last executing test programs: 7m29.844263956s ago: executing program 2 (id=166): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x300, 0xf0, 0x1170, 0x1398, 0x0, 0x1170, 0x230, 0x1398, 0x1398, 0x230, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @loopback, [0x0, 0xff000000], [0xffffff00], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x18, 0x0, 0x0, 0x20}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'sit0\x00', {0x1}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @multicast2}, [0x0, 0x0, 0x0, 0xff000000], [0x0, 0x0, 0xff000000], 'geneve1\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x0, 0x12}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x360) (async) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000880)='./file0\x00', 0x1) (async) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) (async) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r3, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) (async) ioctl$SNDRV_PCM_IOCTL_STATUS32(r3, 0x806c4120, &(0x7f00000002c0)) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x25) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYRESOCT=r4, @ANYRES32=0x0, @ANYRESOCT=r2], 0x40}, 0x1, 0x0, 0x0, 0xc1}, 0x0) 7m29.630076015s ago: executing program 2 (id=167): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8040480) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6, 0x72, 0x59, 0x20, 0x1608, 0x301, 0xf124, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xd7, 0x0, 0x0, 0xf8, 0x5b, 0xeb}}]}}]}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) unshare(0x2000400) cachestat(r2, &(0x7f0000000280)={0x52a, 0x6}, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2c, 0xb, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x4, 0x7, 0x0, 0x0}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}}, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x20004, r4, 0x80000}) fsopen(0x0, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fremovexattr(0xffffffffffffffff, &(0x7f0000000040)=@known='system.posix_acl_default\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r7) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r6) 7m26.05253428s ago: executing program 2 (id=183): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, 0x0) (async) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000001c0)={0x5813, 0x0, 0x0, 0x3}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="300000005e008d9d555cfa079cc9178c2268"], 0x30}}, 0x4810) 7m25.751785607s ago: executing program 2 (id=186): dup(0xffffffffffffffff) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000d71000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000179000/0x2000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) r4 = syz_io_uring_setup(0x10e, 0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r7) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000004c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000100)={0x24, r8, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_CQM={0x8, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004080}, 0x4004000) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='comm\x00') 7m24.128980166s ago: executing program 2 (id=192): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, &(0x7f0000004600), 0x0, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40800, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(0x0, 0x2000, 0x0) ioctl$TCSETSW2(r2, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) (async) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async) recvmmsg(0xffffffffffffffff, &(0x7f0000004600), 0x0, 0x2, 0x0) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40800, 0x0) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) (async) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) (async) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) (async) mknod$loop(0x0, 0x2000, 0x0) (async) ioctl$TCSETSW2(r2, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) (async) 7m23.619527014s ago: executing program 2 (id=196): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x4000000, 0x3, 0x4, 0x2}, 0x1, r4}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x22) bpf$MAP_CREATE(0x0, 0x0, 0x50) unshare(0x62040200) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r6, 0x40045431, &(0x7f0000000000)) r7 = ioctl$TIOCGPTPEER(r6, 0x5441, 0x9) syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8", @ANYRES32=r7], 0x0) r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000001c0)={0x0, 0x2, 0x200, "8c8ee811ddd396f06db560b6396e471eeee6f7c1e1dc7c61b76dd45128573ea3", 0x20363159}) 7m23.082038075s ago: executing program 32 (id=196): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x4000000, 0x3, 0x4, 0x2}, 0x1, r4}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x22) bpf$MAP_CREATE(0x0, 0x0, 0x50) unshare(0x62040200) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r6, 0x40045431, &(0x7f0000000000)) r7 = ioctl$TIOCGPTPEER(r6, 0x5441, 0x9) syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8", @ANYRES32=r7], 0x0) r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000001c0)={0x0, 0x2, 0x200, "8c8ee811ddd396f06db560b6396e471eeee6f7c1e1dc7c61b76dd45128573ea3", 0x20363159}) 4m47.386883702s ago: executing program 4 (id=764): r0 = syz_open_dev$video4linux(&(0x7f0000000400), 0x800000000401, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc040564a, &(0x7f00000001c0)={0x2000000, 0x0, 0x1814, 0xffffffffffffffff, 0x0, 0x0}) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x0}, 0x10) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000240)=ANY=[@ANYRESHEX=r1, @ANYRESHEX=r1, @ANYRES16=r1, @ANYRES16=0x0, @ANYRES32=r1, @ANYRES32=r1, @ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1]) r3 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r3, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0) syz_usb_connect$cdc_ncm(0x2, 0xb2, &(0x7f0000000500)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa0, 0x2, 0x1, 0xd, 0x40, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "e3203cc5f058"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x9, 0x7, 0xf5}, {0x6, 0x24, 0x1a, 0x4, 0x37}, [@country_functional={0xffffffffffffff6e, 0x24, 0x7, 0xd1, 0x1, [0x8, 0x1, 0x0, 0x9, 0xd, 0x4]}, @country_functional={0x10, 0x24, 0x7, 0x31, 0x24, [0x200, 0xfff, 0xf24, 0x0, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x5, 0x9, 0x0, 0x8}, @mdlm={0x15}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x7, 0x60, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0xff, 0x8, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6, 0xaa}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x6c, 0xa, 0x5, 0x10, 0xff}, 0x10, &(0x7f00000001c0)=ANY=[@ANYBLOB="050f100000"], 0x4, [{0x97, &(0x7f0000000100)=@string={0x97, 0x3, "5c3bfe8916943eab04aa063f72cbb21a07fb87734a20ce07812f86bf7e45e7ffcfa715bb16729d337ef7a1e8a0eed9ffba9960723f4e8b6161fb7adad4fa74a2562797dec7c05b540a59c0759fe8e6fe7ca4d760f9084a6121e8a7219671c42231887c74e2884a7f2bfc8bda267118cd51ba8ed7b9ab536a9a67b88817e9f11233263aac3eee00"/149}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x81a}}, {0xe8, &(0x7f0000000340)=ANY=[@ANYBLOB="e803ad1e7d5d939da069433345fd851f4f7a46e576978e24d38f5648c069d7a948584efa63159b1a4d6bcdba66faa57d4556137202f54068fe363e846b08f94a96f3e75953acba1742d07ccfdad39cc597da3d5e83545d82db515b1a69bea22ea254f5deb0f88f9734092e0bb57f8603cd3117a0f33f85d1fe1721130a2aae7486cdd04870c84c6534c73416eb1fb7ee3aa48716085d690f397a4bead1561adfcb93504e0c74f082c0e72d83bb9b20a87c5224a8c4f93b7f89b88120aeebff6afd26b4ea1028ae4f69cde4160461ccc5e14bdad947bb4716627ab437ada799c2e885001e5c49818f"]}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x140a}}]}) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x12, &(0x7f0000000040)=@generic={0x1, 0x0, 0xa, "e08475fc", "472eb1c14d0b37b00154"}) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000014400000000c0a01011d000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) close(r6) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x730, 0x270, 0x190, 0x0, 0x190, 0x0, 0x660, 0x660, 0x660, 0x660, 0x660, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0x0, 0xffffffff], [], 0x0, 0x10}}, @common=@inet=@dccp={{0x30}, {[0x4e24, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x20, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [], 