last executing test programs: 14.236494563s ago: executing program 4 (id=1967): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x90}}, 0x0) 13.3642458s ago: executing program 4 (id=1969): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=ANY=[@ANYBLOB="2f985eb60000000007000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x14, &(0x7f00000000c0), 0x1, 0x10, &(0x7f0000000000), 0xa, 0x0, 0xffffffffffffffff, 0x4c}, 0x70) openat$sw_sync(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r2, &(0x7f0000006280)={0x2020}, 0x2020) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x260, 0xffffffff, 0x98, 0x130, 0x130, 0xffffffff, 0xffffffff, 0x1c8, 0x1c8, 0x1c8, 0xffffffff, 0x4, 0x0, {[{{@ip={@local, @loopback, 0x0, 0x0, 'veth0_to_bridge\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@ip={@broadcast, @local, 0x0, 0x0, 'veth1_to_bond\x00', 'gre0\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window], 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0xc}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0xf, 0x0, 0xf, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = gettid() futex(&(0x7f0000000080), 0xb, 0x0, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100), 0x0) tkill(r6, 0x7) write$sndseq(0xffffffffffffffff, &(0x7f0000000080)=[{0x1e, 0x0, 0x0, 0xfd, @time, {}, {}, @result}], 0x1c) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r7, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x3c, r8, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x101}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000002380)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/33, 0x21, 0x0, 0x0, 0x0, 0x20002}}, 0x120) write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000002240), 0x4) writev(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000100)='\v\x00\x00\x00', 0x4}], 0x1) 12.424067711s ago: executing program 4 (id=1972): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7f}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7ef}, 0x9f) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000580)={r2, r1}, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat2(0xffffffffffffffff, &(0x7f00000002c0)='./bus\x00', &(0x7f0000000540)={0x2c500, 0x22, 0x2}, 0x18) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x4e, &(0x7f0000000340)={{{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}}, {{@in6=@private1}, 0x0, @in=@dev}}, 0xe8) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000240)={0x4, &(0x7f0000000040)=[{0x9, 0x7, 0x29, 0x6}, {0x4, 0x3, 0x4, 0x1}, {0x37, 0x3, 0x8}, {0x9, 0x6, 0xff, 0x81}]}, 0x10) unshare(0x8000000) syz_emit_ethernet(0x4e, &(0x7f0000000740)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x18, 0x0, 0x0, @private2, @local, {[@routing={0x0, 0x2, 0x1, 0x6, 0x0, [@private2]}]}}}}}, 0x0) chdir(&(0x7f0000000240)='./file0\x00') creat(&(0x7f0000000100)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) 10.929863184s ago: executing program 0 (id=1981): syz_init_net_socket$llc(0x1a, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) dup(0xffffffffffffffff) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r3, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c) io_uring_setup(0x3632, &(0x7f0000000240)={0x0, 0xdfd3, 0x1000, 0x1, 0x8b}) r4 = syz_open_dev$video(&(0x7f0000000380), 0xbdff, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_UID={0x8}, @CGW_MOD_AND={0x15, 0x1, {{{}, 0x0, 0x0, 0x0, 0x0, "ee1990a380ecab90"}, 0x5}}]}, 0x34}}, 0x0) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d492e4ff000109021b19f1000000d40904150001da40df000905", @ANYRES32], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000880), 0xffffffffffffffff) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xda, 0xe1, 0x1c, 0x10, 0x45e, 0x284, 0xa48f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x43, 0x7d, 0x67, 0x0, [], [{{0x9, 0x5, 0x7}}]}}]}}]}}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000480)={0x44, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6}}]}, 0x44}}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in6=@local, @in=@loopback}, {@in=@multicast1, 0x0, 0x32}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @tfcpad={0x8, 0x22, 0x1}]}, 0x140}}, 0x0) 10.076254945s ago: executing program 4 (id=1983): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff"], 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES8=r1], 0x118) socket(0xa, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xc, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xffffffff, r3}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000181100007b2d1cd4bfe5efb91616afaff804d8b0295643193dd3b804b23a79dba4691200551129f24b8d97320a9ad9b6189acf8e20afc6a052a79fec8315516a3037e157738d231526748bf294ccc209425c8c1b3de9d75633dfa874cda9bb86c94b1c4499bd73b4b8d3e64450b85aed51f7f1862a72f53188ed1f85d8ce48469ce52a81590101a327a80965bbc1faabfba36c5aa725449dc98eef1c15ee3a8d96e47aa58343ee94aceca2a8078353155ba6969c78bfa6f5f42e11e6be4cd9fd70cf17303495ac6ebe5eb85cfa05c56b6309ffd70c9bdfc2f9ea1c4f976e9b0e2f8b903dd3b2989f22198e50", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 7.25313366s ago: executing program 1 (id=1991): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x90}}, 0x0) 7.056619882s ago: executing program 1 (id=1993): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000e80), 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x21a880, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x6, &(0x7f0000000000)=0x40006, 0x3) r3 = syz_open_dev$vim2m(0x0, 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32315241, 0x0, 0x0, [{}, {}, {0x7ff}], 0x0, 0x0, 0x0, 0x1}}) lseek(0xffffffffffffffff, 0x1000000, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x8, &(0x7f0000000180)=ANY=[], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5c, 0x0, 0x0, 0x10, 0x7}, 0x67) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0) prlimit64(r0, 0xa, &(0x7f00000001c0)={0xa, 0xd}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@cgroup=r4, 0xffffffffffffffff, 0x24, 0x2028, 0x4, @prog_fd=r4}, 0x20) syz_io_uring_setup(0x358a, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2a4}, &(0x7f0000000240), &(0x7f0000000340)) r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7}) 5.932474982s ago: executing program 1 (id=1994): r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/udplite6\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f00000003c0)=""/257, 0x101}], 0x1, 0x0, 0x0) r1 = socket$kcm(0x11, 0x2, 0x0) sendmsg$sock(r1, &(0x7f0000000040)={&(0x7f0000000200)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x0, 0x2}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0) r2 = socket(0x2b, 0x1, 0x1) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) timer_create(0x0, &(0x7f0000000280)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x38012, r4, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000002140)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x88101, 0x0) mlock(&(0x7f0000525000/0x1000)=nil, 0x1000) read$FUSE(r4, &(0x7f0000002180)={0x2020}, 0x2020) ioctl$sock_TIOCOUTQ(r2, 0x8905, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000700)={'#! ', './file0'}, 0xb) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_buf(r6, 0x29, 0xd2, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) semtimedop(0x0, &(0x7f0000000140)=[{0x1, 0x1}, {}], 0x2, &(0x7f0000000580)) 5.835115976s ago: executing program 3 (id=1996): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1}, 0x60) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x4, &(0x7f0000000140)=""/192, 0x20000057) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_uring_setup(0x1611, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, 0x3f, 0xb, 0x0, 0x0, {0x3}, [@typed={0xc, 0x2, 0x0, 0x0, @u64=0x5}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@local}]}]}, 0x2c}}, 0x0) syz_open_dev$vim2m(0x0, 0x0, 0x2) syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000003900)={0x2, 0x0, @multicast1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fsopen(&(0x7f0000000300)='squashfs\x00', 0x0) syz_open_dev$sg(0x0, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 5.664305587s ago: executing program 4 (id=1997): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8, 0x2}}}, 0x7) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="e1f67cca5002c900125c17352598b4ffe8daf1ad2c64b73f41000e00f4de"], 0x17) syz_emit_vhci(&(0x7f00000002c0)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{}, {@none, "a5afc9fb28a9f4a3d7d0d1e790d2efb1", 0x1}}}, 0xffffffffffffffd9) syz_emit_vhci(0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f00000000c0)=0xf) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x6, &(0x7f0000000200)=0x9) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000340)={0x0, 'rose0\x00'}) mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xe, 0x10, r1, 0x0) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_keypress_notify={{0x3c, 0x7}, {@any, 0x6}}}, 0xa) syz_emit_vhci(0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$afs(&(0x7f0000000300)=@cell={0x23, '', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x20000, &(0x7f0000000440)=ANY=[]) 4.842276308s ago: executing program 3 (id=1998): r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x40084149, 0x40944f9c780000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30400000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a5f410000000000000000070000000900020073797a31000000000900010073797a300000000010000380500000800800034000000000140000001000010000000000000c0000008400dac87c2c86b13bb0c559d2fff872b0fe5298609c80ed44ce4c83e7953967c77fd34b064f68d4e982be7bcf931daff26afd1f4e6b32122efaea11c662773586194eb8eda7eefaf6eb1113bb5912"], 0xc0}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000006000000b704000000000000850000003300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0x17) r5 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000280)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@rand_addr=0x2, 0x0, 0x0, 0x0, 0xa, 0x2}, {0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x6c}, 0xa, @in=@multicast2, 0x3506, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1000}}, 0xe8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 4.384349984s ago: executing program 3 (id=2000): openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) syz_open_procfs(0x0, &(0x7f00000000c0)='timerslack_ns\x00') pipe(&(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7dbf230d000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00'], 0x64}}, 0x0) r3 = inotify_init() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x0, 0x0, 0x0, {0x0, 0x2}}, 0x20}, 0x3}, 0x0) inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x400017e) r4 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000002000000380000000000000000191bda000020000100006b5e0200000000000003"], 0x69) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 4.212645556s ago: executing program 0 (id=2001): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r1 = memfd_create(&(0x7f0000000740)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\bI\xd7\'\xe0\xc0\n|\xd3\x1fC\xd5I1\xe0\xc2(UB9\xf7\x86', 0x0) r2 = dup3(r0, r1, 0x0) statx(r2, 0x0, 0x1000, 0x60000000000000, 0x0) 4.100368669s ago: executing program 2 (id=2002): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)=""/4090, 0xffa}, {&(0x7f0000004580)=""/4082, 0xff2}, {&(0x7f0000003540)=""/4092, 0xffc}, {&(0x7f0000000380)=""/161, 0xa1}, {&(0x7f00000001c0)=""/228, 0xe4}], 0x5}, 0x140) 3.964262515s ago: executing program 0 (id=2003): r0 = creat(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000100)=ANY=[@ANYRES64=r1], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x101002, 0x0) r3 = accept$packet(r0, &(0x7f00000002c0), &(0x7f0000000300)=0x14) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000000)={0xffffffffffffffff, 0x2, 0x1}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r2], 0x0, 0x52}, 0x20) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f00000022c0)=""/106) mkdirat(r0, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, 0x0, 0x15) dup(0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x53) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000140)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) sendfile(r7, r7, 0x0, 0xff) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) dup(r10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) 3.959920546s ago: executing program 2 (id=2004): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000e80), 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x21a880, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x6, &(0x7f0000000000)=0x40006, 0x3) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0) lseek(0xffffffffffffffff, 0x1000000, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x8, &(0x7f0000000180)=ANY=[], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5c, 0x0, 0x0, 0x10, 0x7}, 0x67) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0) prlimit64(r0, 0xa, &(0x7f00000001c0)={0xa, 0xd}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@cgroup=r4, 0xffffffffffffffff, 0x24, 0x2028, 0x4, @prog_fd=r4}, 0x20) syz_io_uring_setup(0x358a, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2a4}, &(0x7f0000000240), &(0x7f0000000340)) r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7}) 3.913853885s ago: executing program 3 (id=2005): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, 0x0, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000040)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_channels={0x3c}}) read$dsp(r1, &(0x7f00000004c0)=""/97, 0xfffffff3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 2.922995773s ago: executing program 2 (id=2006): openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) unshare(0xe020600) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) shutdown(r1, 0x1) 2.720416233s ago: executing program 1 (id=2007): r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000380)={'\v\x00', 0x0, 0x5, 0x2, 0x0, 0x0, '\x00', "000016e2", "0300", "e859ad13", ["8bedbdc0edff000a00", "c2fed6bf0400000000000040", "000000ff0000000000000020", "8d196d85d693aa2200"]}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000280)=[{}], 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000100)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x82}, 0x90) r2 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0) ioctl$RTC_WKALM_SET(r2, 0x40187013, 0x0) 2.536390159s ago: executing program 1 (id=2008): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1}, 0x60) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x4, &(0x7f0000000140)=""/192, 0x20000057) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_uring_setup(0x1611, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, 0x3f, 0xb, 0x0, 0x0, {0x3}, [@typed={0xc, 0x2, 0x0, 0x0, @u64=0x5}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@local}]}]}, 0x2c}}, 0x0) syz_open_dev$vim2m(0x0, 0x0, 0x2) syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000003900)={0x2, 0x0, @multicast1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fsopen(&(0x7f0000000300)='squashfs\x00', 0x0) syz_open_dev$sg(0x0, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 2.504597074s ago: executing program 0 (id=2009): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r5, 0x11, 0x68, &(0x7f0000003a80)=0x2, 0x4) setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000202c0004802800018007000100637400001c0002800800014000000002080002400000000c05000300000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000aa26e97"], 0x80}}, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfccf}, &(0x7f0000000240)=0x40) syz_open_procfs(0x0, 0x0) r6 = socket$rxrpc(0x21, 0x2, 0xa) r7 = syz_io_uring_setup(0x4a9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6}) io_uring_enter(r7, 0x2def, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r6, 0x1, 0x7, &(0x7f0000000240), 0x4) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) socket$packet(0x11, 0x3, 0x300) 2.456434514s ago: executing program 2 (id=2010): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x73, 0xfeffffff) 2.232131831s ago: executing program 2 (id=2011): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$vsock_stream(0x28, 0x1, 0x0) r3 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000080)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) r4 = gettid() rt_tgsigqueueinfo(0x0, r4, 0x7, &(0x7f0000000000)={0x0, 0x0, 0x9}) read(0xffffffffffffffff, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) clock_gettime(0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2121, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x13, 0x10, 0x2, 0x0, 0x2008}, 0x48) 1.385459974s ago: executing program 1 (id=2012): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) dup(0xffffffffffffffff) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r3, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c) io_uring_setup(0x3632, &(0x7f0000000240)={0x0, 0xdfd3, 0x1000, 0x1, 0x8b}) r4 = syz_open_dev$video(&(0x7f0000000380), 0xbdff, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_UID={0x8}, @CGW_MOD_AND={0x15, 0x1, {{{}, 0x0, 0x0, 0x0, 0x0, "ee1990a380ecab90"}, 0x5}}]}, 0x34}}, 0x0) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d492e4ff000109021b19f1000000d40904150001da40df000905", @ANYRES32], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000880), 0xffffffffffffffff) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xda, 0xe1, 0x1c, 0x10, 0x45e, 0x284, 0xa48f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x43, 