last executing test programs: 8.61025487s ago: executing program 3 (id=172): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000000000005002"]) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0x6, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x7, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1002, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0xffe, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000400004803c0001800b00010065787405000000002c0002800800044000000002080007400000000508000640000000e63927520000"], 0x7c}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 8.151559059s ago: executing program 0 (id=176): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 8.050404211s ago: executing program 1 (id=177): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x141000, 0x57) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="180000009800", @ANYRES32=r3], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x2, 0x9, 0x5, 0xb}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.970492573s ago: executing program 3 (id=178): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x240, 0x9b9a}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x42bb, 0x155f, 0x6, 0x5, 0x25cc, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x6, 0xbbf, 0x4a732f64, 0xc, 0x9, 0xd, 0x2, 0x80, 0x6, 0x1, 0x2, 0x3, 0x7, 0x81, 0x28000, 0x5, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0xa], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xfeff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x4, 0xf1, 0x4, 0xab00000, 0x40000005, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x8, 0x3, 0x4, 0x6, 0x7, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xf0b, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x240, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0xa6, 0xfc, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x8, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fbfffff, 0x7, 0x4, 0x10, 0x81, 0x4, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x3, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0x9, 0x5337, 0x26d, 0x9, 0xfffffffb, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0x8, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) capset(&(0x7f0000000380)={0x20080522}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0xff}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7fffffffffffffff, 0xfff, 0x0, 0x180, 0x1, 0x9, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x800, 0x0, 0x4, 0xbdb], 0x1, 0x1c4213}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 7.63151384s ago: executing program 2 (id=179): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000180)=""/181, 0xb5}], 0x1, 0x3c, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 7.316359775s ago: executing program 2 (id=180): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d3120900"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020a"], 0x10}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 7.292742646s ago: executing program 1 (id=181): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000100)={0x6, 0x800, 0x1fff, 0xffff, 0x0, "000401001000c602"}) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r4, 0x0, 0x0, 0x20000010) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f0000000600), 0x4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000e00)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000610000005000400000000000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 6.927208693s ago: executing program 3 (id=182): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 6.145314579s ago: executing program 1 (id=183): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x141000, 0x57) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={0x0, 0x10}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.923684113s ago: executing program 2 (id=184): syz_usb_connect(0x6, 0x1fc, &(0x7f0000000780)=ANY=[@ANYBLOB="12015002b8005108101407a0683e010203010902ea01030e00300309040309027f54cc00090502040004040403800109661bede31b6d40ffd5a6457d3483a7c64a2cf09c6b30e3afe9caf13ed9a2924ed053d2b4b24aedb4035d4212c8a5f7df3b67916187c245f81035efe9b53a8d79988d4b00a8aa5926f8b9103fd0e543cebd14ca5d0825146c7ff12ef0b8fe612538542d6f5c9fdc7894374795b8ccb6bdb303b42aa86746d3370ad7a31c090504104000050209072501830200040725018101070009045b060c317135060905051008000600d30725018002000009050610200080ff0407250101060200090500100004090401090504104000ab0005090505022000060d0d48007672bf7524ef90e0a086de3562bf356642bc0201de8fa807c3b757b1c182c0f4c59af7c59293e1bc41956912be0eafd96bdf03aa6117bc3e50fbee59a6e5dfc7206516e091fce94c0c778a134b5368d1af31d240535b0725018002010009050b08000401a9050725010332f60b0725010206ac15090502140000c7070e0905010400020805800905051000020802ae07250103fbff0009050010400008000309050c040002030d07410f8c1ea652c620acd24cbf2bfeb921dfc3f2c147f7c05a53e4f7db6742a64c76fe8d2f319387c80165b1ad6b9054e93ae7385d785e1c040f2c4e5c2388ef87910905090020"], 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e127a510800020010"], 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) 5.922003143s ago: executing program 0 (id=185): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x200002, &(0x7f0000003180)={[{@nodioread_nolock}, {@delalloc}]}, 0x1, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) clock_nanosleep(0x9, 0x64, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$RTC_AIE_OFF(r3, 0x7002) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 5.742304767s ago: executing program 1 (id=186): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000480)={0x40, 0xb, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000b80)={0x34, &(0x7f00000009c0)={0x40, 0x11, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.827177874s ago: executing program 0 (id=187): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000000000005002"]) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0x6, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x7, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1002, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0xffe, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000400004803c0001800b00010065787405000000002c0002800800044000000002080007400000000508000640000000e63927520000"], 0x7c}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 4.748701356s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x88842, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mq_open(0x0, 0x40, 0x80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) syz_io_uring_setup(0x12e, &(0x7f0000000340)={0x0, 0x5cb1, 0x2, 0x3, 0xfffffffd}, &(0x7f0000000140), &(0x7f0000000280)) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc4c85513, &(0x7f0000000b80)={0x7, 0x0, 0x2008, 0x7, 'syz1\x00', 0x900005}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@loopback, 0xfffd, 0x0, 0x4e20, 0xfffd, 0xa}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x2, 0x2}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x33}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x400, 0xfffffffd}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000500), 0x0) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d40)=ANY=[@ANYBLOB], 0x1310}, 0x1, 0x0, 0x0, 0x20000004}, 0x84) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x1}) 3.923296302s ago: executing program 3 (id=189): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$kcm(0x2, 0xa, 0x2) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000180)=""/181, 0xb5}], 0x1, 0x3c, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.00718792s ago: executing program 0 (id=190): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x141000, 0x57) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="180000009800", @ANYRES32=r3], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x2, 0x9, 0x5, 0xb}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.888842912s ago: executing program 3 (id=191): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.621335688s ago: executing program 2 (id=192): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f00000000c0)={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.5031647s ago: executing program 0 (id=193): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020a"], 0x10}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.983445151s ago: executing program 1 (id=194): r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket(0x2, 0x5, 0xa0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb03000500000000"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000020000000000000000006ed50d169fd1259a4008814b921f312bdff9490675285f56e698679723b433298a597a017f02c5d6ebed91840ceb992d349e05fa69"], 0x10}}, 0x0) 1.49408771s ago: executing program 0 (id=195): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) pipe(&(0x7f0000000040)) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x1, 0x48001059, 0xffffffffffffffff, 0x0) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000001dc0), r5) sendmsg$FOU_CMD_GET(r5, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001e80)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01012cbd7000fcdbdf250300000008000b00", @ANYRES32=r3, @ANYBLOB="050002000a0000001400070000000000000000000000000000000008060001004e"], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x48020) write$binfmt_script(0xffffffffffffffff, &(0x7f00000002c0)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x20c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 286.599704ms ago: executing program 1 (id=196): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x401c2103, 0x0) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000002440)=ANY=[@ANYBLOB="38010000100001000000000000000000ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000fffe04000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff020000000000000000000000000001000000006c070000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000018a4cae969dee0860000000000000000000000000000000000000000000000000000000000000000000000000000f4e80000000000000000000000000000000000000000000000000100000000000000000000000000000000020000002100000000000000480003006c7a73000000000000000000000000000000000000009f1e26b50979097ed9fbe785769d000000000000000000000000000000000000000000000001ae743d82b9"], 0x138}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @IFLA_GRE_IKEY={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffffff08000600040000000800110009000000080002"], 0x5c}}, 0x0) 19.939739ms ago: executing program 2 (id=197): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 0s ago: executing program 3 (id=198): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fspick(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc, 0x3}, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xa) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe}) ioctl(r2, 0x8b21, &(0x7f0000000040)) r3 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r4 = landlock_create_ruleset(&(0x7f0000000100)={0x30b}, 0x18, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000200)={0x100, r5}, 0x0) close(r4) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001800)=@nat={'nat\x00', 0x670, 0x5, 0x440, 0x100, 0x3d0, 0xfeffffff, 0x228, 0x2f8, 0x3d0, 0x3d0, 0xffffffff, 0x3d0, 0x3d0, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'caif0\x00', {}, {}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0x5, 0x0, 0x0, 0x5, 0x48}}, @common=@inet=@tcp={{0x30}, {[], [0x4e20], 0x0, 0x0, 0x2}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x300]}}}, @common=@set={{0x40}, {{0x0, [0x0, 0x3]}}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x10, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x90, 0xd8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev, @port, @gre_key}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) r6 = open(0x0, 0x1850c2, 0x14c) ftruncate(r6, 0x200004) syz_emit_ethernet(0x46, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x18, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf910000008500000084000000b7000000000000009500"/104], &(0x7f0000000000)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BLKRAGET(r6, 0x1263, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.30' (ED25519) to the list of known hosts. [ 64.896686][ T5778] cgroup: Unknown subsys name 'net' [ 65.059566][ T5778] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.496300][ T5778] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.068590][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.093473][ T5795] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.100906][ T5795] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.101974][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.117112][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.124859][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.124868][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.133352][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.144243][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.146271][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.154396][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.161575][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.167378][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.174809][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.181940][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.188781][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.195464][ T5802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.201737][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.208886][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.219083][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.229872][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.230131][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.245749][ T5800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.253915][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.726608][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 68.743995][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 68.831062][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 68.846016][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 68.931589][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.939329][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.946647][ T5789] bridge_slave_0: entered allmulticast mode [ 68.954023][ T5789] bridge_slave_0: entered promiscuous mode [ 68.989763][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.997048][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.004410][ T5789] bridge_slave_1: entered allmulticast mode [ 69.011198][ T5789] bridge_slave_1: entered promiscuous mode [ 69.019555][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.026999][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.034371][ T5787] bridge_slave_0: entered allmulticast mode [ 69.041234][ T5787] bridge_slave_0: entered promiscuous mode [ 69.049706][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.056996][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.064274][ T5787] bridge_slave_1: entered allmulticast mode [ 69.071086][ T5787] bridge_slave_1: entered promiscuous mode [ 69.162110][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.174373][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.186518][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.218438][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.249178][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.256418][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.264418][ T5788] bridge_slave_0: entered allmulticast mode [ 69.271171][ T5788] bridge_slave_0: entered promiscuous mode [ 69.278488][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.286323][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.293784][ T5790] bridge_slave_0: entered allmulticast mode [ 69.300542][ T5790] bridge_slave_0: entered promiscuous mode [ 69.328051][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.335280][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.342616][ T5788] bridge_slave_1: entered allmulticast mode [ 69.349383][ T5788] bridge_slave_1: entered promiscuous mode [ 69.356181][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.364152][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.371362][ T5790] bridge_slave_1: entered allmulticast mode [ 69.378265][ T5790] bridge_slave_1: entered promiscuous mode [ 69.387885][ T5789] team0: Port device team_slave_0 added [ 69.396574][ T5787] team0: Port device team_slave_0 added [ 69.405279][ T5787] team0: Port device team_slave_1 added [ 69.431356][ T5789] team0: Port device team_slave_1 added [ 69.489395][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.501275][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.512219][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.526005][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.555753][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.562958][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.588903][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.623795][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.630745][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.656834][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.669757][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.676843][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.702860][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.724424][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.731390][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.757554][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.771184][ T5788] team0: Port device team_slave_0 added [ 69.793602][ T5790] team0: Port device team_slave_0 added [ 69.817969][ T5788] team0: Port device team_slave_1 added [ 69.825301][ T5790] team0: Port device team_slave_1 added [ 69.879004][ T5789] hsr_slave_0: entered promiscuous mode [ 69.887544][ T5789] hsr_slave_1: entered promiscuous mode [ 69.924806][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.931871][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.957897][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.969407][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.976592][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.002617][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.014851][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.021795][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.048004][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.063696][ T5787] hsr_slave_0: entered promiscuous mode [ 70.070036][ T5787] hsr_slave_1: entered promiscuous mode [ 70.076380][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.084250][ T5787] Cannot create hsr debugfs directory [ 70.090241][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.097374][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.123399][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.188107][ T5790] hsr_slave_0: entered promiscuous mode [ 70.194623][ T5790] hsr_slave_1: entered promiscuous mode [ 70.200727][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.208536][ T5790] Cannot create hsr debugfs directory [ 70.277842][ T5788] hsr_slave_0: entered promiscuous mode [ 70.284508][ T5788] hsr_slave_1: entered promiscuous mode [ 70.287795][ T5797] Bluetooth: hci2: command tx timeout [ 70.291223][ T5800] Bluetooth: hci1: command tx timeout [ 70.296446][ T50] Bluetooth: hci0: command tx timeout [ 70.301230][ T5792] Bluetooth: hci3: command tx timeout [ 70.312563][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.320127][ T5788] Cannot create hsr debugfs directory [ 70.628176][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.640470][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.651714][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.661642][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.740296][ T5789] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.751005][ T5789] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.768493][ T5789] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.783410][ T5789] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.863063][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.872200][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.888923][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.898754][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.984364][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.998090][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.009805][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.023615][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.035738][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.064094][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.095537][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.102873][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.135971][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.143234][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.190899][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.258652][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.265428][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.280508][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.308009][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.326183][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.333384][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.359947][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.367108][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.383967][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.408921][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.446763][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.453909][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.469535][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.500499][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.507660][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.537957][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.545501][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.556808][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.564007][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.669288][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.759154][ T5787] veth0_vlan: entered promiscuous mode [ 71.789731][ T5787] veth1_vlan: entered promiscuous mode [ 71.879548][ T5787] veth0_macvtap: entered promiscuous mode [ 71.923648][ T5787] veth1_macvtap: entered promiscuous mode [ 71.966805][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.002068][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.027808][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.067466][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.084648][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.094154][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.103488][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.191982][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.231435][ T5789] veth0_vlan: entered promiscuous mode [ 72.240921][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.251862][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.260272][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.288410][ T5789] veth1_vlan: entered promiscuous mode [ 72.363308][ T5792] Bluetooth: hci3: command tx timeout [ 72.363840][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.368725][ T5792] Bluetooth: hci1: command tx timeout [ 72.378772][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.382557][ T5800] Bluetooth: hci2: command tx timeout [ 72.395295][ T5797] Bluetooth: hci0: command tx timeout [ 72.411759][ T5789] veth0_macvtap: entered promiscuous mode [ 72.421593][ T5789] veth1_macvtap: entered promiscuous mode [ 72.453721][ T5788] veth0_vlan: entered promiscuous mode [ 72.466589][ T5788] veth1_vlan: entered promiscuous mode [ 72.486015][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.500648][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.516004][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.556991][ T5790] veth0_vlan: entered promiscuous mode [ 72.570423][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.583791][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.608592][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.637961][ T5789] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.650474][ T5789] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.660847][ T5789] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.673738][ T5789] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.701890][ T5790] veth1_vlan: entered promiscuous mode [ 72.769154][ T5788] veth0_macvtap: entered promiscuous mode [ 72.783162][ T5788] veth1_macvtap: entered promiscuous mode [ 72.832278][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.847559][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.864619][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.878406][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.889979][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.909156][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.932525][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.952950][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.967348][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.993265][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.009042][ T1074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.033439][ T1074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.077710][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.106131][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.116718][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.125851][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.180028][ T5790] veth0_macvtap: entered promiscuous mode [ 73.211438][ T5790] veth1_macvtap: entered promiscuous mode [ 73.227396][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.238566][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.296444][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.316006][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.328432][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.342672][ T5844] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 73.345927][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.363399][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.375655][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.389482][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.427165][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.438080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.447877][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.458308][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.469190][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.480907][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.492252][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.504268][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.524876][ T1074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.541868][ T1074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.567368][ T5844] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.584482][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 73.621951][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.663588][ T5844] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 73.675605][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.679875][ T5844] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 73.686902][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.708579][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.717406][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.722487][ T5844] usb 4-1: Product: syz [ 73.735956][ T5844] usb 4-1: Manufacturer: syz [ 73.747631][ T5844] usb 4-1: SerialNumber: syz [ 73.756366][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.769901][ T5844] usb 4-1: config 0 descriptor?? [ 73.776714][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.799548][ T5844] usb 4-1: ucan: probing device on interface #0 [ 73.807438][ T5844] usb 4-1: ucan: invalid EP count (1) [ 73.821476][ T5844] usb 4-1: ucan: probe failed; try to update the device firmware [ 74.003122][ T5884] netlink: 'syz.2.3': attribute type 4 has an invalid length. [ 74.022968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.031971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.041095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.050197][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.078840][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.099157][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.177353][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.224805][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.352827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.443009][ T5797] Bluetooth: hci1: command tx timeout [ 74.448554][ T5797] Bluetooth: hci2: command tx timeout [ 74.455726][ T5797] Bluetooth: hci3: command tx timeout [ 74.461977][ T5797] Bluetooth: hci0: command tx timeout [ 74.489941][ T5890] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2'. [ 74.653856][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.663059][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 74.674080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 74.759566][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.942632][ T5844] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.172209][ T5844] usb 1-1: Using ep0 maxpacket: 32 [ 75.202277][ T5844] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 75.212085][ T5844] usb 1-1: config 0 has no interface number 0 [ 75.245577][ T5844] usb 1-1: config 0 interface 12 has no altsetting 0 [ 75.261595][ T5844] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 75.277765][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.298841][ T5844] usb 1-1: Product: syz [ 75.316964][ T5844] usb 1-1: Manufacturer: syz [ 75.325669][ T5844] usb 1-1: SerialNumber: syz [ 75.346908][ T5844] usb 1-1: config 0 descriptor?? [ 75.993089][ T5897] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 76.084012][ T5874] usb 4-1: USB disconnect, device number 2 [ 76.448159][ T5911] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7'. [ 76.479661][ T5912] netlink: 'syz.3.6': attribute type 4 has an invalid length. [ 76.522716][ T5792] Bluetooth: hci0: command tx timeout [ 76.528478][ T5797] Bluetooth: hci3: command tx timeout [ 76.529630][ T5800] Bluetooth: hci2: command tx timeout [ 76.534071][ T5797] Bluetooth: hci1: command tx timeout [ 76.645944][ T5844] f81534 1-1:0.12: f81534_set_register: reg: 1003 data: 20 failed: -71 [ 76.651507][ T5916] netlink: 'syz.3.6': attribute type 4 has an invalid length. [ 76.667587][ T5844] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 76.677650][ T5844] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 76.696196][ T5844] f81534: probe of 1-1:0.12 failed with error -71 [ 76.701412][ T5913] netlink: 'syz.1.7': attribute type 5 has an invalid length. [ 76.766144][ T5844] usb 1-1: USB disconnect, device number 2 [ 76.772182][ T5913] ip6erspan0: entered promiscuous mode [ 76.912489][ T5902] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 76.927942][ T5917] bridge0: port 3(macsec0) entered blocking state [ 76.936857][ T5917] bridge0: port 3(macsec0) entered disabled state [ 76.947009][ T5917] macsec0: entered allmulticast mode [ 76.953970][ T5917] veth1_macvtap: entered allmulticast mode [ 76.965508][ T5917] macsec0: entered promiscuous mode [ 76.972556][ T5917] bridge0: port 3(macsec0) entered blocking state [ 76.979285][ T5917] bridge0: port 3(macsec0) entered forwarding state [ 77.163249][ T5902] usb 3-1: Using ep0 maxpacket: 32 [ 77.178083][ T5902] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 77.196822][ T5902] usb 3-1: config 0 has no interface number 0 [ 77.213521][ T5902] usb 3-1: config 0 interface 89 has no altsetting 0 [ 77.223226][ T5902] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 77.235701][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.244652][ T5902] usb 3-1: Product: syz [ 77.248911][ T5902] usb 3-1: Manufacturer: syz [ 77.253726][ T5902] usb 3-1: SerialNumber: syz [ 77.260909][ T5902] usb 3-1: config 0 descriptor?? [ 77.281848][ T5902] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 77.327094][ T5902] em28xx 3-1:0.89: Video interface 89 found: bulk [ 77.337864][ T5921] syz.0.9[5921]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.383880][ T5921] loop0: detected capacity change from 0 to 1024 [ 77.536153][ T5921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.399474][ T5902] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 78.410642][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.692873][ T5930] netlink: 72 bytes leftover after parsing attributes in process `syz.0.10'. [ 78.866861][ T5931] netlink: 'syz.0.10': attribute type 5 has an invalid length. [ 79.050180][ T5933] loop3: detected capacity change from 0 to 1024 [ 79.061326][ T5902] em28xx 3-1:0.89: failed to get i2c transfer status from bridge register (error=-5) [ 79.074578][ T5931] ip6erspan0: entered promiscuous mode [ 79.081667][ T5902] em28xx 3-1:0.89: board has no eeprom [ 79.193227][ T5933] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.212582][ T5902] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 79.230076][ T5902] em28xx 3-1:0.89: analog set to bulk mode. [ 79.238639][ T5934] bridge0: port 3(macsec0) entered blocking state [ 79.245795][ T5830] em28xx 3-1:0.89: Registering V4L2 extension [ 79.269175][ T5902] usb 3-1: USB disconnect, device number 2 [ 79.277163][ T5902] em28xx 3-1:0.89: Disconnecting em28xx [ 79.306540][ T5934] bridge0: port 3(macsec0) entered disabled state [ 79.343533][ T5934] macsec0: entered allmulticast mode [ 79.512710][ T5830] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 79.519891][ T5830] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 79.540267][ T5934] veth1_macvtap: entered allmulticast mode [ 79.546275][ T5830] em28xx 3-1:0.89: No AC97 audio processor [ 79.559252][ T5830] usb 3-1: Decoder not found [ 79.570296][ T5934] macsec0: entered promiscuous mode [ 79.585492][ T5830] em28xx 3-1:0.89: failed to create media graph [ 80.045437][ T5830] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 80.048628][ T5934] bridge0: port 3(macsec0) entered blocking state [ 80.058903][ T5934] bridge0: port 3(macsec0) entered forwarding state [ 80.060167][ T5830] em28xx 3-1:0.89: Registering snapshot button... [ 80.075526][ T5830] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input5 [ 80.106240][ T5830] em28xx 3-1:0.89: Remote control support is not available for this card. [ 80.107823][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.120126][ T5902] em28xx 3-1:0.89: Closing input extension [ 80.166558][ T5902] em28xx 3-1:0.89: Deregistering snapshot button [ 80.290225][ T5902] em28xx 3-1:0.89: Freeing device [ 80.561716][ T5954] syz.3.13 uses obsolete (PF_INET,SOCK_PACKET) [ 81.413901][ T5956] Zero length message leads to an empty skb [ 81.702539][ T5791] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 81.741040][ T5964] netlink: 'syz.1.17': attribute type 4 has an invalid length. [ 81.947383][ T5791] usb 3-1: Using ep0 maxpacket: 32 [ 81.973169][ T5791] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 81.995750][ T5791] usb 3-1: config 0 has no interface number 0 [ 82.007159][ T5791] usb 3-1: config 0 interface 12 has no altsetting 0 [ 82.018246][ T5791] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 82.032283][ T5791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.043691][ T5797] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 82.052204][ T5797] Bluetooth: hci2: Injecting HCI hardware error event [ 82.059855][ T5797] Bluetooth: hci2: hardware error 0x00 [ 82.081332][ T5791] usb 3-1: Product: syz [ 82.088284][ T5791] usb 3-1: Manufacturer: syz [ 82.093607][ T5791] usb 3-1: SerialNumber: syz [ 82.104899][ T5791] usb 3-1: config 0 descriptor?? [ 83.382546][ T5791] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 83.422497][ T5791] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 83.442483][ T5791] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 83.477488][ T5791] f81534: probe of 3-1:0.12 failed with error -71 [ 83.526763][ T5791] usb 3-1: USB disconnect, device number 3 [ 83.722580][ T5792] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 83.731661][ T5792] Bluetooth: hci0: Injecting HCI hardware error event [ 83.739091][ T5792] Bluetooth: hci0: hardware error 0x00 [ 84.172513][ T5797] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 85.302546][ T27] audit: type=1326 audit(1759020004.206:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.466819][ T27] audit: type=1326 audit(1759020004.206:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.550199][ T27] audit: type=1326 audit(1759020004.206:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.577083][ T27] audit: type=1326 audit(1759020004.206:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.598977][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.612603][ T27] audit: type=1326 audit(1759020004.206:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.634489][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.647125][ T27] audit: type=1326 audit(1759020004.206:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.669010][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.679184][ T27] audit: type=1326 audit(1759020004.206:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.701198][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.715743][ T5837] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 85.742543][ T5791] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 85.757784][ T27] audit: type=1326 audit(1759020004.206:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.817460][ T5792] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 85.847051][ T27] audit: type=1326 audit(1759020004.216:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.869027][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.904532][ T27] audit: type=1326 audit(1759020004.216:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5985 comm="syz.2.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 85.913302][ T5837] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 85.942144][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.951239][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.962137][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 85.976914][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 85.985226][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.994263][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.005173][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.014961][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.022754][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.039334][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.056611][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.074080][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.085013][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.096676][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.112288][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.126713][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.139618][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.149140][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.182345][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.211866][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.227636][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.240702][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.305647][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.329745][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.339234][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.352555][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.382493][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.405463][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.419272][ T5837] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 86.445104][ T5791] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.456110][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 86.479312][ T5791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 86.501421][ T5837] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 86.535873][ T6006] loop0: detected capacity change from 0 to 4096 [ 86.552002][ T5791] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 