'bridge0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0xfd}, 0x300, 0x4}}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'bond_slave_0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@loopback, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast2, @mcast2, @private0, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0]}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x790) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 4m45.2927394s ago: executing program 4 (id=770): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xa}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ALPHA={0x8, 0x5, 0xe}]}}]}, 0x3c}}, 0x20004055) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) (async) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4m44.975791051s ago: executing program 4 (id=772): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = dup(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xd, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = syz_open_dev$dri(0x0, 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r4, &(0x7f0000000180)=ANY=[@ANYRES32=r3], 0x2c2) write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d300987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000400)=@multiplanar_userptr={0x2, 0x1, 0x4, 0x100000, 0x4, {}, {0x5, 0x8, 0xc1, 0xf0, 0x3, 0x2, "1cec7fe1"}, 0x5, 0x2, {&(0x7f0000000380)=[{0x6, 0x8000, {&(0x7f00000001c0)}, 0x62}, {0x9, 0x1, {0x0}, 0x5}]}, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) openat$urandom(0xffffff9c, 0x0, 0x2, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r6, &(0x7f0000000340)={0x28, 0x0, 0x2710, @host}, 0x10) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0xf}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010) syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a010c005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99080805", @ANYRES8], 0x0) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/123, 0x9e, 0xc8) 4m40.78072931s ago: executing program 4 (id=780): r0 = socket(0x10, 0x803, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000300)=[{&(0x7f0000000340)=""/65}, {&(0x7f00000000c0)=""/157}, {&(0x7f0000000180)=""/226, 0x3b}], 0x3a, 0x2, 0x80000400, 0x1) ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f00000000c0)) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) (async) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) (async) move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000380)='./file0/../file0/../file0/../file0/file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00') ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000280)) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000d40)=@mangle={'mangle\x00', 0x64, 0x6, 0x4f8, 0x340, 0x1a0, 0x0, 0x0, 0x1a0, 0x428, 0x428, 0x428, 0x428, 0x428, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [0x0, 0x0, 0x6f7594ef4243f52d], [], 'macvtap0\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x52}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x33}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}, {{@ipv6={@local, @mcast1, [], [], 'lo\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x558) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0xff, 0x0, 0x0, 0x0, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x7800, 0xffffffff, 0x1}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0xff, 0x0, 0x0, 0x0, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x7800, 0xffffffff, 0x1}}) 4m40.333762642s ago: executing program 4 (id=784): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000300), 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x11, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), r2) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'geneve0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r5], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x48000) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x2c, 0x3, r6, 0x5}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000400)="022cd36c9170e954ec93ef97f6dcc6efc3b33c62555ffe260cf036c139fb3af8a7aa8cff031fadb78520886bea6e0cf9e8d1bd7adb963c3c2293af1c6839c5dc1e1a6d565febb0f051191909c0f64025aa0aa2a263dd7d7a8ff49a48f13bc488b8379d984f7abd995f5f6ce78c8a0919ab00fda88c760e192a683db296ce67ec524fd1402ccd727c84237f7906bfc372f10bfa4e34", 0x95}, {&(0x7f00000001c0)="99e38a6b1891d13e62431a70e1876b89467c75b44b82bfb8485f36a8a84321604c3a31297844bc2c6e762d84932e10c923ac54a5bc71cb33627624f794241c9dd2a1f737b8", 0x45}, {&(0x7f0000000380)="f835e3b4a736b36e0276d5f794f639d2f056ddcd9fa88726fb672b7eb8afdc3644be53a9700cbac4b2fc9f9eb5c47a1362d19ac771aa9f5990265790212cc552fb4453b1dad57e624c497b6f9bd8e883ef5ec3bc6413436a101ef022a0ce9c1111b6b0bb25", 0x65}], 0x3, 0x0, 0x0, 0x4000001}, 0x8095) r7 = io_uring_setup(0x3542, &(0x7f0000000080)={0x0, 0x9c70, 0x0, 0x3, 0x10001d6}) r8 = syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1, 0x80) ioctl$SNDRV_PCM_IOCTL_UNLINK(r8, 0x4161, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 4m40.022897849s ago: executing program 4 (id=788): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r2 = socket$kcm(0x1e, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) add_key$keyring(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c000000020601000000080604000000000000000e0600000000000000703a697000000005000400000000000900020073797a3000000000240007800c00028008000140ffffffff0c0001800800014080ffff04050014000a000001050005"], 0x6c}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40080) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000280)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a0300"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000060a010600000000000000000a0000010900010073797a3100000000300004802c000180090001006861736800"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0x18) unlink(&(0x7f0000000100)='./file0\x00') execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) 4m39.466513541s ago: executing program 33 (id=788): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r2 = socket$kcm(0x1e, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) add_key$keyring(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c000000020601000000080604000000000000000e0600000000000000703a697000000005000400000000000900020073797a3000000000240007800c00028008000140ffffffff0c0001800800014080ffff04050014000a000001050005"], 0x6c}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40080) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000280)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a0300"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000060a010600000000000000000a0000010900010073797a3100000000300004802c000180090001006861736800"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0x18) unlink(&(0x7f0000000100)='./file0\x00') execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) 7.943650813s ago: executing program 0 (id=1943): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000780)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@flat=@weak_binder={0x77622a85, 0x100a, 0x3, 0x48}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x37}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 7.779756427s ago: executing program 0 (id=1945): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9, 0x14, 0xbf, 0x20, 0xac8, 0xc301, 0x82d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x53, 0x8, 0x98}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) 5.987407202s ago: executing program 5 (id=1957): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@allocspi={0xf8, 0x16, 0x1, 0x70bd26, 0x25dfdbfd, {{{@in=@empty, @in6=@empty, 0x4e20, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0xa0, 0x3a}, {@in6=@rand_addr=' \x01\x00', 0x4d2, 0x33}, @in6=@mcast2, {0xffffffffffffc5bf, 0x2, 0x4, 0x3, 0xfff, 0xc9e, 0x3, 0x2000000}, {0x3, 0x3, 0x9, 0x7}, {0xb78, 0x7, 0x5}, 0x70bd28, 0x34ff, 0x8, 0x1, 0xd, 0x72}, 0x2, 0x6}}, 0xf8}}, 0x4000010) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 5.887900162s ago: executing program 5 (id=1958): r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f00000000c0)={0x1, {0xf8000002, 0x8b8, 0xc4f, 0x870}}) 5.875147062s ago: executing program 5 (id=1959): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)=0x10) 5.675813034s ago: executing program 3 (id=1961): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x775fd9bc, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000140)="bd", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="75851e", 