0x7d, 0x67, 0x0, [], [{{0x9, 0x5, 0x7}}]}}]}}]}}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000480)={0x44, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6}}]}, 0x44}}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in6=@local, @in=@loopback}, {@in=@multicast1, 0x0, 0x32}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @tfcpad={0x8, 0x22, 0x1}]}, 0x140}}, 0x0) 1.269391905s ago: executing program 3 (id=2013): socket$inet_udp(0x2, 0x2, 0x0) (async) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000004000000000000000100000d0000000000000000040000e5010000000100000f03000000030000000100000003"], 0x0, 0x58}, 0x20) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) (async) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) socket$inet_dccp(0x2, 0x6, 0x0) (async) socket$inet_dccp(0x2, 0x6, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x100010, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x100010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x26) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(r3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2, {0x6}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x804}, 0x4008000) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0x4040534e, &(0x7f0000000080)={0x375, @tick=0x4, 0x3}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r6, 0x40505331, &(0x7f0000000300)={0x10000}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r6, 0x40505331, &(0x7f0000000300)={0x10000}) tkill(0x0, 0x7) 1.174989599s ago: executing program 0 (id=2014): r0 = syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000000000020b3aa"], 0x1c}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000005f0005"], 0x20}}, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x0, 0x4, {0x800000, 0x0, 0xfffffffc, 0x3, 0x0, 0x200}}) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000140)={0x0, 0x400, 0x2a60fb80, 0x9, 0xc, "10a86046d05a85612f431a13558ebe5d0dbd8f"}) accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000ecffffff00000000000000008500000053000000850000002a0000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000c40), 0x12) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="8701000000000000180c00000000000100000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x9c, &(0x7f0000000000)=""/156}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x5, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff}) r8 = socket$inet_udp(0x2, 0x2, 0x0) close(r8) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) splice(r7, 0x0, r5, 0x0, 0x4ffe0, 0x8) 1.115273362s ago: executing program 2 (id=2015): io_uring_enter(0xffffffffffffffff, 0x5e40, 0x0, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = socket$inet(0x2, 0x2, 0x8) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x4241, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x0, "83e624170a2005004d5e9ac5be09e4bae4ffffffe900000000000000001300", 0xffffffffffffffff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$nfc_llcp(r4, 0x6, 0x1c, 0x0, 0x2000e863) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000001c0)={0x0, "0092938eda08a5513db99d08fdae429e4ae4c5bac9dd8259be4ee64b32c65e0a", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000280)={"334f00d6daf062d63d5e4449e903f93e48fe794d00c0adb017e82000008982ac", r3, 0xffffffffffffffff}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a3100000000140007800500150007000000080012"], 0x5c}}, 0x0) ioctl$SYNC_IOC_MERGE(r6, 0xc0383e04, &(0x7f0000000140)={"e3fe98873d275ac4650da6ff0d7ee4c0cda5a703827becb26eba2497c5271959", 0xffffffffffffffff, 0xffffffffffffffff, 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000001480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68"], 0x0, 0x6}, 0x90) syz_usb_connect(0x2, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001018b75000905"], 0x0) close_range(r1, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d1d0b90c8997e6917226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67a4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e7", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3bf", 0x2c}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2c691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d7d77ceefde94faf2e36c3920581691a79a6678db1e5e7fa1ca703ee7aa87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992", 0xd2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472fd012198c3c61bb81e71ba62134303d2db9740143b0374a0d0be875789932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19645f7a1dcf1449fd34eecae5f52fba1e89d6d34b39297bbbc258c2ea547d47f2d89ad6e36e737691a1c6bdd164b2a85cbaaf648c910559f53581c60bd6c80f90c75f664e5b285c738881560f8ae89a4943141ac45fb6995cece6a2e0e62bd79213527a11c34a6e89", 0xae}], 0x3}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)="1ee88f78de7d5700558705d98691e6344fa3745cc92c1f80fc01a77c28bb77872fc4f9be9660bb62708d0f52f4958f000000007700"/64, 0x40}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24", 0x7c}], 0x2}}], 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d000000000000010d0224000100000000090400000103000000092100000001220500090581030000000000"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getgroups(0x0, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$hid(r7, &(0x7f0000001440)={0xfffffffffffffd87, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB='\x00'/11], 0x0}, 0x0) 65.942381ms ago: executing program 3 (id=2016): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000e80), 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x21a880, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) set_mempolicy(0x6, &(0x7f0000000000)=0x40006, 0x3) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0) lseek(0xffffffffffffffff, 0x1000000, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x8, &(0x7f0000000180)=ANY=[], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5c, 0x0, 0x0, 0x10, 0x7}, 0x67) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0) prlimit64(r0, 0xa, &(0x7f00000001c0)={0xa, 0xd}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@cgroup=r4, 0xffffffffffffffff, 0x24, 0x2028, 0x4, @prog_fd=r4}, 0x20) syz_io_uring_setup(0x358a, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2a4}, &(0x7f0000000240), &(0x7f0000000340)) r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7}) 351.403µs ago: executing program 0 (id=2017): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=0x0) prlimit64(r0, 0x5, &(0x7f0000000140)={0x17, 0x1}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) r6 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r6, 0xc0205649, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001080)={0x980912, 0x0, '\x00', @string=0x0}}) 0s ago: executing program 4 (id=2018): creat(&(0x7f0000000280)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085000000ad000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r1, 0xffffffffffffffff, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r2, 0xffffffffffffffff, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1}}, 0x40) (fail_nth: 8) kernel console output (not intermixed with test programs): 6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 549.816813][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0xA, skipping [ 549.816835][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0xA, skipping [ 549.816856][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 550.071796][ T5231] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 550.231762][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 550.243711][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x4, skipping [ 550.253342][ T5231] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 550.254479][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 550.262636][ T5231] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 550.396466][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 550.435765][ T9] usb 5-1: config 4 has an invalid descriptor of length 1, skipping remainder of the config [ 550.496056][ T9] usb 5-1: too many endpoints for config 4 interface 0 altsetting 0: 94, using maximum allowed: 30 [ 550.511819][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 550.524722][ T9] usb 5-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 94 [ 550.541381][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 550.865228][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 550.936540][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=ac14, bcdDevice= 0.40 [ 550.967778][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 551.003233][ T9] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 551.032508][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x5, skipping [ 551.060324][ T9] usb 5-1: Product: syz [ 551.073220][ T9] usb 5-1: Manufacturer: syz [ 551.088707][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 551.129584][ T6551] usb 2-1: config 9 interface 183 altsetting 0 has a duplicate endpoint with address 0xA, skipping [ 551.141729][ T6551] usb 2-1: config 9 interface 170 has no altsetting 0 [ 551.150037][ T6551] usb 2-1: config 9 interface 92 has no altsetting 0 [ 551.159748][ T6551] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=a3.79 [ 551.174087][ T6551] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.202768][ T6551] usb 2-1: Product: 䟒叙쟕⇔詴๰㥄袲ꝁ殻㍠옌⚓ፓ෪꨺╈껅亪젓鐩쓽퉗蝦ꤩ蠶⇸䇃ᤳ①㤙㗫ꝿ猜괤忂 [ 551.231738][ T6551] usb 2-1: Manufacturer: ခ [ 551.236965][ T6551] usb 2-1: SerialNumber: 䓶昔ⳃ捍ࡄ民ਚ両಍ꋎ鰗㑹Ṕꚬௌ䣕㍾橼ұ賈鵒됃梁﷓ﮑ益帆蛬ᔌଟ麺膶⥪䃲夲쩦뱸袪ﲃꁐ钳䩤 [ 551.289786][T10512] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 551.545968][T10512] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 551.587689][T10512] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 551.610777][T10519] chnl_net:caif_netlink_parms(): no params data found [ 551.635606][ T6551] as10x_usb: device has been detected [ 551.669476][ T6551] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 551.770040][ T6551] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 551.925103][ T6551] as10x_usb: error during firmware upload part1 [ 551.942263][T10519] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.950446][ T6551] Registered device Elgato EyeTV DTT Deluxe [ 551.957346][T10519] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.979931][T10519] bridge_slave_0: entered allmulticast mode [ 551.986619][ T6551] as10x_usb: device has been detected [ 551.992869][ T6551] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 552.007853][T10519] bridge_slave_0: entered promiscuous mode [ 552.062723][T10519] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.081210][T10519] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.097872][T10519] bridge_slave_1: entered allmulticast mode [ 552.118192][T10519] bridge_slave_1: entered promiscuous mode [ 552.295290][ T6551] usb 2-1: DVB: registering adapter 2 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 552.315487][ T6551] as10x_usb: error during firmware upload part1 [ 552.335537][ T6551] Registered device Elgato EyeTV DTT Deluxe [ 552.674578][ T6551] as10x_usb: device has been detected [ 552.717449][ T5231] Bluetooth: hci9: command tx timeout [ 552.948320][T10519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 552.960712][ T6551] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 552.997927][T10519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 553.019240][ T6551] usb 2-1: DVB: registering adapter 3 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 553.083941][ T6551] as10x_usb: error during firmware upload part1 [ 553.112093][ T6551] Registered device Elgato EyeTV DTT Deluxe [ 553.121378][ T9] hub 5-1:4.0: bad descriptor, ignoring hub [ 553.154196][ T6551] usb 2-1: USB disconnect, device number 37 [ 553.169673][ T9] hub 5-1:4.0: probe with driver hub failed with error -5 [ 553.275482][ T9] usb 5-1: USB disconnect, device number 19 [ 553.287140][T10519] team0: Port device team_slave_0 added [ 553.323094][ T6551] Unregistered device Elgato EyeTV DTT Deluxe [ 553.328952][ T6551] as10x_usb: device has been disconnected [ 553.411723][ T6551] Unregistered device Elgato EyeTV DTT Deluxe [ 553.416722][ T6551] as10x_usb: device has been disconnected [ 553.429076][T10544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1520'. [ 553.429123][T10544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1520'. [ 553.461428][T10519] team0: Port device team_slave_1 added [ 553.526518][ T6551] Unregistered device Elgato EyeTV DTT Deluxe [ 553.531171][ T6551] as10x_usb: device has been disconnected [ 553.673924][T10519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.718973][T10519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 553.854768][T10519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.975176][T10519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.983781][T10519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 554.259706][T10563] netlink: 'syz.0.1523': attribute type 2 has an invalid length. [ 554.634199][T10519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 554.650562][T10565] xt_CT: You must specify a L4 protocol and not use inversions on it [ 554.785157][ T5231] Bluetooth: hci9: command tx timeout [ 554.868233][T10571] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1525'. [ 554.921229][ T6551] IPVS: starting estimator thread 0... [ 554.978327][T10519] hsr_slave_0: entered promiscuous mode [ 555.023756][T10519] hsr_slave_1: entered promiscuous mode [ 555.036119][T10579] IPVS: using max 20 ests per chain, 48000 per kthread [ 555.066601][T10519] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 555.085364][T10519] Cannot create hsr debugfs directory [ 555.628613][T10519] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.808609][T10519] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.930076][T10519] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.033839][T10595] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1532'. [ 556.069615][T10595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'. [ 556.080234][T10595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'. [ 556.174965][T10519] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.288710][T10593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'. [ 556.498647][T10519] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 556.538881][T10519] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 556.559546][T10519] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 556.580681][T10519] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 556.866207][ T5231] Bluetooth: hci9: command tx timeout [ 557.382479][T10614] No such timeout policy "syz0" [ 558.291396][T10519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 558.402762][T10519] 8021q: adding VLAN 0 to HW filter on device team0 [ 558.482784][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 558.489987][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 558.590954][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 558.598173][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 558.945221][ T5231] Bluetooth: hci9: command tx timeout [ 559.845174][ T5267] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 559.889005][T10519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.013224][T10519] veth0_vlan: entered promiscuous mode [ 560.031878][T10519] veth1_vlan: entered promiscuous mode [ 560.048810][ T5267] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 560.078379][T10519] veth0_macvtap: entered promiscuous mode [ 560.085249][ T5267] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 560.089580][T10519] veth1_macvtap: entered promiscuous mode [ 560.121525][ T5267] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 560.131412][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.146067][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.159928][ T5267] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 560.159989][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.184768][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.195326][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.210512][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.210516][ T5267] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 560.221067][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.244906][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.256585][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.270075][ T5267] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.270106][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.288824][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.300249][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.301256][ T5267] usb 2-1: config 0 descriptor?? [ 560.311448][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.326595][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.338649][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.352280][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.352598][T10627] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 560.366875][T10519] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.385450][ T5295] kernel read not supported for file /dsp (pid: 5295 comm: kworker/1:7) [ 