) [ 828.752756][T12840] tpg field: 1 [ 828.756417][T12840] tpg crop: (0,0)/320x240 [ 828.760897][T12840] tpg compose: (0,0)/320x240 [ 828.765635][T12840] tpg colorspace: 8 [ 828.769632][T12840] tpg transfer function: 0/0 [ 828.774396][T12840] tpg Y'CbCr encoding: 0/0 [ 828.779168][T12840] tpg quantization: 0/0 [ 828.783594][T12840] tpg RGB range: 0/2 [ 828.788397][T12840] vivid-007: ================== END STATUS ================== [ 829.883491][T12658] veth0_vlan: entered promiscuous mode [ 829.943621][T12658] veth1_vlan: entered promiscuous mode [ 830.081060][T12658] veth0_macvtap: entered promiscuous mode [ 830.125909][T12658] veth1_macvtap: entered promiscuous mode [ 830.207854][T12658] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 830.283721][T12658] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 830.360166][T12658] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.511048][T12853] hub 8-0:1.0: USB hub found [ 830.517306][T12853] hub 8-0:1.0: 1 port detected [ 831.141267][T12658] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.150824][T12658] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.159730][T12658] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.724094][T12864] Invalid ELF header type: 0 != 1 [ 832.539006][ T30] audit: type=1326 audit(1748766557.225:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 833.015736][ T30] audit: type=1326 audit(1748766557.245:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 833.266793][ T30] audit: type=1326 audit(1748766557.495:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.006921][ T30] audit: type=1326 audit(1748766557.495:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.118787][ T6187] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 834.167468][ T30] audit: type=1326 audit(1748766557.505:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.171738][ T6187] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 834.402459][T12878] vivid-007: ================= START STATUS ================= [ 834.410524][T12878] vivid-007: Generate PTS: true [ 834.415587][T12878] vivid-007: Generate SCR: true [ 834.421115][T12878] tpg source WxH: 320x240 (Y'CbCr) [ 834.426568][T12878] tpg field: 1 [ 834.430106][T12878] tpg crop: (0,0)/320x240 [ 834.434507][T12878] tpg compose: (0,0)/320x240 [ 834.439327][T12878] tpg colorspace: 8 [ 834.446990][T12878] tpg transfer function: 0/0 [ 834.451684][T12878] tpg Y'CbCr encoding: 0/0 [ 834.456161][T12878] tpg quantization: 0/0 [ 834.460650][T12878] tpg RGB range: 0/2 [ 834.464676][T12878] vivid-007: ================== END STATUS ================== [ 834.747847][ T30] audit: type=1326 audit(1748766557.505:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.796541][ T30] audit: type=1326 audit(1748766557.515:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.920530][ T30] audit: type=1326 audit(1748766557.515:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 834.982733][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 835.014561][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 835.048308][T12880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1914'. [ 835.085195][ T30] audit: type=1326 audit(1748766557.525:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 835.085343][T12880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1914'. [ 835.223046][ T30] audit: type=1326 audit(1748766557.525:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12867 comm="syz.0.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f531598e969 code=0x7ffc0000 [ 837.645035][T12911] Invalid ELF header type: 0 != 1 [ 838.416434][T12912] vivid-007: ================= START STATUS ================= [ 838.424198][T12912] vivid-007: Generate PTS: true [ 838.429505][T12912] vivid-007: Generate SCR: true [ 838.441688][T12912] tpg source WxH: 320x240 (Y'CbCr) [ 838.447191][T12912] tpg field: 1 [ 838.450702][T12912] tpg crop: (0,0)/320x240 [ 838.455136][T12912] tpg compose: (0,0)/320x240 [ 838.459963][T12912] tpg colorspace: 8 [ 838.463811][T12912] tpg transfer function: 0/0 [ 838.469780][T12912] tpg Y'CbCr encoding: 0/0 [ 838.474560][T12912] tpg quantization: 0/0 [ 838.479378][T12912] tpg RGB range: 0/2 [ 838.483630][T12912] vivid-007: ================== END STATUS ================== [ 839.967857][T12918] program syz.1.1926 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 841.183121][T12933] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1931'. [ 841.635699][ T10] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 841.837349][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 841.862177][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 841.947514][ T10] usb 5-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 841.974191][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 842.162199][T12955] Invalid ELF header type: 0 != 1 [ 842.948817][ T10] usb 5-1: config 0 descriptor?? [ 843.056594][T12956] vivid-007: ================= START STATUS ================= [ 843.064511][T12956] vivid-007: Generate PTS: true [ 843.070125][T12956] vivid-007: Generate SCR: true [ 843.075225][T12956] tpg source WxH: 320x240 (Y'CbCr) [ 843.081084][T12956] tpg field: 1 [ 843.086504][T12956] tpg crop: (0,0)/320x240 [ 843.091279][T12956] tpg compose: (0,0)/320x240 [ 843.096714][T12956] tpg colorspace: 8 [ 843.100852][T12956] tpg transfer function: 0/0 [ 843.113382][T12956] tpg Y'CbCr encoding: 0/0 [ 843.119869][T12956] tpg quantization: 0/0 [ 843.124513][T12956] tpg RGB range: 0/2 [ 843.129023][T12956] vivid-007: ================== END STATUS ================== [ 843.397125][T12933] tmpfs: Unknown parameter 'grp˙˙' [ 843.574024][T12961] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 843.681207][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 843.681238][ T30] audit: type=1326 audit(1748766568.285:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12959 comm="syz.6.1938" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdd0cf8e969 code=0x0 [ 844.624987][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 844.850892][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 845.232331][ T10] usb 5-1: USB disconnect, device number 47 [ 848.431455][T12999] Invalid ELF header type: 0 != 1 [ 849.013077][ T30] audit: type=1800 audit(1748766573.105:224): pid=12996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1947" name="[kvm-gmem]" dev="anon_inodefs" ino=36154 res=0 errno=0 [ 850.248947][T13007] vivid-007: ================= START STATUS ================= [ 850.256956][T13007] vivid-007: Generate PTS: true [ 850.262085][T13007] vivid-007: Generate SCR: true [ 850.267341][T13007] tpg source WxH: 320x240 (Y'CbCr) [ 850.272676][T13007] tpg field: 1 [ 850.276121][T13007] tpg crop: (0,0)/320x240 [ 850.280607][T13007] tpg compose: (0,0)/320x240 [ 850.285328][T13007] tpg colorspace: 8 [ 850.289406][T13007] tpg transfer function: 0/0 [ 850.294126][T13007] tpg Y'CbCr encoding: 0/0 [ 850.298778][T13007] tpg quantization: 0/0 [ 850.303067][T13007] tpg RGB range: 0/2 [ 850.307154][T13007] vivid-007: ================== END STATUS ================== [ 850.957315][ T94] block nbd2: Possible stuck request ffff888026085080: control (read@0,4096B). Runtime 60 seconds [ 852.938003][T13035] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 854.308377][T13048] Invalid ELF header type: 0 != 1 [ 855.456260][ T30] audit: type=1800 audit(1748766580.125:225): pid=13051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.1962" name="[kvm-gmem]" dev="anon_inodefs" ino=37104 res=0 errno=0 [ 856.478020][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 861.583611][T13092] Invalid ELF header type: 0 != 1 [ 862.208411][ T30] audit: type=1800 audit(1748766586.825:226): pid=13100 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.1976" name="[kvm-gmem]" dev="anon_inodefs" ino=37228 res=0 errno=0 [ 865.578584][T13128] serio: Serial port ptm0 [ 867.216840][T11083] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 867.276913][T11083] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 867.285500][T11083] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 867.295565][T11083] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 867.304865][T11083] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 867.756425][ T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 867.801026][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 868.011166][ T43] usb 7-1: Using ep0 maxpacket: 32 [ 868.053839][ T43] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 868.097450][ T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 868.098884][ T3009] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.144825][ T43] usb 7-1: config 0 descriptor?? [ 868.178918][ T43] gspca_main: sq930x-2.14.0 probing 041e:403c [ 868.248122][T13101] usb 1-1: new full-speed USB device number 55 using dummy_hcd [ 868.318996][ T3009] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.396425][T13101] usb 1-1: device descriptor read/64, error -71 [ 868.435492][T13137] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1987'. [ 868.558339][ T3009] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.646474][T13101] usb 1-1: new full-speed USB device number 56 using dummy_hcd [ 868.722423][ T3009] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.791204][T13139] chnl_net:caif_netlink_parms(): no params data found [ 868.796627][T13101] usb 1-1: device descriptor read/64, error -71 [ 868.910709][T13101] usb usb1-port1: attempt power cycle [ 869.078524][T13137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 869.129215][T13137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 869.186829][T13137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 869.196463][T13137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 869.518238][T11083] Bluetooth: hci6: command tx timeout [ 869.546545][T13101] usb 1-1: new full-speed USB device number 57 using dummy_hcd [ 869.821680][T13101] usb 1-1: device descriptor read/8, error -71 [ 870.050593][T13139] bridge0: port 1(bridge_slave_0) entered blocking state [ 870.066382][ T43] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 870.101506][T13139] bridge0: port 1(bridge_slave_0) entered disabled state [ 870.119339][T13101] usb 1-1: new full-speed USB device number 58 using dummy_hcd [ 870.136788][ T43] sq930x 7-1:0.0: probe with driver sq930x failed with error -71 [ 870.139780][T13139] bridge_slave_0: entered allmulticast mode [ 870.166967][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.186669][ T43] usb 7-1: USB