last executing test programs: 12.250814546s ago: executing program 0 (id=229): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00d24de92320000000000000ad4304d71939e049282dc3159f97c47cf6e4413f980d81b516725bf83523980eb77870b9edd6b00a53a8e24a43e400"/76, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103001) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0x6, 0x2, @buffer={0x0, 0x3d, 0x0}, &(0x7f0000000840)="5423cbb26a28", 0x0, 0x3, 0x3, 0x22, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fdinfo\x00') r3 = io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x1, 0x2, 0xfffffffa}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$key(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) io_setup(0x30, &(0x7f0000000600)=0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="680000001200050100000000fedbdf2505001900ff00000028001a00ffffffff000000000000000000000000fe880000000000000000000000004001074ee0c2"], 0x68}}, 0x20040810) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="dc287f0e10"], 0x40}, 0x1, 0x0, 0x0, 0x4040080}, 0x800) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b80440001800c000100636f756e746572"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880) pipe2$9p(&(0x7f00000000c0), 0x4000) r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) syz_emit_ethernet(0x6d, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa1e88ff0005b80dd7a0d34c61a5a417b3b9894a95b255455c2143af38397f8c038f22dc7c61eee2101c35b181d123d2414f128d4e946e9cc39d53f83c0d7131beea1703ecc172a60b9022648b1cb9000000000000"], 0x0) io_submit(r4, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f00000000c0)="01", 0x24}]) read(r0, &(0x7f0000000140)=""/107, 0x6b) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x2, r0, 0x4}, 0x38) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r9 = socket(0x400000000010, 0x1, 0x0) r10 = socket$unix(0x1, 0x5, 0x0) syz_io_uring_setup(0x9, &(0x7f0000000480)={0x0, 0x591c, 0x8000, 0x3, 0x296, 0x0, r3}, &(0x7f00000001c0), &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x300, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r11, {0xf, 0xfff1}, {0xffff, 0xffff}, {0xffe9, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28, 0xfffd}}}]}, 0x38}}, 0x0) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') link(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1f00000000000000000000000010000000000000", @ANYRES32, @ANYBLOB="0000000400000000000000000000000000000000dc8a1bf0eaeac4582f5ab53356c6d90a8da73d1f7d80f58e141ec9d56db20cb5072b748f78547f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r12, 0xffff8000) 10.781349603s ago: executing program 1 (id=232): r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, 0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0xa2001, 0x0) r7 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x200, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) io_uring_enter(r7, 0x7277, 0x0, 0x28, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000240)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r10, 0x84, 0x6, &(0x7f0000000b80)={0x0, @in={{0x2, 0x4e22, @multicast1}}}, 0x84) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 10.666757623s ago: executing program 0 (id=233): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000200)='.log\x00', 0x40000, 0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000140)={r3, r4/1000+10000}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) r5 = getpgid(0x0) sched_setattr(r5, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0xff, 0xb49, 0x9, 0x9, 0xffffffff, 0x1}, 0x0) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000040)=0xc) unshare(0x22020400) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000640)=0x10) 10.116014593s ago: executing program 3 (id=234): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x3f, 0x822f01) write$char_usb(r0, 0x0, 0x0) timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000000)=@abs={0x1}, 0x3) pread64(r2, &(0x7f0000000480)=""/177, 0xb1, 0xa6) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}, {0x77359400}}, 0x0) unshare(0x42000000) 9.487619692s ago: executing program 3 (id=235): socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) syz_usb_connect(0x0, 0x2d, &(0x7f0000000940)={{0x12, 0x1, 0x0, 0xa6, 0xff, 0x5, 0x40, 0xabcd, 0xcdee, 0x5b9, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9c, 0x0, 0x0, 0x1, 0x3, 0x51}}, {{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000104000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000001400001c00128009000100626f6e64000000000c000280080013"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000800) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000240)="eb82aa37495557ec69bbbe6e3b8403cdb7e448b5c90c4edbf461ad4c0c38a355d422e2ad28ba6b5c6f812c68c44c7f61ac3ced39311a3ade9ce5ade5bfde01e1f75dd3e49999be7194ed2ac7629f730b741ab1a42cbdd209f6275c81e078790c24b25c81b3822b13fde868e7027ecddcf3c35fa64e11a244af1e1db0f95954be72558d3e44e9b94a2f70bb97ab31f4c03991e68e5001c8c124cb66ece74b637f1690a9bfdad4a1a01ce6974295979dfaff20cf7f803b7605b345e5e2d9745b88a0717d2e1c1f70f8575173431a471b11fe50eff9bc779077d8d7fc75390a77021cd4c00053df688ba39180ccc3ceae2c80614d9d6d150ce6a49d5c5126eb3146") sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="1400128faf1fb9c37a37e0ee810000000400028008000a000000000000000000", @ANYRES64], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 8.72029515s ago: executing program 1 (id=238): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) getsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000000200), &(0x7f0000000280)=0x4) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x48, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x6a, &(0x7f0000000100)=[@cr4={0x1, 0x9e2}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x800c}, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r6, 0x40304580, &(0x7f0000000240)={0x52, 0x1, 0x1, {0x1, 0x1}, {0x45, 0x2}, @const={0x3, {0x400, 0x5, 0x9, 0x3}}}) write$char_usb(r6, &(0x7f0000000040)="e2", 0x2250) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f00003fe000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x24}, 0x94) ioctl$KVM_RUN(r7, 0xae80, 0x0) 7.471258373s ago: executing program 0 (id=241): sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000200)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x5e55b37311de6d89, 0x0, @rand_addr, @multicast1}}}}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe04, 0x1) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000010c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f00000018c0)={0x1c, &(0x7f00000006c0)=ANY=[], 0x0, 0x0}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x42280, 0x0) close(r3) readv(0xffffffffffffffff, &(0x7f0000000b80)=[{&(0x7f00000004c0)=""/223, 0xdf}], 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 7.367044036s ago: executing program 1 (id=242): socket$kcm(0x10, 0x2, 0x4) (async) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r0}, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) (async) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000) recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0) (async) r4 = socket$key(0xf, 0x3, 0x2) r5 = socket(0x2, 0x80805, 0x0) accept4(r2, &(0x7f0000000380)=@qipcrtr, &(0x7f0000000400)=0x80, 0x800) sendmmsg$inet_sctp(r5, 0x0, 0x0, 0x0) (async) sendmsg$key(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0}}, 0x80) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88) (async) setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000001140)={0x3, {{0x2, 0x4e23, @multicast2}}}, 0x90) (async) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') open_by_handle_at(r6, &(0x7f0000000180)=@fuse={0xc, 0x81, {0x7, 0x39c, 0x80000000}}, 0x10001) (async) r8 = socket$nl_route(0x10, 0x3, 0x0) (async) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@cgroup=r7, 0xc, 0x0, 0x25d4, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, r10, {}, {}, {0xfff3}}}, 0x24}}, 0x0) 5.303684505s ago: executing program 3 (id=244): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54", 0xe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"]) syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000009960810524711004f32010203010902160001000000000904"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 5.015834544s ago: executing program 1 (id=245): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmod\a=00000000000040000,user_id=\x00\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES8, @ANYBLOB=',allow_'], 0xfb, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) write$vga_arbiter(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="746172676574205043493a5b89d9f46ac070df4e31642e3100"], 0x14) syz_usb_disconnect(0xffffffffffffffff) clock_gettime(0x0, &(0x7f0000000300)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r5, 0x29, 0xb, &(0x7f0000000140)=0x7fc, 0x4) setsockopt$inet6_tcp_int(r5, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) bind$inet6(r5, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)=[{&(0x7f0000000300)="d5", 0x1}], 0x1}}], 0x1, 0x20080058) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r6, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000300000000000000000000095000000000000b9000000000000000000", @ANYRESDEC=r2], &(0x7f0000000080)='GPL\x00', 0xf, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0x40405514, &(0x7f0000000540)={{0x4, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x4, 0xb018, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x5, 0x1, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8001, 0x0, 0x0, 0x1, 0x6, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x2000000, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2, 0x0, 0x22820adc, 0xfffffffffffffffd, 0x0, 0x23, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x2]}) syz_open_dev$dri(&(0x7f00000000c0), 0x4d9, 0x2) mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x8}, 0x20) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x38011, r8, 0x6fef5000) 5.004811759s ago: executing program 2 (id=246): syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x1a9a00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="05000000e6ef1f00060000007f00000001"], 0x48) r0 = userfaultfd(0x801) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) (async) recvmmsg(r2, &(0x7f00000001c0), 0x4000000000000db, 0x12003, 0x0) (async) close(0xffffffffffffffff) (async) prctl$PR_SCHED_CORE(0x3e, 0x80000000000001, 0x0, 0x2, 0x0) openat$dsp1(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000200)) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80082, 0x0) r5 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000340)=0xe) (async) writev(r5, &(0x7f0000000240)=[{&(0x7f0000000140)="8f", 0x1}], 0x1) (async) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x810, r0, 0x57c68000) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) (async) r6 = memfd_create(0x0, 0xe) ftruncate(r6, 0x0) (async, rerun: 64) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, 0x0, 0x0) connect$inet(r7, 0x0, 0x0) (async) writev(r7, &(0x7f00000001c0)=[{&(0x7f0000000040)='X', 0x1}, {&(0x7f0000000280)="598fb3075d8d5bd1bc7bd647988fc315a895553e42eee9efdf626e512930dd7e5188a0002185a0384745365df9e1100b889a15005ae5952f563a0756a414ab35adff6e35f5d74b6fb93fd5c6b16db8d6a2be9d489ad31e1f2ce3341d022452576d7b031d9882bcc4b78e8b8ed46e0c86149ee6f9c92ed8", 0x77}], 0x2) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_ABS_SETUP(r8, 0x401c5504, &(0x7f0000000140)={0x4, {0x1, 0x1, 0x8, 0x4, 0x5, 0x52}}) shutdown(0xffffffffffffffff, 0x1) (async) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) (async, rerun: 64) fsopen(&(0x7f0000000180)='hfsplus\x00', 0x0) (rerun: 64) 4.986565824s ago: executing program 4 (id=247): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x40000000, 0x8, 0x1000000, 0x0, 0x0, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x40010022, 0x0) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0x0) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x40000003, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x206, 0x2b4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 4.807292438s ago: executing program 2 (id=248): r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0xa2001, 0x0) r7 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x200, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) io_uring_enter(r7, 0x7277, 0x0, 0x28, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000240)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r10, 0x84, 0x6, &(0x7f0000000b80)={0x0, @in={{0x2, 0x4e22, @multicast1}}}, 0x84) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 3.954266808s ago: executing program 0 (id=249): socket$netlink(0x10, 0x3, 0xc) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket(0x400000000010, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x1}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000080)={@empty}, 0x14) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x9c8) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) lseek(r4, 0x1, 0x3) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r5, 0xae80, 0x0) execve(0x0, 0x0, 0x0) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000), 0x4) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 3.435897505s ago: executing program 4 (id=250): syz_clone3(&(0x7f0000000000)={0x4100, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) (async) r0 = socket(0x1e, 0x80004, 0x0) (async) r1 = socket(0x1e, 0x4, 0x0) (async) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000080)={0x0, 0x0, 0xa294}) (async) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10) (async) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) (async) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r1, r0, 0x0) recvmmsg(r3, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/179, 0x3514}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) (async) add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00') (async) mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x400000000000e, 0x2) 3.353265329s ago: executing program 1 (id=251): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000200)='.log\x00', 0x40000, 0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000140)={r3, r4/1000+10000}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) r5 = getpgid(0x0) sched_setattr(r5, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0xff, 0xb49, 0x9, 0x9, 0xffffffff, 0x1}, 0x0) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000040)=0xc) unshare(0x22020400) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000640)=0x10) 3.311791711s ago: executing program 4 (id=252): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xfffffffffffffeff, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x3fff, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x48040}, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0x10, 0xffe0}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x7}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x8800) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000000)="09fdbf65653f060058d1e7cbdaf300000f34f9e4164d081ae36850dafa1e6a2ee8ffffffffff330dee3a4743627f00b800edc57000000000000200", 0x0, 0x7b) readv(r2, &(0x7f0000000400)=[{&(0x7f0000000140)=""/234, 0xea}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000280), 0x0, 0x18) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffb000/0x1000)=nil, 0x1000}}) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.216033677s ago: executing program 3 (id=253): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) (async) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000000), 0xffffffffffffffff, 0x4a000) (async) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000580)={0x102, "07b008b6be63a8ce744cf1884770af3d1bc5284661fcca1486404b269c3ce9e2117d72d832e874442d67318f732f7ad36753a25f7f1693a8d8a4d697e325f020e7cdd869133d8b7a54e3c4bc8cace58e012321b054edc36a12d271722d47d873014e07fb851caff9cf339021c4fb0a541fc69d9f146866e0b2aaba31d2bb11c09707878eaef3bcae2c030d12b3222a01825f5716afc9aac70b81eb479e9c716b995ad40bb0fa0017c6a0a272e160d8f8fce239168fb77549e0ca4a34c448a39c25bc8295daa916b8d5ebf67f110171a2a40bfac062fd8d8c7d46bc7dc0b87293a5a03652703bac639a04ff7f0000000000007d1853f2ba104e3b5db23aee6663d3a3"}) 2.687290798s ago: executing program 0 (id=254): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) syz_usb_connect$cdc_ncm(0x5, 0x76, &(0x7f0000000800)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a"], 0x0) 2.649441079s ago: executing program 2 (id=255): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000044c0)=[{{&(0x7f0000000100)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000001680)=[{&(0x7f0000001180)=""/102, 0x66}, {&(0x7f0000001200)=""/47, 0x2f}, {&(0x7f0000001240)=""/136, 0x88}, {&(0x7f0000001300)=""/103, 0x67}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f0000001640)=""/49, 0x31}], 0x6, &(0x7f0000001700)=""/143, 0x8f}, 0xc782}, {{&(0x7f00000017c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001840)=""/208, 0xd0}, {&(0x7f0000001940)=""/209, 0xd1}, {&(0x7f0000001a40)=""/33, 0x21}], 0x3, &(0x7f0000001ac0)=""/57, 0x39}, 0x2}, {{&(0x7f0000001b00)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000001b80)=""/4096, 0x1000}, {&(0x7f0000002b80)=""/148, 0x94}, {&(0x7f0000002c40)=""/113, 0x71}, {&(0x7f0000002cc0)=""/222, 0xde}, {&(0x7f0000002dc0)=""/110, 0x6e}], 0x5, &(0x7f0000002ec0)=""/234, 0xea}, 0x8}, {{&(0x7f0000002fc0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000003080)=[{&(0x7f0000003040)=""/45, 0x2d}], 0x1}, 0x2bb2}, {{0x0, 0x0, &(0x7f00000040c0)=[{&(0x7f00000030c0)=""/4096, 0x1000}], 0x1, &(0x7f0000004100)=""/63, 0x3f}, 0xfff}, {{&(0x7f0000004140)=@caif=@dbg, 0x80, &(0x7f0000004480)=[{&(0x7f00000041c0)=""/169, 0xa9}, {&(0x7f0000004280)=""/80, 0x50}, {&(0x7f0000004300)=""/86, 0x56}, {&(0x7f0000004380)=""/207, 0xcf}], 0x4}, 0x5}], 0x6, 0x2, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCPKT(r2, 0x5420, 