0x3}], 0x1}}], 0x3, 0x0) shutdown(r0, 0x1) 5.565324297s ago: executing program 3 (id=1963): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000001a00)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.485446434s ago: executing program 3 (id=1964): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e20, @rand_addr=0x64010100}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e20, @multicast1}}}, &(0x7f00000000c0)=0x84) 5.391839418s ago: executing program 3 (id=1965): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000440)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9101) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000100)='./file0/../file0/../file0/../file0/file0\x00') 5.37982213s ago: executing program 3 (id=1966): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xa0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x3}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) 5.177002018s ago: executing program 3 (id=1967): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000400)={0x0, 0x17, 0x6, "f4033e31ab96"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.897235702s ago: executing program 34 (id=1967): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000400)={0x0, 0x17, 0x6, "f4033e31ab96"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.85531963s ago: executing program 5 (id=1970): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bde5a44070275290f515010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000500)={0x1c, &(0x7f00000003c0)={0x0, 0x8}, 0x0, 0x0}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x8c0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 4.775017968s ago: executing program 0 (id=1972): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r1 = syz_open_dev$swradio(&(0x7f0000002580), 0x0, 0x2) read(r1, &(0x7f0000002640)=""/102, 0x66) syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5"], 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.808365469s ago: executing program 6 (id=1981): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000480)=0x1) ioctl$TCSETSF2(r0, 0x8910, &(0x7f0000000000)={0x10008a, 0x4, 0x8, 0x2, 0xc, "a533b6aaf9f659ff35036bf79d8b4c2a246305", 0x6, 0x8}) 2.746997676s ago: executing program 5 (id=1982): r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0) read(r0, &(0x7f0000000080)=""/1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') pread64(r1, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) 2.548054417s ago: executing program 6 (id=1983): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'geneve1\x00'}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.546821529s ago: executing program 5 (id=1984): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000000e40)="c2f0e7", 0x3) 2.264491867s ago: executing program 1 (id=1985): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a0000050180c200000300000000000086dd6900040000c80000fc010000000000000000000000000001fe8000000000000000000000000000aa0617000000000000040109010200000728000000030803f1"], 0x102) 2.143117986s ago: executing program 1 (id=1986): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f00000006c0)=ANY=[@ANYBLOB="400f2d00000001"], 0x0, 0x0, 0x0, 0x0, 0x0}) 1.971918456s ago: executing program 6 (id=1987): syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000080)={@val={0x2000}, @void, @eth={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0xfffe, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1}, {0x300, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x36) 1.685170006s ago: executing program 0 (id=1988): socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000040)={'wlan0\x00'}) 1.608585188s ago: executing program 6 (id=1989): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x58, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) 1.50853094s ago: executing program 0 (id=1990): r0 = semget$private(0x0, 0x2, 0x208) semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x5, 0x1800}, {0x3, 0x101, 0x800}], 0x2, &(0x7f0000000040)={0x77359400}) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) r1 = semget$private(0x0, 0x2, 0x241) semop(r1, &(0x7f0000000180)=[{0x0, 0x7fff, 0x800}], 0x1) syz_emit_vhci(&(0x7f0000001280)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) r2 = msgget(0x2, 0x100) msgctl$MSG_STAT(r2, 0xb, &(0x7f00000012c0)=""/177) msgrcv(0x0, 0x0, 0x0, 0x2, 0x0) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000001440)=""/232) r3 = msgget(0x3, 0x4) msgctl$IPC_RMID(r3, 0x0) semop(r0, &(0x7f0000001540)=[{0x7, 0x4810, 0x800}, {0x0, 0x7, 0x400}], 0x2) semctl$GETZCNT(r0, 0x1, 0xf, &(0x7f0000001580)=""/126) syz_emit_vhci(&(0x7f0000001600)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) 1.454857236s ago: executing program 1 (id=1991): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) r1 = dup(r0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) 1.391373521s ago: executing program 6 (id=1992): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000000)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000380)={0x2, 0x0, [{0x41000, 0x1000, &(0x7f0000000900)=""/4096}, {0x2000, 0xbc, &(0x7f00000001c0)=""/188}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f00000008c0)=0x0) 1.286503161s ago: executing program 0 (id=1993): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000500)={0x20, 0xf, 0x2, "5cf0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 1.23519716s ago: executing program 6 (id=1994): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.043417525s ago: executing program 1 (id=1995): setresuid(0x0, 0xee00, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f00000001c0)={0x0, r2}) sendmmsg$unix(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="11", 0x1}], 0x1, 0x0, 0x0, 0x4000004}}], 0x1, 0x4048891) 868.101039ms ago: executing program 1 (id=1996): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x10000003, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012d, 0x8004, 0x5, 0xffffffd3, 0x129432e2, 0xc8, 0xf9, 0xe, 0x2bf, 0x1, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x5, 0x2f, 0xe, 0x6, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x1000d, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x4, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x3, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x5, 0x5, 0x8, 0x1ef, 0x2, 0x8, 0x82, 0x3, 0x303c, 0x3e7, 0xc, 0xc, 0x2, 0x2, 0x3, 0x2000000b, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x6, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x54, 0x5, 0x3, 0x101, 0x10000, 0x5, 0x7fff, 0xffff, 0xa620, 0x1, 0x78b, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x1a, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x5, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1997): quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000700, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8002, 0xc95a, 0x0, 0xb, 0x7fffffff, 0x2, 0x8000b, 0x8000007f, 0x20000026, 0xd, 0x6, 0x5f, 0xb, 0x5, 0xffff2d37, 0xffffff01, 0xb, 0x3, 0x0, 0x5, 0x24, 0x1, 0x0, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xffffffff, 0x4, 0x4, 0x89d2, 0x8, 0x4c76, 0x80000000, 0x40000, 0x3, 0x0, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x3, 0x5, 0x3a, 0x8f, 0x4006, 0x6, 0x80000000, 0x9, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000003, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0x800, 0x2bf, 0x6c7, 0x6, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x315, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x8, 0x6, 0x0, 0x6, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x82, 0x4, 0xb, 0xffff, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x4001, 0xfe000000, 0x80, 0xfffffffb, 0x7, 0x9, 0x5, 0x3, 0x4, 0x9b, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x3, 0x408, 0x8004, 0x0, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x3, 0x0, 0x5, 0xb, 0x5, 0x9, 0x5, 0x0, 0x4a61eab3, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x2, 0xb, 0x101, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0xd6c, 0x800003, 0x200, 0x7b, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x5, 0xac8, 0x2000af, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x7ff, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x8000b, 0x8, 0x938, 0x6, 0x6, 0x0, 0xb9, 0x8, 0x9, 