disconnect, device number 2 [ 870.197078][T13101] usb 1-1: device descriptor read/8, error -71 [ 870.220896][T13139] bridge_slave_0: entered promiscuous mode [ 870.409246][T13101] usb usb1-port1: unable to enumerate USB device [ 870.492810][T13139] bridge0: port 2(bridge_slave_1) entered blocking state [ 870.652730][T13139] bridge0: port 2(bridge_slave_1) entered disabled state [ 870.727745][T13139] bridge_slave_1: entered allmulticast mode [ 870.764081][T13139] bridge_slave_1: entered promiscuous mode [ 870.979331][T13139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 871.023226][ T3009] bridge_slave_1: left allmulticast mode [ 871.119111][ T3009] bridge_slave_1: left promiscuous mode [ 871.125856][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.217371][ T10] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 871.596495][T11083] Bluetooth: hci6: command tx timeout [ 871.954917][ T3009] bridge_slave_0: left allmulticast mode [ 871.976520][ T3009] bridge_slave_0: left promiscuous mode [ 871.997190][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.095253][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 872.155096][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 872.190838][ T10] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 872.224460][ T10] usb 5-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 872.296774][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.561009][ T10] usb 5-1: config 0 descriptor?? [ 873.181462][ T43] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 873.346432][ T43] usb 7-1: Using ep0 maxpacket: 32 [ 873.384204][ T43] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 873.419571][ T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 873.430994][ T43] usb 7-1: config 0 descriptor?? [ 873.463126][ T43] gspca_main: sq930x-2.14.0 probing 041e:403c [ 873.676759][T11083] Bluetooth: hci6: command tx timeout [ 873.927015][ T3009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 873.959394][ T3009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 873.991295][ T3009] bond0 (unregistering): Released all slaves [ 874.052722][T13139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 874.184053][ T5878] usb 5-1: USB disconnect, device number 48 [ 874.284330][T13213] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2006'. [ 874.374332][T13213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 874.428544][T13213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 874.725404][T13213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 874.739347][T13213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 874.747290][ T43] gspca_sq930x: reg_w 0105 bf00 failed -110 [ 874.817287][ T43] sq930x 7-1:0.0: probe with driver sq930x failed with error -110 [ 875.170681][T13139] team0: Port device team_slave_0 added [ 875.231695][T13139] team0: Port device team_slave_1 added [ 875.419143][ T5878] usb 7-1: USB disconnect, device number 3 [ 875.481806][T13139] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 875.525456][T13139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 875.635407][T13139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 875.762373][T11083] Bluetooth: hci6: command tx timeout [ 875.859460][ T30] audit: type=1800 audit(1748766600.545:227): pid=13245 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2014" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 875.942522][T13139] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 875.969392][T13139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.006104][T13139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 876.265343][ T3009] hsr_slave_0: left promiscuous mode [ 876.296055][ T3009] hsr_slave_1: left promiscuous mode [ 876.327577][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 876.335049][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 876.474245][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 876.492188][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 876.769059][ T3009] veth1_macvtap: left promiscuous mode [ 876.782135][ T3009] veth0_macvtap: left promiscuous mode [ 876.818211][ T3009] veth1_vlan: left promiscuous mode [ 876.823767][ T3009] veth0_vlan: left promiscuous mode [ 877.230550][T13274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2021'. [ 878.186928][ T5877] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 878.378882][ T5877] usb 7-1: Using ep0 maxpacket: 32 [ 878.393134][ T5877] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 878.410990][ T5877] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 878.485475][ T5877] usb 7-1: config 0 descriptor?? [ 878.500725][ T5877] gspca_main: sq930x-2.14.0 probing 041e:403c [ 879.409479][T13289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 879.441173][T13289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 879.462517][T13289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 879.484215][T13289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 879.832618][ T5877] gspca_sq930x: reg_w 0105 bf00 failed -110 [ 879.896490][ T5877] sq930x 7-1:0.0: probe with driver sq930x failed with error -110 [ 880.712991][ T3009] team0 (unregistering): Port device team_slave_1 removed [ 880.763450][T13308] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 