0x0) add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x2c9ab000) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r3, &(0x7f00000013c0)=ANY=[@ANYBLOB="3d0200007d00000005fc000000faffffff0000000000000000000000000000707f80898200ac1b000000000000000000000000000000002500046e6fc866c97d609906000000000000009000001df6db0000000000003dd30000000000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500003b595fcb14034354b9fd9e7196a51cd5157adc8106b494e11700cfc2001000000000000000000f580502b66e00f313f6005500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8d489da649a37002300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c010000000000000098019f30118447aa9a74f5160500000000000000c267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c217fe4280f9cad87fff00000000000008000000008000"/567, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r2], 0x23d) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) msgget$private(0x0, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, r1, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0) fsopen(0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) setsockopt$sock_int(r7, 0x1, 0x35, &(0x7f0000000040)=0x1, 0x4) ftruncate(r6, 0x2007ff3) r8 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x8, 0x80) lchown(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x20000000000004) copy_file_range(r6, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffa003e459, 0x700000000000000) 2.015760003s ago: executing program 3 (id=256): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES32], 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a09040000000000000000020000002800048024000180080001006c6f67001800025e09000240636103000000000008000540000000ff0900010073797a300000000009000200738d7a32000000001400000011000100000000000004c990526a000a"], 0x7c}}, 0x80) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0182101, &(0x7f00000004c0)) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCDELRT(r2, 0x890b, &(0x7f0000000080)={@loopback={0xfec0ffff00000000}, @private1={0xfc, 0x1, '\x00', 0xff}, @mcast1, 0xfffffffd, 0xfffd, 0x0, 0x0, 0xfff, 0x20c0062}) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@random="493f6b6e24d9", @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "bb0e9e", 0x18, 0x0, 0x0, @remote, @private0, {[@routing={0x0, 0x2, 0x1, 0x5, 0x0, [@mcast2]}]}}}}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x8000, 0x0, 0xfffffffc}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) io_uring_enter(r4, 0x66a8, 0x4000, 0xc, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$unix(0x1, 0x2, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7000fddbdf25070000a800080003", @ANYRES32=r9, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x4884) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r10) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) 2.01441396s ago: executing program 4 (id=257): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r4, 0xff7f}}, 0x20}}, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) r8 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$6lowpan_enable(r8, &(0x7f0000000280)='1', 0x1) r9 = socket(0x10, 0x3, 0x0) write(r9, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000001f0000540000000e0001006e657464657673696d0000000f0002"], 0x34}}, 0x0) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r11, 0x1, 0x0, 0x0, {0x54}}, 0x14}}, 0x0) recvmmsg(r9, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r12, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r12, &(0x7f0000000000), 0x0) 1.850231864s ago: executing program 3 (id=258): r0 = syz_io_uring_setup(0x55a0, &(0x7f0000000280)={0x0, 0x8f1, 0x10, 0x0, 0x2ff}, &(0x7f0000000180), &(0x7f0000000200)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000006, 0x59032, r0, 0x0) r1 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x5, 0x0) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00') rmdir(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00') ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f00000001c0)={0x2, 0x0, &(0x7f0000000240)=[0x0, 0x0]}) r3 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0xd, &(0x7f0000000000), 0x8) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) ioctl$CEC_ADAP_S_PHYS_ADDR(r4, 0x40026102, &(0x7f0000000140)=0x401) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, &(0x7f0000000e40)={{0x12, 0x1, 0x0, 0x68, 0x7a, 0x5a, 0x20, 0xc72, 0x11, 0x975, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6f, 0xc6, 0xdf}}]}}]}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000003480), 0x900) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32=r6, @ANYBLOB="200001"], 0x38}}, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) 1.64129176s ago: executing program 2 (id=259): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4000040) 1.135886077s ago: executing program 2 (id=260): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x1e, 0x0, &(0x7f0000000440)) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r1}, @flat=@weak_handle={0x77682a85, 0x1115}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000880)="4a8e464b3d4657499ea54e5c7d563ff8776074ae642a55558dbfd1df9462b1259816b613ea02f9c5a2a4cc3bf701b7f4fa887e4ce6d2045a432a7b060f115097ae0e0e07f3f3704a688c03fccef3e273"}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000240)={0x7, &(0x7f00000001c0)=[{0x925, 0x6, 0x1}, {0x1, 0x0, 0x2, 0x1}, {0x8, 0x3, 0x10, 0x7ff}, {0x2, 0xff, 0xbf, 0x2}, {0x8, 0x0, 0x5, 0x7}, {0x4, 0x2, 0x80, 0x400}, {0x7dd4, 0x4, 0x8, 0x2}]}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000740)="38eef39a9470e520a675d696d62d357d2dff6aa91ce585589f5a86b334887eccd0cf6d8e735499c5da5a4d563ad1b35f80fa0b64a2aff75617b3b1c35b8d3141773af29a42fdf17084264e7834faf8d112fffc49"}) unshare(0x28040200) 1.064414205s ago: executing program 1 (id=261): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xa7, 0x6c, 0xf8, 0x20, 0x6d0, 0x622, 0x70f8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb7, 0x0, 0x2, 0xe2, 0x66, 0xf2, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x210, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = socket$kcm(0x1e, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0xc001) recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000dc0)=""/255, 0xff}], 0x1, &(0x7f0000000480)=""/19, 0x13}, 0x40000010) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002b0f00ca00000cd800"], 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_io_uring_setup(0x1714, &(0x7f0000002040)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x2c, 0x2, r2, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}}) io_uring_enter(r4, 0x27e2, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2) sendmmsg$unix(r3, &(0x7f000000f7c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8081}}], 0xf000, 0x800) r7 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r10, 0x1, 0x41, &(0x7f0000000040)=0x80000, 0x4) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r12 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r12, 0x102}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x10) r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) ioctl$HIDIOCGSTRING(r7, 0x81044804, &(0x7f00000002c0)) r14 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00) ioctl$UFFDIO_API(r14, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4c5}) 956.126107ms ago: executing program 2 (id=262): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ppoll(0x0, 0x0, 0x0, &(0x7f00000009c0)={[0xfffffffffffff000]}, 0x8) fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000280)=0x1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="050000e6ffffff0000004400000008000300a2a75b78b16cfa0e6f6549b8ed15da5ee45e028ea543c576aa3b20b59223b7b347cb32ec6a38e5d841a619fb32d242ac2de60ebe8af9caf350a33ab4181dd6dac2045c6d2063c3dec6e7ae620a26f31642d5c03e4e9f031f3a9acf986b18680bfc450d413818fc61621cdd133c77669af947a60c944b2b1bb539bccf987a7cb65febe6af029d1ac4186dd8aa6f4cbc4acb14dc4fc2c2f9224de27dd07ae8f9", @ANYRES32=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x48041}, 0x40840) sendmsg$NL80211_CMD_SET_CHANNEL(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="fb0000005d224ebf4b3aa88e42a2014cf2e1b09088e48c00101900b28aac0add5cdd264026eba6c4c1f4931f7763bf5878fd3095e89bfbfb3a4de276e0ebc8ad7ac2a7eaf726fa22995d4bf883e76a544e65f68f9ad9b9879f91189ec09d7f9416f60ff2998a56c0e95773dcba21546ac478e3067367561c9db039760216d68a0d9fe12cf20c897a48a35683aabc14fdad43de8a985aeeff1b76572e081750eadcacbca4dd9c8bc6ad69e036262f57d140b0d13b1e5b1c1eec72ed63e402c476707965a72b5de85f8f488ff9a95190781854e9db31532825dae187935ee27ccb654b60534dc1fb4795eb477109c0f090a9ada432de540179ebf764c6c7c228eab11596f228fc90d810bd7dad05557bad77f29162d48164a2f6e448f307f05de15d8e8e9f", @ANYRES16=r4, @ANYBLOB="00012abd7000fddbdf25410000000800a000020000000800a10096050000080026006c090000080027000200000008009f00070000000800a00001000000050018011000000008009f0002000000"], 0x54}, 0x1, 0x0, 0x0, 0x48000040}, 0x2000c040) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000080)=0xb, 0x8, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000000202010100000000000000200000000808000540000000001c000a80080001400000000008000140000000000800014000000001"], 0x38}, 0x1, 0x0, 0x0, 0x4000070}, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f00000002c0)) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) 801.709903ms ago: executing program 0 (id=263): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0xf000, 0x11101000, 0x0, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x0, r2}) close(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000040)=@x86={0x5, 0xfc, 0xff, 0x0, 0x8, 0x7f, 0x0, 0xa4, 0xc1, 0xb, 0xbb, 0x7, 0x0, 0xa, 0x6f, 0x5, 0xfd, 0x1, 0x9, '\x00', 0x70, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000340)=[@text64={0x40, &(0x7f00000006c0)="460f499aef0000000f015900c74424002a000000c744240200900000ff1c24440fd4cb0f35f3460f5d75b3420f782245813c640b1620e867363e400f01cf440fc737", 0x42}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da00090589"], 0x0) 180.002155ms ago: executing program 4 (id=264): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) dup2(r1, r0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xe, &(0x7f0000000080)=0x800002, 0x4) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/power/sync_on_suspend', 0x260002, 0x31) munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) msgsnd(0x0, &(0x7f0000000100)={0x1}, 0x2000, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) write$sndseq(r3, &(0x7f0000000440)=[{0xd2, 0x9, 0x8, 0x80, @tick=0x2, {0x9, 0xff}, {0x8, 0x3b}, @addr={0x6, 0x9}}, {0x3d, 0x7, 0x2, 0x24, @time={0x10, 0x1}, {0x6}, {0x5, 0xd2}, @connect={{0x1, 0xa0}, {0xb8, 0x1}}}, {0x4, 0x0, 0x7, 0x2, @tick=0x1, {0x7}, {0x7, 0x1}, @time=@time={0x3}}, {0x8, 0x3, 0xf, 0x5, @time={0x0, 0x2}, {0x9, 0x4}, {0x10, 0x7f}, @ext={0x5, &(0x7f0000000380)="7b02d1ba22"}}, {0x6, 0x1, 0x1, 0x4, @time={0x3}, {0x2, 0x3}, {0x0, 0xf}, @note={0xe, 0x32, 0xd, 0xf6, 0x8}}, {0x2, 0x80, 0x0, 0xfd, @time={0x63, 0x6}, {0x4, 0xf}, {0x8, 0xe8}, @result={0x3, 0x9}}, {0x40, 0x0, 0x2, 0x6, @tick=0x2, {0x81}, {0xc, 0x69}, @queue={0xd4, {0x40, 0x7f}}}, {0x4a, 0x0, 0x5, 0x3, @time={0x600, 0x2}, {0xf, 0xd}, {0x8, 0x9}, @connect={{0x0, 0x5}, {0x5, 0x6}}}, {0x7, 0xc, 0x3, 0x7, @time={0x0, 0xf34}, {0x40, 0x8}, {0xfe, 0xf}, @raw32={[0x4c94, 0x7, 0xfffffff3]}}], 0xfc) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="840100001000130700000000fcdbdf2520010000000000000000000000000001fc020000000000000000000000000007000000004e210002020000006c000000c95f4fe52545f59da8b22f07c441ae4f56338f18a8f66fcefa0ea67830a36db482ce669155507d118e326060e932a3ed2c27cecc5044b8051f771a3e96c114c1a5", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fe8000000000000000000000000000aa000001003200000000000000000000000000ffffac1414bb000001000000000001000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000043050000000000000400000000000000ffffffffffffff7f000000000000000000000000000000000000000000000000000000002cbd7000003500000a00010050000000000000004c001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000480002006563622d63616d656c6c69612d61736d00"/316], 0x184}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) syz_io_uring_setup(0x1f97, &(0x7f0000000080)={0x0, 0x26dd, 0x13580, 0x0, 0x29f}, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r8, 0x4) io_uring_register$IORING_REGISTER_FILES(r8, 0x2, &(0x7f0000000040)=[r0, r4, r6], 0x3) ftruncate(r8, 0x4) 0s ago: executing program 4 (id=265): r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, 0x0, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0xa2001, 0x0) r7 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x200, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) io_uring_enter(r7, 0x7277, 0x0, 0x28, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000240)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r10, 0x84, 0x6, &(0x7f0000000b80)={0x0, @in={{0x2, 0x4e22, @multicast1}}}, 0x84) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): tooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.702965][ T5867] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.711269][ T5875] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.713986][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.719698][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.726357][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.732563][ T5875] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.741425][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.748022][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.755111][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.762204][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.768467][ T5864] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.779639][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.788959][ T5875] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.791364][ T5183] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.806275][ T5183] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.808409][ T5874] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.814797][ T5183] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.821375][ T5874] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.829672][ T5183] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.549687][ T5880] chnl_net:caif_netlink_parms(): no params data found [ 87.596173][ T5882] chnl_net:caif_netlink_parms(): no params data found [ 87.903622][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.910979][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.918631][ T5880] bridge_slave_0: entered allmulticast mode [ 87.926024][ T5880] bridge_slave_0: entered promiscuous mode [ 87.961461][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.968708][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.975904][ T5882] bridge_slave_0: entered allmulticast mode [ 87.983930][ T5882] bridge_slave_0: entered promiscuous mode [ 87.991987][ T5883] chnl_net:caif_netlink_parms(): no params data found [ 88.003486][ T5878] chnl_net:caif_netlink_parms(): no params data found [ 88.015424][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.023231][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.030640][ T5880] bridge_slave_1: entered allmulticast mode [ 88.038112][ T5880] bridge_slave_1: entered promiscuous mode [ 88.059588][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.066730][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.074731][ T5882] bridge_slave_1: entered allmulticast mode [ 88.082908][ T5882] bridge_slave_1: entered promiscuous mode [ 88.175880][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.192728][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.288696][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.306791][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.324845][ T5882] team0: Port device team_slave_0 added [ 88.350761][ T5884] chnl_net:caif_netlink_parms(): no params data found [ 88.370321][ T5882] team0: Port device team_slave_1 added [ 88.404693][ T5880] team0: Port device team_slave_0 added [ 88.463231][ T5880] team0: Port device team_slave_1 added [ 88.498560][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.505762][ T5883] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.513284][ T5883] bridge_slave_0: entered allmulticast mode [ 88.520938][ T5883] bridge_slave_0: entered promiscuous mode [ 88.590893][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.598432][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.624927][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.637780][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.644992][ T5883] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.652328][ T5883] bridge_slave_1: entered allmulticast mode [ 88.659964][ T5883] bridge_slave_1: entered promiscuous mode [ 88.667954][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.674932][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.701230][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.712496][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.720131][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.727625][ T5878] bridge_slave_0: entered allmulticast mode [ 88.734917][ T5878] bridge_slave_0: entered promiscuous mode [ 88.755190][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.762283][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.792500][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.824682][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.831887][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.858318][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.872244][ T5876] Bluetooth: hci2: command tx timeout [ 88.872249][ T5877] Bluetooth: hci3: command tx timeout [ 88.872620][ T5877] Bluetooth: hci0: command tx timeout [ 88.878021][ T5876] Bluetooth: hci1: command tx timeout [ 88.895247][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.902720][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.910337][ T5878] bridge_slave_1: entered allmulticast mode [ 88.918074][ T5878] bridge_slave_1: entered promiscuous mode [ 88.947272][ T5876] Bluetooth: hci4: command tx timeout [ 89.012268][ T5884] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.019853][ T5884] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.027039][ T5884] bridge_slave_0: entered allmulticast mode [ 89.035600][ T5884] bridge_slave_0: entered promiscuous mode [ 89.045133][ T5884] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.052316][ T5884] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.059585][ T5884] bridge_slave_1: entered allmulticast mode [ 89.067276][ T5884] bridge_slave_1: entered promiscuous mode [ 89.078487][ T5883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.090458][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.103898][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.156929][ T5883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.228194][ T5880] hsr_slave_0: entered promiscuous mode [ 89.234723][ T5880] hsr_slave_1: entered promiscuous mode [ 89.287356][ T5883] team0: Port device team_slave_0 added [ 89.295701][ T5878] team0: Port device team_slave_0 added [ 89.305140][ T5878] team0: Port device team_slave_1 added [ 89.316798][ T5882] hsr_slave_0: entered promiscuous mode [ 89.323506][ T5882] hsr_slave_1: entered promiscuous mode [ 89.330776][ T5882] debugfs: 'hsr0' already exists in 'hsr' [ 89.336614][ T5882] Cannot create hsr debugfs directory [ 89.345498][ T5884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.356477][ T5883] team0: Port device team_slave_1 added [ 89.407762][ T5884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.445087][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.452415][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.479321][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.492922][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.500103][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.526642][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.559160][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.566160][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.592612][ T5883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.650787][ T5884] team0: Port device team_slave_0 added [ 89.672286][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.679453][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.706226][ T5883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.728426][ T5884] team0: Port device team_slave_1 added [ 89.852141][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.859277][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.885528][ T5884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.916769][ T5878] hsr_slave_0: entered promiscuous mode [ 89.924036][ T5878] hsr_slave_1: entered promiscuous mode [ 89.930445][ T5878] debugfs: 'hsr0' already exists in 'hsr' [ 89.936213][ T5878] Cannot create hsr debugfs directory [ 89.973458][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.980728][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.006917][ T5884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.045991][ T5883] hsr_slave_0: entered promiscuous mode [ 90.066579][ T5883] hsr_slave_1: entered promiscuous mode [ 90.073486][ T5883] debugfs: 'hsr0' already exists in 'hsr' [ 90.079831][ T5883] Cannot create hsr debugfs directory [ 90.313975][ T5884] hsr_slave_0: entered promiscuous mode [ 90.322422][ T5884] hsr_slave_1: entered promiscuous mode [ 90.329386][ T5884] debugfs: 'hsr0' already exists in 'hsr' [ 90.335150][ T5884] Cannot create hsr debugfs directory [ 90.587461][ T5882] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.626847][ T5882] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.665295][ T5882] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.699268][ T5882] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.769317][ T5880] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.794670][ T5880] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.805424][ T5880] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.831276][ T5880] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.903640][ T5878] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.938908][ T5878] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.948363][ T5183] Bluetooth: hci2: command tx timeout [ 90.948382][ T5877] Bluetooth: hci1: command tx timeout [ 90.948419][ T5877] Bluetooth: hci3: command tx timeout [ 90.953971][ T5876] Bluetooth: hci0: command tx timeout [ 90.993208][ T5878] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.025913][ T5878] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.032488][ T5876] Bluetooth: hci4: command tx timeout [ 91.080449][ T5883] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.098720][ T5883] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.127279][ T5883] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.140977][ T5883] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.259806][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.306708][ T5884] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.344399][ T5884] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.355088][ T5884] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.366415][ T5884] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.386808][ T5882] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.401458][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.442483][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.449767][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.478688][ T5880] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.495828][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.503034][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.566004][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.573209][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.585841][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.593196][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.653984][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.702420][ T5880] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.762844][ T5878] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.792498][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.799782][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.849208][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.856409][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.886549][ T5883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.920600][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.942316][ T5884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.956888][ T5883] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.972857][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.991286][ T980] cfg80211: failed to load regulatory.db [ 92.004439][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.011631][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.058992][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.066145][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.111413][ T5884] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.126433][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.133654][ T5118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.153281][ T5878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.186635][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.193800][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.299216][ T5880] veth0_vlan: entered promiscuous mode [ 92.332150][ T5880] veth1_vlan: entered promiscuous mode [ 92.347011][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.375698][ T5882] veth0_vlan: entered promiscuous mode [ 92.399478][ T5883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.416931][ T5882] veth1_vlan: entered promiscuous mode [ 92.496257][ T5880] veth0_macvtap: entered promiscuous mode [ 92.519033][ T5880] veth1_macvtap: entered promiscuous mode [ 92.536768][ T5878] veth0_vlan: entered promiscuous mode [ 92.564969][ T5878] veth1_vlan: entered promiscuous mode [ 92.582606][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.600676][ T5884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.612351][ T5882] veth0_macvtap: entered promiscuous mode [ 92.624595][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.656384][ T5883] veth0_vlan: entered promiscuous mode [ 92.671970][ T5882] veth1_macvtap: entered promiscuous mode [ 92.691000][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.712297][ T5883] veth1_vlan: entered promiscuous mode [ 92.726387][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.736980][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.760562][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.778971][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.815603][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.849172][ T5878] veth0_macvtap: entered promiscuous mode [ 92.876092][ T5878] veth1_macvtap: entered promiscuous mode [ 92.886410][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.898936][ T5883] veth0_macvtap: entered promiscuous mode [ 92.918806][ T5884] veth0_vlan: entered promiscuous mode [ 92.926293][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.935387][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.961654][ T5883] veth1_macvtap: entered promiscuous mode [ 92.982711][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.012368][ T5884] veth1_vlan: entered promiscuous mode [ 93.027363][ T5876] Bluetooth: hci2: command tx timeout [ 93.031060][ T5868] Bluetooth: hci0: command tx timeout [ 93.033043][ T5183] Bluetooth: hci3: command tx timeout [ 93.038647][ T5877] Bluetooth: hci1: command tx timeout [ 93.093852][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.098268][ T5118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.115336][ T5877] Bluetooth: hci4: command tx timeout [ 93.116697][ T5118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.174490][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.190045][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.197236][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.209293][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.262119][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.275857][ T5884] veth0_macvtap: entered promiscuous mode [ 93.294025][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.304985][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.314801][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.333738][ T5884] veth1_macvtap: entered promiscuous mode [ 93.353848][ T5880] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.354637][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.378493][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.390184][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.409991][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.419663][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.429183][ T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.456937][ T2972] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.486600][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.549795][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.574909][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.594046][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.612690][ T5960] loop6: detected capacity change from 0 to 2560 [ 93.639469][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.665525][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.696088][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.710991][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.720464][ T5118] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.731004][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.742180][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.750610][ T5118] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.750917][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.770366][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.778417][ T5960] ldm_validate_partition_table(): Disk read failed. [ 93.785182][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.799800][ T5960] Buffer I/O error on dev loop6, logical block 0, async page read [ 93.808545][ T5960] Dev loop6: unable to read RDB block 0 [ 93.814976][ T5960] loop6: unable to read partition table [ 93.821190][ T5960] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 93.841418][ T5118] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.860820][ T5118] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.906692][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.932987][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.952692][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.991922][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.158795][ T5964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2'. [ 94.185150][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.194340][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.231381][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.251493][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.375229][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.413446][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.541096][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.560705][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.853675][ T5984] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.879318][ T5925] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 94.889961][ T43] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 95.063633][ T5925] usb 5-1: config 0 has an invalid interface number: 117 but max is 0 [ 95.077461][ T43] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 95.094964][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.108186][ T5877] Bluetooth: hci1: command tx timeout [ 95.113653][ T5877] Bluetooth: hci0: command tx timeout [ 95.119365][ T5876] Bluetooth: hci2: command tx timeout [ 95.124898][ T5876] Bluetooth: hci3: command tx timeout [ 95.144582][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.158167][ T5925] usb 5-1: config 0 has no interface number 0 [ 95.170770][ T43] usb 2-1: config 0 descriptor?? [ 95.176395][ T5925] usb 5-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 95.194287][ T43] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 95.212188][ T5925] usb 5-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.227727][ T5876] Bluetooth: hci4: command tx timeout [ 95.277124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 95.285578][ T5925] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 95.303812][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.313301][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 95.322144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 95.335551][ T5925] usb 5-1: Product: syz [ 95.351483][ T5925] usb 5-1: Manufacturer: syz [ 95.365536][ T5925] usb 5-1: SerialNumber: syz [ 95.377375][ T5925] usb 5-1: config 0 descriptor?? [ 95.387438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.436098][ T5997] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11'. [ 95.594256][ T43] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 95.639756][ T43] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 95.654958][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 95.829224][ T5978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.853352][ T43] usb 2-1: USB disconnect, device number 2 [ 95.853419][ T5978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.877612][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 95.886998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.908568][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 96.004032][ T5925] usbtouchscreen 5-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 96.061027][ T5925] usb 5-1: USB disconnect, device number 2 [ 96.088241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.249254][ T5997] netlink: 'syz.0.11': attribute type 10 has an invalid length. [ 96.310324][ T6006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'. [ 96.348095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.392860][ T5997] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 97.062304][ T6026] netlink: 'syz.0.18': attribute type 3 has an invalid length. [ 97.070530][ T6026] netlink: 156 bytes leftover after parsing attributes in process `syz.0.18'. [ 97.160126][ T6026] netlink: 'syz.0.18': attribute type 3 has an invalid length. [ 97.179756][ T6023] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.16'. [ 97.194500][ T6023] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š •Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+` [ 97.242415][ T6026] netlink: 156 bytes leftover after parsing attributes in process `syz.0.18'. [ 97.416557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.507812][ T6022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15'. [ 98.053161][ T6028] syz.0.18: vmalloc error: size 27262976, failed to allocated page array size 53248, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 98.126900][ T6028] CPU: 1 UID: 0 PID: 6028 Comm: syz.0.18 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 98.126926][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.126942][ T6028] Call Trace: [ 98.126949][ T6028] [ 98.126956][ T6028] dump_stack_lvl+0x189/0x250 [ 98.126986][ T6028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.127005][ T6028] ? __pfx__printk+0x10/0x10 [ 98.127028][ T6028] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 98.127047][ T6028] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 98.127071][ T6028] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 98.127101][ T6028] warn_alloc+0x214/0x310 [ 98.127140][ T6028] ? __pfx_warn_alloc+0x10/0x10 [ 98.127182][ T6028] ? __get_vm_area_node+0x28f/0x300 [ 98.127211][ T6028] ? vicodec_start_streaming+0x97b/0x1470 [ 98.127249][ T6028] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 98.127281][ T6028] ? arch_stack_walk+0xfc/0x150 [ 98.127331][ T6028] ? alloc_pages_mpol+0x3cd/0x4a0 [ 98.127365][ T6028] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 98.127397][ T6028] ? rcu_is_watching+0x15/0xb0 [ 98.127414][ T6028] ? vicodec_start_streaming+0x97b/0x1470 [ 98.127438][ T6028] ? vicodec_start_streaming+0x97b/0x1470 [ 98.127461][ T6028] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 98.127484][ T6028] ? vicodec_start_streaming+0x97b/0x1470 [ 98.127508][ T6028] ? __mutex_lock+0x335/0x1360 [ 98.127535][ T6028] vicodec_start_streaming+0x97b/0x1470 [ 98.127567][ T6028] ? __pfx_vicodec_start_streaming+0x10/0x10 [ 98.127600][ T6028] vb2_start_streaming+0x125/0x460 [ 98.127629][ T6028] vb2_core_streamon+0x2e0/0x4f0 [ 98.127658][ T6028] v4l2_m2m_ioctl_streamon+0xe0/0x140 [ 98.127678][ T6028] __video_do_ioctl+0xc98/0xdb0 [ 98.127701][ T6028] ? __pfx___video_do_ioctl+0x10/0x10 [ 98.127726][ T6028] video_usercopy+0x86e/0x14f0 [ 98.127748][ T6028] ? __pfx___video_do_ioctl+0x10/0x10 [ 98.127763][ T6028] ? __pfx_video_usercopy+0x10/0x10 [ 98.127786][ T6028] ? __fget_files+0x2a/0x420 [ 98.127802][ T6028] ? __fget_files+0x2a/0x420 [ 98.127814][ T6028] ? __fget_files+0x3a0/0x420 [ 98.127830][ T6028] v4l2_ioctl+0x18a/0x1e0 [ 98.127854][ T6028] ? __pfx_v4l2_ioctl+0x10/0x10 [ 98.127877][ T6028] __se_sys_ioctl+0xfc/0x170 [ 98.127908][ T6028] do_syscall_64+0xfa/0x3b0 [ 98.127939][ T6028] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.127968][ T6028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.127991][ T6028] ? clear_bhb_loop+0x60/0xb0 [ 98.128013][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.128029][ T6028] RIP: 0033:0x7fcc3298ebe9 [ 98.128050][ T6028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.128063][ T6028] RSP: 002b:00007fcc33820038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.128080][ T6028] RAX: ffffffffffffffda RBX: 00007fcc32bb6090 RCX: 00007fcc3298ebe9 [ 98.128091][ T6028] RDX: 0000200000000240 RSI: 0000000040045612 RDI: 0000000000000003 [ 98.128101][ T6028] RBP: 00007fcc32a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 98.128110][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.128119][ T6028] R13: 00007fcc32bb6128 R14: 00007fcc32bb6090 R15: 00007fcc32cdfa28 [ 98.128143][ T6028] [ 98.675782][ T6028] Mem-Info: [ 98.784950][ T6028] active_anon:6605 inactive_anon:0 isolated_anon:0 [ 98.784950][ T6028] active_file:2892 inactive_file:39825 isolated_file:0 [ 98.784950][ T6028] unevictable:768 dirty:1642 writeback:0 [ 98.784950][ T6028] slab_reclaimable:10628 slab_unreclaimable:95612 [ 98.784950][ T6028] mapped:31530 shmem:1359 pagetables:1209 [ 98.784950][ T6028] sec_pagetables:0 bounce:0 [ 98.784950][ T6028] kernel_misc_reclaimable:0 [ 98.784950][ T6028] free:1316234 free_pcp:23387 free_cma:0 [ 98.830349][ C0] vkms_vblank_simulate: vblank timer overrun [ 98.874539][ T6028] Node 0 active_anon:26520kB inactive_anon:0kB active_file:11568kB inactive_file:159096kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126120kB dirty:6556kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11900kB pagetables:4596kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 98.962330][ T6028] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 98.992297][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.017739][ T6028] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 99.117358][ T6028] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 99.157353][ T6028] Node 0 DMA32 free:1368544kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27796kB inactive_anon:0kB active_file:11568kB inactive_file:157524kB unevictable:1536kB writepending:6596kB present:3129332kB managed:2557484kB mlocked:0kB bounce:0kB free_pcp:73988kB local_pcp:44308kB free_cma:0kB [ 99.334118][ T6028] lowmem_reserve[]: 0 0 1 1 1 [ 99.364556][ T6028] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:8kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 99.451325][ T6028] lowmem_reserve[]: 0 0 0 0 0 [ 99.466465][ T6028] Node 1 Normal free:3883420kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:12kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18144kB local_pcp:10144kB free_cma:0kB [ 99.546388][ T6028] lowmem_reserve[]: 0 0 0 0 0 [ 99.561517][ T6028] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 99.592980][ T6028] Node 0 DMA32: 2*4kB (UM) 3*8kB (M) 7*16kB (ME) 3*32kB (ME) 4*64kB (UME) 6*128kB (UME) 3*256kB (ME) 3*512kB (UME) 3*1024kB (M) 2*2048kB (M) 331*4096kB (M) = 1366512kB [ 99.627527][ T6028] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 99.653821][ T6028] Node 1 Normal: 185*4kB (UME) 37*8kB (UME) 34*16kB (UME) 62*32kB (UME) 16*64kB (UME) 4*128kB (UME) 2*256kB (M) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 945*4096kB (M) = 3883500kB [ 99.734176][ T6028] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 99.784105][ T6028] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 99.813365][ T30] audit: type=1326 audit(1754924505.840:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.23" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faab6d8ebe9 code=0x0 [ 99.850921][ T6028] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 99.874374][ T6052] fuse: Bad value for 'fd' [ 99.888278][ T6028] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 99.888312][ T6028] 44199 total pagecache pages [ 99.888358][ T6028] 0 pages in swap cache [ 99.888368][ T6028] Free swap = 124996kB [ 99.888377][ T6028] Total swap = 124996kB [ 99.888389][ T6028] 2097051 pages RAM [ 99.888398][ T6028] 0 pages HighMem/MovableOnly [ 99.888407][ T6028] 425654 pages reserved [ 99.888416][ T6028] 0 pages cma reserved [ 100.173642][ T6057] macvlan1: entered promiscuous mode [ 100.248769][ T6057] team0: Port device macvlan1 added [ 100.822481][ T5925] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.961883][ T6069] syz.0.29 uses obsolete (PF_INET,SOCK_PACKET) [ 101.006893][ T6069] syzkaller1: entered promiscuous mode [ 101.024461][ T5925] usb 4-1: config 0 has an invalid interface number: 25 but max is 0 [ 101.042348][ T5925] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.052924][ T6069] syzkaller1: entered allmulticast mode [ 101.077374][ T5925] usb 4-1: config 0 has no interface number 0 [ 101.105759][ T5925] usb 4-1: config 0 interface 25 altsetting 205 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 101.159665][ T5925] usb 4-1: config 0 interface 25 has no altsetting 0 [ 101.184581][ T5925] usb 4-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=9e.ee [ 101.206881][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.222648][ T5925] usb 4-1: Product: syz [ 101.226870][ T5925] usb 4-1: Manufacturer: syz [ 101.232985][ T5925] usb 4-1: SerialNumber: syz [ 101.254593][ T5925] usb 4-1: config 0 descriptor?? [ 101.317277][ T5861] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 101.353661][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.487190][ T5861] usb 1-1: device descriptor read/64, error -71 [ 101.512698][ T5925] usb 4-1: Found UVC 0.00 device syz (1b3b:2951) [ 101.530665][ T5925] usb 4-1: No valid video chain found. [ 101.547222][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 101.567357][ T5925] usb 4-1: USB disconnect, device number 2 [ 101.582218][ T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 101.597665][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.619604][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.640733][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.669985][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.725005][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 101.744283][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.757390][ T5861] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 101.917441][ T5861] usb 1-1: device descriptor read/64, error -71 [ 102.006249][ T9] usb 3-1: usb_control_msg returned -32 [ 102.018904][ T9] usbtmc 3-1:16.0: can't read capabilities [ 102.038075][ T5861] usb usb1-port1: attempt power cycle [ 102.059039][ T5904] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 102.273166][ T5904] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 102.284368][ T5904] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 102.296149][ T5904] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 102.311309][ T5904] usb 5-1: config 220 has no interface number 2 [ 102.319235][ T5904] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 102.340496][ T5904] usb 5-1: config 220 interface 0 has no altsetting 0 [ 102.349660][ T5904] usb 5-1: config 220 interface 76 has no altsetting 0 [ 102.356632][ T5904] usb 5-1: config 220 interface 1 has no altsetting 0 [ 102.366513][ T5904] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 102.376398][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.384651][ T5904] usb 5-1: Product: syz [ 102.389427][ T5904] usb 5-1: Manufacturer: syz [ 102.397294][ T5904] usb 5-1: SerialNumber: syz [ 102.397368][ T5861] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 102.427923][ T5861] usb 1-1: device descriptor read/8, error -71 [ 102.467250][ T1211] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 102.622505][ T5904] usb 5-1: selecting invalid altsetting 0 [ 102.634284][ T5904] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 102.642766][ T5904] usb 5-1: No valid video chain found. [ 102.649596][ T1211] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.660682][ T1211] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 102.664112][ T5904] usb 5-1: selecting invalid altsetting 0 [ 102.671886][ T5861] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 102.684257][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.693599][ T5904] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 102.696788][ T1211] usb 4-1: config 0 descriptor?? [ 102.719333][ T5861] usb 1-1: device descriptor read/8, error -71 [ 102.724219][ T5904] usb 5-1: USB disconnect, device number 3 [ 102.742542][ T1211] pwc: Askey VC010 type 2 USB webcam detected. [ 102.775927][ T6089] usbtmc 3-1:16.0: usb_control_msg returned -71 [ 102.857751][ T5861] usb usb1-port1: unable to enumerate USB device [ 102.924378][ T1211] pwc: recv_control_msg error -32 req 02 val 2b00 [ 102.932444][ T1211] pwc: recv_control_msg error -32 req 02 val 2700 [ 102.940286][ T1211] pwc: recv_control_msg error -32 req 02 val 2c00 [ 102.949926][ T1211] pwc: recv_control_msg error -32 req 04 val 1000 [ 102.958096][ T1211] pwc: recv_control_msg error -32 req 04 val 1300 [ 102.965332][ T1211] pwc: recv_control_msg error -32 req 04 val 1400 [ 102.972658][ T1211] pwc: recv_control_msg error -32 req 02 val 2000 [ 102.980018][ T1211] pwc: recv_control_msg error -32 req 02 val 2100 [ 102.994502][ T5861] usb 3-1: USB disconnect, device number 2 [ 103.099085][ T1211] pwc: recv_control_msg error -71 req 04 val 1500 [ 103.121434][ T1211] pwc: recv_control_msg error -71 req 02 val 2500 [ 103.138809][ T1211] pwc: recv_control_msg error -71 req 02 val 2400 [ 103.147585][ T1211] pwc: recv_control_msg error -71 req 02 val 2600 [ 103.162736][ T1211] pwc: recv_control_msg error -71 req 02 val 2900 [ 103.171623][ T1211] pwc: recv_control_msg error -71 req 02 val 2800 [ 103.185935][ T1211] pwc: recv_control_msg error -71 req 04 val 1100 [ 103.194057][ T1211] pwc: recv_control_msg error -71 req 04 val 1200 [ 103.221827][ T1211] pwc: Registered as video103. [ 103.257666][ T1211] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input6 [ 103.321980][ T6099] tipc: Started in network mode [ 103.343369][ T1211] usb 4-1: USB disconnect, device number 3 [ 103.381257][ T6099] tipc: Node identity 865fdbbd5848, cluster identity 4711 [ 103.400670][ T6099] tipc: Enabled bearer , priority 0 [ 103.411561][ T6100] syzkaller0: entered promiscuous mode [ 103.419749][ T6100] syzkaller0: entered allmulticast mode [ 103.552513][ T6100] tipc: Resetting bearer [ 103.595238][ T6100] tipc: Disabling bearer [ 104.403987][ T6111] FAULT_INJECTION: forcing a failure. [ 104.403987][ T6111] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 104.418009][ T6111] CPU: 0 UID: 0 PID: 6111 Comm: syz.2.39 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 104.418039][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.418053][ T6111] Call Trace: [ 104.418061][ T6111] [ 104.418070][ T6111] dump_stack_lvl+0x189/0x250 [ 104.418101][ T6111] ? __pfx____ratelimit+0x10/0x10 [ 104.418130][ T6111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.418157][ T6111] ? __pfx__printk+0x10/0x10 [ 104.418201][ T6111] should_fail_ex+0x414/0x560 [ 104.418235][ T6111] _copy_to_user+0x31/0xb0 [ 104.418261][ T6111] simple_read_from_buffer+0xe1/0x170 [ 104.418298][ T6111] proc_fail_nth_read+0x1b3/0x220 [ 104.418326][ T6111] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.418354][ T6111] ? rw_verify_area+0x2a6/0x4d0 [ 104.418380][ T6111] ? __lock_acquire+0xab9/0xd20 [ 104.418410][ T6111] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.418436][ T6111] vfs_read+0x200/0xa30 [ 104.418463][ T6111] ? fdget_pos+0x247/0x320 [ 104.418484][ T6111] ? __pfx___mutex_lock+0x10/0x10 [ 104.418516][ T6111] ? __pfx_vfs_read+0x10/0x10 [ 104.418546][ T6111] ? __fget_files+0x2a/0x420 [ 104.418569][ T6111] ? __fget_files+0x3a0/0x420 [ 104.418587][ T6111] ? __fget_files+0x2a/0x420 [ 104.418616][ T6111] ksys_read+0x145/0x250 [ 104.418647][ T6111] ? __pfx_ksys_read+0x10/0x10 [ 104.418672][ T6111] ? rcu_is_watching+0x15/0xb0 [ 104.418707][ T6111] ? do_syscall_64+0xbe/0x3b0 [ 104.418741][ T6111] do_syscall_64+0xfa/0x3b0 [ 104.418767][ T6111] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.418791][ T6111] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.418810][ T6111] ? clear_bhb_loop+0x60/0xb0 [ 104.418834][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.418853][ T6111] RIP: 0033:0x7fbdfb58d5fc [ 104.418870][ T6111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 104.418887][ T6111] RSP: 002b:00007fbdfc499030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.418909][ T6111] RAX: ffffffffffffffda RBX: 00007fbdfb7b5fa0 RCX: 00007fbdfb58d5fc [ 104.418925][ T6111] RDX: 000000000000000f RSI: 00007fbdfc4990a0 RDI: 0000000000000006 [ 104.418938][ T6111] RBP: 00007fbdfc499090 R08: 0000000000000000 R09: 0000000000000000 [ 104.418951][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.418963][ T6111] R13: 00007fbdfb7b6038 R14: 00007fbdfb7b5fa0 R15: 00007fbdfb8dfa28 [ 104.419002][ T6111] [ 104.665340][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.813475][ T6113] netlink: 'syz.4.38': attribute type 4 has an invalid length. [ 104.831493][ T6113] netlink: 'syz.4.38': attribute type 4 has an invalid length. [ 104.936940][ T1211] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 104.990422][ T5904] IPVS: starting estimator thread 0... [ 105.049987][ T6117] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.088157][ T6114] IPVS: using max 27 ests per chain, 64800 per kthread [ 105.107265][ T1211] usb 1-1: device descriptor read/64, error -71 [ 105.317436][ T6117] bond1 (unregistering): Released all slaves [ 105.348251][ T1211] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 105.487198][ T1211] usb 1-1: device descriptor read/64, error -71 [ 105.699485][ T1211] usb usb1-port1: attempt power cycle [ 106.047288][ T1211] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 106.097978][ T1211] usb 1-1: device descriptor read/8, error -71 [ 106.167243][ T5932] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 106.371431][ T5932] usb 4-1: Using ep0 maxpacket: 16 [ 106.377349][ T1211] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 106.401948][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short [ 106.418050][ T1211] usb 1-1: device descriptor read/8, error -71 [ 106.425409][ T5932] usb 4-1: config 6 has an invalid interface number: 46 but max is 0 [ 106.547789][ T1211] usb usb1-port1: unable to enumerate USB device [ 106.571286][ T5932] usb 4-1: config 6 has an invalid interface association descriptor of length 5, skipping [ 106.661055][ T5932] usb 4-1: config 6 has an invalid descriptor of length 13, skipping remainder of the config [ 106.766911][ T5932] usb 4-1: config 6 has no interface number 0 [ 106.773183][ T5932] usb 4-1: config 6 interface 46 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 106.786466][ T5932] usb 4-1: config 6 interface 46 has no altsetting 0 [ 106.819508][ T5932] usb 4-1: New USB device found, idVendor=06f8, idProduct=0001, bcdDevice=e0.c5 [ 106.834235][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.849619][ T5932] usb 4-1: Product: syz [ 106.856194][ T5932] usb 4-1: Manufacturer: syz [ 106.867327][ T5932] usb 4-1: SerialNumber: syz [ 106.887202][ T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 107.067225][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 107.129204][ T6134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.134137][ T43] usb 5-1: config 149 has an invalid interface number: 17 but max is 0 [ 107.138666][ T6134] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.148254][ T6133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.179272][ T43] usb 5-1: config 149 has no interface number 0 [ 107.195919][ T43] usb 5-1: config 149 interface 17 has no altsetting 0 [ 107.205146][ T6133] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.265220][ T43] usb 5-1: New USB device found, idVendor=0d9f, idProduct=0002, bcdDevice=65.f4 [ 107.274553][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.286636][ T43] usb 5-1: Product: syz [ 107.290864][ T43] usb 5-1: Manufacturer: syz [ 107.315896][ T43] usb 5-1: SerialNumber: syz [ 107.403353][ T5932] usb 4-1: USB disconnect, device number 4 [ 108.152460][ T6161] netlink: 20 bytes leftover after parsing attributes in process `syz.3.49'. [ 109.653618][ T6183] netlink: 28 bytes leftover after parsing attributes in process `syz.2.55'. [ 110.479837][ T6193] binder: 6190:6193 ioctl 8918 2000000000c0 returned -22 [ 110.656787][ T43] cypress_m8 5-1:149.17: HID->COM RS232 Adapter converter detected [ 110.715772][ T43] cyphidcom ttyUSB0: required endpoint is missing [ 110.795323][ T43] usb 5-1: USB disconnect, device number 4 [ 110.837932][ T43] cypress_m8 5-1:149.17: device disconnected [ 111.228163][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.59'. [ 111.246135][ T6206] input: syz0 as /devices/virtual/input/input7 [ 113.381051][ T6229] process 'syz.1.66' launched './file2' with NULL argv: empty string added [ 113.587217][ T5861] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 113.777278][ T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 113.787358][ T5861] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 113.809027][ T6234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.68'. [ 113.827406][ T5861] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 113.828796][ T6234] netlink: 9280 bytes leftover after parsing attributes in process `syz.4.68'. [ 113.880742][ T5861] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 113.898172][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.957296][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 113.966774][ T43] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 113.977544][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.985570][ T43] usb 2-1: Product: syz [ 114.067527][ T6228] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 114.145190][ T43] usb 2-1: Manufacturer: syz [ 114.152842][ T43] usb 2-1: SerialNumber: syz [ 114.236129][ T5861] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 114.245838][ T43] usb 2-1: config 0 descriptor?? [ 114.419407][ T6228] fuse: Bad value for 'fd' [ 114.463515][ T6245] netlink: 40 bytes leftover after parsing attributes in process `syz.4.69'. [ 114.476064][ T6245] netlink: 36 bytes leftover after parsing attributes in process `syz.4.69'. [ 114.484987][ T43] usb 2-1: ignoring: not an USB2CAN converter [ 115.214626][ T5861] usb 3-1: USB disconnect, device number 3 [ 115.718662][ T6255] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 115.725839][ T6255] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 116.020586][ T6255] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 116.042300][ T6255] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 116.066205][ T6255] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 116.204576][ T6255] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 116.268694][ T6255] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 116.282546][ T6255] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.316959][ T6255] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 116.385480][ T6255] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 116.392754][ T6255] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.581270][ T6255] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 116.703049][ T6255] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 116.711966][ T6255] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 116.776177][ T6255] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 116.978900][ T5904] usb 2-1: USB disconnect, device number 3 [ 117.392084][ T5904] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 117.510675][ T6279] fuse: Bad value for 'fd' [ 117.609600][ T5904] usb 2-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 117.662990][ T5904] usb 2-1: config 3 has 1 interface, different from the descriptor's value: 2 [ 117.707205][ T5904] usb 2-1: config 3 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 117.757595][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 117.777767][ T5904] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 117.797366][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.805434][ T5904] usb 2-1: Product: syz [ 117.818512][ T5904] usb 2-1: Manufacturer: syz [ 117.831546][ T5904] usb 2-1: SerialNumber: syz [ 117.856884][ T5904] cdc_ncm 2-1:3.0: CDC Union missing and no IAD found [ 117.873586][ T5904] cdc_ncm 2-1:3.0: bind() failure [ 118.056760][ T5904] usb 2-1: USB disconnect, device number 4 [ 118.067289][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 118.201510][ T6295] netlink: 'syz.2.77': attribute type 1 has an invalid length. [ 118.308771][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.338027][ T6296] bond1: entered promiscuous mode [ 118.373954][ T6296] bond1: entered allmulticast mode [ 118.380998][ T6296] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.412821][ T6295] bridge1: entered promiscuous mode [ 118.419455][ T6295] bridge1: entered allmulticast mode [ 118.426092][ T6295] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 118.441206][ T70] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 118.467300][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 118.591365][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 118.707635][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 118.753635][ T9] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 118.900695][ T6306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.79'. [ 118.928872][ T9] usb 5-1: config 0 has an invalid interface number: 161 but max is 0 [ 118.955062][ T9] usb 5-1: config 0 has no interface number 0 [ 118.994492][ T9] usb 5-1: New USB device found, idVendor=067b, idProduct=331a, bcdDevice=4a.31 [ 119.031953][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.074386][ T9] usb 5-1: Product: syz [ 119.088517][ T9] usb 5-1: Manufacturer: syz [ 119.124242][ T9] usb 5-1: SerialNumber: syz [ 119.155861][ T9] usb 5-1: config 0 descriptor?? [ 119.337591][ T30] audit: type=1326 audit(1754924525.370:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6311 comm="syz.1.81" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faab6d8ebe9 code=0x0 [ 119.406347][ T6313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.438030][ T6313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.567999][ T9] pl2303 5-1:0.161: required interrupt-in endpoint missing [ 119.655295][ T9] usb 5-1: USB disconnect, device number 5 [ 119.827779][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.149057][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.310330][ T5904] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 120.398076][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.502425][ T5904] usb 1-1: Using ep0 maxpacket: 8 [ 120.514152][ T5904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 120.532530][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 120.549691][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.568027][ T5904] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.583451][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.598397][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 120.607902][ T5861] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 120.611878][ T5904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 120.625820][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 120.645338][ T5904] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.649131][ T6340] sctp: failed to load transform for md5: -4 [ 120.689220][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.727261][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 120.758256][ T6339] netlink: 'syz.3.86': attribute type 1 has an invalid length. [ 120.790870][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 120.797106][ T5904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 120.805077][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 120.816829][ T6339] netlink: 'syz.3.86': attribute type 2 has an invalid length. [ 120.824719][ T5904] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.838902][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.874414][ T5904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 120.897306][ T5861] usb 2-1: config 0 has an invalid descriptor of length 213, skipping remainder of the config [ 120.926659][ T5904] usb 1-1: string descriptor 0 read error: -22 [ 120.931348][ T5861] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 120.933899][ T5904] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 120.975968][ T5861] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 120.998027][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.006080][ T5861] usb 2-1: Product: syz [ 121.012807][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.032083][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.4.89'. [ 121.040876][ T5861] usb 2-1: Manufacturer: syz [ 121.054316][ T5861] usb 2-1: SerialNumber: syz [ 121.059895][ T6354] mmap: syz.4.89 (6354) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 121.082569][ T5861] usb 2-1: config 0 descriptor?? [ 121.096420][ T6355] syzkaller1: entered promiscuous mode [ 121.102519][ T5904] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 121.122526][ T6355] syzkaller1: entered allmulticast mode [ 121.337188][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 121.352248][ T5904] usb 2-1: USB disconnect, device number 5 [ 121.511133][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.525492][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.536496][ T10] usb 4-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 121.550197][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.562876][ T10] usb 4-1: config 0 descriptor?? [ 121.907521][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 122.017215][ T5904] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 122.033894][ T10] petalynx 0003:18B1:0037.0001: invalid report_size 61258 [ 122.053091][ T10] petalynx 0003:18B1:0037.0001: item 0 2 1 7 parsing failed [ 122.083173][ T10] petalynx 0003:18B1:0037.0001: parse failed [ 122.094030][ T10] petalynx 0003:18B1:0037.0001: probe with driver petalynx failed with error -22 [ 122.204617][ T5904] usb 5-1: config 0 interface 0 altsetting 12 bulk endpoint 0x6 has invalid maxpacket 1023 [ 122.216692][ T43] usb 4-1: USB disconnect, device number 5 [ 122.227762][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 122.245885][ T5904] usb 5-1: config 0 interface 0 altsetting 12 endpoint 0x82 has invalid wMaxPacketSize 0 [ 122.272975][ T5904] usb 5-1: config 0 interface 0 altsetting 12 bulk endpoint 0x82 has invalid maxpacket 0 [ 122.283291][ T5904] usb 5-1: config 0 interface 0 has no altsetting 0 [ 122.293855][ T5904] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 122.305724][ T5925] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 122.318343][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.327963][ T5904] usb 5-1: Product: syz [ 122.332270][ T5904] usb 5-1: Manufacturer: syz [ 122.336893][ T5904] usb 5-1: SerialNumber: syz [ 122.350146][ T5904] usb 5-1: config 0 descriptor?? [ 122.356621][ T6378] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 122.467387][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout [ 122.479351][ T5925] usb 2-1: Using ep0 maxpacket: 32 [ 122.491331][ T5925] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 122.501431][ T5925] usb 2-1: config 0 has no interface number 0 [ 122.509777][ T5925] usb 2-1: config 0 interface 12 has no altsetting 0 [ 122.513260][ T6397] program syz.2.95 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.521349][ T5925] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 122.535239][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.545491][ T5925] usb 2-1: Product: syz [ 122.550034][ T5925] usb 2-1: Manufacturer: syz [ 122.554713][ T5925] usb 2-1: SerialNumber: syz [ 122.580820][ T5925] usb 2-1: config 0 descriptor?? [ 122.582589][ T9] usb 5-1: USB disconnect, device number 6 [ 122.587804][ T6397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.636701][ T6397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.645485][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 122.817184][ T43] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 122.867420][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 123.059528][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 123.073387][ T5925] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 123.103023][ T5925] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 123.141860][ T5925] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 123.149706][ T43] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 123.161251][ T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 123.197329][ T5925] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 123.205502][ T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 123.220900][ T5925] usb 2-1: USB disconnect, device number 6 [ 123.226839][ T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 123.265243][ T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.296936][ T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 123.360794][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.371485][ T5932] usb 1-1: USB disconnect, device number 10 [ 123.608443][ T6426] netlink: 16 bytes leftover after parsing attributes in process `syz.0.99'. [ 123.619151][ T6426] bond0: option resend_igmp: invalid value (18446744072065384451) [ 123.629156][ T43] usb 3-1: GET_CAPABILITIES returned 0 [ 123.639289][ T43] usbtmc 3-1:16.0: can't read capabilities [ 123.787375][ T6426] bond0: option resend_igmp: allowed values 0 - 255 [ 123.829005][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 123.992374][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 124.003342][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.051120][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.125870][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 124.155701][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.180702][ T9] usb 5-1: config 0 descriptor?? [ 124.199998][ T6397] usbtmc 3-1:16.0: send_request_dev_dep_msg_in returned -90 [ 124.203770][ T9] hub 5-1:0.0: USB hub found [ 124.281371][ T10] usb 3-1: USB disconnect, device number 4 [ 124.357238][ T5932] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 124.567244][ T5932] usb 1-1: Using ep0 maxpacket: 16 [ 124.597953][ T5932] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 124.604337][ T9] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 124.634013][ T5932] usb 1-1: config 0 has no interface number 0 [ 124.681242][ T5932] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 124.742925][ T5932] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 124.785101][ T5932] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 124.815030][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 124.844180][ T5932] usb 1-1: Product: syz [ 124.854063][ T5932] usb 1-1: SerialNumber: syz [ 124.872354][ T5932] usb 1-1: config 0 descriptor?? [ 124.901248][ T5932] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 124.935289][ T5932] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input8 [ 124.973208][ T6444] Zero length message leads to an empty skb [ 125.011013][ T6443] syzkaller1: entered promiscuous mode [ 125.016827][ T6443] syzkaller1: entered allmulticast mode [ 125.323038][ T30] audit: type=1326 audit(1754924531.350:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.392266][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 125.402942][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 125.422751][ T30] audit: type=1326 audit(1754924531.350:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.454134][ T30] audit: type=1326 audit(1754924531.350:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.488356][ T9] usb 5-1: USB disconnect, device number 7 [ 125.528408][ T30] audit: type=1326 audit(1754924531.350:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.597007][ T30] audit: type=1326 audit(1754924531.350:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.651474][ T30] audit: type=1326 audit(1754924531.350:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.699609][ T30] audit: type=1326 audit(1754924531.350:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.722722][ T30] audit: type=1326 audit(1754924531.350:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.775998][ T30] audit: type=1326 audit(1754924531.350:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.798183][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.804920][ T30] audit: type=1326 audit(1754924531.350:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6446 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x7ffc0000 [ 125.971768][ T6449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.982011][ T6449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.351446][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.106'. [ 126.362013][ T6471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.106'. [ 127.301476][ T6460] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 127.667526][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 127.847369][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 127.861676][ T10] usb 3-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 1024 [ 127.896410][ T10] usb 3-1: config 1 interface 0 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 127.959785][ T10] usb 3-1: config 1 interface 0 has no altsetting 0 [ 127.975200][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.993446][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.010144][ T10] usb 3-1: Product: syz [ 128.019103][ T10] usb 3-1: Manufacturer: á Š [ 128.027233][ T10] usb 3-1: SerialNumber: syz [ 128.043240][ T6476] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 128.147379][ T6476] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 128.383536][ T10] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 128.444709][ T10] usb 3-1: USB disconnect, device number 5 [ 128.844757][ T6486] tipc: Failed to remove unknown binding: 66,1,1/0:532351742/532351744 [ 128.856926][ T6486] tipc: Failed to remove unknown binding: 66,1,1/0:532351742/532351744 [ 129.554603][ T6491] tipc: Started in network mode [ 129.579472][ T6491] tipc: Node identity 22391f25282, cluster identity 4711 [ 129.586798][ T6491] tipc: Enabled bearer , priority 0 [ 129.670601][ T6489] syzkaller1: entered promiscuous mode [ 129.676185][ T6489] syzkaller1: entered allmulticast mode [ 129.685042][ T6490] syzkaller0: entered promiscuous mode [ 129.731935][ T6490] syzkaller0: entered allmulticast mode [ 129.914945][ T6491] tipc: Resetting bearer [ 129.942236][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 129.942620][ T10] usb 1-1: USB disconnect, device number 11 [ 129.949526][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 130.103742][ T10] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 130.194299][ T6487] tipc: Resetting bearer [ 130.214984][ T6487] tipc: Disabling bearer [ 130.402231][ T43] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 130.617652][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 130.701209][ T43] usb 2-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=de.7b [ 130.741636][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.793983][ T43] gspca_main: spca501-2.14.0 probing 040a:0002 [ 130.827332][ T5925] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 131.007327][ T5925] usb 3-1: Using ep0 maxpacket: 16 [ 131.018486][ T5925] usb 3-1: config 0 has an invalid interface number: 32 but max is 0 [ 131.047313][ T5925] usb 3-1: config 0 has no interface number 0 [ 131.070761][ T5925] usb 3-1: config 0 interface 32 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64 [ 131.108471][ T6496] netlink: 220 bytes leftover after parsing attributes in process `syz.1.115'. [ 131.168061][ T5925] usb 3-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=15.e8 [ 131.331906][ T6496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.115'. [ 131.347938][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.1.115'. [ 