560.398543][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.410198][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.422055][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.435756][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.446370][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.459476][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.481758][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.500387][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.512501][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.544538][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.555258][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.576266][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.595503][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.614727][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.634716][T10519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.657122][T10519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.693437][T10519] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.739738][T10519] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.755165][T10519] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.773966][T10519] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.793249][T10519] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.832568][ T5267] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd [ 560.873130][ T5267] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 560.922304][ T5267] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 561.035250][ T5350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.043112][ T5350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.156684][ T5350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.164536][ T5350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.198472][ T5267] usb 2-1: USB disconnect, device number 38 [ 563.417796][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.424120][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.985168][ T5295] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 564.349693][ T5295] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.377421][T10695] xt_CT: You must specify a L4 protocol and not use inversions on it [ 564.417102][ T5295] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.449411][ T5295] usb 5-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00 [ 564.476751][ T5295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.502276][ T5295] usb 5-1: config 0 descriptor?? [ 564.760161][T10700] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1564'. [ 565.226093][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.244938][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.252124][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.274769][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.283378][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.292546][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.300914][ T5295] zeroplus 0003:0C12:0030.000D: unknown main item tag 0x0 [ 565.313987][ T5295] zeroplus 0003:0C12:0030.000D: hidraw0: USB HID v0.00 Device [HID 0c12:0030] on usb-dummy_hcd.4-1/input0 [ 565.325820][ T5295] zeroplus 0003:0C12:0030.000D: no inputs found [ 565.345119][T10254] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 565.557913][T10254] usb 1-1: not running at top speed; connect to a high speed hub [ 565.605029][T10254] usb 1-1: config 163 interface 0 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 565.656630][T10254] usb 1-1: config 163 interface 0 altsetting 1 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 565.717703][T10254] usb 1-1: config 163 interface 0 has no altsetting 0 [ 565.765361][T10254] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 565.783519][T10254] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.803627][T10254] usb 1-1: Product: 䤍 [ 565.817962][T10254] usb 1-1: SerialNumber: syz [ 565.847965][T10697] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 565.870350][T10697] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 566.298559][ T9] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 566.508770][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 566.537620][ T9] usb 3-1: config 0 has no interface number 0 [ 566.567518][ T9] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77 [ 566.587339][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.641406][T10254] usb 1-1: bad CDC descriptors [ 566.652562][ T6551] usb 5-1: USB disconnect, device number 20 [ 566.674948][ T9] usb 3-1: Product: syz [ 566.680791][ T9] usb 3-1: Manufacturer: syz [ 566.720056][ T9] usb 3-1: SerialNumber: syz [ 566.740676][ T9] usb 3-1: config 0 descriptor?? [ 566.755951][ T9] usb_set_interface error [ 566.766885][ T9] snd-usb-us122l 3-1:0.1: probe with driver snd-usb-us122l failed with error -22 [ 566.857280][T10697] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1563'. [ 566.875277][T10697] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1563'. [ 566.943227][ T6551] usb 1-1: USB disconnect, device number 34 [ 567.235988][T10715] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1567'. [ 567.322200][T10715] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1567'. [ 567.814085][ T5997] Bluetooth: hci10: Frame reassembly failed (-84) [ 567.876379][T10736] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1574'. [ 567.952494][T10738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1575'. [ 568.013532][T10742] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1576'. [ 568.044357][T10743] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 569.223951][T10754] tmpfs: Unknown parameter 'quotA' [ 569.278923][T10754] overlayfs: conflicting lowerdir path [ 569.826433][ T5223] Bluetooth: hci10: command 0x1003 tx timeout [ 569.876159][ T5231] Bluetooth: hci10: Opcode 0x1003 failed: -110 [ 570.190224][ T941] usb 3-1: USB disconnect, device number 37 [ 570.641400][T10772] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1586'. [ 572.741139][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 573.863870][T10809] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1599'. [ 574.415468][T10817] pim6reg1: entered promiscuous mode [ 574.432904][T10817] pim6reg1: entered allmulticast mode [ 574.705072][ T5231] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 574.715092][ T5231] Bluetooth: hci2: command 0x0406 tx timeout [ 575.327326][T10834] overlay: Unknown parameter 'euid<00000000000000000000' [ 575.482464][T10837] netlink: 'syz.0.1603': attribute type 3 has an invalid length. [ 575.518759][T10837] netlink: 'syz.0.1603': attribute type 1 has an invalid length. [ 575.559936][T10837] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.1603'. [ 576.094779][ T5295] usb 3-1: new low-speed USB device number 38 using dummy_hcd [ 576.539954][ T5295] usb 3-1: config index 0 descriptor too short (expected 1307, got 27) [ 576.557985][T10853] syz_tun: entered promiscuous mode [ 576.567713][T10853] batadv_slave_0: entered promiscuous mode [ 576.577898][T10853] syz_tun: left promiscuous mode [ 576.583410][T10853] batadv_slave_0: left promiscuous mode [ 576.608187][ T5295] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 576.668040][ T5231] Bluetooth: hci8: ACL packet for unknown connection handle 203 [ 576.699063][ T5295] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 576.709528][ T5295] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 576.723862][ T5295] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 576.737542][ T5295] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 576.750466][ T5295] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 576.770756][ T5295] usb 3-1: string descriptor 0 read error: -22 [ 576.781356][ T5295] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 576.794168][ T5295] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.804149][ T5295] usb 3-1: config 0 descriptor?? [ 576.813785][ T5295] hub 3-1:0.0: bad descriptor, ignoring hub [ 576.830392][ T5295] hub 3-1:0.0: probe with driver hub failed with error -5 [ 576.851250][ T5295] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input37 [ 576.967097][T10857] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1613'. [ 577.022182][T10860] vivid-000: ================= START STATUS ================= [ 577.024046][T10841] bridge1: entered promiscuous mode [ 577.030605][T10860] vivid-000: Generate PTS: true [ 577.040100][T10860] vivid-000: Generate SCR: true [ 577.045036][T10860] tpg source WxH: 320x180 (R'G'B) [ 577.050069][T10860] tpg field: 1 [ 577.054279][T10860] tpg crop: 320x180@0x0 [ 577.058580][T10860] tpg compose: 320x180@0x0 [ 577.063016][T10860] tpg colorspace: 8 [ 577.066915][T10860] tpg transfer function: 0/0 [ 577.071508][T10860] tpg quantization: 0/0 [ 577.076394][T10860] tpg RGB range: 0/2 [ 577.080563][T10860] vivid-000: ================== END STATUS ================== [ 577.116045][T10841] bridge1: entered allmulticast mode [ 577.190224][T10841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.234793][T10865] tipc: Started in network mode [ 577.244631][T10865] tipc: Node identity 0000000000003a5f0000000000000001, cluster identity 4711 [ 577.247975][T10841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.267614][T10865] tipc: Enabling of bearer rejected, failed to enable media [ 577.329223][ T5266] usb 3-1: USB disconnect, device number 38 [ 577.434858][ T5295] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 577.505873][T10878] 9pnet_fd: Insufficient options for proto=fd [ 577.539660][T10878] input: syz0 as /devices/virtual/input/input38 [ 577.652647][T10878] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1617'. [ 577.694932][T10878] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1617'. [ 577.785187][ T5295] usb 5-1: Using ep0 maxpacket: 8 [ 577.913243][ T5295] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 578.114221][ T5295] usb 5-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 578.165150][ T58] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 578.513765][ T5295] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 578.525392][ T5295] usb 5-1: config 0 has no interface number 0 [ 578.531648][ T5295] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 578.543883][ T5295] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 578.558305][ T5295] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 578.577741][ T5295] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 578.604782][ T5295] usb 5-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 578.642807][ T5295] usb 5-1: Product: syz [ 578.777558][ T5295] usb 5-1: Manufacturer: syz [ 578.806395][ T5295] usb 5-1: config 0 descriptor?? [ 578.872272][T10860] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 578.882274][ T58] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 578.899260][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 578.912175][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 578.925887][ T58] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 578.959897][ T58] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 578.972578][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.990639][ T58] usb 4-1: config 0 descriptor?? [ 579.340523][T10860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 579.355579][T10860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 579.872381][T10905] syz_tun: entered promiscuous mode [ 579.898753][T10905] batadv_slave_0: entered promiscuous mode [ 579.916291][ T58] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 579.932561][T10905] syz_tun: left promiscuous mode [ 579.938482][ T58] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 580.151380][T10905] batadv_slave_0: left promiscuous mode [ 580.180178][T10884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.541513][T10884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.677897][ T58] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 580.818586][ T5295] usb 5-1: USB disconnect, device number 21 [ 580.890350][T10910] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1628'. [ 581.197254][T10923] netlink: 'syz.1.1630': attribute type 3 has an invalid length. [ 581.438920][T10254] usb 4-1: USB disconnect, device number 15 [ 582.909118][T10934] FAULT_INJECTION: forcing a failure. [ 582.909118][T10934] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 582.923590][T10934] CPU: 1 UID: 0 PID: 10934 Comm: syz.2.1635 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 582.934392][T10934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 582.944479][T10934] Call Trace: [ 582.947772][T10934] [ 582.950719][T10934] dump_stack_lvl+0x241/0x360 [ 582.955419][T10934] ? __pfx_dump_stack_lvl+0x10/0x10 [ 582.960641][T10934] ? __pfx__printk+0x10/0x10 [ 582.965255][T10934] ? __pfx_lock_release+0x10/0x10 [ 582.970309][T10934] should_fail_ex+0x3b0/0x4e0 [ 582.975007][T10934] _copy_from_iter+0x43a/0x1960 [ 582.979880][T10934] ? __virt_addr_valid+0x183/0x530 [ 582.985020][T10934] ? __pfx__copy_from_iter+0x10/0x10 [ 582.990330][T10934] ? __virt_addr_valid+0x183/0x530 [ 582.995460][T10934] ? __virt_addr_valid+0x183/0x530 [ 583.000584][T10934] ? __virt_addr_valid+0x45f/0x530 [ 583.005710][T10934] ? __check_object_size+0x49c/0x900 [ 583.011017][T10934] netlink_sendmsg+0x73d/0xcb0 [ 583.015804][T10934] ? __pfx_netlink_sendmsg+0x10/0x10 [ 583.021106][T10934] ? __import_iovec+0x361/0x820 [ 583.025973][T10934] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 583.031275][T10934] ? security_socket_sendmsg+0x87/0xb0 [ 583.036758][T10934] ? __pfx_netlink_sendmsg+0x10/0x10 [ 583.042148][T10934] __sock_sendmsg+0x221/0x270 [ 583.046847][T10934] ____sys_sendmsg+0x525/0x7d0 [ 583.051633][T10934] ? __pfx_____sys_sendmsg+0x10/0x10 [ 583.056957][T10934] __sys_sendmsg+0x2b0/0x3a0 [ 583.061568][T10934] ? __pfx___sys_sendmsg+0x10/0x10 [ 583.066705][T10934] ? vfs_write+0x7c4/0xc90 [ 583.071184][T10934] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 583.077618][T10934] ? do_syscall_64+0x100/0x230 [ 583.082399][T10934] ? do_syscall_64+0xb6/0x230 [ 583.087093][T10934] do_syscall_64+0xf3/0x230 [ 583.091606][T10934] ? clear_bhb_loop+0x35/0x90 [ 583.096300][T10934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.102217][T10934] RIP: 0033:0x7fa1aa9779f9 [ 583.106650][T10934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.126289][T10934] RSP: 002b:00007fa1ab75e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 583.134719][T10934] RAX: ffffffffffffffda RBX: 00007fa1aab05f80 RCX: 00007fa1aa9779f9 [ 583.142714][T10934] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 583.150700][T10934] RBP: 00007fa1ab75e090 R08: 0000000000000000 R09: 0000000000000000 [ 583.158686][T10934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.166688][T10934] R13: 0000000000000000 R14: 00007fa1aab05f80 R15: 00007ffe1baf29b8 [ 583.174683][T10934] [ 584.417356][T10964] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1642'. [ 585.712446][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1647'. [ 587.225144][ T58] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 587.535118][ T5263] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 587.866884][ T5263] usb 1-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=35.fb [ 588.001767][ T5263] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.175721][ T5263] usb 1-1: config 0 descriptor?? [ 588.207975][ T5263] gspca_main: spca505-2.14.0 probing 0733:0430 [ 588.322999][T11009] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1656'. [ 588.364869][ T58] usb 2-1: Using ep0 maxpacket: 16 [ 588.374255][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.395772][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.410289][ T58] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 588.442058][ T58] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 588.463973][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.578938][ T58] usb 2-1: config 0 descriptor?? [ 589.156965][ T5263] gspca_spca505: reg write: error -110 [ 589.162563][ T5263] spca505 1-1:0.0: probe with driver spca505 failed with error -5 [ 589.417509][T10995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 589.457004][T10995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.485407][T11023] FAULT_INJECTION: forcing a failure. [ 589.485407][T11023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.526465][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.534275][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.534396][T11023] CPU: 0 UID: 0 PID: 11023 Comm: syz.2.1659 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 589.552231][T11023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 589.562296][T11023] Call Trace: [ 589.565583][T11023] [ 589.568565][T11023] dump_stack_lvl+0x241/0x360 [ 589.573243][T11023] ? __pfx_dump_stack_lvl+0x10/0x10 [ 589.578455][T11023] ? __pfx__printk+0x10/0x10 [ 589.583063][T11023] ? __pfx_lock_release+0x10/0x10 [ 589.588086][T11023] should_fail_ex+0x3b0/0x4e0 [ 589.592767][T11023] _copy_from_iter+0x1f6/0x1960 [ 589.597627][T11023] ? __virt_addr_valid+0x183/0x530 [ 589.602733][T11023] ? skb_set_owner_w+0x238/0x3e0 [ 589.607678][T11023] ? __pfx_lock_release+0x10/0x10 [ 589.612781][T11023] ? __pfx__copy_from_iter+0x10/0x10 [ 589.618072][T11023] ? __virt_addr_valid+0x183/0x530 [ 589.623182][T11023] ? __virt_addr_valid+0x183/0x530 [ 589.628276][T11023] ? __virt_addr_valid+0x45f/0x530 [ 589.633386][T11023] ? __phys_addr_symbol+0x2f/0x70 [ 589.638392][T11023] ? __check_object_size+0x49c/0x900 [ 589.643678][T11023] skb_copy_datagram_from_iter+0xf3/0x6c0 [ 589.649398][T11023] ? do_raw_spin_unlock+0x13c/0x8b0 [ 589.654593][T11023] ? skb_put+0x114/0x1f0 [ 589.658831][T11023] unix_dgram_sendmsg+0x7a7/0x1f80 [ 589.663942][T11023] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 589.670355][T11023] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 