86.629552][ T5791] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 86.632517][ T5837] usb 3-1: config 0 interface 0 has no altsetting 0 [ 86.645955][ T5791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.648824][ T8] cfg80211: failed to load regulatory.db [ 86.653974][ T5791] usb 4-1: Product: syz [ 86.653991][ T5791] usb 4-1: Manufacturer: syz [ 86.669060][ T5791] usb 4-1: SerialNumber: syz [ 86.681495][ T5791] usb 4-1: config 0 descriptor?? [ 86.688010][ T6006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.714415][ T5791] usb 4-1: ucan: probing device on interface #0 [ 86.720707][ T5791] usb 4-1: ucan: invalid EP count (1) [ 86.727004][ T5791] usb 4-1: ucan: probe failed; try to update the device firmware [ 86.940778][ T5837] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 86.964912][ T5837] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 87.017737][ T5837] usb 3-1: Product: syz [ 87.022080][ T5837] usb 3-1: Manufacturer: syz [ 87.057880][ T5837] usb 3-1: SerialNumber: syz [ 87.120934][ T5837] usb 3-1: config 0 descriptor?? [ 87.173720][ T5837] yurex 3-1:0.0: Could not submitting URB [ 87.201753][ T5837] yurex: probe of 3-1:0.0 failed with error -5 [ 87.580383][ T5837] usb 3-1: USB disconnect, device number 4 [ 87.702349][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.102839][ T5791] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 88.297826][ T42] usb 4-1: USB disconnect, device number 3 [ 88.312728][ T5791] usb 1-1: Using ep0 maxpacket: 32 [ 88.336261][ T5791] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 88.363708][ T5791] usb 1-1: config 0 has no interface number 0 [ 88.378576][ T5791] usb 1-1: config 0 interface 89 has no altsetting 0 [ 88.391277][ T5791] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 88.400605][ T5791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.408699][ T5791] usb 1-1: Product: syz [ 88.422482][ T5791] usb 1-1: Manufacturer: syz [ 88.427105][ T5791] usb 1-1: SerialNumber: syz [ 88.433964][ T5791] usb 1-1: config 0 descriptor?? [ 88.463331][ T5791] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 88.468800][ T6023] netlink: 72 bytes leftover after parsing attributes in process `syz.2.29'. [ 88.473180][ T5791] em28xx 1-1:0.89: Video interface 89 found: bulk [ 88.495147][ T6024] netlink: 72 bytes leftover after parsing attributes in process `syz.3.31'. [ 88.705984][ T6028] netlink: 'syz.3.31': attribute type 5 has an invalid length. [ 88.868142][ T6028] ip6erspan0: entered promiscuous mode [ 88.929286][ T6027] netlink: 'syz.2.29': attribute type 5 has an invalid length. [ 88.997407][ T6027] ip6erspan0: entered promiscuous mode [ 89.060580][ T5791] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 89.685585][ T5791] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 89.746558][ T5791] em28xx 1-1:0.89: board has no eeprom [ 89.833172][ T5791] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 89.860699][ T5791] em28xx 1-1:0.89: analog set to bulk mode. [ 89.891089][ T787] em28xx 1-1:0.89: Registering V4L2 extension [ 89.962252][ T5791] usb 1-1: USB disconnect, device number 3 [ 89.979072][ T5791] em28xx 1-1:0.89: Disconnecting em28xx [ 90.021417][ T787] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 90.034869][ T787] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 90.042135][ T787] em28xx 1-1:0.89: No AC97 audio processor [ 90.069522][ T787] usb 1-1: Decoder not found [ 90.082943][ T787] em28xx 1-1:0.89: failed to create media graph [ 90.132636][ T787] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 90.165418][ T787] em28xx 1-1:0.89: Registering snapshot button... [ 90.204605][ T787] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input6 [ 90.224790][ T787] em28xx 1-1:0.89: Remote control support is not available for this card. [ 90.284956][ T5791] em28xx 1-1:0.89: Closing input extension [ 90.321560][ T5791] em28xx 1-1:0.89: Deregistering snapshot button [ 90.395232][ T5791] em28xx 1-1:0.89: Freeing device [ 90.483979][ T6033] loop0: detected capacity change from 0 to 4096 [ 90.768660][ T6033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.875036][ T5837] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.405101][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.589325][ T6058] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.652552][ T5837] usb 2-1: Using ep0 maxpacket: 32 [ 92.663366][ T6055] netlink: 'syz.2.36': attribute type 4 has an invalid length. [ 92.765788][ T5837] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 92.775080][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.850508][ T6065] netlink: 'syz.0.39': attribute type 4 has an invalid length. [ 92.924080][ T5837] usb 2-1: config 0 descriptor?? [ 93.188921][ T5837] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 93.217281][ T5837] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 93.249813][ T5837] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 93.280878][ T5837] usb 2-1: media controller created [ 93.364195][ T5837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 93.461603][ T6049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.563548][ T6049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.167784][ T5837] az6027: usb out operation failed. (-71) [ 95.186901][ T5837] az6027: usb out operation failed. (-71) [ 95.199005][ T5837] stb0899_attach: Driver disabled by Kconfig [ 95.212922][ T5837] az6027: no front-end attached [ 95.212922][ T5837] [ 95.220612][ T5837] az6027: usb out operation failed. (-71) [ 95.257746][ T5837] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 95.322689][ T5837] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 95.394083][ T5837] dvb-usb: schedule remote query interval to 400 msecs. [ 95.406932][ T5837] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 95.425995][ T5837] usb 2-1: USB disconnect, device number 2 [ 95.522099][ T5837] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 96.663355][ T5837] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 96.872556][ T5837] usb 2-1: Using ep0 maxpacket: 32 [ 96.910061][ T5837] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 96.928791][ T5837] usb 2-1: config 0 has no interface number 0 [ 96.947955][ T5837] usb 2-1: config 0 interface 12 has no altsetting 0 [ 96.980489][ T5837] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 97.008624][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 97.008636][ T27] audit: type=1326 audit(1759020016.656:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.873043][ T27] audit: type=1326 audit(1759020016.686:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.895374][ T27] audit: type=1326 audit(1759020016.686:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.897647][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.917795][ T27] audit: type=1326 audit(1759020016.686:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.917837][ T27] audit: type=1326 audit(1759020016.686:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.917876][ T27] audit: type=1326 audit(1759020016.696:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.917913][ T27] audit: type=1326 audit(1759020016.696:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.917950][ T27] audit: type=1326 audit(1759020016.696:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.917987][ T27] audit: type=1326 audit(1759020016.696:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 97.918024][ T27] audit: type=1326 audit(1759020016.696:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6089 comm="syz.3.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff94dd8eec9 code=0x7ffc0000 [ 98.272600][ T5837] usb 2-1: Product: syz [ 98.292607][ T5837] usb 2-1: Manufacturer: syz [ 98.312454][ T5837] usb 2-1: SerialNumber: syz [ 98.344873][ T5837] usb 2-1: config 0 descriptor?? [ 98.353459][ T5837] usb 2-1: can't set config #0, error -71 [ 98.404248][ T5837] usb 2-1: USB disconnect, device number 3 [ 99.812068][ T6117] netlink: 'syz.2.50': attribute type 5 has an invalid length. [ 99.833039][ T5791] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 99.915199][ T6121] bridge0: port 3(macsec0) entered blocking state [ 99.927748][ T6121] bridge0: port 3(macsec0) entered disabled state [ 99.940955][ T6121] macsec0: entered allmulticast mode [ 99.973424][ T6121] veth1_macvtap: entered allmulticast mode [ 100.024642][ T5791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.038117][ T5791] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.051252][ T6121] macsec0: entered promiscuous mode [ 100.060575][ T6121] bridge0: port 3(macsec0) entered blocking state [ 100.067171][ T6121] bridge0: port 3(macsec0) entered forwarding state [ 100.075372][ T6124] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 100.083037][ T5791] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 100.083083][ T5791] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 100.083105][ T5791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.085678][ T5791] usb 1-1: config 0 descriptor?? [ 100.761702][ T5791] usbhid 1-1:0.0: can't add hid device: -71 [ 100.772575][ T5791] usbhid: probe of 1-1:0.0 failed with error -71 [ 100.837853][ T5791] usb 1-1: USB disconnect, device number 4 [ 100.892579][ T5837] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 101.095082][ T5837] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.109301][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 101.120294][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 101.135746][ T5837] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 101.148481][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.156962][ T5837] usb 2-1: Product: syz [ 101.161447][ T5837] usb 2-1: Manufacturer: syz [ 101.178348][ T5837] usb 2-1: SerialNumber: syz [ 101.186801][ T5837] usb 2-1: config 0 descriptor?? [ 101.197510][ T5837] usb 2-1: ucan: probing device on interface #0 [ 101.210766][ T5837] usb 2-1: ucan: invalid EP count (1) [ 101.216490][ T5837] usb 2-1: ucan: probe failed; try to update the device firmware [ 101.232582][ T787] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 101.472587][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 101.484040][ T787] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 101.499787][ T787] usb 4-1: config 0 has no interface number 0 [ 101.511704][ T787] usb 4-1: config 0 interface 12 has no altsetting 0 [ 101.539322][ T787] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 101.571471][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.589331][ T787] usb 4-1: Product: syz [ 101.601288][ T787] usb 4-1: Manufacturer: syz [ 101.612114][ T787] usb 4-1: SerialNumber: syz [ 101.628709][ T787] usb 4-1: config 0 descriptor?? [ 102.671124][ T787] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 102.706752][ T787] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 102.735608][ T787] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 102.763601][ T787] f81534: probe of 4-1:0.12 failed with error -71 [ 102.810799][ T787] usb 4-1: USB disconnect, device number 4 [ 103.705523][ T5830] usb 2-1: USB disconnect, device number 4 [ 104.212602][ T5830] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 104.462234][ T5830] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 104.479018][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.507853][ T5830] usb 2-1: config 0 descriptor?? [ 105.092935][ T787] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 105.308928][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.331288][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.372641][ T787] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 105.442555][ T787] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 105.451646][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.478617][ T787] usb 1-1: config 0 descriptor?? [ 105.545685][ T5830] pegasus: probe of 2-1:0.0 failed with error -32 [ 105.594623][ T5830] usb 2-1: USB disconnect, device number 5 [ 106.183252][ T787] usbhid 1-1:0.0: can't add hid device: -71 [ 106.193285][ T787] usbhid: probe of 1-1:0.0 failed with error -71 [ 106.202796][ T787] usb 1-1: USB disconnect, device number 5 [ 106.742580][ T5830] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 106.982860][ T5830] usb 4-1: Using ep0 maxpacket: 32 [ 106.989917][ T5830] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 106.999424][ T5830] usb 4-1: config 0 has no interface number 0 [ 107.009633][ T5830] usb 4-1: config 0 interface 12 has no altsetting 0 [ 107.028776][ T5830] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 107.038022][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.046583][ T5830] usb 4-1: Product: syz [ 107.062201][ T5830] usb 4-1: Manufacturer: syz [ 107.068044][ T5830] usb 4-1: SerialNumber: syz [ 107.087857][ T5830] usb 4-1: config 0 descriptor?? [ 107.792492][ T5837] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 108.010395][ T5837] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 108.036622][ T5837] usb 2-1: config 0 has no interface number 0 [ 108.067006][ T5837] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 108.085837][ T5837] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 108.108575][ T5837] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 108.125332][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.165579][ T5837] usb 2-1: config 0 descriptor?? [ 108.191774][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 108.199818][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 108.207318][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 