880.770086][T13308] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 880.798258][T13308] vhci_hcd vhci_hcd.0: Device attached [ 880.834541][ T3009] team0 (unregistering): Port device team_slave_0 removed [ 881.081758][ T94] block nbd2: Possible stuck request ffff888026085080: control (read@0,4096B). Runtime 90 seconds [ 881.341284][ T5877] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 881.572575][T13309] vhci_hcd: connection reset by peer [ 881.589297][ T6187] vhci_hcd: stop threads [ 881.632423][ T6187] vhci_hcd: release socket [ 881.643086][ T6187] vhci_hcd: disconnect device [ 882.752888][T13139] hsr_slave_0: entered promiscuous mode [ 882.760057][T13139] hsr_slave_1: entered promiscuous mode [ 882.766777][T13139] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 882.775425][T13139] Cannot create hsr debugfs directory [ 882.782183][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2022'. [ 882.827064][T10478] usb 7-1: USB disconnect, device number 4 [ 882.973380][T13308] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2031'. [ 886.397588][ T43] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 886.536724][ T5877] vhci_hcd: vhci_device speed not set [ 886.696528][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 886.739674][ T43] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 886.758416][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 886.809694][ T43] usb 2-1: config 0 descriptor?? [ 886.871134][ T43] gspca_main: sq930x-2.14.0 probing 041e:403c [ 887.121850][T13363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2045'. [ 888.078338][ T43] gspca_sq930x: reg_r 001f failed -110 [ 888.167816][T13139] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 888.236444][ T43] sq930x 2-1:0.0: probe with driver sq930x failed with error -110 [ 888.300414][T13139] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 888.871648][T13139] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 888.947050][T13139] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 889.076732][T13395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 889.187149][T13395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 889.335096][T13395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 889.389195][T13395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 889.544958][T13139] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.587589][T13139] 8021q: adding VLAN 0 to HW filter on device team0 [ 889.646466][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 889.653759][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 890.305275][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.312530][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 890.426721][ T43] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 890.726462][ T43] usb 1-1: device descriptor read/64, error -71 [ 891.026604][ T43] usb 1-1: new full-speed USB device number 60 using dummy_hcd [ 891.237244][T10478] usb 2-1: USB disconnect, device number 44 [ 891.326809][ T43] usb 1-1: device descriptor read/64, error -71 [ 891.706446][ T43] usb usb1-port1: attempt power cycle [ 893.141797][T13139] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 893.741816][T13444] ubi31: attaching mtd0 [ 893.786498][T10478] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 893.946865][T10478] usb 7-1: Using ep0 maxpacket: 16 [ 893.962123][T10478] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 893.979210][T10478] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 894.033247][T10478] usb 7-1: config 0 interface 0 has no altsetting 0 [ 894.075050][T10478] usb 7-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 894.133847][T10478] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 894.202017][T10478] usb 7-1: config 0 descriptor?? [ 894.757589][T10478] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 894.773985][T13460] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 897.058271][T13101] usb 7-1: USB disconnect, device number 5 [ 898.212772][T13139] veth0_vlan: entered promiscuous mode [ 898.316669][T13139] veth1_vlan: entered promiscuous mode [ 903.678317][T13512] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2080'. [ 904.338415][T13512] vlan3: entered promiscuous mode [ 904.343515][T13512] veth0_virt_wifi: entered promiscuous mode [ 904.409877][T13139] veth0_macvtap: entered promiscuous mode [ 904.572493][T13139] veth1_macvtap: entered promiscuous mode [ 904.704616][ T30] audit: type=1326 audit(1748766629.375:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 904.740512][T13139] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 904.823744][T13139] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 904.837282][ T30] audit: type=1326 audit(1748766629.375:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 904.890702][T13139] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.958190][T13139] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 904.972011][ T30] audit: type=1326 audit(1748766629.465:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 904.987313][T13139] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.005924][T13139] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.065776][ T30] audit: type=1326 