0x2, 0x58, 0x44e, 0xa4a8, 0x101, 0x10000, 0x4, 0x7ffc, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0xffffffff, 0x5, 0xe7, 0x4, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0x200000c8, 0x9, 0xffffefff, 0x10003, 0x3, 0x7e, 0xfd, 0x9602, 0x3, 0x5, 0x1007, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x8d67, 0x5, 0xf40, 0x1, 0x1, 0x1000, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0x9, 0x2) r0 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_proto_private(r0, 0x89e0, 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): encryption failed: -22 [ 445.207294][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.488427][T11279] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1331'. [ 445.498259][T11280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1331'. [ 446.011468][ T1220] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 446.171433][ T1220] usb 6-1: Using ep0 maxpacket: 32 [ 446.179447][ T1220] usb 6-1: config 5 has an invalid interface number: 1 but max is 0 [ 446.190222][ T1220] usb 6-1: config 5 has no interface number 0 [ 446.200639][ T1220] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 446.210438][ T1220] usb 6-1: New USB device strings: Mfr=31, Product=2, SerialNumber=3 [ 446.219332][ T1220] usb 6-1: Product: syz [ 446.227752][ T1220] usb 6-1: Manufacturer: syz [ 446.234214][ T1220] usb 6-1: SerialNumber: syz [ 446.269044][ T1220] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 446.286630][ T1220] usb 6-1: selecting invalid altsetting 1 [ 446.286657][ T1220] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 446.316201][ T1220] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 446.332071][ T1220] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 446.340618][ T1220] usb 6-1: media controller created [ 446.474155][ T1220] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 447.147114][T11287] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1332'. [ 447.155917][ T1220] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 447.156147][ T1220] zl10353_read_register: readreg error (reg=127, ret==-71) [ 447.156989][ T1220] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 447.307789][ T1220] usb 6-1: USB disconnect, device number 67 [ 447.448317][T11294] netlink: 'syz.1.1336': attribute type 1 has an invalid length. [ 447.497366][T11294] bond5: entered promiscuous mode [ 447.534145][T11294] bond5: entered allmulticast mode [ 447.561526][T11294] 8021q: adding VLAN 0 to HW filter on device bond5 [ 447.629377][T11296] erspan1: entered allmulticast mode [ 447.639766][T11294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1336'. [ 447.658819][T11296] bond5: (slave erspan1): making interface the new active one [ 447.668444][T11296] erspan1: entered promiscuous mode [ 447.682248][T11296] bond5: (slave erspan1): Enslaving as an active interface with an up link [ 447.949502][T11320] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1337'. [ 448.090648][T11325] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1339'. [ 448.506229][T11294] bond5 (unregistering): (slave erspan1): Releasing active interface [ 448.521487][T11294] erspan1: left promiscuous mode [ 448.538003][T11294] bond5 (unregistering): Released all slaves [ 448.579775][T11300] tipc: Enabled bearer , priority 0 [ 448.605672][T11311] syzkaller0: entered promiscuous mode [ 448.613389][T11311] syzkaller0: entered allmulticast mode [ 448.702200][T11326] tipc: Resetting bearer [ 448.750394][T11298] tipc: Resetting bearer [ 448.801897][T11298] tipc: Disabling bearer [ 449.206883][T11341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1344'. [ 449.354399][T11345] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1344'. [ 449.364171][T11345] netlink: 'syz.0.1344': attribute type 13 has an invalid length. [ 449.419796][T11345] gretap0: refused to change device tx_queue_len [ 449.432549][T11345] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 449.830660][T11344] PKCS7: Unknown OID: [5] (bad) [ 449.877249][T11344] PKCS7: Only support pkcs7_signedData type [ 450.024075][T11344] bond5: Removing last arp target with arp_interval on [ 450.032181][T11344] bond5: entered promiscuous mode [ 450.037266][T11344] bond5: entered allmulticast mode [ 450.112285][T11344] 8021q: adding VLAN 0 to HW filter on device bond5 [ 450.694612][T11360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.706736][T11360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.762772][T11362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.801554][T11362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.824266][T11362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.856430][T11362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.134974][T11368] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1350'. [ 451.171713][T11368] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1350'. [ 451.198660][T11368] netlink: 'syz.5.1350': attribute type 18 has an invalid length. [ 451.221425][ T1220] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 451.232628][T11368] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1350'. [ 451.421483][ T1220] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 451.441356][ T1220] usb 7-1: can't read configurations, error -61 [ 451.526851][T11379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 451.551753][T11379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.601484][ T1220] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 451.743037][T11387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 451.804546][ T5900] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 451.818287][ T1220] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 451.826553][ T1220] usb 7-1: can't read configurations, error -61 [ 451.842280][T11387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.861837][ T1220] usb usb7-port1: attempt power cycle [ 451.961493][ T5900] usb 6-1: Using ep0 maxpacket: 8 [ 451.989135][ T5900] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 451.998561][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.007789][ T5900] usb 6-1: Product: syz [ 452.013027][ T5900] usb 6-1: Manufacturer: syz [ 452.018286][ T5900] usb 6-1: SerialNumber: syz [ 452.039071][ T5900] usb 6-1: config 0 descriptor?? [ 452.211479][ T1220] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 452.237795][ T1220] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 452.247565][ T1220] usb 7-1: can't read configurations, error -61 [ 452.266342][ T5900] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 452.409455][ T1220] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 452.498978][ T1220] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 452.507036][ T1220] usb 7-1: can't read configurations, error -61 [ 452.541936][ T1220] usb usb7-port1: unable to enumerate USB device [ 452.737843][T11412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 452.792992][T11412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 452.833109][T11412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 452.848855][T11412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 453.082031][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 453.082049][ T30] audit: type=1326 audit(1770152839.019:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.143459][ T30] audit: type=1326 audit(1770152839.049:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.175855][ T30] audit: type=1326 audit(1770152839.049:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.228137][ T30] audit: type=1326 audit(1770152839.049:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.298629][ T30] audit: type=1326 audit(1770152839.049:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.331609][ T30] audit: type=1326 audit(1770152839.049:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.411442][ T30] audit: type=1326 audit(1770152839.049:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.439668][ T30] audit: type=1326 audit(1770152839.049:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.462918][ T30] audit: type=1326 audit(1770152839.049:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 453.486131][ T30] audit: type=1326 audit(1770152839.049:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.0.