589.677112][T11023] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 589.682660][T11023] ? __pfx_lock_release+0x10/0x10 [ 589.687686][T11023] ? unix_seqpacket_sendmsg+0x110/0x1e0 [ 589.693230][T11023] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 589.699117][T11023] __sock_sendmsg+0x221/0x270 [ 589.703792][T11023] ____sys_sendmsg+0x525/0x7d0 [ 589.708553][T11023] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.713834][T11023] ? __might_fault+0xaa/0x120 [ 589.718508][T11023] __sys_sendmmsg+0x3b2/0x740 [ 589.723181][T11023] ? __pfx___sys_sendmmsg+0x10/0x10 [ 589.728387][T11023] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 589.734275][T11023] ? ksys_write+0x23e/0x2c0 [ 589.738767][T11023] ? __pfx_lock_release+0x10/0x10 [ 589.743791][T11023] ? vfs_write+0x7c4/0xc90 [ 589.748206][T11023] ? __mutex_unlock_slowpath+0x21d/0x750 [ 589.753831][T11023] ? __pfx_vfs_write+0x10/0x10 [ 589.758596][T11023] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 589.764566][T11023] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 589.770884][T11023] ? do_syscall_64+0x100/0x230 [ 589.775643][T11023] __x64_sys_sendmmsg+0xa0/0xb0 [ 589.780485][T11023] do_syscall_64+0xf3/0x230 [ 589.784975][T11023] ? clear_bhb_loop+0x35/0x90 [ 589.789639][T11023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.795528][T11023] RIP: 0033:0x7fa1aa9779f9 [ 589.799928][T11023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.819533][T11023] RSP: 002b:00007fa1ab75e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 589.827957][T11023] RAX: ffffffffffffffda RBX: 00007fa1aab05f80 RCX: 00007fa1aa9779f9 [ 589.836093][T11023] RDX: 000000000000003f RSI: 00000000200000c0 RDI: 0000000000000003 [ 589.844064][T11023] RBP: 00007fa1ab75e090 R08: 0000000000000000 R09: 0000000000000000 [ 589.852025][T11023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 589.859989][T11023] R13: 0000000000000000 R14: 00007fa1aab05f80 R15: 00007ffe1baf29b8 [ 589.867961][T11023] [ 589.872151][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.881317][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.899000][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.915637][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.927871][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.936247][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.943727][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 589.952002][ T58] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0 [ 590.023762][ T58] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000F/input/input40 [ 590.078605][ T58] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 590.147021][ T58] usb 2-1: USB disconnect, device number 39 [ 590.352278][ T5212] usb 1-1: USB disconnect, device number 35 [ 590.679078][T11035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1661'. [ 593.045014][ T5263] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 593.244799][ T5263] usb 3-1: Using ep0 maxpacket: 8 [ 593.265970][ T5263] usb 3-1: New USB device found, idVendor=0499, idProduct=5005, bcdDevice= 8.ff [ 593.284907][ T5263] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.308128][ T5263] usb 3-1: Product: syz [ 593.312350][ T5263] usb 3-1: Manufacturer: syz [ 593.337561][ T5263] usb 3-1: SerialNumber: syz [ 594.371127][ T5263] usb 3-1: config 0 descriptor?? [ 594.387680][ T5263] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 594.514007][ T5263] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 594.594917][ T5212] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 595.237701][ T5223] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 595.249539][ T5223] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 595.258647][ T5223] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 595.276814][ T5223] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 595.291022][ T5223] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 595.300555][ T5223] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 595.356439][ T5212] usb 4-1: Using ep0 maxpacket: 8 [ 595.391821][ T5212] usb 4-1: New USB device found, idVendor=0499, idProduct=5005, bcdDevice= 8.ff [ 595.416110][ T5212] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.433771][ T5212] usb 4-1: Product: syz [ 595.442897][ T5212] usb 4-1: Manufacturer: syz [ 595.451075][ T5212] usb 4-1: SerialNumber: syz [ 595.471778][ T5212] usb 4-1: config 0 descriptor?? [ 595.482331][ T5212] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 595.525445][ T5212] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 595.564783][ T5266] psmouse serio2: Failed to reset mouse on : -5 [ 595.705189][T10254] usb 3-1: USB disconnect, device number 39 [ 595.991214][T11085] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1674'. [ 596.003571][T11069] chnl_net:caif_netlink_parms(): no params data found [ 596.136278][T11090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1675'. [ 596.762244][ T5267] usb 4-1: USB disconnect, device number 16 [ 597.009026][T11069] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.062925][T11105] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1679'. [ 597.064927][T11069] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.105001][T11069] bridge_slave_0: entered allmulticast mode [ 597.122022][T11069] bridge_slave_0: entered promiscuous mode [ 597.267003][T11069] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.291888][T11069] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.311893][T11069] bridge_slave_1: entered allmulticast mode [ 597.345988][ T5223] Bluetooth: hci10: command tx timeout [ 598.202575][T11069] bridge_slave_1: entered promiscuous mode [ 598.344222][T11069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 598.371342][T11069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 598.490710][T11069] team0: Port device team_slave_0 added [ 598.502782][T11069] team0: Port device team_slave_1 added [ 598.578895][T11117] kernel profiling enabled (shift: 62) [ 598.599801][T11117] profiling shift: 62 too large [ 598.600840][T11069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 598.612041][T11069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.655719][T11069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 598.680242][T11117] overlay: Unknown parameter 'euid<00000000000000000000' [ 598.687762][T11069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.705478][T11069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.759955][T11069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.810705][T11124] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 598.825841][T11117] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 598.840141][T11123] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 598.855758][T11117] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 599.037151][T11130] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1685'. [ 599.070696][T11069] hsr_slave_0: entered promiscuous mode [ 599.095139][T11069] hsr_slave_1: entered promiscuous mode [ 599.105483][T11069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.123582][T11069] Cannot create hsr debugfs directory [ 599.425125][ T5231] Bluetooth: hci10: command tx timeout [ 599.510481][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1686'. [ 600.331305][T11069] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.344859][ T5266] misc userio: Buffer overflowed, userio client isn't keeping up [ 600.927031][T11146] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1689'. [ 600.994567][T11069] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.185387][ T5231] Bluetooth: hci7: command 0x0406 tx timeout [ 601.434492][ T5266] input: PS/2 Generic Mouse as /devices/serio2/input/input41 [ 601.575034][ T5223] Bluetooth: hci10: command tx timeout [ 601.675104][ T5266] psmouse serio2: Failed to enable mouse on [ 602.323739][T11069] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 602.429422][T10191] udevd[10191]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 602.630325][T10191] udevd[10191]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 602.880947][T11069] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 602.894827][ T5266] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 602.911720][T11165] netlink: 'syz.3.1693': attribute type 5 has an invalid length. [ 602.919835][T11165] netlink: 'syz.3.1693': attribute type 11 has an invalid length. [ 602.929065][T11165] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1693'. [ 603.555207][T11167] team0: entered promiscuous mode [ 603.565123][T10254] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 603.579479][T11167] team_slave_0: entered promiscuous mode [ 603.585728][T11167] team_slave_1: entered promiscuous mode [ 603.586125][ T5223] Bluetooth: hci10: command tx timeout [ 603.592588][T11167] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 603.608003][T11167] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 603.617145][T11173] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1691'. [ 603.705451][ T5266] usb 3-1: Using ep0 maxpacket: 8 [ 603.722946][ T5266] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 603.754915][T11177] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1696'. [ 603.794411][ T5266] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=38.22 [ 603.824056][ T5266] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.867060][ T5266] usb 3-1: config 0 descriptor?? [ 604.055815][T10254] usb 2-1: New USB device found, idVendor=0b05, idProduct=173f, bcdDevice=9d.6b [ 604.075320][T10254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.086053][ T5266] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 604.106190][T10254] usb 2-1: Product: syz [ 604.120775][T10254] usb 2-1: Manufacturer: syz [ 604.128299][T10254] usb 2-1: SerialNumber: syz [ 604.152609][T10254] usb 2-1: config 0 descriptor?? [ 604.166236][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1697'. [ 604.166613][T11069] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 604.319877][T11069] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 604.502447][T11069] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 604.574463][T11069] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 604.663086][T11190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 604.841740][T11190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 604.925552][T10254] dvb-usb: found a 'ASUS My Cinema U3100 Mini DVBT Tuner' in cold state, will try to load a firmware [ 605.007821][T10254] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 605.044779][T10254] dib0700: firmware download failed at 7 with -22 [ 605.079834][T11069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 605.086485][T10254] usb 2-1: USB disconnect, device number 40 [ 605.163554][T11069] 8021q: adding VLAN 0 to HW filter on device team0 [ 605.195881][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.203113][ T5990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 605.240806][ T5986] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.248103][ T5986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 606.238939][ T5266] usb 3-1: USB disconnect, device number 40 [ 606.307598][ T5266] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 607.612913][T11212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1704'. [ 607.663589][T11069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.910091][T11221] fuse: Unknown parameter 'fdzf [ 607.910091][T11221] 倳vx)n-@y ۀ' [ 608.014874][ T5267] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 608.059237][ T5223] Bluetooth: hci2: unexpected event 0x3e length: 820 > 260 [ 608.059272][ T5223] Bluetooth: hci2: unexpected subevent 0x0d length: 819 > 260 [ 608.076158][ T5223] Bluetooth: hci2: adv larger than maximum supported [ 608.076246][ T5223] Bluetooth: hci2: adv larger than maximum supported [ 608.084139][ T5223] Bluetooth: hci2: adv larger than maximum supported [ 608.091225][ T5223] Bluetooth: hci2: Unknown advertising packet type: 0x16 [ 608.098247][ T5223] Bluetooth: hci2: Unknown advertising packet type: 0x5d [ 608.230607][ T5267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.283642][ T5267] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.318859][ T5267] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 608.365970][ T5267] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 608.516764][ T5267] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.578438][ T5267] usb 3-1: config 0 descriptor?? [ 608.617974][T11237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1708'. [ 608.636596][T11069] veth0_vlan: entered promiscuous mode [ 608.913852][T11069] veth1_vlan: entered promiscuous mode [ 609.042412][T11069] veth0_macvtap: entered promiscuous mode [ 609.083281][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0xd [ 609.091839][T11069] veth1_macvtap: entered promiscuous mode [ 609.092418][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.108072][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.116023][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.124047][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.131905][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.140124][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.146871][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.147845][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.205420][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.234837][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.274715][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.296008][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.303773][ T5267] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 609.317840][ T5267] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 609.367886][ T5267] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 609.374738][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.429100][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.517937][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.629013][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.725430][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.761703][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.789793][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.804795][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.814846][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.827604][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.837732][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.848469][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.860722][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.871512][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.884391][T11069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.932626][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.945858][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.958967][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.971688][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.981962][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.075993][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.215988][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.321247][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.429302][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.567034][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.637223][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.648849][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.658993][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.669614][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.679654][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.690444][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.700464][T11069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 610.714611][T11069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 610.804084][ T46] usb 3-1: USB disconnect, device number 41 [ 610.879193][T11069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 611.230786][T11069] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.254966][T11069] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.263709][T11069] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.284798][T11069] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.442416][T11257] : renamed from syzkaller0 [ 611.606983][ T5349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 611.903480][ T5349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.363640][ T5988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 612.379254][ T5988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.453624][T11267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1715'. [ 613.602839][T11279] FAULT_INJECTION: forcing a failure. [ 613.602839][T11279] name failslab, interval 1, probability 0, space 0, times 0 [ 613.685113][T11279] CPU: 0 UID: 0 PID: 11279 Comm: syz.1.1717 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 613.695928][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 613.706088][T11279] Call Trace: [ 613.709467][T11279] [ 613.712413][T11279] dump_stack_lvl+0x241/0x360 [ 613.717123][T11279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 613.722345][T11279] ? __pfx__printk+0x10/0x10 [ 613.726976][T11279] ? fs_reclaim_acquire+0x93/0x140 [ 613.732105][T11279] ? __pfx___might_resched+0x10/0x10 [ 613.737428][T11279] should_fail_ex+0x3b0/0x4e0 [ 613.742128][T11279] ? tomoyo_encode+0x26f/0x540 [ 613.746909][T11279] should_failslab+0xac/0x100 [ 