108.218575][ T5830] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 108.226372][ T5830] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 108.238723][ T6204] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 108.246860][ T5830] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 108.283531][ T5837] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 108.295657][ T5830] f81534: probe of 4-1:0.12 failed with error -71 [ 108.345193][ T5830] usb 4-1: USB disconnect, device number 5 [ 108.493465][ C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 108.514166][ T5972] usb 2-1: USB disconnect, device number 6 [ 108.978363][ T6225] GUP no longer grows the stack in syz.0.76 (6225): 200000005000-200000008000 (200000004000) [ 109.011354][ T6225] CPU: 1 PID: 6225 Comm: syz.0.76 Not tainted syzkaller #0 [ 109.018580][ T6225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 109.028637][ T6225] Call Trace: [ 109.031917][ T6225] [ 109.034874][ T6225] dump_stack_lvl+0x16c/0x230 [ 109.039555][ T6225] ? show_regs_print_info+0x20/0x20 [ 109.044754][ T6225] ? load_image+0x3b0/0x3b0 [ 109.049269][ T6225] ? find_vma+0x12e/0x1b0 [ 109.053607][ T6225] fixup_user_fault+0x652/0x710 [ 109.058478][ T6225] fault_in_user_writeable+0x71/0xe0 [ 109.063770][ T6225] futex_lock_pi+0x21b/0x8d0 [ 109.068371][ T6225] ? fixup_pi_state_owner+0x5c0/0x5c0 [ 109.073763][ T6225] ? userfaultfd_unmap_prep+0x3d0/0x3d0 [ 109.079311][ T6225] ? mas_find_setup+0x493/0x590 [ 109.084159][ T6225] do_futex+0x23d/0x3e0 [ 109.088331][ T6225] ? __ia32_sys_get_robust_list+0x90/0x90 [ 109.094062][ T6225] __se_sys_futex+0x36f/0x3f0 [ 109.098735][ T6225] ? __x64_sys_futex+0xf0/0xf0 [ 109.103495][ T6225] ? __x64_sys_futex+0x21/0xf0 [ 109.108250][ T6225] do_syscall_64+0x55/0xb0 [ 109.112682][ T6225] ? clear_bhb_loop+0x40/0x90 [ 109.117419][ T6225] ? clear_bhb_loop+0x40/0x90 [ 109.122136][ T6225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 109.128066][ T6225] RIP: 0033:0x7fbf7498eec9 [ 109.132515][ T6225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.152129][ T6225] RSP: 002b:00007fbf7579e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.160566][ T6225] RAX: ffffffffffffffda RBX: 00007fbf74be6090 RCX: 00007fbf7498eec9 [ 109.168576][ T6225] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 109.176570][ T6225] RBP: 00007fbf74a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 109.184562][ T6225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.192551][ T6225] R13: 00007fbf74be6128 R14: 00007fbf74be6090 R15: 00007ffd77e3f838 [ 109.200556][ T6225] [ 109.458298][ T6234] loop1: detected capacity change from 0 to 4096 [ 109.507055][ T6234] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.742271][ T5830] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 110.114887][ T5830] usb 1-1: config 0 has an invalid descriptor of length 233, skipping remainder of the config [ 110.262852][ T5830] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 110.380362][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.381755][ T5830] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 110.401848][ T5830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.421769][ T5830] usb 1-1: config 0 descriptor?? [ 110.740165][ T27] kauditd_printk_skb: 26 callbacks suppressed [ 110.740178][ T27] audit: type=1326 audit(1759020030.386:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 110.864109][ T5972] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 110.927276][ T27] audit: type=1326 audit(1759020030.386:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.077069][ T27] audit: type=1326 audit(1759020030.386:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.129822][ T5972] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.216304][ T5972] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.231576][ T6248] netlink: 'syz.3.82': attribute type 25 has an invalid length. [ 111.249727][ T5972] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 111.340206][ T27] audit: type=1326 audit(1759020030.386:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.362245][ C1] vkms_vblank_simulate: vblank timer overrun [ 111.377557][ T5972] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 111.446173][ T5972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.560184][ T27] audit: type=1326 audit(1759020030.386:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.573062][ T5972] usb 2-1: config 0 descriptor?? [ 111.582346][ T27] audit: type=1326 audit(1759020030.386:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.609319][ T27] audit: type=1326 audit(1759020030.416:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.632689][ T27] audit: type=1326 audit(1759020030.416:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.656379][ T27] audit: type=1326 audit(1759020030.416:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.678904][ T27] audit: type=1326 audit(1759020030.416:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.2.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c0478eec9 code=0x7ffc0000 [ 111.803994][ T6250] loop3: detected capacity change from 0 to 512 [ 111.819213][ T6250] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 112.047362][ T6256] netlink: 64 bytes leftover after parsing attributes in process `syz.0.76'. [ 112.112484][ T5830] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 112.282126][ T5972] usbhid 2-1:0.0: can't add hid device: -71 [ 112.288732][ T5972] usbhid: probe of 2-1:0.0 failed with error -71 [ 112.294658][ T5830] usb 3-1: Using ep0 maxpacket: 32 [ 112.312519][ T5830] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 112.313907][ T5972] usb 2-1: USB disconnect, device number 7 [ 112.325309][ T5830] usb 3-1: config 0 has no interface number 0 [ 112.334147][ T5830] usb 3-1: config 0 interface 89 has no altsetting 0 [ 112.347459][ T5830] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 112.356813][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.365550][ T5830] usb 3-1: Product: syz [ 112.369745][ T5830] usb 3-1: Manufacturer: syz [ 112.374445][ T5830] usb 3-1: SerialNumber: syz [ 112.381109][ T5830] usb 3-1: config 0 descriptor?? [ 112.389990][ T5830] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 112.399666][ T5830] em28xx 3-1:0.89: Video interface 89 found: bulk [ 112.535197][ T5837] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 112.722461][ T5837] usb 4-1: Using ep0 maxpacket: 32 [ 112.731075][ T5837] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 112.739340][ T5837] usb 4-1: config 0 has no interface number 0 [ 112.745498][ T5837] usb 4-1: config 0 interface 12 has no altsetting 0 [ 112.757892][ T5837] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 112.767082][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.775306][ T5837] usb 4-1: Product: syz [ 112.779525][ T5837] usb 4-1: Manufacturer: syz [ 112.784251][ T5837] usb 4-1: SerialNumber: syz [ 112.791811][ T5837] usb 4-1: config 0 descriptor?? [ 113.000160][ T5830] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 113.871833][ T5830] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 113.906134][ T5830] em28xx 3-1:0.89: board has no eeprom [ 113.922899][ T5972] usb 1-1: USB disconnect, device number 6 [ 113.937320][ C0] raw-gadget.3 gadget.3: ignoring, device is not running [ 113.945491][ C0] raw-gadget.3 gadget.3: ignoring, device is not running [ 113.952957][ C0] raw-gadget.3 gadget.3: ignoring, device is not running [ 113.962185][ T5837] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 113.969869][ T5837] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 113.977478][ T5837] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 113.986499][ T5830] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 113.993826][ T5830] em28xx 3-1:0.89: analog set to bulk mode. [ 113.999792][ T8] em28xx 3-1:0.89: Registering V4L2 extension [ 114.010462][ T5830] usb 3-1: USB disconnect, device number 5 [ 114.016540][ T5837] f81534: probe of 4-1:0.12 failed with error -71 [ 114.023935][ T5830] em28xx 3-1:0.89: Disconnecting em28xx [ 114.033713][ T5837] usb 4-1: USB disconnect, device number 6 [ 114.076663][ T8] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 114.084722][ T8] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 114.093987][ T8] em28xx 3-1:0.89: No AC97 audio processor [ 114.129627][ T8] usb 3-1: Decoder not found [ 114.142785][ T8] em28xx 3-1:0.89: failed to create media graph [ 114.155062][ T8] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 114.170066][ T8] em28xx 3-1:0.89: Registering snapshot button... [ 114.182118][ T8] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input8 [ 114.204000][ T8] em28xx 3-1:0.89: Remote control support is not available for this card. [ 114.221556][ T5830] em28xx 3-1:0.89: Closing input extension [ 114.227643][ T5830] em28xx 3-1:0.89: Deregistering snapshot button [ 114.261663][ T5830] em28xx 3-1:0.89: Freeing device [ 114.412689][ T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 114.710319][ T787] usb 2-1: config 0 has an invalid descriptor of length 233, skipping remainder of the config [ 114.722681][ T787] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 114.734750][ T787] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.743963][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.770829][ T787] usb 2-1: config 0 descriptor?? [ 115.742720][ T5837] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 115.851089][ T6295] netlink: 64 bytes leftover after parsing attributes in process `syz.1.88'. [ 115.934282][ T5837] usb 4-1: config 0 has an invalid descriptor of length 233, skipping remainder of the config [ 115.947071][ T5837] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 115.956702][ T5837] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 115.969240][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.986400][ T5837] usb 4-1: config 0 descriptor?? [ 116.002562][ T23] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 116.192208][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.217473][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.236284][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 116.251238][ T23] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 116.265855][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.290963][ T23] usb 1-1: config 0 descriptor?? [ 116.820038][ T6300] netlink: 64 bytes leftover after parsing attributes in process `syz.3.93'. [ 116.941406][ T23] usbhid 1-1:0.0: can't add hid device: -71 [ 116.959885][ T23] usbhid: probe of 1-1:0.0 failed with error -71 [ 116.982976][ T23] usb 1-1: USB disconnect, device number 7 [ 117.020817][ T5791] usb 2-1: USB disconnect, device number 8 [ 117.204843][ T6309] netlink: 'syz.2.96': attribute type 5 has an invalid length. [ 117.712516][ T5791] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 117.964340][ T5791] usb 2-1: Using ep0 maxpacket: 32 [ 117.993767][ T5791] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 118.005995][ T5791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.017606][ T5791] usb 2-1: config 0 descriptor?? [ 118.212529][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 118.276937][ T5791] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 118.328835][ T5837] usb 4-1: USB disconnect, device number 7 [ 118.355573][ T5791] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 118.467050][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 118.485373][ T5791] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 118.515390][ T23] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 118.524477][ T5791] usb 2-1: media controller created [ 118.535518][ T23] usb 1-1: config 0 has no interface number 0 [ 118.575084][ T23] usb 1-1: config 0 interface 89 has no altsetting 0 [ 118.613490][ T23] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 118.625586][ T5791] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 118.634056][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.642044][ T23] usb 1-1: Product: syz [ 118.647690][ T23] usb 1-1: Manufacturer: syz [ 118.652302][ T23] usb 1-1: SerialNumber: syz [ 118.661675][ T6313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.675975][ T6313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.715394][ T23] usb 1-1: config 0 descriptor?? [ 118.742225][ T23] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 118.765021][ T23] em28xx 1-1:0.89: Video interface 89 found: bulk [ 119.366593][ T23] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 119.472521][ T5972] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 119.742658][ T5972] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 119.810220][ T5972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 119.895665][ T5972] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 120.002567][ T23] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 120.033004][ T5972] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 120.044013][ T5972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.052257][ T23] em28xx 1-1:0.89: board has no eeprom [ 120.063069][ T5972] usb 4-1: Product: syz [ 120.067534][ T5972] usb 4-1: Manufacturer: syz [ 120.073164][ T5972] usb 4-1: SerialNumber: syz [ 120.091604][ T5972] usb 4-1: config 0 descriptor?? [ 120.113704][ T5972] usb 4-1: ucan: probing device on interface #0 [ 120.123283][ T5972] usb 4-1: ucan: invalid EP count (1) [ 120.136005][ T5972] usb 4-1: ucan: probe failed; try to update the device firmware [ 120.144156][ T23] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 120.151404][ T23] em28xx 1-1:0.89: analog set to bulk mode. [ 120.196571][ T5972] em28xx 1-1:0.89: Registering V4L2 extension [ 120.232542][ T23] usb 1-1: USB disconnect, device number 8 [ 120.239023][ T23] em28xx 1-1:0.89: Disconnecting em28xx [ 120.379529][ T5972] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 120.397130][ T5972] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 120.432010][ T5972] em28xx 1-1:0.89: No AC97 audio processor [ 120.458953][ T5972] usb 1-1: Decoder not found [ 120.466061][ T5972] em28xx 1-1:0.89: failed to create media graph [ 120.494731][ T5972] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 120.573382][ T5972] em28xx 1-1:0.89: Registering snapshot button... [ 120.611159][ T5972] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input9 [ 120.629039][ T5791] az6027: usb out operation failed. (-71) [ 120.652562][ T5791] az6027: usb out operation failed. (-71) [ 120.660097][ T5972] em28xx 1-1:0.89: Remote control support is not available for this card. [ 120.685737][ T5791] stb0899_attach: Driver disabled by Kconfig [ 120.702548][ T5791] az6027: no front-end attached [ 120.702548][ T5791] [ 120.714445][ T23] em28xx 1-1:0.89: Closing input extension [ 120.732475][ T23] em28xx 1-1:0.89: Deregistering snapshot button [ 120.744735][ T5791] az6027: usb out operation failed. (-71) [ 120.758313][ T5791] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 120.771128][ T23] em28xx 1-1:0.89: Freeing device [ 120.798639][ T5791] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 120.868373][ T5791] dvb-usb: schedule remote query interval to 400 msecs. [ 120.964678][ T5791] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 121.054540][ T5791] usb 2-1: USB disconnect, device number 9 [ 121.348638][ T5791] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 122.122609][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 122.269411][ T23] usb 4-1: USB disconnect, device number 8 [ 122.292524][ T5791] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 122.325726][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 122.347045][ T8] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 122.366532][ T8] usb 1-1: config 0 has no interface number 0 [ 122.394058][ T8] usb 1-1: config 0 interface 89 has no altsetting 0 [ 122.417328][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 122.439106][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.460326][ T8] usb 1-1: Product: syz [ 122.468320][ T8] usb 1-1: Manufacturer: syz [ 122.475158][ T8] usb 1-1: SerialNumber: syz [ 122.490352][ T8] usb 1-1: config 0 descriptor?? [ 122.511286][ T8] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 122.540781][ T8] em28xx 1-1:0.89: Video interface 89 found: bulk [ 122.540861][ T5791] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 122.612915][ T5791] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 122.655373][ T5791] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 122.726338][ T5791] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 122.737080][ T5791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.755562][ T5791] usb 3-1: Product: syz [ 122.804028][ T5791] usb 3-1: Manufacturer: syz [ 122.808660][ T5791] usb 3-1: SerialNumber: syz [ 122.943467][ T5791] usb 3-1: config 0 descriptor?? [ 122.989517][ T6367] loop3: detected capacity change from 0 to 32768 [ 122.993340][ T5791] usb 3-1: ucan: probing device on interface #0 [ 123.021466][ T6367] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.112 (6367) [ 123.079728][ T5791] usb 3-1: ucan: invalid EP count (1) [ 123.126110][ T6367] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 123.129307][ T8] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 123.150483][ T5791] usb 3-1: ucan: probe failed; try to update the device firmware [ 123.171882][ T6367] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 123.195949][ T6367] BTRFS info (device loop3): turning off barriers [ 123.298403][ T6367] BTRFS info (device loop3): setting nodatasum [ 123.351423][ T6367] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 123.381643][ T6367] BTRFS info (device loop3): use zstd compression, level 3 [ 123.411056][ T6367] BTRFS info (device loop3): using free space tree [ 123.599972][ T8] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 123.608449][ T8] em28xx 1-1:0.89: board has no eeprom [ 123.714070][ T5791] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 123.912487][ T5791] usb 2-1: Using ep0 maxpacket: 32 [ 123.957227][ T8] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 123.964980][ T8] em28xx 1-1:0.89: analog set to bulk mode. [ 123.971872][ T5837] em28xx 1-1:0.89: Registering V4L2 extension [ 123.998562][ T8] usb 1-1: USB disconnect, device number 9 [ 124.018607][ T5791] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 124.018870][ T8] em28xx 1-1:0.89: Disconnecting em28xx [ 124.107391][ T5791] usb 2-1: config 0 has no interface number 0 [ 124.129401][ T5837] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 124.139461][ T5791] usb 2-1: config 0 interface 89 has no altsetting 0 [ 124.150763][ T5837] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 124.160552][ T5791] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 124.172989][ T5791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.185547][ T5791] usb 2-1: Product: syz [ 124.188565][ T5837] em28xx 1-1:0.89: No AC97 audio processor [ 124.264776][ T5787] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 124.276817][ T5837] usb 1-1: Decoder not found [ 124.281441][ T5837] em28xx 1-1:0.89: failed to create media graph [ 124.297376][ T5791] usb 2-1: Manufacturer: syz [ 124.298010][ T5837] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 124.307489][ T5791] usb 2-1: SerialNumber: syz [ 124.346291][ T5837] em28xx 1-1:0.89: Registering snapshot button... [ 124.363662][ T5791] usb 2-1: config 0 descriptor?? [ 124.374251][ T5837] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input11 [ 124.407578][ T5791] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 124.408664][ T5837] em28xx 1-1:0.89: Remote control support is not available for this card. [ 124.451579][ T8] em28xx 1-1:0.89: Closing input extension [ 124.464580][ T5791] em28xx 2-1:0.89: Video interface 89 found: bulk [ 124.513680][ T8] em28xx 1-1:0.89: Deregistering snapshot button [ 124.579694][ T8] em28xx 1-1:0.89: Freeing device [ 125.029985][ T5791] em28xx 2-1:0.89: unknown em28xx chip ID (0) [ 125.327882][ T23] usb 3-1: USB disconnect, device number 6 [ 125.342616][ T8] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 125.575527][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.602719][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 125.622490][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 125.648877][ T8] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 125.668116][ T5791] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 125.677364][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.685702][ T5791] em28xx 2-1:0.89: board has no eeprom [ 125.697694][ T8] usb 4-1: Product: syz [ 125.734386][ T8] usb 4-1: Manufacturer: syz [ 125.738993][ T8] usb 4-1: SerialNumber: syz [ 125.755530][ T8] usb 4-1: config 0 descriptor?? [ 125.769991][ T8] usb 4-1: ucan: probing device on interface #0 [ 125.776720][ T8] usb 4-1: ucan: invalid EP count (1) [ 125.782211][ T8] usb 4-1: ucan: probe failed; try to update the device firmware [ 125.782243][ T5791] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 125.833092][ T5791] em28xx 2-1:0.89: analog set to bulk mode. [ 125.852648][ T42] em28xx 2-1:0.89: Registering V4L2 extension [ 125.880424][ T5791] usb 2-1: USB disconnect, device number 10 [ 125.886484][ T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 125.943327][ T42] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-19) [ 125.952971][ T5791] em28xx 2-1:0.89: Disconnecting em28xx [ 125.972369][ T42] em28xx 2-1:0.89: Config register raw data: 0xffffffed [ 125.984856][ T42] em28xx 2-1:0.89: AC97 chip type couldn't be determined [ 125.998827][ T42] em28xx 2-1:0.89: No AC97 audio processor [ 126.014685][ T42] usb 2-1: Decoder not found [ 126.020960][ T42] em28xx 2-1:0.89: failed to create media graph [ 126.027737][ T42] em28xx 2-1:0.89: V4L2 device video103 deregistered [ 126.036585][ T42] em28xx 2-1:0.89: Registering snapshot button... [ 126.073954][ T42] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input12 [ 126.113073][ T42] em28xx 2-1:0.89: Remote control support is not available for this card. [ 126.142033][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 126.152017][ T5791] em28xx 2-1:0.89: Closing input extension [ 126.164048][ T23] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 126.211943][ T5791] em28xx 2-1:0.89: Deregistering snapshot button [ 126.219076][ T23] usb 3-1: config 0 has no interface number 0 [ 126.251665][ T23] usb 3-1: config 0 interface 12 has no altsetting 0 [ 126.274452][ T23] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 126.292004][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.302688][ T23] usb 3-1: Product: syz [ 126.309126][ T23] usb 3-1: Manufacturer: syz [ 126.314256][ T23] usb 3-1: SerialNumber: syz [ 126.330904][ T23] usb 3-1: config 0 descriptor?? [ 126.396465][ T5791] em28xx 2-1:0.89: Freeing device [ 127.448013][ T23] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 127.455818][ T23] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 127.464151][ T23] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 127.471914][ T23] f81534: probe of 3-1:0.12 failed with error -71 [ 127.482105][ T23] usb 3-1: USB disconnect, device number 7 [ 128.151702][ T5837] usb 4-1: USB disconnect, device number 9 [ 129.074520][ T5791] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 129.263083][ T5791] usb 4-1: Using ep0 maxpacket: 32 [ 129.281199][ T5791] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 129.295942][ T5791] usb 4-1: config 0 has no interface number 0 [ 129.302173][ T5791] usb 4-1: config 0 interface 89 has no altsetting 0 [ 129.311521][ T5791] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 129.333695][ T5791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.341837][ T5791] usb 4-1: Product: syz [ 129.351256][ T5791] usb 4-1: Manufacturer: syz [ 129.357380][ T5791] usb 4-1: SerialNumber: syz [ 129.373911][ T5791] usb 4-1: config 0 descriptor?? [ 129.387239][ T5791] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 129.413900][ T5791] em28xx 4-1:0.89: Video interface 89 found: bulk [ 129.564945][ T6465] warning: `syz.0.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 129.576916][ T5837] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 129.802604][ T5837] usb 2-1: Using ep0 maxpacket: 32 [ 129.816776][ T5837] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 129.831167][ T5837] usb 2-1: config 0 has no interface number 0 [ 129.845352][ T5837] usb 2-1: config 0 interface 12 has no altsetting 0 [ 129.867717][ T5837] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 129.883705][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.900535][ T5837] usb 2-1: Product: syz [ 129.909300][ T5837] usb 2-1: Manufacturer: syz [ 129.918675][ T5837] usb 2-1: SerialNumber: syz [ 129.943032][ T5837] usb 2-1: config 0 descriptor?? [ 130.000769][ T5791] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 130.085759][ T6467] loop2: detected capacity change from 0 to 32768 [ 130.113541][ T6467] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.134 (6467) [ 130.156825][ T6467] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 130.174800][ T6467] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 130.190095][ T6467] BTRFS info (device loop2): turning off barriers [ 130.221116][ T6467] BTRFS info (device loop2): setting nodatasum [ 130.237223][ T6467] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 130.259398][ T6467] BTRFS info (device loop2): use zstd compression, level 3 [ 130.277833][ T6467] BTRFS info (device loop2): using free space tree [ 130.727540][ T5791] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 130.762184][ T5791] em28xx 4-1:0.89: board has no eeprom [ 130.852503][ T5791] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 130.859889][ T5791] em28xx 4-1:0.89: analog set to bulk mode. [ 130.958498][ T23] em28xx 4-1:0.89: Registering V4L2 extension [ 130.996211][ T5837] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 131.061611][ T5791] usb 4-1: USB disconnect, device number 10 [ 131.073081][ T5789] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 131.097673][ T5837] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 131.137399][ T5791] em28xx 4-1:0.89: Disconnecting em28xx [ 131.137870][ T5837] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 131.205490][ T5837] f81534: probe of 2-1:0.12 failed with error -71 [ 131.235872][ T5837] usb 2-1: USB disconnect, device number 11 [ 131.290407][ T23] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 131.340882][ T23] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 131.358627][ T23] em28xx 4-1:0.89: No AC97 audio processor [ 131.404722][ T23] usb 4-1: Decoder not found [ 131.409363][ T23] em28xx 4-1:0.89: failed to create media graph [ 131.441900][ T23] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 131.480343][ T23] em28xx 4-1:0.89: Registering snapshot button... [ 131.519885][ T23] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input13 [ 131.571516][ T23] em28xx 4-1:0.89: Remote control support is not available for this card. [ 131.617416][ T5791] em28xx 4-1:0.89: Closing input