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 454.027037][T11437] netlink: 2672 bytes leftover after parsing attributes in process `syz.6.1366'. [ 454.042755][T11437] netlink: 120 bytes leftover after parsing attributes in process `syz.6.1366'. [ 454.062221][T11437] netlink: 2672 bytes leftover after parsing attributes in process `syz.6.1366'. [ 454.098969][ T5900] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 454.110462][T11437] netlink: 120 bytes leftover after parsing attributes in process `syz.6.1366'. [ 454.123790][ T5900] dvbdev: DVB: registering new adapter (Terratec H7) [ 454.130803][ T5900] usb 6-1: media controller created [ 454.214977][ T5900] usb 6-1: dvb_usb_v2: MAC address: 6f:2e:44:a8:45:ac [ 454.235793][T11441] kvm: emulating exchange as write [ 454.257807][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 454.473889][ T5900] DVB: Unable to find symbol drxk_attach() [ 454.554544][ T5900] dvb_usb_az6007 6-1:0.0: probe with driver dvb_usb_az6007 failed with error -22 [ 454.599906][ T5900] usb 6-1: USB disconnect, device number 68 [ 455.136098][T11461] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve1, syncid = 1073741832, id = 0 [ 455.722739][T11470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 455.759583][T11470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 456.119901][T11474] netlink: 752 bytes leftover after parsing attributes in process `syz.0.1373'. [ 457.028452][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1377'. [ 457.153422][T11493] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1376'. [ 457.179154][T11494] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1377'. [ 457.332051][T11495] netlink: 'syz.1.1377': attribute type 13 has an invalid length. [ 457.376247][T11495] gretap0: refused to change device tx_queue_len [ 457.384535][T11495] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 458.808979][T11509] netlink: 'syz.5.1381': attribute type 1 has an invalid length. [ 458.808979][T11512] netlink: 'syz.5.1381': attribute type 1 has an invalid length. [ 458.891886][T11509] 8021q: adding VLAN 0 to HW filter on device bond2 [ 459.792184][T11537] syzkaller0: entered promiscuous mode [ 459.817809][T11537] syzkaller0: entered allmulticast mode [ 460.115113][T11540] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1389'. [ 460.672304][ T985] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 460.700286][T11552] netlink: 'syz.1.1395': attribute type 1 has an invalid length. [ 460.834178][T11537] tipc: Enabled bearer , priority 0 [ 460.841562][ T985] usb 7-1: Using ep0 maxpacket: 16 [ 460.850214][ T985] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 460.859739][ T985] usb 7-1: config 0 has no interface number 0 [ 460.886581][ T985] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 460.901489][ T985] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.921366][ T985] usb 7-1: Product: syz [ 460.925607][ T985] usb 7-1: Manufacturer: syz [ 460.930258][ T985] usb 7-1: SerialNumber: syz [ 460.944334][ T985] usb 7-1: config 0 descriptor?? [ 460.966222][ T985] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 460.985195][T11557] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1395'. [ 461.069963][T11555] veth5: entered promiscuous mode [ 461.093812][T11536] tipc: Resetting bearer [ 461.149034][T11536] tipc: Disabling bearer [ 461.342494][T11560] IPVS: length: 80 != 24 [ 461.650425][T11567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.677353][T11567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.040796][T11574] program syz.5.1402 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 462.533698][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.544253][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.711733][T11583] netlink: 'syz.1.1403': attribute type 1 has an invalid length. [ 462.852747][T11585] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address [ 462.866692][T11585] bond7: (slave vxcan3): Error -95 calling set_mac_address [ 462.894363][ T985] gspca_spca1528: reg_r err -71 [ 462.899384][ T985] spca1528 7-1:0.1: probe with driver spca1528 failed with error -71 [ 462.909504][ T985] usb 7-1: USB disconnect, device number 27 [ 463.104006][T11585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1403'. [ 463.164861][T11583] bond7: (slave gretap1): making interface the new active one [ 463.178776][T11583] bond7: (slave gretap1): Enslaving as an active interface with an up link [ 463.207152][T11585] macvlan4: entered promiscuous mode [ 463.212803][T11585] macvlan4: entered allmulticast mode [ 463.351416][ T985] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 463.501545][ T985] usb 7-1: Using ep0 maxpacket: 32 [ 463.508811][ T985] usb 7-1: config 2 has an invalid interface number: 15 but max is 0 [ 463.521300][ T985] usb 7-1: config 2 has 2 interfaces, different from the descriptor's value: 1 [ 463.530836][ T985] usb 7-1: config 2 has no interface number 1 [ 463.537436][ T985] usb 7-1: config 2 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 463.551036][ T985] usb 7-1: config 2 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 463.565238][ T985] usb 7-1: config 2 interface 0 has no altsetting 0 [ 463.578049][ T985] usb 7-1: New USB device found, idVendor=0471, idProduct=0312, bcdDevice=94.69 [ 463.587646][ T985] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.599953][ T985] usb 7-1: Product: syz [ 463.604396][ T985] usb 7-1: Manufacturer: syz [ 463.609349][ T985] usb 7-1: SerialNumber: syz [ 463.633426][ T985] pwc: Philips PCVC750K (ToUCam Pro Scan) USB webcam detected. [ 463.857112][ T985] pwc: Failed to set LED on/off time (-71) [ 463.864702][ T985] pwc: send_video_command error -71 [ 463.905078][ T985] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 463.913621][ T985] Philips webcam 7-1:2.0: probe with driver Philips webcam failed with error -71 [ 463.948325][ T985] usb 7-1: USB disconnect, device number 28 [ 464.779659][T11596] tipc: Enabled bearer , priority 0 [ 464.786580][ T5900] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 464.795509][T11596] syzkaller0: entered promiscuous mode [ 464.801921][T11596] syzkaller0: entered allmulticast mode [ 464.830174][T11596] tipc: Resetting bearer [ 464.840061][T11595] tipc: Resetting bearer [ 464.864871][T11595] tipc: Disabling bearer [ 464.961818][ T5900] usb 7-1: Using ep0 maxpacket: 32 [ 464.977272][ T5900] usb 7-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 465.001479][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.018204][ T5900] usb 7-1: Product: syz [ 465.024518][ T5900] usb 7-1: Manufacturer: syz [ 465.037946][ T5900] usb 7-1: SerialNumber: syz [ 465.056256][ T5900] usb 7-1: config 0 descriptor?? [ 465.079041][ T5900] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 465.117100][T11601] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1409'. [ 465.502088][T11598] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 465.943169][T11617] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 466.113999][T11621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1416'. [ 466.284225][T11626] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1418'. [ 466.324078][T11626] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1418'. [ 466.333478][ T799] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 466.505753][ T799] usb 6-1: Using ep0 maxpacket: 8 [ 466.525191][ T799] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 466.546303][ T799] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.573381][ T799] usb 6-1: Product: syz [ 466.580329][ T799] usb 6-1: Manufacturer: syz [ 466.598071][ T799] usb 6-1: SerialNumber: syz [ 466.622600][ T799] usb 6-1: config 0 descriptor?? [ 466.647513][ T799] gspca_main: sq930x-2.14.0 probing 2770:930c [ 466.663991][T11637] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1421'. [ 466.682902][T11637] bond0: entered promiscuous mode [ 466.688314][T11637] bond_slave_0: entered promiscuous mode [ 466.697004][T11637] bond0: left promiscuous mode [ 466.702427][T11637] bond_slave_0: left promiscuous mode [ 466.732314][T11639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1421'. [ 466.769572][T11639] bond0: entered promiscuous mode [ 466.798064][T11637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.810583][T11637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.811590][T11639] bond_slave_0: entered promiscuous mode [ 466.843293][T11639] bond0: left promiscuous mode [ 466.848241][T11639] bond_slave_0: left promiscuous mode [ 466.984290][ T5900] gspca_ov534_9: reg_r err -71 [ 467.255976][T11641] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 467.277588][T11619] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1415'. [ 467.277657][T11619] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1415'. [ 467.365155][ T5900] gspca_ov534_9: Unknown sensor 0000 [ 467.365281][ T5900] ov534_9 7-1:0.0: probe with driver ov534_9 failed with error -22 [ 467.380922][ T5900] usb 7-1: USB disconnect, device number 29 [ 467.484841][T11619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.533204][T11619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.624321][ T799] gspca_sq930x: ucbus_write failed -71 [ 467.861565][ T799] gspca_sq930x: Sensor ov9630 not yet treated [ 467.882396][ T799] sq930x 6-1:0.0: probe with driver sq930x failed with error -22 [ 467.922991][ T799] usb 6-1: USB disconnect, device number 69 [ 468.134020][T11667] netlink: 'syz.0.1428': attribute type 1 has an invalid length. [ 468.210667][T11671] netlink: 324 bytes leftover after parsing attributes in process `syz.1.1429'. [ 469.261635][T11683] random: crng reseeded on system resumption [ 470.281373][ T5900] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 470.342634][ T985] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 470.816655][ T5900] usb 6-1: Using ep0 maxpacket: 32 [ 471.442267][ T5900] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 471.442307][ T5900] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 471.442332][ T5900] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 471.444524][ T5900] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 471.444556][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.444583][ T5900] usb 6-1: Product: syz [ 471.444595][ T5900] usb 6-1: Manufacturer: syz [ 471.444607][ T5900] usb 6-1: SerialNumber: syz [ 471.584223][ T985] usb 7-1: Using ep0 maxpacket: 8 [ 471.664435][ T985] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 471.664508][ T985] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 471.664533][ T985] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 471.664563][ T985] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 471.664580][ T985] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 471.664624][ T985] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 471.664650][ T985] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.683328][ T5900] usb 6-1: 0:2 : does not exist [ 471.740420][ T5900] usb 6-1: USB disconnect, device number 70 [ 471.799223][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 471.890652][ T985] usb 7-1: usb_control_msg returned -32 [ 471.890714][ T985] usbtmc 7-1:16.0: can't read capabilities [ 472.239956][T11713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.276021][T11713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.286394][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1441'. [ 472.305584][T11716] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1441'. [ 472.321416][T11716] netlink: 'syz.5.1441': attribute type 18 has an invalid length. [ 472.329581][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1441'. [ 472.647512][T11721] batadv_slave_1: entered promiscuous mode [ 472.886479][T11720] batadv_slave_1: left promiscuous mode [ 473.638960][ T5900] usb 7-1: USB disconnect, device number 30 [ 473.931808][ T107] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 474.123067][ T107] usb 6-1: config 0 interface 0 has no altsetting 0 [ 474.146602][ T107] usb 6-1: New USB device found, idVendor=2a39, idProduct=3f8c, bcdDevice=94.24 [ 474.177542][ T107] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.201362][ T107] usb 6-1: Product: syz [ 474.211572][ T107] usb 6-1: Manufacturer: syz [ 474.216261][ T107] usb 6-1: SerialNumber: syz [ 474.243368][ T107] usb 6-1: config 0 descriptor?? [ 474.745054][ T107] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 474.767586][ T107] usb 6-1: USB disconnect, device number 71 [ 474.878363][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 475.271437][ T107] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 475.471349][ T107] usb 7-1: Using ep0 maxpacket: 16 [ 475.701501][ T107] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 475.721322][ T107] usb 7-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 475.730477][ T107] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.786950][ T107] usb 7-1: config 0 descriptor?? [ 475.919858][T11791] netlink: 'syz.5.1460': attribute type 21 has an invalid length. [ 475.958130][T11791] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1460'. [ 476.217529][ T107] hid-multitouch 0003:1FD2:6007.001C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.6-1/input0 [ 476.244056][T11785] tipc: Enabling of bearer rejected, already enabled [ 476.503511][ T107] usb 7-1: USB disconnect, device number 31 [ 478.275361][T11838] fuse: Invalid rootmode [ 478.443960][T11815] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1466'. [ 478.639114][T11850] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1475'. [ 479.149868][T11847] tipc: Enabling of bearer rejected, already enabled [ 479.692264][T11873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.714583][T11873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.803908][T11875] binder: BINDER_SET_CONTEXT_MGR already set [ 479.817223][T11875] binder: 11874:11875 ioctl 40046207 0 returned -16 [ 480.025115][T11884] netlink: 'syz.1.1486': attribute type 1 has an invalid length. [ 480.266362][T11886] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address [ 480.313800][T11886] bond8: (slave vxcan3): Error -95 calling set_mac_address [ 480.367865][T11894] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1488'. [ 480.589223][T11888] bond8: (slave bridge2): Enslaving as an active interface with a down link [ 480.603694][T11895] macvlan5: entered promiscuous mode [ 480.609233][T11895] macvlan5: entered allmulticast mode [ 480.616423][T11895] bond8: entered promiscuous mode [ 480.623055][T11895] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 480.633527][T11895] bond8: left promiscuous mode [ 481.148439][T11899] xt_hashlimit: size too large, truncated to 1048576 [ 481.431762][ T5930] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 481.596847][T11905] loop5: detected capacity change from 0 to 7 [ 481.619574][ T5930] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 481.666221][ T5930] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.727796][ T5930] usb 6-1: config 0 descriptor?? [ 481.759077][ T5930] cp210x 6-1:0.0: cp210x converter detected [ 482.153843][T11905] Dev loop5: unable to read RDB block 7 [ 482.159835][T11905] loop5: unable to read partition table [ 482.166492][T11905] loop5: partition table beyond EOD, truncated [ 482.173273][T11905] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 482.201801][ T5930] usb 6-1: cp210x converter now attached to ttyUSB0 [ 482.274432][T11918] binder: BINDER_SET_CONTEXT_MGR already set [ 482.280809][T11918] binder: 11917:11918 ioctl 4018620d 200000000100 returned -16 [ 482.293116][T11918] binder: BINDER_SET_CONTEXT_MGR already set [ 482.299307][T11918] binder: 11917:11918 ioctl 4018620d 2000000002c0 returned -16 [ 482.319525][T11903] tipc: Enabled bearer , priority 0 [ 482.335619][T11903] syzkaller0: entered promiscuous mode [ 482.349475][T11903] syzkaller0: entered allmulticast mode [ 482.387481][T11903] tipc: Resetting bearer [ 482.395838][T11899] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 482.407407][ T5930] usb 6-1: USB disconnect, device number 72 [ 482.418890][ T5930] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 482.428655][T11902] tipc: Resetting bearer [ 482.457949][ T5930] cp210x 6-1:0.0: device disconnected [ 482.482056][T11902] tipc: Disabling bearer [ 483.721577][ T5887] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 483.873568][ T5887] usb 7-1: Using ep0 maxpacket: 16 [ 483.881116][ T5887] usb 7-1: config 254 has an invalid interface number: 235 but max is 0 [ 483.900246][ T5887] usb 7-1: config 254 has no interface number 0 [ 483.909301][ T5887] usb 7-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 483.932568][ T5887] usb 7-1: config 254 interface 235 altsetting 2 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 