613.751598][T11279] ? tomoyo_encode+0x26f/0x540 [ 613.756366][T11279] __kmalloc_noprof+0xd8/0x400 [ 613.761130][T11279] tomoyo_encode+0x26f/0x540 [ 613.765720][T11279] tomoyo_realpath_from_path+0x59e/0x5e0 [ 613.771359][T11279] tomoyo_path_number_perm+0x23a/0x880 [ 613.776814][T11279] ? tomoyo_path_number_perm+0x208/0x880 [ 613.782439][T11279] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 613.788442][T11279] ? __fget_files+0x29/0x470 [ 613.793033][T11279] ? __fget_files+0x3f6/0x470 [ 613.797706][T11279] ? __fget_files+0x29/0x470 [ 613.802288][T11279] security_file_ioctl+0x75/0xb0 [ 613.807225][T11279] __se_sys_ioctl+0x47/0x170 [ 613.811816][T11279] do_syscall_64+0xf3/0x230 [ 613.816311][T11279] ? clear_bhb_loop+0x35/0x90 [ 613.820979][T11279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.826864][T11279] RIP: 0033:0x7f59243779f9 [ 613.831274][T11279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.850870][T11279] RSP: 002b:00007f592506c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 613.859281][T11279] RAX: ffffffffffffffda RBX: 00007f5924505f80 RCX: 00007f59243779f9 [ 613.867260][T11279] RDX: 0000000020000380 RSI: 00000000c0745645 RDI: 0000000000000003 [ 613.875247][T11279] RBP: 00007f592506c090 R08: 0000000000000000 R09: 0000000000000000 [ 613.883229][T11279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.891209][T11279] R13: 0000000000000000 R14: 00007f5924505f80 R15: 00007ffeacc4fc88 [ 613.899344][T11279] [ 614.208865][T11279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 614.797374][T11293] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1721'. [ 614.887574][T11293] FAULT_INJECTION: forcing a failure. [ 614.887574][T11293] name failslab, interval 1, probability 0, space 0, times 0 [ 615.062671][T11293] CPU: 0 UID: 0 PID: 11293 Comm: syz.0.1721 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 615.073471][T11293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 615.083520][T11293] Call Trace: [ 615.086792][T11293] [ 615.089721][T11293] dump_stack_lvl+0x241/0x360 [ 615.094406][T11293] ? __pfx_dump_stack_lvl+0x10/0x10 [ 615.099600][T11293] ? __pfx__printk+0x10/0x10 [ 615.104189][T11293] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 615.110177][T11293] ? __pfx___might_resched+0x10/0x10 [ 615.115473][T11293] should_fail_ex+0x3b0/0x4e0 [ 615.120155][T11293] should_failslab+0xac/0x100 [ 615.124829][T11293] ? __alloc_skb+0x1c3/0x440 [ 615.129410][T11293] kmem_cache_alloc_node_noprof+0x71/0x320 [ 615.135217][T11293] __alloc_skb+0x1c3/0x440 [ 615.139625][T11293] ? __pfx___alloc_skb+0x10/0x10 [ 615.144560][T11293] ? netlink_ack_tlv_len+0x6e/0x200 [ 615.149761][T11293] netlink_ack+0x13f/0xa30 [ 615.154182][T11293] ? __pfx_lock_acquire+0x10/0x10 [ 615.159206][T11293] ? __pfx_devlink_nl_port_set_doit+0x10/0x10 [ 615.165263][T11293] ? __pfx_devlink_nl_post_doit+0x10/0x10 [ 615.170986][T11293] netlink_rcv_skb+0x262/0x430 [ 615.175751][T11293] ? __pfx_genl_rcv_msg+0x10/0x10 [ 615.180768][T11293] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 615.186062][T11293] ? __netlink_deliver_tap+0x77e/0x7c0 [ 615.191543][T11293] genl_rcv+0x28/0x40 [ 615.195517][T11293] netlink_unicast+0x7f0/0x990 [ 615.200287][T11293] ? __pfx_netlink_unicast+0x10/0x10 [ 615.205564][T11293] ? __virt_addr_valid+0x183/0x530 [ 615.210668][T11293] ? __check_object_size+0x49c/0x900 [ 615.215945][T11293] ? bpf_lsm_netlink_send+0x9/0x10 [ 615.221054][T11293] netlink_sendmsg+0x8e4/0xcb0 [ 615.225822][T11293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.231114][T11293] ? __import_iovec+0x536/0x820 [ 615.235964][T11293] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 615.241251][T11293] ? security_socket_sendmsg+0x87/0xb0 [ 615.246719][T11293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.252009][T11293] __sock_sendmsg+0x221/0x270 [ 615.256693][T11293] ____sys_sendmsg+0x525/0x7d0 [ 615.261467][T11293] ? __pfx_____sys_sendmsg+0x10/0x10 [ 615.266782][T11293] __sys_sendmsg+0x2b0/0x3a0 [ 615.271387][T11293] ? __pfx___sys_sendmsg+0x10/0x10 [ 615.276504][T11293] ? vfs_write+0x7c4/0xc90 [ 615.280954][T11293] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 615.287287][T11293] ? do_syscall_64+0x100/0x230 [ 615.292049][T11293] ? do_syscall_64+0xb6/0x230 [ 615.296723][T11293] do_syscall_64+0xf3/0x230 [ 615.301224][T11293] ? clear_bhb_loop+0x35/0x90 [ 615.305896][T11293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.311792][T11293] RIP: 0033:0x7f451c3779f9 [ 615.316291][T11293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.335907][T11293] RSP: 002b:00007f451d217038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 615.344323][T11293] RAX: ffffffffffffffda RBX: 00007f451c505f80 RCX: 00007f451c3779f9 [ 615.352294][T11293] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 615.360271][T11293] RBP: 00007f451d217090 R08: 0000000000000000 R09: 0000000000000000 [ 615.368251][T11293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 615.376220][T11293] R13: 0000000000000000 R14: 00007f451c505f80 R15: 00007ffc863516c8 [ 615.384252][T11293] [ 615.473578][T11302] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1723'. [ 616.015778][T11312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1726'. [ 617.264874][ T58] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 617.523457][T11331] vivid-000: ================= START STATUS ================= [ 617.531213][T11331] vivid-000: Generate PTS: true [ 617.536141][T11331] vivid-000: Generate SCR: true [ 617.541036][T11331] tpg source WxH: 320x180 (R'G'B) [ 617.548725][T11331] tpg field: 1 [ 617.552121][T11331] tpg crop: 320x180@0x0 [ 617.556492][T11331] tpg compose: 320x180@0x0 [ 617.560918][T11331] tpg colorspace: 8 [ 617.564778][T11331] tpg transfer function: 0/0 [ 617.569383][T11331] tpg quantization: 0/0 [ 617.575248][T11331] tpg RGB range: 0/2 [ 617.579157][T11331] vivid-000: ================== END STATUS ================== [ 617.589975][ T58] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 617.681634][ T58] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 617.749240][ T58] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 617.818858][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.847479][T11314] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 617.871819][ T58] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 617.922117][T11338] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1735'. [ 617.932324][ T5266] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 618.204782][ T5266] usb 5-1: Using ep0 maxpacket: 8 [ 618.284251][T11341] capability: warning: `syz.2.1736' uses deprecated v2 capabilities in a way that may be insecure [ 618.288822][ T5266] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 618.357587][ T5266] usb 5-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 618.378199][ T5266] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 618.400132][ T5266] usb 5-1: config 0 has no interface number 0 [ 618.450236][ T5266] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 618.521477][ T5266] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 618.533480][T11341] tipc: Can't bind to reserved service type 0 [ 618.644832][ T5266] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 618.739602][ T5266] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 618.821385][ T5266] usb 5-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 618.872486][ T5266] usb 5-1: Product: syz [ 618.900575][ T5266] usb 5-1: Manufacturer: syz [ 618.940373][ T5266] usb 5-1: config 0 descriptor?? [ 618.956018][ T46] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 618.978102][T11331] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 620.000702][T11331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 620.004805][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 620.009532][T11331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 620.036373][ T46] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 255 [ 620.061882][ T46] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 620.146136][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.236032][ T46] usb 3-1: Product: syz [ 620.397230][ T46] usb 3-1: Manufacturer: syz [ 620.402370][ T46] usb 3-1: SerialNumber: syz [ 620.409267][ T5267] usb 4-1: USB disconnect, device number 17 [ 620.417187][ T46] usb 3-1: config 0 descriptor?? [ 620.424812][T11346] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 621.213696][ T46] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 621.519053][ T46] usb 3-1: USB disconnect, device number 42 [ 621.665208][ T5231] Bluetooth: hci1: command 0x0406 tx timeout [ 621.714011][ T5212] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 621.888697][T10559] udevd[10559]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 621.947885][ T5212] usb 1-1: Using ep0 maxpacket: 16 [ 621.969037][ T5212] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 622.000340][ T5212] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 622.014723][ T5212] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.034753][ T5212] usb 1-1: Product: syz [ 622.038992][ T5212] usb 1-1: Manufacturer: syz [ 622.043634][ T5212] usb 1-1: SerialNumber: syz [ 622.071419][ T5212] usb 1-1: config 0 descriptor?? [ 622.088914][ T5212] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 622.107466][ T5212] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 622.328694][ T5266] usb 5-1: USB disconnect, device number 22 [ 622.721346][T11392] syz.3.1753 (11392): /proc/11392/oom_adj is deprecated, please use /proc/11392/oom_score_adj instead. [ 622.791529][T11392] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1753'. [ 622.804136][ T5212] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 622.827429][T11392] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1753'. [ 623.619823][ T5212] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 623.665507][ T5212] em28xx 1-1:0.0: board has no eeprom [ 623.769376][ T5212] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 623.801489][ T5212] em28xx 1-1:0.0: dvb set to bulk mode. [ 623.840089][T11370] em28xx 1-1:0.0: Binding DVB extension [ 623.862067][ T5212] usb 1-1: USB disconnect, device number 36 [ 623.891277][ T5212] em28xx 1-1:0.0: Disconnecting em28xx [ 624.027151][T11370] em28xx 1-1:0.0: Registering input extension [ 624.048100][ T5212] em28xx 1-1:0.0: Closing input extension [ 624.162917][ T5212] em28xx 1-1:0.0: Freeing device [ 624.764761][T11423] tmpfs: Unknown parameter 'quotA' [ 624.798349][T11423] overlayfs: conflicting lowerdir path [ 624.806051][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.812476][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.630810][T11449] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 627.704794][ T5212] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 627.965017][ T5212] usb 1-1: Using ep0 maxpacket: 32 [ 627.987304][ T5212] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 628.062656][ T5212] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.093726][ T5212] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.104451][ T5212] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 628.212742][T11462] tmpfs: Unknown parameter 'quotA' [ 628.251599][T11462] overlayfs: conflicting lowerdir path [ 628.474202][ T5212] usb 1-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 628.809968][ T5212] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.880180][ T5212] usb 1-1: config 0 descriptor?? [ 629.775240][ T5212] hid-generic 0003:1B96:9F0A.0011: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.0-1/input0 [ 630.041092][ T5212] usb 1-1: USB disconnect, device number 37 [ 630.139621][ T5263] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 630.414769][ T5263] usb 4-1: device descriptor read/64, error -71 [ 630.714828][ T5263] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 630.840572][T11493] tmpfs: Unknown parameter 'quotA' [ 630.871113][T11493] overlayfs: conflicting lowerdir path [ 631.554750][ T5263] usb 4-1: device descriptor read/64, error -71 [ 631.704353][ T5263] usb usb4-port1: attempt power cycle [ 632.309992][T11507] lo: entered allmulticast mode [ 632.330513][T11507] lo: left allmulticast mode [ 632.344749][ T5263] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 632.395472][ T5263] usb 4-1: device descriptor read/8, error -71 [ 632.650586][ T5231] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 632.673426][ T5231] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 632.685018][ T5231] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 632.706787][ T5231] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 632.718358][ T5231] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 632.728233][ T5231] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 633.055860][T11521] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1791'. [ 633.342929][T11510] chnl_net:caif_netlink_parms(): no params data found [ 633.396650][T10254] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 633.677439][T10254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.747477][T10254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.765212][T10254] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 633.780205][T10254] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 633.799360][T10254] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.022804][T11548] tmpfs: Unknown parameter 'quotA' [ 634.055746][T11548] overlayfs: conflicting lowerdir path [ 634.275088][ T5212] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 634.548379][T10254] usb 5-1: config 0 descriptor?? [ 634.794940][ T5223] Bluetooth: hci11: command tx timeout [ 634.867952][T11510] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.878685][T11510] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.886179][T11510] bridge_slave_0: entered allmulticast mode [ 634.895643][T11510] bridge_slave_0: entered promiscuous mode [ 634.911505][T11510] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.919349][T11510] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.929419][T11510] bridge_slave_1: entered allmulticast mode [ 634.938946][T11510] bridge_slave_1: entered promiscuous mode [ 634.981838][ T5212] usb 1-1: device descriptor read/64, error -71 [ 635.070741][T10254] plantronics 0003:047F:FFFF.0012: unbalanced collection at end of report description [ 635.092690][T10254] plantronics 0003:047F:FFFF.0012: parse failed [ 635.096653][T11510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.112326][T10254] plantronics 0003:047F:FFFF.0012: probe with driver plantronics failed with error -22 [ 635.151537][T11510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.175020][ T46] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 635.283120][T11510] team0: Port device team_slave_0 added [ 635.295474][ T5212] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 635.329346][T11510] team0: Port device team_slave_1 added [ 635.376840][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 635.390034][ T46] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 635.414962][ T46] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 37, using maximum allowed: 30 [ 635.415077][ T9] usb 5-1: USB disconnect, device number 23 [ 635.441834][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 635.474904][ T5212] usb 1-1: device descriptor read/64, error -71 [ 635.483290][ T46] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 635.535496][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.557977][T11510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.567011][ T46] usb 3-1: config 0 descriptor?? [ 635.594956][T11510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.625199][ T5212] usb usb1-port1: attempt power cycle [ 635.633349][T11510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.648506][T11510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.655900][T11510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.714455][T11510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.840461][T11557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1800'. [ 635.846153][T11510] hsr_slave_0: entered promiscuous mode [ 635.873717][T11510] hsr_slave_1: entered promiscuous mode [ 635.894582][T11558] loop0: detected capacity change from 0 to 7 [ 635.903919][T11510] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 635.928611][T11510] Cannot create hsr debugfs directory [ 635.951588][T11558] Dev loop0: unable to read RDB block 7 [ 635.968132][T11558] loop0: unable to read partition table [ 635.974103][T11558] loop0: partition table beyond EOD, truncated [ 635.985162][ T5263] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 635.994114][T11558] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 635.994114][T11558] ) failed (rc=-5) [ 636.044901][ T5212] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 636.070247][ T46] usb 3-1: string descriptor 0 read error: -71 [ 636.085158][ T46] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 636.106323][ T46] usb 3-1: USB disconnect, device number 43 [ 636.115530][ T5212] usb 1-1: device descriptor read/8, error -71 [ 636.194997][ T5263] usb 4-1: Using ep0 maxpacket: 16 [ 636.202904][ T5263] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.225715][ T5263] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.263165][ T5263] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 636.279551][ T5263] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 636.299027][ T5263] usb 4-1: Product: syz [ 636.307620][ T5263] usb 4-1: Manufacturer: syz [ 