audit(1748766629.465:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 905.113415][ T30] audit: type=1326 audit(1748766629.465:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 905.221261][ T30] audit: type=1326 audit(1748766629.465:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 905.343588][ T30] audit: type=1326 audit(1748766629.465:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13516 comm="syz.1.2081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdb8e969 code=0x7ffc0000 [ 905.576388][ T43] usb 5-1: new low-speed USB device number 49 using dummy_hcd [ 905.619915][ T7485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 905.689143][ T7485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 905.759362][ T43] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 905.775264][T13531] bond_slave_0: entered promiscuous mode [ 905.781459][T13531] bond_slave_1: entered promiscuous mode [ 905.796500][ T43] usb 5-1: config 0 has no interface number 0 [ 905.808977][ T43] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 905.823853][T13531] vlan3: entered promiscuous mode [ 905.830014][T13531] bond0: entered promiscuous mode [ 905.835342][ T43] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 905.865131][ T43] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 905.901389][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 906.027518][ T43] usb 5-1: config 0 descriptor?? [ 906.065571][ T43] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 906.177535][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 906.235712][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 906.345072][T13526] iowarrior 5-1:0.1: Error -90 while submitting URB [ 906.386659][ T5877] usb 5-1: USB disconnect, device number 49 [ 906.714644][T13544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2088'. [ 907.298189][T13544] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 907.307659][T13544] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 907.317535][T13544] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 907.837452][T13546] vivid-007: ================= START STATUS ================= [ 907.849703][T13546] vivid-007: Generate PTS: true [ 907.855863][T13546] vivid-007: Generate SCR: true [ 907.866016][T13546] tpg source WxH: 320x240 (Y'CbCr) [ 907.872058][T13546] tpg field: 1 [ 907.876622][T13546] tpg crop: (0,0)/320x240 [ 907.883669][T13546] tpg compose: (0,0)/320x240 [ 907.892573][T13546] tpg colorspace: 8 [ 907.903440][T13546] tpg transfer function: 0/0 [ 907.910817][T13546] tpg Y'CbCr encoding: 0/0 [ 907.917693][T13546] tpg quantization: 0/0 [ 907.924863][T13546] tpg RGB range: 0/2 [ 907.932115][T13546] vivid-007: ================== END STATUS ================== [ 911.285366][ T94] block nbd2: Possible stuck request ffff888026085080: control (read@0,4096B). Runtime 120 seconds [ 912.445801][ T30] audit: type=1800 audit(1748766637.065:235): pid=13581 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2098" name="[kvm-gmem]" dev="anon_inodefs" ino=39464 res=0 errno=0 [ 913.640295][T13598] syz.0.2101: attempt to access beyond end of device [ 913.640295][T13598] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 913.680726][T13598] hpfs: hpfs_map_sector(): read error [ 915.256147][T13610] vivid-007: ================= START STATUS ================= [ 915.264142][T13610] vivid-007: Generate PTS: true [ 915.270371][T13610] vivid-007: Generate SCR: true [ 915.277929][T13610] tpg source WxH: 320x240 (Y'CbCr) [ 915.283185][T13610] tpg field: 1 [ 915.286745][T13610] tpg crop: (0,0)/320x240 [ 915.291178][T13610] tpg compose: (0,0)/320x240 [ 915.295880][T13610] tpg colorspace: 8 [ 915.299974][T13610] tpg transfer function: 0/0 [ 915.304711][T13610] tpg Y'CbCr encoding: 0/0 [ 915.309629][T13610] tpg quantization: 0/0 [ 915.313891][T13610] tpg RGB range: 0/2 [ 915.318127][T13610] vivid-007: ================== END STATUS ================== [ 916.094562][T13615] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 916.106518][T13615] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 919.172258][T13622] tmpfs: Bad value for 'mpol' [ 921.026392][ T5878] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 921.176557][ T5878] usb 2-1: Using ep0 maxpacket: 16 [ 921.189343][ T5878] usb 2-1: config 0 has an invalid interface number: 48 but max is 0 [ 921.198521][ T5878] usb 2-1: config 0 has no interface number 0 [ 921.210744][ T5878] usb 2-1: config 0 interface 48 has no altsetting 0 [ 921.231690][ T5878] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 921.241870][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 921.263405][ T5878] usb 2-1: Product: syz [ 921.275267][ T5878] usb 2-1: Manufacturer: syz [ 921.291905][ T5878] usb 2-1: SerialNumber: syz [ 921.313304][ T5878] usb 2-1: config 0 descriptor?? [ 922.139695][T13638] ref_ctr_offset mismatch. inode: 0x964 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 922.310759][ T43] usb 2-1: USB disconnect, device number 45 [ 923.251073][T13664] vivid-007: ================= START STATUS ================= [ 923.258782][T13664] vivid-007: Generate PTS: true [ 923.263683][T13664] vivid-007: Generate SCR: true [ 923.268641][T13664] tpg source WxH: 320x240 (Y'CbCr) [ 923.273750][T13664] tpg field: 1 [ 923.277640][T13664] tpg