extension [ 131.652205][ T5791] em28xx 4-1:0.89: Deregistering snapshot button [ 131.797581][ T5791] em28xx 4-1:0.89: Freeing device [ 132.292847][ T5791] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 132.376941][ T6504] netlink: 'syz.0.138': attribute type 5 has an invalid length. [ 132.482507][ T5791] usb 2-1: Using ep0 maxpacket: 32 [ 132.497563][ T5791] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 132.509300][ T5791] usb 2-1: config 0 has no interface number 0 [ 132.515934][ T5791] usb 2-1: config 0 interface 89 has no altsetting 0 [ 132.526424][ T5791] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 132.550577][ T5791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.572656][ T5791] usb 2-1: Product: syz [ 132.579392][ T5791] usb 2-1: Manufacturer: syz [ 132.589560][ T5791] usb 2-1: SerialNumber: syz [ 132.613447][ T6503] loop3: detected capacity change from 0 to 32768 [ 132.614446][ T5791] usb 2-1: config 0 descriptor?? [ 132.641359][ T5791] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 132.661135][ T6503] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.140 (6503) [ 132.679459][ T5791] em28xx 2-1:0.89: Video interface 89 found: bulk [ 132.697023][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.712583][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.761928][ T6503] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 132.776568][ T6503] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 132.814512][ T6503] BTRFS info (device loop3): turning off barriers [ 132.842738][ T6503] BTRFS info (device loop3): setting nodatasum [ 132.848969][ T6503] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 132.897902][ T6503] BTRFS info (device loop3): use zstd compression, level 3 [ 132.934514][ T6503] BTRFS info (device loop3): using free space tree [ 133.433772][ T5791] em28xx 2-1:0.89: unknown em28xx chip ID (0) [ 133.785876][ T5787] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 133.852585][ T5791] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 133.890335][ T5791] em28xx 2-1:0.89: board has no eeprom [ 134.193823][ T5791] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 134.257100][ T5791] em28xx 2-1:0.89: analog set to bulk mode. [ 134.311065][ T23] em28xx 2-1:0.89: Registering V4L2 extension [ 134.383023][ T5791] usb 2-1: USB disconnect, device number 12 [ 134.419880][ T42] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 134.602697][ T23] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-19) [ 134.611741][ T5791] em28xx 2-1:0.89: Disconnecting em28xx [ 134.647875][ T23] em28xx 2-1:0.89: Config register raw data: 0xffffffed [ 134.661019][ T23] em28xx 2-1:0.89: AC97 chip type couldn't be determined [ 134.687964][ T23] em28xx 2-1:0.89: No AC97 audio processor [ 134.731265][ T23] usb 2-1: Decoder not found [ 135.262870][ T23] em28xx 2-1:0.89: failed to create media graph [ 135.273031][ T23] em28xx 2-1:0.89: V4L2 device video103 deregistered [ 135.328548][ T23] em28xx 2-1:0.89: Registering snapshot button... [ 135.347701][ T42] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.358836][ T23] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input14 [ 135.382596][ T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 135.399804][ T23] em28xx 2-1:0.89: Remote control support is not available for this card. [ 135.412517][ T42] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 135.435566][ T5791] em28xx 2-1:0.89: Closing input extension [ 135.441395][ T5791] em28xx 2-1:0.89: Deregistering snapshot button [ 135.443244][ T5837] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 135.467782][ T42] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 135.489468][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.507495][ T5791] em28xx 2-1:0.89: Freeing device [ 135.532792][ T42] usb 3-1: Product: syz [ 135.555773][ T42] usb 3-1: Manufacturer: syz [ 135.570939][ T42] usb 3-1: SerialNumber: syz [ 135.603459][ T42] usb 3-1: config 0 descriptor?? [ 135.619096][ T42] usb 3-1: ucan: probing device on interface #0 [ 135.648095][ T42] usb 3-1: ucan: invalid EP count (1) [ 135.668544][ T42] usb 3-1: ucan: probe failed; try to update the device firmware [ 135.752489][ T5837] usb 1-1: Using ep0 maxpacket: 32 [ 135.764119][ T5837] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 135.802618][ T5837] usb 1-1: config 0 has no interface number 0 [ 135.808861][ T5837] usb 1-1: config 0 interface 12 has no altsetting 0 [ 135.851928][ T5837] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 135.867855][ T5837] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.885591][ T5837] usb 1-1: Product: syz [ 135.959253][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 135.959307][ T27] audit: type=1326 audit(1759020055.606:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 136.172666][ T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 136.762568][ T5837] usb 1-1: Manufacturer: syz [ 136.767261][ T5837] usb 1-1: SerialNumber: syz [ 136.885291][ T27] audit: type=1326 audit(1759020055.636:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 136.893607][ T5837] usb 1-1: config 0 descriptor?? [ 136.988817][ T27] audit: type=1326 audit(1759020055.636:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.011707][ T27] audit: type=1326 audit(1759020055.636:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.056054][ T27] audit: type=1326 audit(1759020055.636:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.084391][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 137.106258][ T8] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 137.122501][ T8] usb 4-1: config 0 has no interface number 0 [ 137.130130][ T8] usb 4-1: config 0 interface 89 has no altsetting 0 [ 137.137323][ T27] audit: type=1326 audit(1759020055.636:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.169091][ T8] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 137.192490][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.204163][ T8] usb 4-1: Product: syz [ 137.208406][ T8] usb 4-1: Manufacturer: syz [ 137.213285][ T27] audit: type=1326 audit(1759020055.646:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.236688][ T8] usb 4-1: SerialNumber: syz [ 137.243129][ T27] audit: type=1326 audit(1759020055.646:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.266378][ T8] usb 4-1: config 0 descriptor?? [ 137.278787][ T8] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 137.301058][ T8] em28xx 4-1:0.89: Video interface 89 found: bulk [ 137.336687][ T27] audit: type=1326 audit(1759020055.646:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.381937][ T27] audit: type=1326 audit(1759020055.646:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6562 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f217858eec9 code=0x7ffc0000 [ 137.894486][ T8] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 137.932039][ T5837] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 137.940628][ T5837] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 137.954984][ T5837] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 137.970443][ T5837] f81534: probe of 1-1:0.12 failed with error -71 [ 138.015275][ T5837] usb 1-1: USB disconnect, device number 10 [ 138.309899][ T8] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 138.319352][ T8] em28xx 4-1:0.89: board has no eeprom [ 138.592713][ T8] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 138.601585][ T8] em28xx 4-1:0.89: analog set to bulk mode. [ 138.610064][ T5837] em28xx 4-1:0.89: Registering V4L2 extension [ 138.646282][ T8] usb 4-1: USB disconnect, device number 11 [ 138.656312][ T8] em28xx 4-1:0.89: Disconnecting em28xx [ 138.731917][ T5837] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 138.779495][ T5837] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 138.806877][ T5837] em28xx 4-1:0.89: No AC97 audio processor [ 138.828483][ T5837] usb 4-1: Decoder not found [ 138.856996][ T5837] em28xx 4-1:0.89: failed to create media graph [ 138.902563][ T9] usb 3-1: USB disconnect, device number 8 [ 138.917090][ T5837] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 138.966186][ T5837] em28xx 4-1:0.89: Registering snapshot button... [ 138.996762][ T5837] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input15 [ 139.031063][ T5837] em28xx 4-1:0.89: Remote control support is not available for this card. [ 139.066126][ T8] em28xx 4-1:0.89: Closing input extension [ 139.104365][ T8] em28xx 4-1:0.89: Deregistering snapshot button [ 139.196856][ T8] em28xx 4-1:0.89: Freeing device [ 139.446190][ T6590] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 139.772953][ T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 139.980860][ T6602] kvm: kvm [6601]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 139.998729][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.057295][ T6602] kvm: kvm [6601]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 140.066371][ T5972] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 140.089292][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 140.116749][ T8] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 140.145978][ T8] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 140.176589][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.220080][ T8] usb 3-1: Product: syz [ 140.246670][ T8] usb 3-1: Manufacturer: syz [ 140.264346][ T8] usb 3-1: SerialNumber: syz [ 140.266688][ T5972] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 140.307759][ T5972] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 140.317808][ T8] usb 3-1: config 0 descriptor?? [ 140.329877][ T5972] usb 2-1: config 1 has no interface number 0 [ 140.349741][ T5972] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.388819][ T5972] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 140.412759][ T5972] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 247, using maximum allowed: 30 [ 140.426424][ T8] usb 3-1: ucan: probing device on interface #0 [ 140.450950][ T5972] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 247 [ 140.469813][ T8] usb 3-1: ucan: invalid EP count (1) [ 140.483837][ T5972] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 140.498854][ T5972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.527451][ T8] usb 3-1: ucan: probe failed; try to update the device firmware [ 140.527469][ T5972] usb 2-1: Product: syz [ 140.550064][ T5972] usb 2-1: Manufacturer: syz [ 140.569981][ T5972] usb 2-1: SerialNumber: syz [ 141.499678][ T5972] cdc_ncm 2-1:1.1: bind() failure [ 141.507679][ T5972] usb 2-1: USB disconnect, device number 13 [ 143.090171][ T5972] usb 3-1: USB disconnect, device number 9 [ 144.237517][ T6643] netlink: 'syz.2.168': attribute type 5 has an invalid length. [ 145.245757][ T6661] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 145.267290][ T5837] IPVS: starting estimator thread 0... [ 145.382574][ T6663] IPVS: using max 20 ests per chain, 48000 per kthread [ 147.767287][ T6702] loop0: detected capacity change from 0 to 1024 [ 147.800436][ T6702] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.751058][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.022638][ T42] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 149.212582][ T42] usb 2-1: Using ep0 maxpacket: 32 [ 149.241109][ T42] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 149.267690][ T42] usb 2-1: config 0 has no interface number 0 [ 149.283333][ T42] usb 2-1: config 0 interface 12 has no altsetting 0 [ 149.300137][ T42] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 149.440737][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.479577][ T42] usb 2-1: Product: syz [ 149.485091][ T42] usb 2-1: Manufacturer: syz [ 149.493764][ T42] usb 2-1: SerialNumber: syz [ 149.523452][ T42] usb 2-1: config 0 descriptor?? [ 150.968967][ T42] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: 20 failed: -71 [ 150.984726][ T42] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 150.992068][ T42] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 151.000390][ T42] f81534: probe of 2-1:0.12 failed with error -71 [ 151.029462][ T42] usb 2-1: USB disconnect, device number 14 [ 151.043035][ T5837] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 151.222471][ T5837] usb 4-1: Using ep0 maxpacket: 32 [ 151.230502][ T5837] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 151.240430][ T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 151.253993][ T5837] usb 4-1: config 0 has no interface number 0 [ 151.273606][ T5837] usb 4-1: config 0 interface 89 has no altsetting 0 [ 151.286352][ T5837] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 151.299711][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.309109][ T5837] usb 4-1: Product: syz [ 151.318774][ T5837] usb 4-1: Manufacturer: syz [ 151.324741][ T5837] usb 4-1: SerialNumber: syz [ 151.335697][ T5837] usb 4-1: config 0 descriptor?? [ 151.351743][ T5837] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 151.363751][ T5837] em28xx 4-1:0.89: Video interface 89 found: bulk [ 151.472483][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 151.479985][ T8] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 151.492553][ T8] usb 3-1: config 0 has no interface number 0 [ 151.498773][ T8] usb 3-1: config 0 interface 89 has no altsetting 0 [ 151.516303][ T8] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 151.537067][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.565832][ T8] usb 3-1: Product: syz [ 151.586021][ T8] usb 3-1: Manufacturer: syz [ 151.603417][ T8] usb 3-1: SerialNumber: syz [ 151.619218][ T8] usb 3-1: config 0 descriptor?? [ 151.634323][ T8] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 151.644502][ T8] em28xx 3-1:0.89: Video interface 89 found: bulk [ 151.992538][ T5837] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 152.250233][ T8] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 152.362115][ T6748] netlink: 16 bytes leftover after parsing attributes in process `syz.0.195'. [ 152.837651][ T5837] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 152.850140][ T5837] em28xx 4-1:0.89: board has no eeprom [ 152.868450][ T8] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 152.879802][ T8] em28xx 3-1:0.89: board has no eeprom [ 152.932585][ T5837] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 152.940060][ T5837] em28xx 4-1:0.89: analog set to bulk mode. [ 152.948354][ T9] em28xx 4-1:0.89: Registering V4L2 extension [ 152.954694][ T8] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 152.991092][ T5837] usb 4-1: USB disconnect, device number 12 [ 153.002504][ T8] em28xx 3-1:0.89: analog set to bulk mode. [ 153.023396][ T5837] em28xx 4-1:0.89: Disconnecting em28xx [ 153.087335][ T8] usb 3-1: USB disconnect, device number 10 [ 153.115223][ T8] em28xx 3-1:0.89: Disconnecting em28xx [ 153.138201][ T9] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 153.155106][ T9] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 153.162136][ T9] em28xx 4-1:0.89: No AC97 audio processor [ 153.183682][ T9] usb 4-1: Decoder not found [ 153.188746][ T9] em28xx 4-1:0.89: failed to create media graph [ 153.195369][ T9] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 153.225815][ T9] em28xx 4-1:0.89: Registering snapshot button... [ 153.233784][ T9] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input16 [ 153.276160][ T9] em28xx 4-1:0.89: Remote control support is not available for this card. [ 153.303452][ T5837] em28xx 4-1:0.89: Closing input extension [ 153.310676][ T5837] em28xx 4-1:0.89: Deregistering snapshot button [ 153.326876][ T5902] em28xx 3-1:0.89: Registering V4L2 extension [ 153.336017][ T5837] em28xx 4-1:0.89: Freeing device [ 153.469032][ T5902] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 153.513040][ T5902] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 153.544203][ T5902] em28xx 3-1:0.89: No AC97 audio processor [ 153.555335][ T5902] usb 3-1: Decoder not found [ 153.562519][ T5902] em28xx 3-1:0.89: failed to create media graph [ 153.568803][ T5902] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 153.589177][ T6751] ================================================================== [ 153.597273][ T6751] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xca/0x430 [ 153.604646][ T6751] Read of size 8 at addr ffff88807a7a0738 by task v4l_id/6751 [ 153.612089][ T6751] [ 153.614408][ T6751] CPU: 0 PID: 6751 Comm: v4l_id Not tainted syzkaller #0 [ 153.621415][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 153.631463][ T6751] Call Trace: [ 153.634732][ T6751] [ 153.637653][ T6751] dump_stack_lvl+0x16c/0x230 [ 153.642343][ T6751] ? __lock_acquire+0x7c80/0x7c80 [ 153.647358][ T6751] ? show_regs_print_info+0x20/0x20 [ 153.652551][ T6751] ? load_image+0x3b0/0x3b0 [ 153.657041][ T6751] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 153.662406][ T6751] ? __virt_addr_valid+0x18c/0x540 [ 153.667533][ T6751] ? __virt_addr_valid+0x469/0x540 [ 153.672648][ T6751] print_report+0xac/0x220 [ 153.677055][ T6751] ? v4l2_fh_open+0xca/0x430 [ 153.681635][ T6751] kasan_report+0x117/0x150 [ 153.686128][ T6751] ? v4l2_fh_open+0xca/0x430 [ 153.690721][ T6751] v4l2_fh_open+0xca/0x430 [ 153.695133][ T6751] em28xx_v4l2_open+0x157/0x980 [ 153.699987][ T6751] v4l2_open+0x212/0x360 [ 153.704216][ T6751] chrdev_open+0x59e/0x670 [ 153.708647][ T6751] ? cd_forget+0x160/0x160 [ 153.713051][ T6751] ? fsnotify_perm+0x3ed/0x5e0 [ 153.717824][ T6751] ? cd_forget+0x160/0x160 [ 153.722228][ T6751] do_dentry_open+0x8c6/0x1500 [ 153.726987][ T6751] path_openat+0x274b/0x3190 [ 153.731575][ T6751] ? __kasan_slab_alloc+0x6c/0x80 [ 153.736589][ T6751] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 153.742659][ T6751] ? verify_lock_unused+0x140/0x140 [ 153.747850][ T6751] ? do_filp_open+0x3d0/0x3d0 [ 153.752522][ T6751] ? __virt_addr_valid+0x18c/0x540 [ 153.757625][ T6751] do_filp_open+0x1c5/0x3d0 [ 153.762124][ T6751] ? vfs_tmpfile+0x490/0x490 [ 153.766715][ T6751] ? _raw_spin_unlock+0x28/0x40 [ 153.771566][ T6751] ? alloc_fd+0x58f/0x630 [ 153.775887][ T6751] do_sys_openat2+0x12c/0x1c0 [ 153.780555][ T6751] ? do_sys_open+0xe0/0xe0 [ 153.784959][ T6751] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 153.790927][ T6751] ? lock_chain_count+0x20/0x20 [ 153.795772][ T6751] ? lock_chain_count+0x20/0x20 [ 153.800610][ T6751] __x64_sys_openat+0x139/0x160 [ 153.805463][ T6751] do_syscall_64+0x55/0xb0 [ 153.809883][ T6751] ? clear_bhb_loop+0x40/0x90 [ 153.814545][ T6751] ? clear_bhb_loop+0x40/0x90 [ 153.819210][ T6751] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 153.825102][ T6751] RIP: 0033:0x7fcb880a7407 [ 153.829522][ T6751] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 153.849134][ T6751] RSP: 002b:00007ffec9a010e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 153.857540][ T6751] RAX: ffffffffffffffda RBX: 00007fcb8879a880 RCX: 00007fcb880a7407 [ 153.865497][ T6751] RDX: 0000000000000000 RSI: 00007ffec9a01f1c RDI: ffffffffffffff9c [ 153.873455][ T6751] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 153.881411][ T6751] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 153.889370][ T6751] R13: 00007ffec9a01330 R14: 00007fcb888f9000 R15: 000056203f84c4d8 [ 153.897344][ T6751] [ 153.900351][ T6751] [ 153.902668][ T6751] Allocated by task 5902: [ 153.906975][ T6751] kasan_set_track+0x4e/0x70 [ 153.911558][ T6751] __kasan_kmalloc+0x8f/0xa0 [ 153.916132][ T6751] em28xx_v4l2_init+0x10b/0x2e70 [ 153.921065][ T6751] em28xx_init_extension+0x11c/0x1b0 [ 153.926340][ T6751] process_scheduled_works+0xa45/0x15b0 [ 153.931893][ T6751] worker_thread+0xa55/0xfc0 [ 153.936471][ T6751] kthread+0x2fa/0x390 [ 153.940527][ T6751] ret_from_fork+0x48/0x80 [ 153.944935][ T6751] ret_from_fork_asm+0x11/0x20 [ 153.949705][ T6751] [ 153.952012][ T6751] Freed by task 5902: [ 153.955972][ T6751] kasan_set_track+0x4e/0x70 [ 153.960547][ T6751] kasan_save_free_info+0x2e/0x50 [ 153.965561][ T6751] ____kasan_slab_free+0x126/0x1e0 [ 153.970670][ T6751] slab_free_freelist_hook+0x130/0x1b0 [ 153.976123][ T6751] __kmem_cache_free+0xba/0x1f0 [ 153.980961][ T6751] em28xx_v4l2_init+0x1670/0x2e70 [ 153.985978][ T6751] em28xx_init_extension+0x11c/0x1b0 [ 153.991251][ T6751] process_scheduled_works+0xa45/0x15b0 [ 153.996787][ T6751] worker_thread+0xa55/0xfc0 [ 154.001364][ T6751] kthread+0x2fa/0x390 [ 154.005420][ T6751] ret_from_fork+0x48/0x80 [ 154.009825][ T6751] ret_from_fork_asm+0x11/0x20 [ 154.014592][ T6751] [ 154.016899][ T6751] The buggy address belongs to the object at ffff88807a7a0000 [ 154.016899][ T6751] which belongs to the cache kmalloc-8k of size 8192 [ 154.030938][ T6751] The buggy address is located 1848 bytes inside of [ 154.030938][ T6751] freed 8192-byte region [ffff88807a7a0000, ffff88807a7a2000) [ 154.044892][ T6751] [ 154.047201][ T6751] The buggy address belongs to the physical page: [ 154.053606][ T6751] page:ffffea0001e9e800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a7a0 [ 154.063763][ T6751] head:ffffea0001e9e800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 154.072677][ T6751] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 154.080642][ T6751] page_type: 0xffffffff() [ 154.084959][ T6751] raw: 00fff00000000840 ffff888017842280 ffffea00016da600 0000000000000004 [ 154.093530][ T6751] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 154.102102][ T6751] page dumped because: kasan: bad access detected [ 154.108508][ T6751] page_owner tracks the page as allocated [ 154.114209][ T6751] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6143, tgid 6140 (syz.2.58), ts 101249839814, free_ts 101024401953 [ 154.136771][ T6751] post_alloc_hook+0x1cd/0x210 [ 154.141532][ T6751] get_page_from_freelist+0x195c/0x19f0 [ 154.147074][ T6751] __alloc_pages+0x1e3/0x460 [ 154.151657][ T6751] alloc_slab_page+0x5d/0x170 [ 154.156325][ T6751] new_slab+0x87/0x2e0 [ 154.160394][ T6751] ___slab_alloc+0xc6d/0x1300 [ 154.165072][ T6751] __kmem_cache_alloc_node+0x1a2/0x260 [ 154.170524][ T6751] __kmalloc+0xa4/0x240 [ 154.174670][ T6751] snd_seq_oss_readq_new+0x82/0x250 [ 154.179853][ T6751] snd_seq_oss_open+0x774/0xea0 [ 154.184695][ T6751] odev_open+0x67/0xa0 [ 154.188763][ T6751] chrdev_open+0x59e/0x670 [ 154.193166][ T6751] do_dentry_open+0x8c6/0x1500 [ 154.197918][ T6751] path_openat+0x274b/0x3190 [ 154.202500][ T6751] do_filp_open+0x1c5/0x3d0 [ 154.206992][ T6751] do_sys_openat2+0x12c/0x1c0 [ 154.211655][ T6751] page last free stack trace: [ 154.216309][ T6751] free_unref_page_prepare+0x7ce/0x8e0 [ 154.221766][ T6751] free_unref_page+0x32/0x2e0 [ 154.226437][ T6751] __unfreeze_partials+0x1cf/0x210 [ 154.231546][ T6751] put_cpu_partial+0x17c/0x250 [ 154.236304][ T6751] __slab_free+0x31d/0x410 [ 154.240712][ T6751] qlist_free_all+0x75/0xe0 [ 154.245205][ T6751] kasan_quarantine_reduce+0x143/0x160 [ 154.250654][ T6751] __kasan_slab_alloc+0x22/0x80 [ 154.255493][ T6751] slab_post_alloc_hook+0x6e/0x4d0 [ 154.260594][ T6751] kmem_cache_alloc+0x11e/0x2e0 [ 154.265433][ T6751] ptlock_alloc+0x20/0x70 [ 154.269744][ T6751] pte_alloc_one+0xce/0x540 [ 154.274237][ T6751] __pte_alloc+0x22/0x2a0 [ 154.278647][ T6751] copy_page_range+0x2d72/0x3600 [ 154.283589][ T6751] copy_mm+0x112a/0x1c20 [ 154.287820][ T6751] copy_process+0x16d3/0x3d70 [ 154.292491][ T6751] [ 154.294809][ T6751] Memory state around the buggy address: [ 154.300420][ T6751] ffff88807a7a0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.308492][ T6751] ffff88807a7a0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.316633][ T6751] >ffff88807a7a0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.324681][ T6751] ^ [ 154.330558][ T6751] ffff88807a7a0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.338611][ T6751] ffff88807a7a0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.346667][ T6751] ================================================================== [ 154.355965][ T5902] em28xx 3-1:0.89: Registering snapshot button... [ 154.364886][ T5902] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input17 [ 154.423436][ T6751] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 154.430656][ T6751] CPU: 1 PID: 6751 Comm: v4l_id Not tainted syzkaller #0 [ 154.437688][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 154.447743][ T6751] Call Trace: [ 154.451010][ T6751] [ 154.453929][ T6751] dump_stack_lvl+0x16c/0x230 [ 154.458600][ T6751] ? show_regs_print_info+0x20/0x20 [ 154.463788][ T6751] ? load_image+0x3b0/0x3b0 [ 154.468279][ T6751] panic+0x2c0/0x710 [ 154.472167][ T6751] ? bpf_jit_dump+0xd0/0xd0 [ 154.476661][ T6751] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 154.482540][ T6751] ? _raw_spin_unlock+0x40/0x40 [ 154.487376][ T6751] ? print_memory_metadata+0x314/0x400 [ 154.492826][ T6751] ? v4l2_fh_open+0xca/0x430 [ 154.497406][ T6751] check_panic_on_warn+0x84/0xa0 [ 154.502337][ T6751] ? v4l2_fh_open+0xca/0x430 [ 154.506916][ T6751] end_report+0x6f/0x140 [ 154.511149][ T6751] kasan_report+0x128/0x150 [ 154.515644][ T6751] ? v4l2_fh_open+0xca/0x430 [ 154.520226][ T6751] v4l2_fh_open+0xca/0x430 [ 154.524635][ T6751] em28xx_v4l2_open+0x157/0x980 [ 154.529484][ T6751] v4l2_open+0x212/0x360 [ 154.533718][ T6751] chrdev_open+0x59e/0x670 [ 154.538130][ T6751] ? cd_forget+0x160/0x160 [ 154.542539][ T6751] ? fsnotify_perm+0x3ed/0x5e0 [ 154.547294][ T6751] ? cd_forget+0x160/0x160 [ 154.551694][ T6751] do_dentry_open+0x8c6/0x1500 [ 154.556451][ T6751] path_openat+0x274b/0x3190 [ 154.561047][ T6751] ? __kasan_slab_alloc+0x6c/0x80 [ 154.566065][ T6751] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 154.572142][ T6751] ? verify_lock_unused+0x140/0x140 [ 154.577332][ T6751] ? do_filp_open+0x3d0/0x3d0 [ 154.582003][ T6751] ? __virt_addr_valid+0x18c/0x540 [ 154.587110][ T6751] do_filp_open+0x1c5/0x3d0 [ 154.591609][ T6751] ? vfs_tmpfile+0x490/0x490 [ 154.596205][ T6751] ? _raw_spin_unlock+0x28/0x40 [ 154.601039][ T6751] ? alloc_fd+0x58f/0x630 [ 154.605372][ T6751] do_sys_openat2+0x12c/0x1c0 [ 154.610059][ T6751] ? do_sys_open+0xe0/0xe0 [ 154.614461][ T6751] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 154.620428][ T6751] ? lock_chain_count+0x20/0x20 [ 154.625272][ T6751] ? lock_chain_count+0x20/0x20 [ 154.630124][ T6751] __x64_sys_openat+0x139/0x160 [ 154.634964][ T6751] do_syscall_64+0x55/0xb0 [ 154.639371][ T6751] ? clear_bhb_loop+0x40/0x90 [ 154.644036][ T6751] ? clear_bhb_loop+0x40/0x90 [ 154.648720][ T6751] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 154.654610][ T6751] RIP: 0033:0x7fcb880a7407 [ 154.659010][ T6751] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 154.678600][ T6751] RSP: 002b:00007ffec9a010e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 154.687000][ T6751] RAX: ffffffffffffffda RBX: 00007fcb8879a880 RCX: 00007fcb880a7407 [ 154.694973][ T6751] RDX: 0000000000000000 RSI: 00007ffec9a01f1c RDI: ffffffffffffff9c [ 154.702930][ T6751] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 154.710893][ T6751] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 154.718846][ T6751] R13: 00007ffec9a01330 R14: 00007fcb888f9000 R15: 000056203f84c4d8 [ 154.726820][ T6751] [ 154.730122][ T6751] Kernel Offset: disabled [ 154.734445][ T6751] Rebooting in 86400 seconds..