636.339613][ T5263] usb 4-1: config 0 descriptor?? [ 636.383679][T11510] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.399816][ T5212] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 636.446335][ T5212] usb 1-1: device descriptor read/8, error -71 [ 636.534082][T11510] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.868764][ T5223] Bluetooth: hci11: command tx timeout [ 637.012131][ T5263] kovaplus 0003:1E7D:2D50.0013: unknown main item tag 0xd [ 637.064703][T11510] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.265678][ T5212] usb usb1-port1: unable to enumerate USB device [ 637.275796][ T5263] kovaplus 0003:1E7D:2D50.0013: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.3-1/input0 [ 637.467004][T11510] team0: Port device netdevsim0 removed [ 637.487962][T11510] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.706482][ T5263] kovaplus 0003:1E7D:2D50.0013: couldn't init struct kovaplus_device [ 637.724970][ T5263] kovaplus 0003:1E7D:2D50.0013: couldn't install mouse [ 637.756221][ T5263] kovaplus 0003:1E7D:2D50.0013: probe with driver kovaplus failed with error -32 [ 637.818928][T11510] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 637.851914][T11510] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 637.887326][T11510] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 637.907297][T11510] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 638.067251][T11510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 638.105992][T11510] 8021q: adding VLAN 0 to HW filter on device team0 [ 638.126582][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.133797][ T5990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 638.210681][ T5349] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.217850][ T5349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 638.945338][ T5223] Bluetooth: hci11: command tx timeout [ 639.417660][ T9] usb 4-1: USB disconnect, device number 22 [ 639.437877][T11586] xt_ecn: cannot match TCP bits for non-tcp packets [ 639.445984][T11510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 639.701197][ T5263] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 639.875029][ T5263] usb 1-1: device descriptor read/64, error -71 [ 639.936553][T11510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.031971][T11510] veth0_vlan: entered promiscuous mode [ 640.048082][T11510] veth1_vlan: entered promiscuous mode [ 640.077778][ T29] audit: type=1800 audit(640.027:14): pid=11617 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1823" name="/" dev="fuse" ino=1 res=0 errno=0 [ 640.143085][T11510] veth0_macvtap: entered promiscuous mode [ 640.155383][ T5263] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 640.164177][T11510] veth1_macvtap: entered promiscuous mode [ 640.226248][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.239883][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.250117][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.261527][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.271924][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.282519][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.292542][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.318230][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.342499][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.363761][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.384412][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.415207][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.425284][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.437467][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.449263][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.459780][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.470269][ T5263] usb 1-1: device descriptor read/64, error -71 [ 640.476604][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.572237][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.647015][ T5263] usb usb1-port1: attempt power cycle [ 640.726695][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.926231][ T941] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 640.990163][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.146757][T11510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.167847][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.171578][ T5263] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 641.178985][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.196191][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.206937][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.216871][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.229011][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.239136][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.252176][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.259993][ T941] usb 5-1: Using ep0 maxpacket: 8 [ 641.263260][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.277984][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.278072][ T5263] usb 1-1: device descriptor read/8, error -71 [ 641.287958][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.287979][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.287995][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.288008][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.288024][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.288037][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.288053][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.309548][ T941] usb 5-1: New USB device found, idVendor=0499, idProduct=5005, bcdDevice= 8.ff [ 641.314832][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.314855][T11510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.314872][T11510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.316450][T11510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.337509][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.365463][ T5231] Bluetooth: hci11: command tx timeout [ 641.379219][ T941] usb 5-1: Product: syz [ 641.432856][T11510] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.577334][ T941] usb 5-1: Manufacturer: syz [ 641.581981][ T941] usb 5-1: SerialNumber: syz [ 641.594809][T11510] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.600660][ T941] usb 5-1: config 0 descriptor?? [ 641.609269][T11510] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.621834][ T941] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 641.635193][T11510] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.665455][ T941] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 641.694398][T10191] udevd[10191]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 641.727816][ T5263] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 641.964393][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.980944][ T5263] usb 1-1: device descriptor read/8, error -71 [ 642.006785][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.112597][ T5990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.122862][ T5263] usb usb1-port1: unable to enumerate USB device [ 642.132207][ T5990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.163215][ T5223] Bluetooth: hci4: command 0x0406 tx timeout [ 642.303652][T11631] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1785'. [ 642.315172][T11631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1785'. [ 642.520026][T11633] ip6t_srh: unknown srh invflags 7863 [ 643.085122][ T5263] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 643.166197][ T5266] usb 2-1: new low-speed USB device number 41 using dummy_hcd [ 643.177052][ T46] usb 5-1: USB disconnect, device number 24 [ 643.279705][ T5263] usb 1-1: device descriptor read/64, error -71 [ 643.440309][ T5266] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 643.472186][ T5266] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt [ 643.624979][ T5263] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 643.703252][ T5266] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 643.856159][ T5263] usb 1-1: device descriptor read/64, error -71 [ 643.864213][ T5266] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 643.980816][ T5263] usb usb1-port1: attempt power cycle [ 644.505776][ T5263] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 644.646936][ T5263] usb 1-1: device descriptor read/8, error -71 [ 644.675950][ T5266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.714968][ T29] audit: type=1326 audit(644.667:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11646 comm="syz.3.1834" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46093779f9 code=0x0 [ 644.789773][ T5266] usbtmc 2-1:16.0: bulk endpoints not found [ 644.947628][ T5263] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 645.027269][ T5263] usb 1-1: device descriptor read/8, error -71 [ 645.156805][ T5263] usb usb1-port1: unable to enumerate USB device [ 647.285307][ T5295] usb 2-1: USB disconnect, device number 41 [ 647.485117][ T5266] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 647.610643][ T29] audit: type=1326 audit(647.577:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 647.664013][ T29] audit: type=1326 audit(647.577:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 647.749365][ T5266] usb 1-1: Using ep0 maxpacket: 8 [ 647.776569][ T29] audit: type=1326 audit(647.687:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 647.927337][ T5266] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 647.937412][ T5266] usb 1-1: config 0 has no interface number 0 [ 647.953470][ T5266] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 648.003590][ T29] audit: type=1326 audit(647.687:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.027889][ T5266] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.059725][ T941] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 648.060461][ T5266] usb 1-1: config 0 descriptor?? [ 648.183665][ T29] audit: type=1326 audit(647.687:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.284832][ T941] usb 5-1: Using ep0 maxpacket: 8 [ 648.285481][ T5266] hso 1-1:0.1: Failed to find BULK IN ep [ 648.344987][ T29] audit: type=1326 audit(647.687:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.381959][ T941] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 648.408963][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.429813][ T941] usb 5-1: Product: syz [ 648.443556][ T941] usb 5-1: Manufacturer: syz [ 648.454570][ T941] usb 5-1: SerialNumber: syz [ 648.482466][ T941] usb 5-1: config 0 descriptor?? [ 648.614836][ T29] audit: type=1326 audit(647.687:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.796223][ T29] audit: type=1326 audit(647.687:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.832539][ T941] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 648.919151][ T29] audit: type=1326 audit(647.697:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 648.998927][ T29] audit: type=1326 audit(647.697:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.4.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x7ffc0000 [ 649.088594][T11693] netlink: 'syz.1.1846': attribute type 2 has an invalid length. [ 650.056301][ T5295] usb 1-1: USB disconnect, device number 50 [ 650.131093][T11698] input: syz0 as /devices/virtual/input/input44 [ 650.177213][ T5231] Bluetooth: hci11: Unknown advertising packet type: 0x75 [ 650.177285][ T5231] Bluetooth: hci11: Unknown advertising packet type: 0x16 [ 650.184765][ T5231] Bluetooth: hci11: Unknown advertising packet type: 0x1c [ 650.191940][ T5231] Bluetooth: hci11: Malformed LE Event: 0x0d [ 651.530020][ T5295] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 651.728106][ T5295] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 651.754709][ T5295] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 651.775113][ T5295] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 651.809026][ T5295] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 651.847004][ T5295] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 651.864918][ T5295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.884756][ T5295] usb 2-1: Product: syz [ 651.888964][ T5295] usb 2-1: Manufacturer: syz [ 651.893574][ T5295] usb 2-1: SerialNumber: syz [ 651.945851][ T5295] usb 2-1: config 0 descriptor?? [ 651.956558][ T5295] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 652.233802][T11731] netlink: 'syz.3.1857': attribute type 2 has an invalid length. [ 652.293046][ T5263] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 653.194854][ T941] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 653.245659][ T941] usb 5-1: USB disconnect, device number 25 [ 653.288230][ T5295] scsi host1: usb-storage 2-1:0.0 [ 653.311619][T11736] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1858'. [ 653.338488][T11736] netlink: 'syz.3.1858': attribute type 2 has an invalid length. [ 653.339747][ T5295] usb 2-1: USB disconnect, device number 42 [ 653.386659][T11742] fuse: Bad value for 'fd' [ 653.397310][T11736] netlink: 'syz.3.1858': attribute type 2 has an invalid length. [ 653.433327][T11736] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1858'. [ 653.565706][ T5263] usb 3-1: Using ep0 maxpacket: 8 [ 653.583560][ T5263] usb 3-1: unable to get BOS descriptor or descriptor too short [ 653.594708][ T5263] usb 3-1: config index 0 descriptor too short (expected 19, got 18) [ 653.598210][T11744] netlink: 'syz.3.1858': attribute type 1 has an invalid length. [ 653.602798][ T5263] usb 3-1: config 4 has an invalid interface number: 109 but max is 0 [ 653.621013][ T5263] usb 3-1: config 4 has no interface number 0 [ 653.675655][T11747] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 654.342978][ T5263] usb 3-1: config 4 interface 109 has no altsetting 0 [ 655.493994][ T5263] usb 3-1: string descriptor 0 read error: -71 [ 655.501499][ T5263] usb 3-1: New USB device found, idVendor=13d3, idProduct=3341, bcdDevice=8f.75 [ 655.541789][ T5263] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.591395][ T5263] usb 3-1: can't set config #4, error -71 [ 655.615349][ T5263] usb 3-1: USB disconnect, device number 44 [ 655.940604][T11761] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1867'. [ 656.252346][T11775] netlink: 'syz.2.1868': attribute type 2 has an invalid length. [ 656.730698][ T8] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 656.953715][T11781] syz.4.1870[11781] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 656.953868][T11781] syz.4.1870[11781] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 656.984857][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 657.031583][ T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 657.061459][ T8] usb 1-1: config 0 has no interface number 0 [ 657.094350][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 657.122428][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.122820][ T29] kauditd_printk_skb: 118 callbacks suppressed [ 657.122833][ T29] audit: type=1326 audit(657.087:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11780 comm="syz.4.1870" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec457779f9 code=0x0 [ 657.164600][ T8] usb 1-1: Product: syz [ 657.169181][ T8] usb 1-1: Manufacturer: syz [ 657.194332][ T8] usb 1-1: SerialNumber: syz [ 657.222534][ T8] usb 1-1: config 0 descriptor?? [ 658.339078][ T8] usb 1-1: USB disconnect, device number 51 [ 659.157010][T11809] tmpfs: Bad value for 'nr_blocks' [ 662.185292][T11841] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 662.192213][T11841] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 662.260037][T11841] vhci_hcd vhci_hcd.0: Device attached [ 662.324131][T11849] vhci_hcd: connection closed [ 662.335874][ T5990] vhci_hcd: stop threads [ 662.339371][T11854] bridge0: entered promiscuous mode [ 662.341884][ T5990] vhci_hcd: release socket [ 662.346299][T11853] bridge0: left promiscuous mode [ 662.412643][ T5990] vhci_hcd: disconnect device [ 662.555653][T11858] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 662.657937][ T5223] Bluetooth: hci8: command 0x0406 tx timeout [ 662.666232][ T5212] vhci_hcd: vhci_device speed not set [ 663.467240][T11871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1899'. [ 664.966764][T11895] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1908'. [ 666.328027][T11918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1912'. [ 666.545898][T11930] vivid-000: ================= START STATUS ================= [ 666.594457][T11930] vivid-000: Generate PTS: true [ 666.621273][T11930] vivid-000: Generate SCR: true [ 666.631407][T11930] tpg source WxH: 320x180 (R'G'B) [ 666.642969][T11930] tpg field: 1 [ 666.714574][T11930] tpg crop: 320x180@0x0 [ 666.753504][T11930] tpg compose: 320x180@0x0 [ 666.798418][T11930] tpg colorspace: 8 [ 666.822133][T11930] tpg transfer function: 0/0 [ 666.845413][T11935] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 666.855097][T11930] tpg quantization: 0/0 [ 666.869413][T11935] vhci_hcd: invalid port number 10 [ 666.880968][T11930] tpg RGB range: 0/2 [ 666.884701][T11935] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 666.903195][T11930] vivid-000: ================== END STATUS ================== [ 667.015661][ T941] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 667.236073][ T941] usb 1-1: Using ep0 maxpacket: 8 [ 667.243596][ T941] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 667.274798][ T941] usb 1-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 667.298217][ T941] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 