crop: (0,0)/320x240 [ 923.281976][T13664] tpg compose: (0,0)/320x240 [ 923.286595][T13664] tpg colorspace: 8 [ 923.290398][T13664] tpg transfer function: 0/0 [ 923.294987][T13664] tpg Y'CbCr encoding: 0/0 [ 923.299433][T13664] tpg quantization: 0/0 [ 923.303584][T13664] tpg RGB range: 0/2 [ 923.307511][T13664] vivid-007: ================== END STATUS ================== [ 924.807466][T13691] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 926.937006][T13707] hfs: unable to load iocharset "io#harset" [ 928.115260][T13726] fuse: Bad value for 'fd' [ 929.049343][T13729] vivid-007: ================= START STATUS ================= [ 929.061201][T13729] vivid-007: Generate PTS: true [ 929.066085][T13729] vivid-007: Generate SCR: true [ 929.071780][T13729] tpg source WxH: 320x240 (Y'CbCr) [ 929.076953][T13729] tpg field: 1 [ 929.080320][T13729] tpg crop: (0,0)/320x240 [ 929.084684][T13729] tpg compose: (0,0)/320x240 [ 929.089320][T13729] tpg colorspace: 8 [ 929.093130][T13729] tpg transfer function: 0/0 [ 929.097820][T13729] tpg Y'CbCr encoding: 0/0 [ 929.102239][T13729] tpg quantization: 0/0 [ 929.106469][T13729] tpg RGB range: 0/2 [ 929.110364][T13729] vivid-007: ================== END STATUS ================== [ 931.021000][T13752] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2140'. [ 931.602443][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.867348][T13762] hfs: unable to load iocharset "io#harset" [ 933.720219][ T51] Bluetooth: hci5: command 0x0406 tx timeout [ 934.931422][T13772] vivid-007: ================= START STATUS ================= [ 934.939147][T13772] vivid-007: Generate PTS: true [ 934.944013][T13772] vivid-007: Generate SCR: true [ 934.948936][T13772] tpg source WxH: 320x240 (Y'CbCr) [ 934.954048][T13772] tpg field: 1 [ 934.957817][T13772] tpg crop: (0,0)/320x240 [ 934.962147][T13772] tpg compose: (0,0)/320x240 [ 934.966762][T13772] tpg colorspace: 8 [ 934.970566][T13772] tpg transfer function: 0/0 [ 934.975151][T13772] tpg Y'CbCr encoding: 0/0 [ 934.979582][T13772] tpg quantization: 0/0 [ 934.983732][T13772] tpg RGB range: 0/2 [ 934.987669][T13772] vivid-007: ================== END STATUS ================== [ 936.789456][T13802] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2152'. [ 939.195672][T13827] vivid-007: ================= START STATUS ================= [ 939.204496][T13827] vivid-007: Generate PTS: true [ 939.209441][T13827] vivid-007: Generate SCR: true [ 939.214306][T13827] tpg source WxH: 320x240 (Y'CbCr) [ 939.219455][T13827] tpg field: 1 [ 939.222821][T13827] tpg crop: (0,0)/320x240 [ 939.227208][T13827] tpg compose: (0,0)/320x240 [ 939.231790][T13827] tpg colorspace: 8 [ 939.235584][T13827] tpg transfer function: 0/0 [ 939.240195][T13827] tpg Y'CbCr encoding: 0/0 [ 939.244600][T13827] tpg quantization: 0/0 [ 939.248775][T13827] tpg RGB range: 0/2 [ 939.252681][T13827] vivid-007: ================== END STATUS ================== [ 940.249075][ T5930] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 940.620892][ T5930] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 940.646637][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 940.654778][ T5930] usb 2-1: Product: syz [ 941.328047][ T5930] usb 2-1: Manufacturer: syz [ 941.333842][ T5930] usb 2-1: SerialNumber: syz [ 941.378579][ T5930] usb 2-1: config 0 descriptor?? [ 941.838987][ T94] block nbd2: Possible stuck request ffff888026085080: control (read@0,4096B). Runtime 150 seconds [ 941.878922][ T5930] cx82310_eth 2-1:0.0: probe with driver cx82310_eth failed with error -22 [ 942.131668][ T5930] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 942.369906][T13101] usb 2-1: USB disconnect, device number 46 [ 942.703105][ T5930] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 942.892769][T13880] vivid-007: ================= START STATUS ================= [ 943.563473][T13880] vivid-007: Generate PTS: true [ 943.568483][T13880] vivid-007: Generate SCR: true [ 943.573356][T13880] tpg source WxH: 320x240 (Y'CbCr) [ 943.578503][T13880] tpg field: 1 [ 943.581899][T13880] tpg crop: (0,0)/320x240 [ 943.586232][T13880] tpg compose: (0,0)/320x240 [ 943.590863][T13880] tpg colorspace: 8 [ 943.594680][T13880] tpg transfer function: 0/0 [ 943.600308][T13880] tpg Y'CbCr encoding: 0/0 [ 943.604737][T13880] tpg quantization: 0/0 [ 943.608927][T13880] tpg RGB range: 0/2 [ 943.612845][T13880] vivid-007: ================== END STATUS ================== [ 943.730284][ T5930] usb 8-1: not running at top speed; connect to a high speed hub [ 943.783863][ T5930] usb 8-1: config 95 has an invalid interface number: 1 but max is 0 [ 943.802482][ T5930] usb 8-1: config 95 has no interface number 0 [ 943.822794][ T5930] usb 8-1: config 95 interface 1 has no altsetting 0 [ 944.126663][ T5930] usb 8-1: string descriptor 0 read error: -22 [ 944.132985][ T5930] usb 8-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 944.904001][ T5930] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.050559][ T31] INFO: task syz.2.1792:12484 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 945.156420][ T31] Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 [ 945.201286][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 945.293945][ T31] task:syz.2.1792 state:D stack:28328 pid:12484 