483.961352][ T5887] usb 7-1: config 254 interface 235 altsetting 2 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 483.986444][ T5887] usb 7-1: config 254 interface 235 altsetting 2 endpoint 0x8F has invalid wMaxPacketSize 0 [ 484.026322][ T5887] usb 7-1: config 254 interface 235 has no altsetting 0 [ 484.045626][ T5887] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 484.065926][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.089244][ T5887] usb 7-1: Product: syz [ 484.102679][ T5887] usb 7-1: Manufacturer: syz [ 484.110811][ T5887] usb 7-1: SerialNumber: syz [ 484.134657][T11937] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 484.311543][ T107] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 484.483010][ T107] usb 6-1: Using ep0 maxpacket: 8 [ 484.492416][T11950] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 484.495680][ T107] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 484.521826][ T107] usb 6-1: config 179 has no interface number 0 [ 484.536728][ T107] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 484.559317][ T107] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 484.575749][ T107] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 484.592182][ T107] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 484.606531][ T107] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 484.622377][ T107] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 484.632623][ T107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.655379][T11940] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22 [ 484.910867][ T107] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input34 [ 485.230055][ T107] usb 6-1: USB disconnect, device number 73 [ 485.236342][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 485.236400][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 485.991966][ T5887] usbtest 7-1:254.235: couldn't get endpoints, -71 [ 486.019520][ T5887] usbtest 7-1:254.235: probe with driver usbtest failed with error -71 [ 486.071797][ T5887] usb 7-1: USB disconnect, device number 32 [ 486.500727][T11970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.540030][T11970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.560841][T11972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.592319][T11972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.603995][T11965] tipc: Enabled bearer , priority 0 [ 486.615556][T11965] syzkaller0: entered promiscuous mode [ 486.621099][T11965] syzkaller0: entered allmulticast mode [ 486.677986][T11974] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1512'. [ 486.701475][ T5900] usb 7-1: new full-speed USB device number 33 using dummy_hcd [ 486.729618][T11965] tipc: Resetting bearer [ 486.775144][T11981] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1512'. [ 486.802573][T11964] tipc: Resetting bearer [ 486.847570][T11964] tipc: Disabling bearer [ 486.868621][T11981] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.876002][T11981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.883664][T11981] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.890881][T11981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.903948][T11981] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1512'. [ 486.916658][T11983] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.942681][T11981] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.949933][T11981] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.096874][T11988] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1515'. [ 487.180690][T11988] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1515'. [ 487.271426][ T5900] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 487.441477][ T5900] usb 7-1: Using ep0 maxpacket: 8 [ 487.452786][ T5900] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 487.462166][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.470273][ T5900] usb 7-1: Product: syz [ 487.474866][ T5900] usb 7-1: Manufacturer: syz [ 487.479577][ T5900] usb 7-1: SerialNumber: syz [ 487.487471][ T5900] usb 7-1: config 0 descriptor?? [ 487.570933][T12000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.579929][T12000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.682586][T12002] binder: 12001:12002 ioctl c018620c 200000003380 returned -1 [ 487.714863][T11984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.730866][T11984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.832523][T12007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.209907][T12015] netlink: 'syz.5.1523': attribute type 11 has an invalid length. [ 489.529082][T12033] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 489.688962][T12022] tipc: Enabled bearer , priority 0 [ 489.697344][T12022] syzkaller0: entered promiscuous mode [ 489.706702][T12022] syzkaller0: entered allmulticast mode [ 489.779977][T12022] tipc: Resetting bearer [ 489.796625][T12021] tipc: Resetting bearer [ 489.844292][T12021] tipc: Disabling bearer [ 489.905209][ T5900] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 490.076920][ T5900] dvb_usb_af9015 7-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 490.119881][ T5900] usb 7-1: USB disconnect, device number 34 [ 490.175647][T12038] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1530'. [ 490.186569][T12038] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1530'. [ 490.521854][T12044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.561089][T12044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.571889][T12045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.591798][T12045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.612051][T12044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.655425][T12044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.698817][T12049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.756150][T12044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.771889][T12049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.812934][T12044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.842183][T12044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.872914][T12049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.899443][T12044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.934860][T12049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.077179][T12057] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 491.179008][T12044] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 491.565468][T12070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1537'. [ 491.613273][T12070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1537'. [ 492.177901][T12083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 492.203617][T12083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 492.562278][T12080] tipc: Enabling of bearer rejected, already enabled [ 493.511359][ T5930] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 493.662174][ T5930] usb 7-1: Using ep0 maxpacket: 32 [ 493.666615][T12113] IPVS: set_ctl: invalid protocol: 20 0.0.0.0:256 [ 493.698254][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.698293][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 493.698323][ T5930] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 493.698341][ T5930] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.700349][ T5930] usb 7-1: config 0 descriptor?? [ 494.123431][ T5930] hid_parser_main: 103 callbacks suppressed [ 494.123457][ T5930] ft260 0003:0403:6030.001D: unknown main item tag 0x0 [ 494.146595][ T5930] ft260 0003:0403:6030.001D: unknown main item tag 0x0 [ 494.173181][T12132] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1555'. [ 494.340728][ T5930] ft260 0003:0403:6030.001D: chip code: 0000 0000 [ 494.554551][ T5930] ft260 0003:0403:6030.001D: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0 [ 495.288855][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1548'. [ 495.319437][T12150] netlink: 'syz.6.1548': attribute type 14 has an invalid length. [ 495.372272][ T5930] ft260 0003:0403:6030.001D: failed to retrieve status: -32, no wakeup [ 495.393033][ T5930] ft260 0003:0403:6030.001D: failed to retrieve status: -5 [ 495.490953][T12150] vxlan0: entered promiscuous mode [ 