131.371154][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.387250][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 131.425282][ T5925] usb 3-1: Product: syz [ 131.539099][ T5925] usb 3-1: Manufacturer: syz [ 131.554058][ T5925] usb 3-1: SerialNumber: syz [ 131.575993][ T5925] usb 3-1: config 0 descriptor?? [ 131.582325][ T6503] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 131.601645][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 131.603399][ T5925] s2255 3-1:0.32: Could not find bulk-in endpoint [ 131.647360][ T5925] Sensoray 2255 driver load failed: 0xfffffff4 [ 131.658552][ T43] gspca_spca501: reg write: error -110 [ 131.664410][ T43] spca501 2-1:2.0: Reg write failed for 0x00,0x02,0x01 [ 131.674823][ T5925] s2255 3-1:0.32: probe with driver s2255 failed with error -12 [ 131.687449][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 131.707611][ T43] spca501 2-1:2.0: probe with driver spca501 failed with error -22 [ 131.770653][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 131.845750][ T43] usb 3-1: USB disconnect, device number 6 [ 131.882530][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.038997][ T6511] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 132.060060][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 132.197223][ T43] usb 2-1: USB disconnect, device number 7 [ 132.256404][ T6511] fuse: Unknown parameter 'rootmod' [ 132.497190][ T5925] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 132.554776][ T9] usb 4-1: USB disconnect, device number 6 [ 132.654792][ T43] IPVS: starting estimator thread 0... [ 132.737836][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 132.747405][ T6530] IPVS: using max 27 ests per chain, 64800 per kthread [ 132.763547][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 132.784940][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 132.829428][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 132.866449][ T5925] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 132.905859][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.933554][ T5925] usb 1-1: config 0 descriptor?? [ 132.954199][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.974217][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.203267][ T5925] usbhid 1-1:0.0: can't add hid device: -71 [ 133.218727][ T6541] syzkaller1: entered promiscuous mode [ 133.226382][ T5925] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 133.245641][ T6541] syzkaller1: entered allmulticast mode [ 133.265112][ T5925] usb 1-1: USB disconnect, device number 12 [ 133.270037][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 133.321456][ T6545] fuse: Bad value for 'rootmode' [ 133.447253][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 133.467577][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08b7, bcdDevice=99.db [ 133.487282][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.580442][ T9] usb 5-1: config 0 descriptor?? [ 133.744244][ T9] pwc: Logitech ViewPort AV 100 webcam detected. [ 133.848705][ T5925] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 133.886574][ T9] pwc: Failed to set LED on/off time (-71) [ 133.892829][ T5861] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 133.904987][ T9] pwc: send_video_command error -71 [ 133.915007][ T9] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 133.927042][ T9] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 133.980390][ T9] usb 5-1: USB disconnect, device number 8 [ 134.007356][ T5925] usb 4-1: Using ep0 maxpacket: 32 [ 134.015093][ T5925] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 134.023614][ T5925] usb 4-1: config 0 has no interface number 0 [ 134.033118][ T5925] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.046572][ T5925] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.051262][ T5861] usb 3-1: config index 0 descriptor too short (expected 65502, got 158) [ 134.087276][ T5925] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 134.090460][ T5861] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 134.097978][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.197484][ T5861] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 134.205630][ T5925] usb 4-1: config 0 descriptor?? [ 134.211668][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.230671][ T5861] usb 3-1: Product: syz [ 134.248732][ T5861] usb 3-1: Manufacturer: syz [ 134.263326][ T5861] usb 3-1: SerialNumber: syz [ 134.303606][ T5861] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 134.339166][ T9] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 134.683210][ T5904] usb 3-1: USB disconnect, device number 7 [ 134.830028][ T6562] bridge0: port 3(team0) entered blocking state [ 134.836473][ T6562] bridge0: port 3(team0) entered disabled state [ 134.928139][ T6562] team0: entered allmulticast mode [ 134.933322][ T6562] team_slave_0: entered allmulticast mode [ 135.157267][ T6562] team_slave_1: entered allmulticast mode [ 135.470861][ T6562] team0: entered promiscuous mode [ 135.479260][ T5925] uclogic 0003:28BD:0094.0002: pen parameters not found [ 135.489213][ T6562] team_slave_0: entered promiscuous mode [ 135.495050][ T6562] team_slave_1: entered promiscuous mode [ 135.504013][ T5925] uclogic 0003:28BD:0094.0002: interface is invalid, ignoring [ 135.539512][ T6562] bridge0: port 3(team0) entered blocking state [ 135.546087][ T6562] bridge0: port 3(team0) entered forwarding state [ 135.563035][ T9] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 135.590492][ T9] ath9k_htc: Failed to initialize the device [ 135.623774][ T5904] usb 3-1: ath9k_htc: USB layer deinitialized [ 136.500278][ T6572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.135'. [ 136.805342][ T9] usb 4-1: USB disconnect, device number 7 [ 136.881910][ T5925] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 136.965155][ T6589] fuse: Bad value for 'rootmode' [ 137.017491][ T5958] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 137.060556][ T5925] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 137.068861][ T5925] usb 3-1: config 0 has no interface number 0 [ 137.075041][ T5925] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 137.086698][ T5925] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 137.097861][ T5925] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 137.107682][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.126878][ T5925] usb 3-1: config 0 descriptor?? [ 137.132990][ T6576] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 137.152714][ T5925] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 137.178558][ T5958] usb 2-1: Using ep0 maxpacket: 32 [ 137.193259][ T5958] usb 2-1: unable to get BOS descriptor or descriptor too short [ 137.210875][ T5958] usb 2-1: config 1 interface 0 has no altsetting 0 [ 137.224520][ T5958] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 137.235107][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.245156][ T5958] usb 2-1: Product: syz [ 137.250720][ T5958] usb 2-1: Manufacturer: syz [ 137.255458][ T5958] usb 2-1: SerialNumber: syz [ 137.267387][ T9] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 137.429777][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 137.441032][ T9] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 137.450330][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.462895][ T9] usb 1-1: config 0 descriptor?? [ 137.467444][ T5925] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 137.477802][ T6591] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 137.478279][ T5958] usbhid 2-1:1.0: can't add hid device: -71 [ 137.511228][ T5958] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 137.524511][ T5958] usb 2-1: USB disconnect, device number 8 [ 137.649150][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.660489][ T5925] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 137.670021][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.682950][ T5925] usb 4-1: config 0 descriptor?? [ 137.887489][ C0] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 137.905198][ T43] usb 3-1: USB disconnect, device number 8 [ 137.920881][ T5925] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 137.940388][ T9] elan 0003:04F3:0755.0004: unknown main item tag 0x0 [ 137.964957][ T9] elan 0003:04F3:0755.0004: unknown main item tag 0x0 [ 137.993849][ T9] elan 0003:04F3:0755.0004: unknown main item tag 0x0 [ 138.012618][ T9] elan 0003:04F3:0755.0004: unknown main item tag 0x0 [ 138.017004][ T5925] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0003/input/input10 [ 138.025699][ T9] elan 0003:04F3:0755.0004: unknown main item tag 0x0 [ 138.106362][ T9] elan 0003:04F3:0755.0004: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 138.208061][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.4.147'. [ 138.286330][ T6613] netlink: 28 bytes leftover after parsing attributes in process `syz.1.148'. [ 138.328671][ T5925] keytouch 0003:0926:3333.0003: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 139.207682][ T9] usb 1-1: reset full-speed USB device number 13 using dummy_hcd [ 140.283009][ T5925] usb 4-1: USB disconnect, device number 8 [ 140.289100][ T5904] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 140.489026][ T5904] usb 5-1: Using ep0 maxpacket: 32 [ 140.507955][ T5904] usb 5-1: config 0 has an invalid interface number: 247 but max is 0 [ 140.537156][ T5904] usb 5-1: config 0 has no interface number 0 [ 140.561435][ T5904] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 140.887126][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 140.897369][ T5904] usb 5-1: Product: syz [ 140.901578][ T5904] usb 5-1: Manufacturer: syz [ 140.950061][ T5904] usb 5-1: config 0 descriptor?? [ 141.081435][ T5958] usb 1-1: USB disconnect, device number 13 [ 141.267305][ T1211] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 141.551703][ T1211] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 141.629750][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'. [ 141.660789][ T1211] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 141.722380][ T1211] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 141.751494][ T1211] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.769721][ T6666] netlink: 32 bytes leftover after parsing attributes in process `syz.4.155'. [ 141.817140][ T6651] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 141.833587][ T6666] warning: `syz.4.155' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 141.896413][ T1211] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 142.063682][ T5904] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 142.120555][ T6651] fuse: Unknown parameter 'rootmod' [ 142.403274][ T5925] usb 4-1: USB disconnect, device number 9 [ 142.438621][ T5904] usb 1-1: Using ep0 maxpacket: 32 [ 142.469587][ T5904] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 142.668675][ T5904] usb 1-1: config 0 has no interface number 0 [ 142.692248][ T5904] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 142.715280][ T6679] sctp: [Deprecated]: syz.2.162 (pid 6679) Use of struct sctp_assoc_value in delayed_ack socket option. [ 142.715280][ T6679] Use struct sctp_sack_info instead [ 142.725400][ T5904] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 142.757562][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.772982][ T5904] usb 1-1: Product: syz [ 142.781691][ T5904] usb 1-1: Manufacturer: syz [ 142.833641][ T5904] usb 1-1: SerialNumber: syz [ 142.846588][ T5904] usb 1-1: config 0 descriptor?? [ 142.875508][ T5904] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 142.885524][ T5904] em28xx 1-1:0.132: Video interface 132 found: [ 143.277215][ T5958] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 143.278541][ T5904] em28xx 1-1:0.132: chip ID is em2710/2820 [ 143.429919][ T5958] usb 3-1: Using ep0 maxpacket: 8 [ 143.442882][ T5958] usb 3-1: unable to get BOS descriptor or descriptor too short [ 143.475587][ T5958] usb 3-1: config 8 has an invalid interface number: 255 but max is 0 [ 143.491535][ T5958] usb 3-1: config 8 has no interface number 0 [ 143.508932][ T5958] usb 3-1: config 8 interface 255 has no altsetting 0 [ 143.538892][ T5958] usb 3-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 143.548532][ T5958] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.603929][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 143.614956][ T5958] usb 3-1: Product: syz [ 143.624372][ T5958] usb 3-1: Manufacturer: syz [ 143.634469][ T5958] usb 3-1: SerialNumber: syz [ 143.645431][ T5904] em28xx 1-1:0.132: board has no eeprom [ 143.737231][ T5904] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 143.745209][ T5904] em28xx 1-1:0.132: analog set to bulk mode. [ 143.752787][ T5932] em28xx 1-1:0.132: Registering V4L2 extension [ 143.767458][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 143.779353][ T5904] usb 1-1: USB disconnect, device number 14 [ 143.883010][ T5932] em28xx 1-1:0.132: failed to trigger read from i2c address 0x4a (error=-19) [ 143.900121][ T5904] em28xx 1-1:0.132: Disconnecting em28xx [ 143.931912][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 143.943854][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 143.963132][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 144.036094][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 144.129295][ T5958] catc 3-1:8.255: Can't set altsetting 1. [ 144.172228][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 144.183837][ T5958] catc 3-1:8.255: probe with driver catc failed with error -5 [ 144.226767][ T9] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 144.298605][ T5958] usb 3-1: USB disconnect, device number 9 [ 144.317512][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.408988][ T9] usb 4-1: Product: syz [ 144.429036][ T9] usb 4-1: Manufacturer: syz [ 144.446197][ T9] usb 4-1: SerialNumber: syz [ 144.608026][ T9] usb 4-1: config 0 descriptor?? [ 144.615359][ T6686] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 144.627697][ C0] port100 4-1:0.0: NFC: Urb failure (status -71) [ 144.635885][ T9] port100 4-1:0.0: NFC: Could not get supported command types [ 144.662093][ T5932] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 144.864847][ T5932] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 144.884813][ T5932] em28xx 1-1:0.132: No AC97 audio processor [ 144.905233][ T5932] usb 1-1: Decoder not found [ 144.912216][ T5932] em28xx 1-1:0.132: failed to create media graph [ 144.929091][ T5932] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 145.012586][ T5932] em28xx 1-1:0.132: Remote control support is not available for this card. [ 145.276736][ T5904] em28xx 1-1:0.132: Closing input extension [ 145.358447][ T5904] em28xx 1-1:0.132: Freeing device [ 145.494079][ T5954] usb 4-1: USB disconnect, device number 10 [ 145.568502][ T5925] usb 5-1: USB disconnect, device number 9 [ 146.122513][ T6718] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 147.729514][ T1211] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 147.772202][ T6731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 148.047182][ T1211] usb 1-1: Using ep0 maxpacket: 16 [ 148.077554][ T1211] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 148.099663][ T1211] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 148.108993][ T1211] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.116986][ T1211] usb 1-1: Product: syz [ 148.151811][ T1211] usb 1-1: Manufacturer: syz [ 148.171959][ T1211] usb 1-1: SerialNumber: syz [ 148.213748][ T1211] usb 1-1: config 0 descriptor?? [ 148.239651][ T1211] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 148.269757][ T1211] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 148.706070][ T6743] raw_sendmsg: syz.2.175 forgot to set AF_INET. Fix it! [ 148.846208][ T1211] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 149.114097][ T5876] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 149.152276][ T6748] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.261698][ T1211] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 149.265952][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.297314][ T1211] em28xx 1-1:0.0: board has no eeprom [ 149.335344][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.372906][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.395211][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.418791][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.440306][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.460973][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.482566][ T6748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'. [ 149.818685][ T1211] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 149.842664][ T1211] em28xx 1-1:0.0: dvb set to bulk mode. [ 149.902583][ T1211] usb 1-1: USB disconnect, device number 15 [ 149.921852][ T1211] em28xx 1-1:0.0: Disconnecting em28xx [ 149.928769][ T5958] em28xx 1-1:0.0: Binding DVB extension [ 150.185753][ T6773] fuse: Bad value for 'rootmode' [ 150.200854][ T6774] netlink: 'syz.4.180': attribute type 1 has an invalid length. [ 150.271551][ T5958] em28xx 1-1:0.0: Registering input extension [ 150.302969][ T1211] em28xx 1-1:0.0: Closing input extension [ 150.325505][ T1211] em28xx 1-1:0.0: Freeing device [ 150.418978][ T6771] bond1: entered promiscuous mode [ 150.434381][ T6771] bond1: entered allmulticast mode [ 150.507369][ T6771] 8021q: adding VLAN 0 to HW filter on device bond1 [ 150.613706][ T6774] bridge1: entered promiscuous mode [ 150.620481][ T6774] bridge1: entered allmulticast mode [ 150.631484][ T6774] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 150.644728][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 150.848007][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 153.087206][ T5932] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 153.244887][ T5932] usb 3-1: Using ep0 maxpacket: 16 [ 153.260126][ T5932] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.273709][ T5932] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 153.320964][ T5932] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 153.340326][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.417414][ T5932] usb 3-1: Product: syz [ 153.421652][ T5932] usb 3-1: Manufacturer: syz [ 153.439664][ T5932] usb 3-1: SerialNumber: syz [ 153.467457][ T5861] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 