tgid:12483 ppid:5829 task_flags:0x400140 flags:0x00004004 [ 945.584640][ T31] Call Trace: [ 945.635863][ T31] [ 945.665995][ T31] __schedule+0x16a2/0x4cb0 [ 945.745336][ T31] ? __lock_acquire+0xa91/0xd20 [ 945.766358][ T31] ? schedule+0x165/0x360 [ 945.770778][ T31] ? __pfx___schedule+0x10/0x10 [ 945.809195][ T31] ? schedule+0x91/0x360 [ 945.813705][ T31] schedule+0x165/0x360 [ 945.827899][ T31] schedule_preempt_disabled+0x13/0x30 [ 945.833450][ T31] __mutex_lock+0x724/0xe80 [ 945.894589][ T31] ? __mutex_lock+0x51b/0xe80 [ 945.895197][ T5930] usb 8-1: USB disconnect, device number 2 [ 945.927714][ T31] ? bdev_release+0x1a9/0x650 [ 945.932496][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 945.975848][ T31] ? __asan_memset+0x22/0x50 [ 945.980790][T13374] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 945.996570][ T31] ? __pfx___fsnotify_parent+0x10/0x10 [ 946.002101][ T31] ? do_raw_spin_lock+0x121/0x290 [ 946.076341][ T31] bdev_release+0x1a9/0x650 [ 946.081054][ T31] ? __pfx_blkdev_release+0x10/0x10 [ 946.104114][ T31] blkdev_release+0x15/0x20 [ 946.109394][ T31] __fput+0x449/0xa70 [ 946.113469][ T31] task_work_run+0x1d4/0x260 [ 946.118767][ T31] ? __pfx_task_work_run+0x10/0x10 [ 946.127135][ T31] ? __fget_files+0x2a/0x420 [ 946.131833][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 946.139860][ T31] exit_to_user_mode_loop+0xec/0x110 [ 946.146551][ T31] do_syscall_64+0x2bd/0x3b0 [ 946.151245][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 946.173466][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.179777][ T31] ? clear_bhb_loop+0x60/0xb0 [ 946.184534][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.196157][ T31] RIP: 0033:0x7f5d7b38e969 [ 946.200718][ T31] RSP: 002b:00007f5d7c2a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 946.209398][ T31] RAX: 0000000000000000 RBX: 00007f5d7b5b5fa0 RCX: 00007f5d7b38e969 [ 946.217495][ T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 946.225711][ T31] RBP: 00007f5d7b410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 946.234072][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 946.242768][ T31] R13: 0000000000000000 R14: 00007f5d7b5b5fa0 R15: 00007ffe2c51c618 [ 946.251049][ T31] [ 946.254174][ T31] [ 946.254174][ T31] Showing all locks held in the system: [ 946.265085][ T31] 2 locks held by kworker/1:0/24: [ 946.346318][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 946.443547][ T31] #1: ffffc900001e7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 946.516561][ T31] 1 lock held by khungtaskd/31: [ 946.521522][ T31] #0: ffffffff8e13ccc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 946.600397][ T31] 2 locks held by getty/5582: [ 946.605173][ T31] #0: ffff88803565a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 946.673487][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 946.716306][ T31] 1 lock held by syz-executor/5835: [ 946.721593][ T31] 4 locks held by kworker/0:6/5930: [ 946.766459][ T31] 1 lock held by udevd/6771: [ 946.771136][ T31] #0: ffff888025b41358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 946.846313][ T31] 1 lock held by syz.4.1599/11778: [ 946.851628][ T31] 1 lock held by syz.2.1792/12484: [ 946.926337][ T31] #0: ffff888025b41358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650 [ 946.936178][ T31] 5 locks held by kworker/1:5/13374: [ 947.026323][ T31] #0: ffff888021a9cd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 947.086304][ T31] #1: ffffc90003edfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 947.156392][ T31] #2: ffff888028f0e198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 947.165508][ T31] #3: ffff888143f41510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00 [ 947.225680][ T31] #4: ffff888143377e68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00 [ 947.276803][ T31] 2 locks held by kworker/u8:0/13856: [ 947.286922][ T31] 2 locks held by syz.1.2176/13897: [ 947.292200][ T31] #0: ffffffff8f4f7d48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 947.366395][ T31] #1: ffffffff8e1427f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730 [ 947.397227][ T31] 3 locks held by syz.6.2177/13900: [ 947.402502][ T31] 3 locks held by rm/13909: [ 947.420861][ T31] [ 947.423241][ T31] ============================================= [ 947.423241][ T31] [ 947.447880][ T31] NMI backtrace for cpu 0 [ 947.447905][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 947.447929][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 947.447941][ T31] Call Trace: [ 947.447950][ T31] [ 947.447959][ T31] dump_stack_lvl+0x189/0x250 [ 947.447991][ T31] ? __wake_up_klogd+0xd9/0x110 [ 947.448024][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 947.448053][ T31] ? __pfx__printk+0x10/0x10 [ 947.448086][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 947.448117][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 947.448142][ T31] ? _printk+0xcf/0x120 [ 947.448166][ T31] ? __pfx__printk+0x10/0x10 [ 947.448188][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 947.448212][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 947.448243][ T31] watchdog+0xfee/0x1030 [ 947.448265][ T31] ? watchdog+0x1de/0x1030 [ 947.448293][ T31] kthread+0x711/0x8a0 [ 947.448325][ T31] ? __pfx_watchdog+0x10/0x10 [ 947.448343][ T31] ? __pfx_kthread+0x10/0x10 [ 947.448373][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 947.448408][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 947.448425][ T31] ? __pfx_kthread+0x10/0x10 [ 947.448455][ T31] ret_from_fork+0x3fc/0x770 [ 947.448480][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 947.448508][ T31] ? __switch_to_asm+0x39/0x70 [ 947.448526][ T31] ? __switch_to_asm+0x33/0x70 [ 947.448542][ T31] ? __pfx_kthread+0x10/0x10 [ 947.448571][ T31] ret_from_fork_asm+0x1a/0x30 [ 947.448607][ T31] [ 947.448616][ T31] Sending NMI from CPU 0 to CPUs 1: [ 947.623361][ C1] NMI backtrace for cpu 1 [ 947.623379][ C1] CPU: 1 UID: 0 PID: 13911 Comm: dhcpcd Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 947.623401][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 947.623413][ C1] RIP: 0010:stack_trace_save+0xa/0xe0 [ 947.623445][ C1] Code: b2 09 cc 90 0f 0b 90 45 31 ed eb e0 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 56 <53> 48 83 e4 e0 48 81 ec 80 00 00 00 65 48 8b 05 52 92 eb 10 48 89 [ 947.623461][ C1] RSP: 0018:ffffc9000422f798 EFLAGS: 00000246 [ 947.623477][ C1] RAX: ffffc9000422f7b0 RBX: 0000000000000000 RCX: 0000000000000000 [ 947.623490][ C1] RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffffc9000422f7b0 [ 947.623501][ C1] RBP: ffffc9000422f7a0 R08: 0000000000000000 R09: 0000000000000000 [ 947.623513][ C1] R10: ffffc9000422f7b0 R11: ffffffff81acdea0 R12: ffffea00016e5780 [ 947.623527][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc9000422f7b0 [ 947.623539][ C1] FS: 00007fc2d1226740(0000) GS:ffff888125d99000(0000) knlGS:0000000000000000 [ 947.623554][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 947.623566][ C1] CR2: 00007fff4d979f19 CR3: 0000000031a2c000 CR4: 00000000003526f0 [ 947.623582][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 947.623592][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 947.623603][ C1] Call Trace: [ 947.623610][ C1] [ 947.623618][ C1] kasan_save_stack+0x3e/0x60 [ 947.623669][ C1] ? __phys_addr+0xd3/0x180 [ 947.623693][ C1] ? vms_complete_munmap_vmas+0x626/0x8a0 [ 947.623715][ C1] kasan_record_aux_stack+0xbd/0xd0 [ 947.623735][ C1] kmem_cache_free+0x2f6/0x400 [ 947.623763][ C1] vms_complete_munmap_vmas+0x626/0x8a0 [ 947.623793][ C1] do_vmi_align_munmap+0x358/0x420 [ 947.623824][ C1] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 947.623858][ C1] ? mas_find+0x962/0xc10 [ 947.623887][ C1] do_vmi_munmap+0x253/0x2e0 [ 947.623912][ C1] __vm_munmap+0x23b/0x3d0 [ 947.623936][ C1] ? __pfx___vm_munmap+0x10/0x10 [ 947.623973][ C1] __x64_sys_munmap+0x60/0x70 [ 947.623990][ C1] do_syscall_64+0xfa/0x3b0 [ 947.624006][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 947.624023][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.624040][ C1] ? clear_bhb_loop+0x60/0xb0 [ 947.624059][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.624076][ C1] RIP: 0033:0x7fc2d14352e7 [ 947.624090][ C1] Code: 00 00 00 b8 0a 00 00 00 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 8d 0d c9 3f 01 00 f7 d8 89 01 48 83 c8 ff c3 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d a9 3f 01 00 f7 d8 89 01 48 83 [ 947.624116][ C1] RSP: 002b:00007fff4d9570d8 EFLAGS: 00000206 ORIG_RAX: 000000000000000b [ 947.624133][ C1] RAX: ffffffffffffffda RBX: 000055b6184264a0 RCX: 00007fc2d14352e7 [ 947.624146][ C1] RDX: 0000000000000002 RSI: 0000000000061018 RDI: 00007fc2d1165000 [ 947.624157][ C1] RBP: 00007fff4d9571e0 R08: 0000000000000030 R09: 000055b618427020 [ 947.624170][ C1] R10: 00007fff4d957010 R11: 0000000000000206 R12: 00007fff4d957128 [ 947.624182][ C1] R13: 00007fc2d1448000 R14: 000055b6184264a0 R15: 0000000000000000 [ 947.624203][ C1] [ 947.952013][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 947.958928][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 947.970417][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 947.980496][ T31] Call Trace: [ 947.983796][ T31] [ 947.986748][ T31] dump_stack_lvl+0x99/0x250 [ 947.991383][ T31] ? __asan_memcpy+0x40/0x70 [ 947.996004][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 948.001244][ T31] ? __pfx__printk+0x10/0x10 [ 948.005876][ T31] panic+0x2db/0x790 [ 948.009818][ T31] ? __pfx_panic+0x10/0x10 [ 948.014277][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 948.020118][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 948.025529][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 948.031723][ T31] watchdog+0x102d/0x1030 [ 948.036083][ T31] ? watchdog+0x1de/0x1030 [ 948.040535][ T31] kthread+0x711/0x8a0 [ 948.044641][ T31] ? __pfx_watchdog+0x10/0x10 [ 948.049343][ T31] ? __pfx_kthread+0x10/0x10 [ 948.054060][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 948.059294][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 948.064513][ T31] ? __pfx_kthread+0x10/0x10 [ 948.069136][ T31] ret_from_fork+0x3fc/0x770 [ 948.073754][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 948.078897][ T31] ? __switch_to_asm+0x39/0x70 [ 948.083685][ T31] ? __switch_to_asm+0x33/0x70 [ 948.088471][ T31] ? __pfx_kthread+0x10/0x10 [ 948.093100][ T31] ret_from_fork_asm+0x1a/0x30 [ 948.097906][ T31] [ 948.101290][ T31] Kernel Offset: disabled [ 948.105669][ T31] Rebooting in 86400 seconds..