667.338193][ T941] usb 1-1: config 0 has no interface number 0 [ 667.353652][ T941] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 667.382261][ T941] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 667.406958][ T941] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 667.441030][ T941] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 667.454108][ T941] usb 1-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 667.479403][ T941] usb 1-1: Product: syz [ 667.488129][ T941] usb 1-1: Manufacturer: syz [ 667.507473][ T941] usb 1-1: config 0 descriptor?? [ 667.519112][T11933] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 668.076646][T11949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 668.248755][T11933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 668.365993][T11952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 668.453742][T11933] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 668.655419][T11959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1926'. [ 669.185341][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 669.203726][T11977] fuse: Unknown parameter 'fd9a.gW~-**D E׽eԮe' [ 669.337219][T11980] pim6reg1: entered promiscuous mode [ 669.343815][T11980] pim6reg1: entered allmulticast mode [ 669.382481][T11980] syzkaller0: entered allmulticast mode [ 669.394911][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 669.406803][ T9] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 669.416839][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 669.440656][ T9] usb 4-1: config 0 has no interface number 0 [ 669.449950][ T9] usb 4-1: config 0 interface 8 altsetting 248 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 669.461784][ T9] usb 4-1: config 0 interface 8 altsetting 248 has a duplicate endpoint with address 0xD, skipping [ 669.473294][ T9] usb 4-1: config 0 interface 8 altsetting 248 has 5 endpoint descriptors, different from the interface descriptor's value: 10 [ 669.489379][ T9] usb 4-1: config 0 interface 8 has no altsetting 0 [ 669.500456][ T9] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb [ 669.513072][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.533354][ T9] usb 4-1: Product: syz [ 669.548614][ T9] usb 4-1: Manufacturer: syz [ 669.553348][ T9] usb 4-1: SerialNumber: syz [ 669.567927][ T9] usb 4-1: config 0 descriptor?? [ 669.905754][T11986] binder: 11983:11986 ioctl 4018aebd 20000180 returned -22 [ 669.988823][ T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 670.211771][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 670.252673][ T8] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 670.268726][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.280763][ T8] usb 5-1: config 0 descriptor?? [ 670.498740][ T8] ath6kl: Failed to submit usb control message: -71 [ 670.505710][T10254] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 670.524936][ T8] ath6kl: unable to send the bmi data to the device: -71 [ 670.532405][ T8] ath6kl: Unable to send get target info: -71 [ 670.557105][ T8] ath6kl: Failed to init ath6kl core: -71 [ 670.563799][ T8] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 670.625483][ T8] usb 5-1: USB disconnect, device number 26 [ 670.684729][T10254] usb 3-1: device descriptor read/64, error -71 [ 670.706384][ T941] usb 1-1: USB disconnect, device number 52 [ 670.900227][T11993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1938'. [ 670.986201][T10254] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 671.350469][T12000] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1940'. [ 672.180616][T10254] usb 3-1: device descriptor read/64, error -71 [ 672.310480][T10254] usb usb3-port1: attempt power cycle [ 672.388577][T12005] tmpfs: Unknown parameter 'quotA' [ 672.426520][T12005] overlayfs: conflicting lowerdir path [ 672.944738][ T5223] Bluetooth: hci9: command 0x0406 tx timeout [ 673.322270][ T9] ath6kl: Failed to submit usb control message: -71 [ 673.341938][ T9] ath6kl: unable to send the bmi data to the device: -71 [ 673.396055][ T9] ath6kl: Unable to send get target info: -71 [ 673.425442][ T9] ath6kl: Failed to init ath6kl core: -71 [ 673.432240][ T9] ath6kl_usb 4-1:0.8: probe with driver ath6kl_usb failed with error -71 [ 673.500549][ T9] usb 4-1: USB disconnect, device number 23 [ 673.622628][T12019] FAULT_INJECTION: forcing a failure. [ 673.622628][T12019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.678557][T12019] CPU: 1 UID: 0 PID: 12019 Comm: syz.0.1946 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 673.689358][T12019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 673.699443][T12019] Call Trace: [ 673.702712][T12019] [ 673.705631][T12019] dump_stack_lvl+0x241/0x360 [ 673.710313][T12019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 673.715508][T12019] ? __pfx__printk+0x10/0x10 [ 673.720113][T12019] ? __pfx_lock_release+0x10/0x10 [ 673.725153][T12019] should_fail_ex+0x3b0/0x4e0 [ 673.729820][T12019] _copy_from_user+0x2f/0xe0 [ 673.734398][T12019] copy_msghdr_from_user+0xae/0x680 [ 673.739598][T12019] ? __pfx___might_resched+0x10/0x10 [ 673.744883][T12019] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 673.750698][T12019] ? __might_fault+0xaa/0x120 [ 673.755373][T12019] do_recvmmsg+0x40f/0xae0 [ 673.759791][T12019] ? __pfx_lock_release+0x10/0x10 [ 673.764814][T12019] ? __pfx_do_recvmmsg+0x10/0x10 [ 673.769762][T12019] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 673.775656][T12019] ? ksys_write+0x23e/0x2c0 [ 673.780150][T12019] ? __pfx_lock_release+0x10/0x10 [ 673.785175][T12019] ? vfs_write+0x7c4/0xc90 [ 673.789589][T12019] ? __mutex_unlock_slowpath+0x21d/0x750 [ 673.795229][T12019] ? __fget_files+0x3f6/0x470 [ 673.799909][T12019] __x64_sys_recvmmsg+0x199/0x250 [ 673.804928][T12019] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 673.810465][T12019] ? do_syscall_64+0x100/0x230 [ 673.815221][T12019] ? do_syscall_64+0xb6/0x230 [ 673.819894][T12019] do_syscall_64+0xf3/0x230 [ 673.824385][T12019] ? clear_bhb_loop+0x35/0x90 [ 673.829061][T12019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.834959][T12019] RIP: 0033:0x7f451c3779f9 [ 673.839369][T12019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.858967][T12019] RSP: 002b:00007f451d1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 673.867373][T12019] RAX: ffffffffffffffda RBX: 00007f451c506058 RCX: 00007f451c3779f9 [ 673.875333][T12019] RDX: 0000000000000a0d RSI: 00000000200066c0 RDI: 0000000000000004 [ 673.883294][T12019] RBP: 00007f451d1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 673.891256][T12019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 673.899217][T12019] R13: 0000000000000000 R14: 00007f451c506058 R15: 00007ffc863516c8 [ 673.907211][T12019] [ 674.131692][T12020] overlay: ./file0 is not a directory [ 674.375923][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1944'. [ 675.839090][T12032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1949'. [ 677.095820][T12048] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1953'. [ 677.293280][T12051] vivid-000: ================= START STATUS ================= [ 677.434862][T12051] vivid-000: Generate PTS: true [ 677.439746][T12051] vivid-000: Generate SCR: true [ 677.547955][T12051] tpg source WxH: 320x180 (R'G'B) [ 677.573584][T12051] tpg field: 1 [ 677.626359][T12051] tpg crop: 320x180@0x0 [ 677.681514][T12051] tpg compose: 320x180@0x0 [ 677.718159][T12051] tpg colorspace: 8 [ 677.734807][ T5295] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 677.743533][T12051] tpg transfer function: 0/0 [ 677.774785][ T5266] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 677.979840][T12051] tpg quantization: 0/0 [ 677.995878][T12051] tpg RGB range: 0/2 [ 678.124363][T12051] vivid-000: ================== END STATUS ================== [ 678.145767][ T5295] usb 4-1: Using ep0 maxpacket: 8 [ 678.156832][ T5266] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 678.262889][ T5266] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 678.273666][ T5266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.298280][ T5295] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 678.324571][ T5295] usb 4-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 678.340207][ T5266] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 678.355041][ T5295] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 678.402889][ T5295] usb 4-1: config 0 has no interface number 0 [ 678.410528][ T5295] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 678.456897][ T5295] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 678.481889][ T5295] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 678.526029][ T5295] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 678.536934][ T5295] usb 4-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 678.547593][ T5295] usb 4-1: Product: syz [ 678.551980][ T5295] usb 4-1: Manufacturer: syz [ 678.564515][ T5295] usb 4-1: config 0 descriptor?? [ 678.584721][T12053] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 679.079672][T12067] IPVS: Error joining to the multicast group [ 679.091662][T12053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.129767][T12053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 679.228062][T12070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1957'. [ 679.279567][T12070] 8021q: VLANs not supported on ipvlan0 [ 679.431233][ T5266] stv0680 5-1:4.0: STV(e): camera ping failed!! [ 679.646466][ T5266] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 679.672701][ T5266] stv0680 5-1:4.0: last error: 0, command = 0x0 [ 679.691736][ T5266] usb 5-1: USB disconnect, device number 27 [ 681.464773][T11370] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 681.751401][T11370] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 681.785356][T11370] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 681.794733][T11370] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.847215][T11370] usb 3-1: config 0 descriptor?? [ 682.147327][T11370] ath6kl: Failed to submit usb control message: -71 [ 682.154467][T11370] ath6kl: unable to send the bmi data to the device: -71 [ 682.161788][T11370] ath6kl: Unable to send get target info: -71 [ 682.187042][T11370] ath6kl: Failed to init ath6kl core: -71 [ 682.292501][T11370] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 682.306006][T11370] usb 3-1: USB disconnect, device number 48 [ 682.471853][ T5295] usb 4-1: USB disconnect, device number 24 [ 685.182182][T12152] vivid-000: ================= START STATUS ================= [ 685.196374][T12152] vivid-000: Generate PTS: true [ 685.201385][T12152] vivid-000: Generate SCR: true [ 685.209148][T12152] tpg source WxH: 320x180 (R'G'B) [ 685.214228][T12152] tpg field: 1 [ 685.218290][T12152] tpg crop: 320x180@0x0 [ 685.236940][T12152] tpg compose: 320x180@0x0 [ 685.249055][T12152] tpg colorspace: 8 [ 685.272735][T12152] tpg transfer function: 0/0 [ 685.283956][T12152] tpg quantization: 0/0 [ 685.308676][T12152] tpg RGB range: 0/2 [ 685.330043][T12152] vivid-000: ================== END STATUS ================== [ 685.398928][ T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 685.505046][ T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 685.535127][T10254] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 685.615264][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 685.663628][ T8] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 685.697546][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.720248][ T8] usb 4-1: Product: syz [ 685.724860][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 685.731861][ T9] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 685.743604][ T8] usb 4-1: Manufacturer: syz [ 685.752540][ T9] usb 1-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 685.762036][ T8] usb 4-1: SerialNumber: syz [ 685.775008][T10254] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 685.795601][ T8] usb 4-1: config 0 descriptor?? [ 685.802662][ T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 685.816348][ T8] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 685.824933][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 685.854151][ T9] usb 1-1: config 0 has no interface number 0 [ 685.864429][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 685.878453][ T9] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 685.910665][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 685.931023][ T9] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 685.944001][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 685.954021][ T9] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 685.989515][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.005319][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.024943][ T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 686.044657][ T9] usb 1-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 686.061458][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 686.068068][T12147] warning: `syz.3.1980' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 686.074853][ T9] usb 1-1: Product: syz [ 686.094666][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 686.114834][ T9] usb 1-1: Manufacturer: syz [ 686.120761][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.137751][ T9] usb 1-1: config 0 descriptor?? [ 686.153044][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.154047][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.162767][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.206683][T12155] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 686.235031][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 686.268009][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 686.486793][ T8] gspca_stk1135: reg_w 0x0 err -71 [ 686.493036][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 686.555633][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.594871][T12163] FAULT_INJECTION: forcing a failure. [ 686.594871][T12163] name failslab, interval 1, probability 0, space 0, times 0 [ 686.607941][T12163] CPU: 0 UID: 0 PID: 12163 Comm: syz.2.1985 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 686.618725][T12163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 686.628796][T12163] Call Trace: [ 686.632086][T12163] [ 686.635460][T12163] dump_stack_lvl+0x241/0x360 [ 686.640160][T12163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 686.645372][T12163] ? __pfx__printk+0x10/0x10 [ 686.649974][T12163] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 686.655534][T12163] ? __pfx___might_resched+0x10/0x10 [ 686.660840][T12163] should_fail_ex+0x3b0/0x4e0 [ 686.665534][T12163] ? alloc_empty_file+0x9e/0x1d0 [ 686.670482][T12163] should_failslab+0xac/0x100 [ 686.675173][T12163] ? alloc_empty_file+0x9e/0x1d0 [ 686.680127][T12163] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 686.685515][T12163] alloc_empty_file+0x9e/0x1d0 [ 686.690293][T12163] alloc_file_pseudo+0x1da/0x290 [ 686.695249][T12163] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 686.700731][T12163] ? _raw_spin_unlock+0x28/0x50 [ 686.705595][T12163] ? alloc_fd+0x5a1/0x640 [ 686.709940][T12163] anon_inode_getfile+0xc8/0x180 [ 686.714899][T12163] do_epoll_create+0x290/0x410 [ 686.719698][T12163] __x64_sys_epoll_create1+0x37/0x40 [ 686.725070][T12163] do_syscall_64+0xf3/0x230 [ 686.729585][T12163] ? clear_bhb_loop+0x35/0x90 [ 686.734272][T12163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.740174][T12163] RIP: 0033:0x7fa1aa9779f9 [ 686.744597][T12163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.764210][T12163] RSP: 002b:00007fa1ab71c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000123 [ 686.772636][T12163] RAX: ffffffffffffffda RBX: 00007fa1aab06130 RCX: 00007fa1aa9779f9 [ 686.780618][T12163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 686.788599][T12163] RBP: 00007fa1ab71c090 R08: 0000000000000000 R09: 0000000000000000 [ 686.796582][T12163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 686.804557][T12163] R13: 0000000000000000 R14: 00007fa1aab06130 R15: 00007ffe1baf29b8 [ 686.812550][T12163] [ 686.984276][T12155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 687.102722][T12155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 687.514894][ T8] gspca_stk1135: Sensor write failed [ 687.520270][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.535566][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.554895][ T8] gspca_stk1135: Sensor write failed [ 687.560256][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.569231][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 687.581079][ T8] gspca_stk1135: Sensor read failed [ 687.586545][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 687.593335][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.600248][ T8] gspca_stk1135: Sensor read failed [ 687.614219][ T8] gspca_stk1135: Detected sensor type unknown (0x0) [ 687.621928][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.642985][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.653195][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.665471][ T8] gspca_stk1135: Sensor read failed [ 687.677145][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.683565][ T8] gspca_stk1135: Sensor read failed [ 687.689421][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 687.706822][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.718169][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 687.725113][ T8] gspca_stk1135: Sensor write failed [ 687.730542][ T8] gspca_stk1135: serial bus timeout: status=0x00 [ 687.737092][ T8] gspca_stk1135: Sensor write failed [ 687.745795][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.757871][ T8] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 687.766192][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.788801][ T8] usb 4-1: USB disconnect, device number 25 [ 687.801017][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 687.842998][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 687.866722][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.891928][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.925017][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 687.968804][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 687.977203][T10254] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.994772][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 688.011680][T10254] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 688.302545][T10254] usb 5-1: config 0 interface 0 has no altsetting 0 [ 689.249115][T10254] usb 5-1: string descriptor 0 read error: -71 [ 689.305471][T10254] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 689.335848][T10254] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 689.377662][T10254] usb 5-1: config 0 descriptor?? [ 689.410867][T10254] usb 5-1: can't set config #0, error -71 [ 689.498624][T12199] netlink: 'syz.3.1996': attribute type 2 has an invalid length. [ 689.706439][T10254] usb 5-1: USB disconnect, device number 28 [ 690.740220][T12215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2000'. [ 690.760017][T12215] vlan2: entered promiscuous mode [ 690.765564][T12215] ip6gretap0: entered promiscuous mode [ 690.771287][T12215] vlan2: entered allmulticast mode [ 690.776810][T12215] ip6gretap0: entered allmulticast mode [ 690.797762][T12215] ip6gretap0: left allmulticast mode [ 690.836134][T12215] ip6gretap0: left promiscuous mode [ 690.864858][ T9] usb 1-1: USB disconnect, device number 53 [ 692.758999][T12244] netlink: 'syz.1.2008': attribute type 2 has an invalid length. [ 693.195889][T12249] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2009'. [ 694.111519][T12264] vivid-000: ================= START STATUS ================= [ 694.119384][T12264] vivid-000: Generate PTS: true [ 694.124399][T12264] vivid-000: Generate SCR: true [ 694.129495][T12264] tpg source WxH: 320x180 (R'G'B) [ 694.134629][T12264] tpg field: 1 [ 694.138055][T12264] tpg crop: 320x180@0x0 [ 694.142272][T12264] tpg compose: 320x180@0x0 [ 694.150120][T12264] tpg colorspace: 8 [ 694.153993][T12264] tpg transfer function: 0/0 [ 694.158705][T12264] tpg quantization: 0/0 [ 694.163400][T12264] tpg RGB range: 0/2 [ 694.168421][T12264] vivid-000: ================== END STATUS ================== [ 694.465564][ T46] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 694.744857][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 694.870022][ T46] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 694.887944][ T46] usb 2-1: config 0 has too many interfaces: 241, using maximum allowed: 32 [ 694.901734][ T46] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 241 [ 694.929186][ T46] usb 2-1: config 0 has no interface number 0 [ 694.957687][ T46] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 695.019450][ T46] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 695.068165][ T46] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 695.123748][ T46] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 695.160705][ T46] usb 2-1: New USB device strings: Mfr=228, Product=255, SerialNumber=0 [ 695.169423][T11370] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 695.185180][ T46] usb 2-1: Product: syz [ 695.194744][ T46] usb 2-1: Manufacturer: syz [ 695.238152][ T46] usb 2-1: config 0 descriptor?? [ 695.243886][T12264] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 695.310427][T12281] FAULT_INJECTION: forcing a failure. [ 695.310427][T12281] name failslab, interval 1, probability 0, space 0, times 0 [ 695.356552][T12281] CPU: 0 UID: 0 PID: 12281 Comm: syz.4.2018 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 695.367370][T12281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 695.377444][T12281] Call Trace: [ 695.380320][T11370] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85 [ 695.380742][T12281] [ 695.380754][T12281] dump_stack_lvl+0x241/0x360 [ 695.380788][T12281] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.405182][T12281] ? __pfx__printk+0x10/0x10 [ 695.409788][T12281] ? kmem_cache_alloc_lru_noprof+0x49/0x2b0 [ 695.415684][T12281] ? __pfx___might_resched+0x10/0x10 [ 695.420971][T12281] should_fail_ex+0x3b0/0x4e0 [ 695.425649][T12281] ? __d_alloc+0x31/0x700 [ 695.429993][T12281] should_failslab+0xac/0x100 [ 695.434675][T12281] ? __d_alloc+0x31/0x700 [ 695.438998][T12281] kmem_cache_alloc_lru_noprof+0x71/0x2b0 [ 695.444720][T12281] ? mark_lock+0x9a/0x350 [ 695.449061][T12281] __d_alloc+0x31/0x700 [ 695.453216][T12281] d_alloc_pseudo+0x1f/0xb0 [ 695.457717][T12281] alloc_file_pseudo+0x123/0x290 [ 695.462656][T12281] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 695.468199][T12281] ? __local_bh_enable_ip+0x168/0x200 [ 695.473563][T12281] ? bpf_link_prime+0x7a/0x240 [ 695.478323][T12281] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 695.484041][T12281] anon_inode_getfile+0xc8/0x180 [ 695.489066][T12281] bpf_link_prime+0xff/0x240 [ 695.493659][T12281] bpf_uprobe_multi_link_attach+0xa6a/0xb70 [ 695.499569][T12281] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 695.506081][T12281] ? __fget_files+0x3f6/0x470 [ 695.510753][T12281] ? __fget_files+0x29/0x470 [ 695.515340][T12281] ? bpf_prog_attach_check_attach_type+0x3e7/0x4b0 [ 695.521842][T12281] link_create+0x727/0x8b0 [ 695.526260][T12281] ? bpf_lsm_bpf+0x9/0x10 [ 695.530602][T12281] __sys_bpf+0x4bc/0x810 [ 695.534845][T12281] ? __pfx___sys_bpf+0x10/0x10 [ 695.539616][T12281] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 695.545595][T12281] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 695.552012][T12281] ? do_syscall_64+0x100/0x230 [ 695.556779][T12281] __x64_sys_bpf+0x7c/0x90 [ 695.561192][T12281] do_syscall_64+0xf3/0x230 [ 695.565687][T12281] ? clear_bhb_loop+0x35/0x90 [ 695.570356][T12281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.576241][T12281] RIP: 0033:0x7fec457779f9 [ 695.580651][T12281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.600259][T12281] RSP: 002b:00007fec464ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 695.608675][T12281] RAX: ffffffffffffffda RBX: 00007fec45905f80 RCX: 00007fec457779f9 [ 695.616639][T12281] RDX: 0000000000000040 RSI: 00000000200002c0 RDI: 000000000000001c [ 695.624610][T12281] RBP: 00007fec464ff090 R08: 0000000000000000 R09: 0000000000000000 [ 695.632588][T12281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.640563][T12281] R13: 0000000000000000 R14: 00007fec45905f80 R15: 00007ffd0b4dd5b8 [ 695.648547][T12281] [ 695.660627][T11370] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 104, setting to 64 [ 695.682465][T11370] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 695.695499][T12279] ================================================================== [ 695.703582][T12279] BUG: KASAN: slab-use-after-free in __uprobe_unregister+0x85/0x1f0 [ 695.711569][T12279] Read of size 8 at addr ffff8880436b3f38 by task syz.4.2018/12279 [ 695.719460][T12279] [ 695.721787][T12279] CPU: 1 UID: 0 PID: 12279 Comm: syz.4.2018 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 695.732564][T12279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 695.742718][T12279] Call Trace: [ 695.746008][T12279] [ 695.748948][T12279] dump_stack_lvl+0x241/0x360 [ 695.753637][T12279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.758850][T12279] ? __pfx__printk+0x10/0x10 [ 695.763460][T12279] ? _printk+0xd5/0x120 [ 695.767625][T12279] ? __virt_addr_valid+0x183/0x530 [ 695.772744][T12279] ? __virt_addr_valid+0x183/0x530 [ 695.777868][T12279] print_report+0x169/0x550 [ 695.782385][T12279] ? __virt_addr_valid+0x183/0x530 [ 695.787503][T12279] ? __virt_addr_valid+0x183/0x530 [ 695.792617][T12279] ? __virt_addr_valid+0x45f/0x530 [ 695.797729][T12279] ? __phys_addr+0xba/0x170 [ 695.802233][T12279] ? __uprobe_unregister+0x85/0x1f0 [ 695.807432][T12279] kasan_report+0x143/0x180 [ 695.811933][T12279] ? __uprobe_unregister+0x85/0x1f0 [ 695.817126][T12279] __uprobe_unregister+0x85/0x1f0 [ 695.822136][T12279] uprobe_unregister+0x49/0x80 [ 695.826886][T12279] bpf_uprobe_multi_link_release+0x13a/0x2f0 [ 695.832865][T12279] bpf_link_free+0xf5/0x250 [ 695.837377][T12279] bpf_link_release+0x7b/0x90 [ 695.842052][T12279] ? __pfx_bpf_link_release+0x10/0x10 [ 695.847412][T12279] __fput+0x24a/0x8a0 [ 695.851393][T12279] task_work_run+0x24f/0x310 [ 695.855970][T12279] ? __pfx_task_work_run+0x10/0x10 [ 695.861070][T12279] ? syscall_exit_to_user_mode+0xa3/0x370 [ 695.866779][T12279] syscall_exit_to_user_mode+0x168/0x370 [ 695.872403][T12279] do_syscall_64+0x100/0x230 [ 695.876975][T12279] ? clear_bhb_loop+0x35/0x90 [ 695.881644][T12279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.887546][T12279] RIP: 0033:0x7fec457779f9 [ 695.891961][T12279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.911552][T12279] RSP: 002b:00007ffd0b4dd718 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 695.919961][T12279] RAX: 0000000000000000 RBX: 00007fec45907a80 RCX: 00007fec457779f9 [ 695.928003][T12279] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 695.935962][T12279] RBP: 00007fec45907a80 R08: 0000000000000006 R09: 00007ffd0b4dd9ff [ 695.943919][T12279] R10: 000000000003fdb4 R11: 0000000000000246 R12: 00000000000a9f00 [ 695.951883][T12279] R13: 00007ffd0b4dd810 R14: 00007ffd0b4dd830 R15: ffffffffffffffff [ 695.959852][T12279] [ 695.962858][T12279] [ 695.965174][T12279] Allocated by task 12281: [ 695.969568][T12279] kasan_save_track+0x3f/0x80 [ 695.974233][T12279] __kasan_kmalloc+0x98/0xb0 [ 695.978805][T12279] __kmalloc_node_noprof+0x22a/0x440 [ 695.984075][T12279] __kvmalloc_node_noprof+0x72/0x190 [ 695.989343][T12279] bpf_uprobe_multi_link_attach+0x44b/0xb70 [ 695.995220][T12279] link_create+0x727/0x8b0 [ 695.999621][T12279] __sys_bpf+0x4bc/0x810 [ 696.003847][T12279] __x64_sys_bpf+0x7c/0x90 [ 696.008258][T12279] do_syscall_64+0xf3/0x230 [ 696.012756][T12279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.018635][T12279] [ 696.020940][T12279] Freed by task 12281: [ 696.025071][T12279] kasan_save_track+0x3f/0x80 [ 696.029733][T12279] kasan_save_free_info+0x40/0x50 [ 696.034744][T12279] poison_slab_object+0xe0/0x150 [ 696.039665][T12279] __kasan_slab_free+0x37/0x60 [ 696.044411][T12279] kfree+0x149/0x360 [ 696.048292][T12279] bpf_uprobe_multi_link_attach+0x9fe/0xb70 [ 696.054171][T12279] link_create+0x727/0x8b0 [ 696.058576][T12279] __sys_bpf+0x4bc/0x810 [ 696.062801][T12279] __x64_sys_bpf+0x7c/0x90 [ 696.067198][T12279] do_syscall_64+0xf3/0x230 [ 696.071683][T12279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.077641][T12279] [ 696.079945][T12279] The buggy address belongs to the object at ffff8880436b3f00 [ 696.079945][T12279] which belongs to the cache kmalloc-64 of size 64 [ 696.093804][T12279] The buggy address is located 56 bytes inside of [ 696.093804][T12279] freed 64-byte region [ffff8880436b3f00, ffff8880436b3f40) [ 696.107498][T12279] [ 696.109807][T12279] The buggy address belongs to the physical page: [ 696.116216][T12279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x436b3 [ 696.124968][T12279] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 696.132430][T12279] page_type: 0xfdffffff(slab) [ 696.137092][T12279] raw: 00fff00000000000 ffff8880154418c0 ffffea0000b01800 0000000000000003 [ 696.145662][T12279] raw: 0000000000000000 0000000000200020 00000001fdffffff 0000000000000000 [ 696.154225][T12279] page dumped because: kasan: bad access detected [ 696.160630][T12279] page_owner tracks the page as allocated [ 696.166328][T12279] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 10191, tgid 10191 (udevd), ts 639812701008, free_ts 639637529758 [ 696.186540][T12279] post_alloc_hook+0x1f3/0x230 [ 696.191290][T12279] get_page_from_freelist+0x2e4c/0x2f10 [ 696.196818][T12279] __alloc_pages_noprof+0x256/0x6c0 [ 696.201997][T12279] alloc_slab_page+0x5f/0x120 [ 696.206658][T12279] allocate_slab+0x5a/0x2f0 [ 696.211141][T12279] ___slab_alloc+0xcd1/0x14b0 [ 696.215809][T12279] __slab_alloc+0x58/0xa0 [ 696.220143][T12279] __kmalloc_noprof+0x25a/0x400 [ 696.224992][T12279] tomoyo_encode+0x26f/0x540 [ 696.229665][T12279] tomoyo_realpath_from_path+0x59e/0x5e0 [ 696.235296][T12279] tomoyo_path_perm+0x2b7/0x740 [ 696.240140][T12279] security_inode_getattr+0xd8/0x130 [ 696.245420][T12279] vfs_getattr+0x45/0x430 [ 696.249756][T12279] vfs_fstatat+0xe4/0x190 [ 696.254080][T12279] __x64_sys_newfstatat+0x11d/0x1a0 [ 696.259268][T12279] do_syscall_64+0xf3/0x230 [ 696.263758][T12279] page last free pid 11597 tgid 11597 stack trace: [ 696.270241][T12279] free_unref_folios+0x100f/0x1ac0 [ 696.275337][T12279] folios_put_refs+0x76e/0x860 [ 696.280089][T12279] free_pages_and_swap_cache+0x5c8/0x690 [ 696.285716][T12279] tlb_flush_mmu+0x3a3/0x680 [ 696.290310][T12279] tlb_finish_mmu+0xd4/0x200 [ 696.294890][T12279] exit_mmap+0x44f/0xc80 [ 696.299123][T12279] __mmput+0x115/0x380 [ 696.303182][T12279] exit_mm+0x220/0x310 [ 696.307242][T12279] do_exit+0x9b2/0x27f0 [ 696.311385][T12279] do_group_exit+0x207/0x2c0 [ 696.315962][T12279] __x64_sys_exit_group+0x3f/0x40 [ 696.320976][T12279] x64_sys_call+0x2634/0x2640 [ 696.325646][T12279] do_syscall_64+0xf3/0x230 [ 696.330134][T12279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.336027][T12279] [ 696.338339][T12279] Memory state around the buggy address: [ 696.343953][T12279] ffff8880436b3e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 696.352002][T12279] ffff8880436b3e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 696.360058][T12279] >ffff8880436b3f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 696.368113][T12279] ^ [ 696.373988][T12279] ffff8880436b3f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 696.382032][T12279] ffff8880436b4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 696.390072][T12279] ================================================================== [ 696.398141][ C1] vkms_vblank_simulate: vblank timer overrun [ 696.416442][T11370] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 696.426860][T11370] usb 3-1: Product: syz [ 696.431565][T12262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 696.444587][T12262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 696.457846][T11370] usb 3-1: Manufacturer: syz [ 696.462660][T11370] usb 3-1: SerialNumber: syz [ 696.641802][T11370] usb 3-1: config 0 descriptor?? [ 696.648971][T12266] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 696.714315][T11370] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input49 [ 696.765136][T12279] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 696.772373][T12279] CPU: 1 UID: 0 PID: 12279 Comm: syz.4.2018 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 696.783140][T12279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 696.793193][T12279] Call Trace: [ 696.796477][T12279] [ 696.799407][T12279] dump_stack_lvl+0x241/0x360 [ 696.804097][T12279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 696.809307][T12279] ? __pfx__printk+0x10/0x10 [ 696.813905][T12279] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 696.819899][T12279] ? vscnprintf+0x5d/0x90 [ 696.824240][T12279] panic+0x349/0x860 [ 696.828147][T12279] ? check_panic_on_warn+0x21/0xb0 [ 696.833265][T12279] ? __pfx_panic+0x10/0x10 [ 696.837698][T12279] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 696.843696][T12279] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 696.850046][T12279] check_panic_on_warn+0x86/0xb0 [ 696.854989][T12279] ? __uprobe_unregister+0x85/0x1f0 [ 696.860194][T12279] end_report+0x77/0x160 [ 696.864451][T12279] kasan_report+0x154/0x180 [ 696.868974][T12279] ? __uprobe_unregister+0x85/0x1f0 [ 696.874189][T12279] __uprobe_unregister+0x85/0x1f0 [ 696.879234][T12279] uprobe_unregister+0x49/0x80 [ 696.884009][T12279] bpf_uprobe_multi_link_release+0x13a/0x2f0 [ 696.890012][T12279] bpf_link_free+0xf5/0x250 [ 696.894521][T12279] bpf_link_release+0x7b/0x90 [ 696.899203][T12279] ? __pfx_bpf_link_release+0x10/0x10 [ 696.904584][T12279] __fput+0x24a/0x8a0 [ 696.908592][T12279] task_work_run+0x24f/0x310 [ 696.913188][T12279] ? __pfx_task_work_run+0x10/0x10 [ 696.918395][T12279] ? syscall_exit_to_user_mode+0xa3/0x370 [ 696.924133][T12279] syscall_exit_to_user_mode+0x168/0x370 [ 696.929782][T12279] do_syscall_64+0x100/0x230 [ 696.934374][T12279] ? clear_bhb_loop+0x35/0x90 [ 696.939061][T12279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.944958][T12279] RIP: 0033:0x7fec457779f9 [ 696.949371][T12279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.968986][T12279] RSP: 002b:00007ffd0b4dd718 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 696.977417][T12279] RAX: 0000000000000000 RBX: 00007fec45907a80 RCX: 00007fec457779f9 [ 696.985485][T12279] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 696.993459][T12279] RBP: 00007fec45907a80 R08: 0000000000000006 R09: 00007ffd0b4dd9ff [ 697.001443][T12279] R10: 000000000003fdb4 R11: 0000000000000246 R12: 00000000000a9f00 [ 697.009419][T12279] R13: 00007ffd0b4dd810 R14: 00007ffd0b4dd830 R15: ffffffffffffffff [ 697.017405][T12279] [ 697.020721][T12279] Kernel Offset: disabled [ 697.025035][T12279] Rebooting in 86400 seconds..