153.682755][ T5861] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 153.727042][ T5861] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 153.751136][ T5932] usb 3-1: 0:2 : does not exist [ 153.760002][ T5861] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 153.806455][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.814442][ T5932] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 153.863449][ T6805] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 154.026726][ T5861] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 154.045782][ T5932] usb 3-1: USB disconnect, device number 10 [ 154.424465][ T6804] fuse: Unknown parameter 'rootmod' [ 155.080828][ T5958] usb 5-1: USB disconnect, device number 10 [ 156.731025][ T5998] udevd[5998]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.790011][ T6260] udevd[6260]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 157.724098][ T6847] pim6reg: entered allmulticast mode [ 157.977195][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 157.986257][ T6831] pim6reg: left allmulticast mode [ 158.141687][ T6859] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 158.148654][ T6859] syzkaller1: linktype set to 774 [ 158.159003][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 158.166736][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 158.175896][ T9] usb 4-1: config 244 has an invalid descriptor of length 201, skipping remainder of the config [ 158.194626][ T9] usb 4-1: config 244 has 0 interfaces, different from the descriptor's value: 1 [ 158.340044][ T9] usb 4-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f [ 158.392566][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.441394][ T9] usb 4-1: Product: syz [ 158.466052][ T9] usb 4-1: Manufacturer: syz [ 158.474816][ T9] usb 4-1: SerialNumber: syz [ 158.677331][ T5954] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 158.747359][ T5925] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 158.827580][ T5954] usb 2-1: Using ep0 maxpacket: 8 [ 158.836389][ T5954] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 158.863949][ T5954] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 158.893347][ T5925] usb 1-1: device descriptor read/64, error -71 [ 158.906634][ T5954] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 158.974614][ T5954] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.061625][ T5954] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 159.085896][ T5954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.189559][ T5925] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 159.328509][ T5925] usb 1-1: device descriptor read/64, error -71 [ 159.338817][ T6863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.371971][ T6869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.395240][ T6863] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.422985][ T6869] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.461355][ T5925] usb usb1-port1: attempt power cycle [ 159.638245][ T5954] usb 2-1: usb_control_msg returned -71 [ 159.643990][ T5954] usbtmc 2-1:16.0: can't read capabilities [ 159.723169][ T5954] usb 2-1: USB disconnect, device number 9 [ 159.843221][ T5925] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 159.959946][ T6878] netlink: 'syz.1.207': attribute type 1 has an invalid length. [ 160.072600][ T6878] bond1: entered promiscuous mode [ 160.078676][ T6878] bond1: entered allmulticast mode [ 160.084497][ T6878] 8021q: adding VLAN 0 to HW filter on device bond1 [ 160.121279][ T6878] bridge1: entered promiscuous mode [ 160.127186][ T6878] bridge1: entered allmulticast mode [ 160.134768][ T6878] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 160.226123][ T5925] usb 1-1: device descriptor read/8, error -71 [ 160.234143][ T1167] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 160.387943][ T5118] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 160.477185][ T5925] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 160.497985][ T5925] usb 1-1: device descriptor read/8, error -71 [ 160.642173][ T5925] usb usb1-port1: unable to enumerate USB device [ 160.893544][ T6888] vivid-000: ================= START STATUS ================= [ 160.902718][ T6888] vivid-000: Test Pattern: 75% Colorbar [ 160.913161][ T6888] vivid-000: Fill Percentage of Frame: 100 [ 160.920128][ T6888] vivid-000: Horizontal Movement: No Movement [ 160.927633][ T6888] vivid-000: Vertical Movement: No Movement [ 161.065578][ T6888] vivid-000: OSD Text Mode: All [ 161.091984][ T6888] vivid-000: Show Border: false [ 161.097295][ T6888] vivid-000: Show Square: false [ 161.104816][ T6888] vivid-000: Sensor Flipped Horizontally: false [ 161.112557][ T6888] vivid-000: Sensor Flipped Vertically: false [ 161.122702][ T6888] vivid-000: Insert SAV Code in Image: false [ 161.129204][ T6888] vivid-000: Insert EAV Code in Image: false [ 161.135484][ T6888] vivid-000: Insert Video Guard Band: false [ 161.141984][ T6888] vivid-000: Reduced Framerate: false [ 161.151921][ T6888] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 161.171705][ T6888] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 161.193545][ T6888] vivid-000: Enable Capture Cropping: true [ 161.205095][ T6888] vivid-000: Enable Capture Composing: true [ 161.218739][ T6888] vivid-000: Enable Capture Scaler: true [ 161.230247][ T6888] vivid-000: Timestamp Source: End of Frame [ 161.251624][ T6888] vivid-000: Colorspace: sRGB [ 161.260528][ T6888] vivid-000: Transfer Function: Default [ 161.266984][ T6888] vivid-000: Y'CbCr Encoding: Default [ 161.282020][ T6888] vivid-000: HSV Encoding: Hue 0-179 [ 161.302313][ T6888] vivid-000: Quantization: Default [ 161.327870][ T6881] delete_channel: no stack [ 161.575196][ T6888] vivid-000: Apply Alpha To Red Only: false [ 161.658269][ T6888] vivid-000: Standard Aspect Ratio: 4x3 [ 161.680162][ T6888] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 161.832074][ T6888] vivid-000: DV Timings: 640x480p59 inactive [ 161.863614][ T6888] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 161.873746][ T6888] vivid-000: Maximum EDID Blocks: 2 [ 161.882487][ T6888] vivid-000: Limited RGB Range (16-235): false [ 161.891756][ T1211] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 161.920422][ T6888] vivid-000: Rx RGB Quantization Range: Automatic [ 161.932574][ T6888] vivid-000: Power Present: 0x00000001 [ 161.940704][ T6888] tpg source WxH: 320x240 (Y'CbCr) [ 161.972032][ T6900] fuse: Unknown parameter 'rootmod' [ 161.998916][ T6888] tpg field: 1 [ 162.002450][ T6888] tpg crop: (0,0)/320x240 [ 162.006988][ T6888] tpg compose: (0,0)/320x240 [ 162.015260][ T6888] tpg colorspace: 8 [ 162.020160][ T6888] tpg transfer function: 0/0 [ 162.025052][ T6888] tpg Y'CbCr encoding: 0/0 [ 162.032984][ T6888] tpg quantization: 0/0 [ 162.057271][ T6888] tpg RGB range: 0/2 [ 162.061412][ T6888] vivid-000: ================== END STATUS ================== [ 162.069436][ T1211] usb 1-1: Using ep0 maxpacket: 16 [ 162.085552][ T1211] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 162.096150][ T1211] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 162.227487][ T1211] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 162.323375][ T1211] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 162.352802][ T1211] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 162.366919][ T1211] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.418353][ T1211] usb 1-1: Product: syz [ 162.424968][ T1211] usb 1-1: Manufacturer: syz [ 162.436271][ T1211] usb 1-1: SerialNumber: syz [ 162.452711][ T1211] usb 1-1: config 0 descriptor?? [ 162.569191][ T1211] rc_core: IR keymap rc-xbox-dvd not found [ 162.577452][ T1211] Registered IR keymap rc-empty [ 162.586615][ T1211] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 162.754790][ T6905] __nla_validate_parse: 27 callbacks suppressed [ 162.754814][ T6905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.212'. [ 162.906754][ T6906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.915938][ T6906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.087524][ T9] usb 4-1: USB disconnect, device number 11 [ 163.102808][ T1211] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input13 [ 163.860850][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 164.287278][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 164.305638][ T10] usb 1-1: USB disconnect, device number 20 [ 164.312094][ C0] xbox_remote 1-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 164.339196][ T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 164.354764][ T9] usb 4-1: config 0 has no interface number 0 [ 164.371668][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 164.401720][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.427218][ T9] usb 4-1: Product: syz [ 164.431522][ T9] usb 4-1: Manufacturer: syz [ 164.437492][ T9] usb 4-1: SerialNumber: syz [ 164.463121][ T9] usb 4-1: config 0 descriptor?? [ 164.485814][ T9] smsc95xx v2.0.0 [ 164.880582][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 164.951018][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 165.923812][ T6928] netlink: 16 bytes leftover after parsing attributes in process `syz.2.218'. [ 166.228292][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 166.446594][ T6936] netlink: 'syz.4.219': attribute type 3 has an invalid length. [ 166.559966][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 166.572147][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 166.603344][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 166.636167][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 166.716311][ T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 166.741629][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.889069][ T10] usb 3-1: config 0 descriptor?? [ 167.070829][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71 [ 167.103445][ T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 167.117183][ T5925] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 167.124862][ T9] usb 4-1: USB disconnect, device number 12 [ 167.247529][ T5925] usb 2-1: device descriptor read/64, error -71 [ 167.332422][ T10] plantronics 0003:047F:FFFF.0005: ignoring exceeding usage max [ 167.443125][ T10] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 167.507626][ T5925] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 167.529272][ T6928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.545742][ T6928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.575116][ T10] usb 3-1: USB disconnect, device number 11 [ 167.640076][ T6946] netlink: 'syz.0.222': attribute type 1 has an invalid length. [ 167.717146][ T5925] usb 2-1: device descriptor read/64, error -71 [ 167.814835][ T6948] bond1: entered promiscuous mode [ 167.820560][ T6948] bond1: entered allmulticast mode [ 167.826368][ T6948] 8021q: adding VLAN 0 to HW filter on device bond1 [ 167.932618][ T5925] usb usb2-port1: attempt power cycle [ 167.969370][ T6944] fido_id[6944]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 168.046251][ T6946] bridge1: entered promiscuous mode [ 168.064522][ T6946] bridge1: entered allmulticast mode [ 168.090979][ T6946] bond1: (slave bridge1): Enslaving as a backup interface with an up link [ 168.154810][ T2972] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 168.317989][ T1167] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 168.337455][ T5925] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 168.391436][ T5925] usb 2-1: device descriptor read/8, error -71 [ 168.712259][ T5925] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 168.737665][ T6961] netlink: 'syz.4.225': attribute type 12 has an invalid length. [ 168.746790][ T5925] usb 2-1: device descriptor read/8, error -71 [ 168.858168][ T5925] usb usb2-port1: unable to enumerate USB device [ 169.021240][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.3.226'. [ 169.031618][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.226'. [ 169.040565][ T6964] netlink: 'syz.3.226': attribute type 11 has an invalid length. [ 169.467287][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 169.652882][ T9] usb 4-1: config 0 has an invalid interface number: 102 but max is 0 [ 169.697151][ T9] usb 4-1: config 0 has no interface number 0 [ 169.725998][ T9] usb 4-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 169.784088][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.869318][ T9] usb 4-1: config 0 descriptor?? [ 170.059849][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 170.059869][ T30] audit: type=1326 audit(1754924576.070:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.254130][ T30] audit: type=1326 audit(1754924576.070:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.281596][ T30] audit: type=1326 audit(1754924576.070:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.334461][ T30] audit: type=1326 audit(1754924576.070:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.403753][ T30] audit: type=1326 audit(1754924576.070:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.412357][ T6975] netlink: 40 bytes leftover after parsing attributes in process `syz.0.229'. [ 170.431864][ T30] audit: type=1326 audit(1754924576.070:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f785f78d550 code=0x7ffc0000 [ 170.472251][ T30] audit: type=1326 audit(1754924576.070:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.498118][ T30] audit: type=1326 audit(1754924576.070:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.526236][ T30] audit: type=1326 audit(1754924576.070:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.556891][ T30] audit: type=1326 audit(1754924576.070:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.4.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f785f78ebe9 code=0x7ffc0000 [ 170.603066][ T6975] netlink: 52 bytes leftover after parsing attributes in process `syz.0.229'. [ 170.617002][ T6975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.229'. [ 170.667128][ T6975] netlink: 52 bytes leftover after parsing attributes in process `syz.0.229'. [ 170.757407][ T6975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.229'. [ 170.774860][ T6975] netlink: 52 bytes leftover after parsing attributes in process `syz.0.229'. [ 171.085845][ T6987] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.231'. [ 171.236386][ T6976] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.248290][ T6976] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 171.259954][ T6976] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 171.270343][ T6976] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.295256][ T6976] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 171.391373][ T9] asix 4-1:0.102 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 171.406406][ T9] asix 4-1:0.102 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 171.442260][ T9] asix 4-1:0.102: probe with driver asix failed with error -71 [ 171.513176][ T9] usb 4-1: USB disconnect, device number 13 [ 172.646534][ T5876] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.345348][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.352821][ T5876] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.362770][ T5876] Bluetooth: hci4: command 0x0405 tx timeout [ 173.373792][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.407190][ T5954] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 173.587300][ T5954] usb 4-1: Using ep0 maxpacket: 8 [ 173.599269][ T5954] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 173.617480][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 173.625175][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.659267][ T5954] usb 4-1: Product: syz [ 173.703864][ T7013] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 173.748000][ T5954] usb 4-1: Manufacturer: syz [ 173.752671][ T5954] usb 4-1: SerialNumber: syz [ 173.777572][ T5954] usb 4-1: config 0 descriptor?? [ 173.793838][ T5954] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 173.944805][ T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 174.033839][ T10] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 174.085122][ T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 174.133016][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.168235][ T7009] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 174.243380][ T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 174.317922][ T7022] pty pty28: ldisc open failed (-12), clearing slot 28 [ 174.387437][ T7009] fuse: Unknown parameter 'rootmod' [ 174.647248][ T5958] usb 3-1: USB disconnect, device number 12 [ 174.770089][ T7027] netlink: 'syz.4.240': attribute type 1 has an invalid length. [ 175.208380][ T7029] bond2: entered promiscuous mode [ 175.226617][ T7029] bond2: entered allmulticast mode [ 175.235511][ T7029] 8021q: adding VLAN 0 to HW filter on device bond2 [ 175.297369][ T5958] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 175.326137][ T7032] bridge3: entered promiscuous mode [ 175.332147][ T7032] bridge3: entered allmulticast mode [ 175.350611][ T7032] bond2: (slave bridge3): Enslaving as a backup interface with an up link [ 175.403143][ T13] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 175.550122][ T5958] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 175.562625][ T5958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.582786][ T5958] usb 1-1: config 0 descriptor?? [ 175.678275][ T7004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.679175][ T5958] cp210x 1-1:0.0: cp210x converter detected [ 175.687456][ T7004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.916921][ T36] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 175.945820][ T7004] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 175.988047][ T5954] gspca_sonixj: reg_r err -110 [ 175.992993][ T5954] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 176.011874][ T5958] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 176.034447][ T5958] cp210x 1-1:0.0: failed to get vendor val 0x370c size 73: -121 [ 176.059962][ T7041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.235'. [ 176.078504][ T5958] cp210x 1-1:0.0: GPIO initialisation failed: -121 [ 176.112942][ T5958] usb 1-1: cp210x converter now attached to ttyUSB0 [ 176.120193][ T7004] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 176.157242][ T7041] netlink: 12 bytes leftover after parsing attributes in process `syz.3.235'. [ 176.171143][ T7041] netlink: 'syz.3.235': attribute type 19 has an invalid length. [ 176.310703][ T5954] usb 4-1: USB disconnect, device number 14 [ 176.529233][ T7039] tipc: Enabling of bearer rejected, failed to enable media [ 176.597640][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 176.597658][ T30] audit: type=1326 audit(1754924582.570:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7030 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc3298ebe9 code=0x7ffc0000 [ 176.877149][ T30] audit: type=1326 audit(1754924582.570:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7030 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc3298ebe9 code=0x7ffc0000 [ 176.968415][ T30] audit: type=1326 audit(1754924582.570:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7030 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc3298ebe9 code=0x7ffc0000 [ 177.088256][ T30] audit: type=1326 audit(1754924582.570:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7030 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc3298ebe9 code=0x7ffc0000 [ 177.345528][ T7060] fuse: Unknown parameter 'rootmod' [ 177.427289][ T5958] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 177.677243][ T5958] usb 4-1: Using ep0 maxpacket: 16 [ 177.872022][ T5958] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.890089][ T5958] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 177.913122][ T5958] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.941752][ T5958] usb 4-1: Product: syz [ 177.948404][ T5958] usb 4-1: Manufacturer: syz [ 177.964063][ T5958] usb 4-1: SerialNumber: syz [ 177.982696][ T5958] usb 4-1: config 0 descriptor?? [ 178.002374][ T5958] hub 4-1:0.0: bad descriptor, ignoring hub [ 178.023538][ T5958] hub 4-1:0.0: probe with driver hub failed with error -5 [ 178.094370][ T5958] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 178.186207][ T9] usb 1-1: USB disconnect, device number 21 [ 178.195197][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 178.224241][ T9] cp210x 1-1:0.0: device disconnected [ 178.233917][ T5958] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 178.331018][ T5958] usb 4-1: USB disconnect, device number 15 [ 178.479947][ T5998] udevd[5998]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 178.782592][ T7078] program syz.4.250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 179.487153][ T5958] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 179.675077][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 179.686748][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 179.699888][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 179.723882][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 179.737245][ T7094] vivid-007: ================= START STATUS ================= [ 179.753504][ T7094] vivid-007: Enable Output Cropping: true [ 179.764838][ T7094] vivid-007: Enable Output Composing: true [ 179.771074][ T5958] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 179.786728][ T5958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.798818][ T7094] vivid-007: Enable Output Scaler: true [ 179.805687][ T7094] vivid-007: Tx RGB Quantization Range: Automatic [ 179.813810][ T7094] vivid-007: Transmit Mode: HDMI [ 179.820315][ T7094] vivid-007: Hotplug Present: 0x00000000 [ 179.826675][ T7094] vivid-007: RxSense Present: 0x00000000 [ 179.833772][ T7094] vivid-007: EDID Present: 0x00000000 [ 179.839967][ T7094] vivid-007: ================== END STATUS ================== [ 179.867346][ T5954] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 179.869986][ T5958] usb 4-1: config 0 descriptor?? [ 180.043225][ T5954] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.062838][ T5954] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 180.119238][ T5958] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 180.175458][ T5958] usb 4-1: USB disconnect, device number 16 [ 180.189215][ T5954] usb 1-1: config 1 has no interface number 0 [ 180.201317][ T5954] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 180.215464][ T30] audit: type=1326 audit(1754924586.240:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7100 comm="syz.3.256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe03a18ebe9 code=0x0 [ 180.270413][ T5954] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 180.308824][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.402924][ T5954] usb 1-1: Product: syz [ 180.426221][ T5954] usb 1-1: Manufacturer: syz [ 180.448156][ T5954] usb 1-1: SerialNumber: syz [ 180.491580][ T7099] fido_id[7099]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 180.522642][ T5954] usb 1-1: selecting invalid altsetting 1 [ 180.541441][ T7108] netlink: 'syz.4.257': attribute type 1 has an invalid length. [ 180.716566][ T7108] bond3: entered promiscuous mode [ 180.721831][ T7108] bond3: entered allmulticast mode [ 180.730070][ T7108] 8021q: adding VLAN 0 to HW filter on device bond3 [ 180.760080][ T7108] bridge4: entered promiscuous mode [ 180.765641][ T7108] bridge4: entered allmulticast mode [ 180.787028][ T5118] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 180.807882][ T7108] bond3: (slave bridge4): Enslaving as an active interface with an up link [ 180.857186][ T5958] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 181.028144][ T49] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 181.077145][ T5958] usb 4-1: device descriptor read/64, error -71 [ 181.317214][ T5958] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 181.327519][ T5954] cdc_ncm 1-1:1.1: bind() failure [ 181.350804][ T5954] usb 1-1: USB disconnect, device number 22 [ 181.499705][ T5958] usb 4-1: device descriptor read/64, error -71 [ 181.547511][ T43] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 181.612538][ T5958] usb usb4-port1: attempt power cycle [ 181.709390][ T43] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 181.734130][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 181.783098][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 181.813522][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 181.838531][ T43] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 181.854127][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.865666][ T43] usb 2-1: config 0 descriptor?? [ 182.014653][ T5958] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 182.022961][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 182.047997][ T5958] usb 4-1: device descriptor read/8, error -71 [ 182.075572][ T7128] netlink: 148 bytes leftover after parsing attributes in process `syz.4.264'. [ 182.089555][ T7118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.110824][ T7118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.205353][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 182.227120][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 182.245161][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 9284, setting to 1024 [ 182.274878][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 182.294537][ T9] usb 1-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 182.307599][ T5958] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 182.327184][ T9] usb 1-1: Manufacturer: syz [ 182.335165][ T9] usb 1-1: config 0 descriptor?? [ 182.348611][ T5958] usb 4-1: device descriptor read/8, error -71 [ 182.355415][ T7124] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 182.377792][ T9] smsusb:smsusb_probe: board id=9, interface number 0 [ 182.401952][ T9] smsusb:siano_media_device_register: media controller created [ 182.448700][ T9] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 [ 182.467882][ T5958] usb usb4-port1: unable to enumerate USB device [ 182.490084][ T9] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed [ 182.521887][ T9] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed [ 182.564045][ T43] usbhid 2-1:0.0: can't add hid device: -71 [ 182.571739][ T9] ------------[ cut here ]------------ [ 182.577360][ T9] WARNING: CPU: 0 PID: 9 at mm/slub.c:4790 free_large_kmalloc+0x15c/0x1f0 [ 182.579108][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 182.586015][ T9] Modules linked in: [ 182.586071][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 182.586101][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 182.614712][ T43] usb 2-1: USB disconnect, device number 14 [ 182.618828][ T9] Workqueue: usb_hub_wq hub_event [ 182.630216][ T9] RIP: 0010:free_large_kmalloc+0x15c/0x1f0 [ 182.636104][ T9] Code: 44 89 f6 e8 b6 19 fd ff 65 48 8b 05 de ec 87 10 48 3b 44 24 08 75 57 48 83 c4 10 5b 41 5c 41 5e 41 5f 5d e9 86 c8 63 09 cc 90 <0f> 0b 90 65 48 8b 05 b9 ec 87 10 48 3b 44 24 08 75 32 48 89 df 48 [ 182.655820][ T9] RSP: 0018:ffffc900000e6b00 EFLAGS: 00010206 [ 182.661990][ T9] RAX: 00000000ff000000 RBX: ffffea0001599880 RCX: 0000000000000000 [ 182.670084][ T9] RDX: ffffc90018dd6000 RSI: ffff888056662000 RDI: ffffea0001599880 [ 182.678545][ T9] RBP: 0000000000000100 R08: ffff88814dd15003 R09: 1ffff11029ba2a00 [ 182.686564][ T9] R10: dffffc0000000000 R11: ffffed1029ba2a01 R12: 1ffff1100603e682 [ 182.694855][ T9] R13: 0000000000000000 R14: ffff88814dd15060 R15: dffffc0000000000 [ 182.702906][ T9] FS: 0000000000000000(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 [ 182.711966][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 182.718641][ T9] CR2: 00007f786060af98 CR3: 000000007e706000 CR4: 00000000003526f0 [ 182.726664][ T9] Call Trace: [ 182.730024][ T9] [ 182.732997][ T9] usb_free_urb+0xd0/0x120 [ 182.737500][ T9] smsusb_term_device+0x1d6/0x3b0 [ 182.742587][ T9] smsusb_probe+0x1a04/0x2060 [ 182.747380][ T9] ? __pfx_smsusb_probe+0x10/0x10 [ 182.752737][ T9] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 182.758452][ T9] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 182.764405][ T9] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 182.770853][ T9] ? __pm_runtime_set_status+0x785/0xa50 [ 182.776543][ T9] usb_probe_interface+0x668/0xc30 [ 182.781771][ T9] ? __pfx_usb_probe_interface+0x10/0x10 [ 182.787784][ T9] really_probe+0x26d/0x9e0 [ 182.792344][ T9] __driver_probe_device+0x18c/0x2f0 [ 182.797743][ T9] driver_probe_device+0x4f/0x430 [ 182.802817][ T9] __device_attach_driver+0x2ce/0x530 [ 182.808335][ T9] bus_for_each_drv+0x24e/0x2e0 [ 182.813236][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 182.819324][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 182.824774][ T9] __device_attach+0x2b8/0x400 [ 182.829687][ T9] ? __pfx___device_attach+0x10/0x10 [ 182.835017][ T9] ? do_raw_spin_unlock+0x122/0x240 [ 182.840305][ T9] bus_probe_device+0x185/0x260 [ 182.845205][ T9] device_add+0x7b6/0xb50 [ 182.849633][ T9] usb_set_configuration+0x1a87/0x20e0 [ 182.855169][ T9] usb_generic_driver_probe+0x8d/0x150 [ 182.860720][ T9] usb_probe_device+0x1c4/0x390 [ 182.865623][ T9] ? __pfx_usb_probe_device+0x10/0x10 [ 182.871091][ T9] really_probe+0x26d/0x9e0 [ 182.875647][ T9] __driver_probe_device+0x18c/0x2f0 [ 182.881032][ T9] driver_probe_device+0x4f/0x430 [ 182.886108][ T9] __device_attach_driver+0x2ce/0x530 [ 182.891607][ T9] bus_for_each_drv+0x24e/0x2e0 [ 182.896520][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 182.902535][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 182.908014][ T9] __device_attach+0x2b8/0x400 [ 182.912827][ T9] ? __pfx___device_attach+0x10/0x10 [ 182.918235][ T9] ? do_raw_spin_unlock+0x122/0x240 [ 182.923509][ T9] bus_probe_device+0x185/0x260 [ 182.928570][ T9] device_add+0x7b6/0xb50 [ 182.932942][ T9] usb_new_device+0xa39/0x16f0 [ 182.937826][ T9] ? __pfx_usb_new_device+0x10/0x10 [ 182.943044][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.948311][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.953527][ T9] hub_event+0x2958/0x4a20 [ 182.958030][ T9] ? __pfx_hub_event+0x10/0x10 [ 182.962818][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 182.968649][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.973888][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 182.979680][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 182.985440][ T9] process_scheduled_works+0xade/0x17b0 [ 182.991139][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 182.997290][ T9] worker_thread+0x8a0/0xda0 [ 183.001912][ T9] kthread+0x70e/0x8a0 [ 183.006079][ T9] ? __pfx_worker_thread+0x10/0x10 [ 183.011308][ T9] ? __pfx_kthread+0x10/0x10 [ 183.015907][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.021139][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.026344][ T9] ? __pfx_kthread+0x10/0x10 [ 183.031105][ T9] ret_from_fork+0x3f9/0x770 [ 183.035715][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 183.040955][ T9] ? __switch_to_asm+0x39/0x70 [ 183.045735][ T9] ? __switch_to_asm+0x33/0x70 [ 183.050560][ T9] ? __pfx_kthread+0x10/0x10 [ 183.055168][ T9] ret_from_fork_asm+0x1a/0x30 [ 183.059979][ T9] [ 183.063004][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 183.070282][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) [ 183.080363][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.090418][ T9] Workqueue: usb_hub_wq hub_event [ 183.095460][ T9] Call Trace: [ 183.098744][ T9] [ 183.101683][ T9] dump_stack_lvl+0x99/0x250 [ 183.106286][ T9] ? __asan_memcpy+0x40/0x70 [ 183.110902][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.116141][ T9] ? __pfx__printk+0x10/0x10 [ 183.120763][ T9] vpanic+0x281/0x750 [ 183.124768][ T9] ? __pfx__printk+0x10/0x10 [ 183.129387][ T9] ? __pfx_vpanic+0x10/0x10 [ 183.133902][ T9] ? is_bpf_text_address+0x26/0x2b0 [ 183.139162][ T9] panic+0xb9/0xc0 [ 183.142906][ T9] ? __pfx_panic+0x10/0x10 [ 183.147351][ T9] __warn+0x31b/0x4b0 [ 183.151342][ T9] ? free_large_kmalloc+0x15c/0x1f0 [ 183.156548][ T9] ? free_large_kmalloc+0x15c/0x1f0 [ 183.161762][ T9] report_bug+0x2be/0x4f0 [ 183.166097][ T9] ? free_large_kmalloc+0x15c/0x1f0 [ 183.171305][ T9] ? free_large_kmalloc+0x15c/0x1f0 [ 183.176519][ T9] ? free_large_kmalloc+0x15e/0x1f0 [ 183.181784][ T9] handle_bug+0x84/0x160 [ 183.186044][ T9] exc_invalid_op+0x1a/0x50 [ 183.190573][ T9] asm_exc_invalid_op+0x1a/0x20 [ 183.195439][ T9] RIP: 0010:free_large_kmalloc+0x15c/0x1f0 [ 183.201294][ T9] Code: 44 89 f6 e8 b6 19 fd ff 65 48 8b 05 de ec 87 10 48 3b 44 24 08 75 57 48 83 c4 10 5b 41 5c 41 5e 41 5f 5d e9 86 c8 63 09 cc 90 <0f> 0b 90 65 48 8b 05 b9 ec 87 10 48 3b 44 24 08 75 32 48 89 df 48 [ 183.220938][ T9] RSP: 0018:ffffc900000e6b00 EFLAGS: 00010206 [ 183.227104][ T9] RAX: 00000000ff000000 RBX: ffffea0001599880 RCX: 0000000000000000 [ 183.235104][ T9] RDX: ffffc90018dd6000 RSI: ffff888056662000 RDI: ffffea0001599880 [ 183.243080][ T9] RBP: 0000000000000100 R08: ffff88814dd15003 R09: 1ffff11029ba2a00 [ 183.251051][ T9] R10: dffffc0000000000 R11: ffffed1029ba2a01 R12: 1ffff1100603e682 [ 183.259023][ T9] R13: 0000000000000000 R14: ffff88814dd15060 R15: dffffc0000000000 [ 183.267046][ T9] usb_free_urb+0xd0/0x120 [ 183.271479][ T9] smsusb_term_device+0x1d6/0x3b0 [ 183.276509][ T9] smsusb_probe+0x1a04/0x2060 [ 183.281208][ T9] ? __pfx_smsusb_probe+0x10/0x10 [ 183.286265][ T9] ? __pfx_smsusb_sendrequest+0x10/0x10 [ 183.291856][ T9] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 183.297762][ T9] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 183.304104][ T9] ? __pm_runtime_set_status+0x785/0xa50 [ 183.309838][ T9] usb_probe_interface+0x668/0xc30 [ 183.314992][ T9] ? __pfx_usb_probe_interface+0x10/0x10 [ 183.320635][ T9] really_probe+0x26d/0x9e0 [ 183.325160][ T9] __driver_probe_device+0x18c/0x2f0 [ 183.330469][ T9] driver_probe_device+0x4f/0x430 [ 183.335506][ T9] __device_attach_driver+0x2ce/0x530 [ 183.340889][ T9] bus_for_each_drv+0x24e/0x2e0 [ 183.345756][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 183.351673][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 183.357077][ T9] __device_attach+0x2b8/0x400 [ 183.361863][ T9] ? __pfx___device_attach+0x10/0x10 [ 183.367175][ T9] ? do_raw_spin_unlock+0x122/0x240 [ 183.372401][ T9] bus_probe_device+0x185/0x260 [ 183.377266][ T9] device_add+0x7b6/0xb50 [ 183.381609][ T9] usb_set_configuration+0x1a87/0x20e0 [ 183.387136][ T9] usb_generic_driver_probe+0x8d/0x150 [ 183.392718][ T9] usb_probe_device+0x1c4/0x390 [ 183.397669][ T9] ? __pfx_usb_probe_device+0x10/0x10 [ 183.403046][ T9] really_probe+0x26d/0x9e0 [ 183.407560][ T9] __driver_probe_device+0x18c/0x2f0 [ 183.412882][ T9] driver_probe_device+0x4f/0x430 [ 183.417926][ T9] __device_attach_driver+0x2ce/0x530 [ 183.423343][ T9] bus_for_each_drv+0x24e/0x2e0 [ 183.428255][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 183.434191][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 183.439665][ T9] __device_attach+0x2b8/0x400 [ 183.444465][ T9] ? __pfx___device_attach+0x10/0x10 [ 183.449788][ T9] ? do_raw_spin_unlock+0x122/0x240 [ 183.455011][ T9] bus_probe_device+0x185/0x260 [ 183.459914][ T9] device_add+0x7b6/0xb50 [ 183.464267][ T9] usb_new_device+0xa39/0x16f0 [ 183.469055][ T9] ? __pfx_usb_new_device+0x10/0x10 [ 183.474270][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.479664][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.484879][ T9] hub_event+0x2958/0x4a20 [ 183.489355][ T9] ? __pfx_hub_event+0x10/0x10 [ 183.494141][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 183.499876][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.505093][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 183.510825][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 183.516560][ T9] process_scheduled_works+0xade/0x17b0 [ 183.522152][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 183.528184][ T9] worker_thread+0x8a0/0xda0 [ 183.532815][ T9] kthread+0x70e/0x8a0 [ 183.536903][ T9] ? __pfx_worker_thread+0x10/0x10 [ 183.542028][ T9] ? __pfx_kthread+0x10/0x10 [ 183.546651][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.551872][ T9] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.557088][ T9] ? __pfx_kthread+0x10/0x10 [ 183.561697][ T9] ret_from_fork+0x3f9/0x770 [ 183.566304][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 183.571433][ T9] ? __switch_to_asm+0x39/0x70 [ 183.576306][ T9] ? __switch_to_asm+0x33/0x70 [ 183.581087][ T9] ? __pfx_kthread+0x10/0x10 [ 183.585698][ T9] ret_from_fork_asm+0x1a/0x30 [ 183.590493][ T9] [ 183.593843][ T9] Kernel Offset: disabled [ 183.598206][ T9] Rebooting in 86400 seconds..