495.550912][T11451] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.601864][T11451] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.601936][T11451] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.601971][T11451] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.605730][T12150] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc (error=-5) [ 495.755741][T12156] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1559'. [ 496.057158][T12160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 496.087421][T12160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 496.131403][ T5887] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 496.294907][ T5887] usb 6-1: unable to get BOS descriptor or descriptor too short [ 496.326706][ T5887] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 496.360726][ T5887] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 496.390511][ T5887] usb 6-1: config 1 interface 0 has no altsetting 1 [ 496.410496][ T5887] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 496.422569][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.436403][ T5887] usb 6-1: Product: syz [ 496.446762][ T5887] usb 6-1: Manufacturer: syz [ 496.466195][ T5887] usb 6-1: SerialNumber: syz [ 496.661898][ T5930] ft260 0003:0403:6030.001D: failed to reset I2C controller: -71 [ 496.677737][ T5887] smsusb:smsusb_probe: board id=8, interface number 0 [ 496.786262][ T5930] usb 7-1: USB disconnect, device number 35 [ 496.860629][ T5887] smsusb:smsusb_probe: Device initialized with return code -19 [ 496.949567][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 496.949582][ T30] audit: type=1326 audit(1770152882.879:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.239050][ T30] audit: type=1326 audit(1770152882.879:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.312514][T12158] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1559'. [ 497.323727][T12158] netlink: 'syz.5.1559': attribute type 13 has an invalid length. [ 497.332283][T12158] gretap0: refused to change device tx_queue_len [ 497.338695][T12158] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 497.490026][ T30] audit: type=1326 audit(1770152882.879:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.682693][ T30] audit: type=1326 audit(1770152882.879:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.734235][ T30] audit: type=1326 audit(1770152882.879:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.761174][ T30] audit: type=1326 audit(1770152882.879:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.801786][ T30] audit: type=1326 audit(1770152882.879:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.834804][ T30] audit: type=1326 audit(1770152882.919:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.891441][ T30] audit: type=1326 audit(1770152882.919:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 497.965717][ T30] audit: type=1326 audit(1770152883.199:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.0.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3235d9aeb9 code=0x7ffc0000 [ 498.168408][T12165] tipc: Enabled bearer , priority 0 [ 498.228403][T12184] syzkaller0: entered promiscuous mode [ 498.251169][T12184] syzkaller0: entered allmulticast mode [ 498.310468][T12165] tipc: Resetting bearer [ 498.350886][T12164] tipc: Resetting bearer [ 498.559223][T12164] tipc: Disabling bearer [ 498.573046][T12185] netlink: zone id is out of range [ 498.578670][T12185] netlink: zone id is out of range [ 498.653339][T12185] netlink: zone id is out of range [ 498.670113][T12185] netlink: zone id is out of range [ 498.714681][T12185] netlink: zone id is out of range [ 498.734018][T12185] netlink: zone id is out of range [ 498.753994][T12185] netlink: zone id is out of range [ 498.774362][T12185] netlink: zone id is out of range [ 498.808349][T12185] netlink: zone id is out of range [ 498.852573][T12186] netlink: 203340 bytes leftover after parsing attributes in process `syz.1.1565'. [ 499.845672][ T5887] usb 6-1: USB disconnect, device number 74 [ 500.041420][ T107] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 500.079727][T12200] veth0: entered promiscuous mode [ 500.087319][T12200] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1569'. [ 500.201374][ T107] usb 7-1: Using ep0 maxpacket: 32 [ 500.245722][ T107] usb 7-1: config 0 has an invalid interface number: 132 but max is 0 [ 500.245752][ T107] usb 7-1: config 0 has no interface number 0 [ 500.247448][ T107] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 500.251959][ T107] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 500.251988][ T107] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.252010][ T107] usb 7-1: Product: syz [ 500.252027][ T107] usb 7-1: Manufacturer: syz [ 500.252043][ T107] usb 7-1: SerialNumber: syz [ 500.265484][ T107] usb 7-1: config 0 descriptor?? [ 500.294077][ T107] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 500.294117][ T107] em28xx 7-1:0.132: Video interface 132 found: [ 500.453690][T12205] netlink: 'syz.1.1572': attribute type 10 has an invalid length. [ 500.516209][T12203] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 500.558986][T12205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.570508][T12205] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 500.622647][T12205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 500.667446][T12205] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 500.705709][ T107] em28xx 7-1:0.132: unknown em28xx chip ID (0) [ 500.712826][T12205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1572'. [ 500.739177][T12212] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1574'. [ 500.748951][T12205] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 500.748979][T12205] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 500.780260][T12212] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1574'. [ 500.879909][T12214] xt_CT: You must specify a L4 protocol and not use inversions on it [ 500.889997][T12205] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 500.940355][T12205] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 501.476676][T12205] bond0: (slave batadv0): Releasing backup interface [ 501.629756][T12221] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1567'. [ 501.743568][T12221] xt_hashlimit: size too large, truncated to 1048576 [ 501.841392][ T107] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 501.850184][ T107] em28xx 7-1:0.132: board has no eeprom [ 501.864246][T12221] xt_CT: You must specify a L4 protocol and not use inversions on it [ 501.977488][ T107] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 502.011540][ T107] em28xx 7-1:0.132: analog set to bulk mode. [ 502.028974][ T5887] em28xx 7-1:0.132: Registering V4L2 extension [ 502.283325][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 502.303472][T12229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 502.317752][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 502.329269][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 502.329669][T12229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 502.428528][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 502.664830][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x84 (error=-5) [ 502.707805][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x86 (error=-5) [ 502.734076][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x94 (error=-5) [ 502.755946][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0x96 (error=-5) [ 502.802040][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 502.802062][ T30] audit: type=1804 audit(1770152888.719:416): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1580" name="/newroot/297/file1" dev="fuse" ino=1 res=1 errno=0 [ 503.014904][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5) [ 503.024235][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5) [ 503.041177][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5) [ 503.073793][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5) [ 503.088444][ T5887] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5) [ 503.191450][ T5887] em28xx 7-1:0.132: Config register raw data: 0xfffffffb [ 503.217335][ T5887] em28xx 7-1:0.132: AC97 chip type couldn't be determined [ 503.226712][ T5887] em28xx 7-1:0.132: No AC97 audio processor [ 503.378158][ T5887] usb 7-1: Decoder not found [ 503.383043][ T5887] em28xx 7-1:0.132: failed to create media graph [ 503.407461][ T5887] em28xx 7-1:0.132: V4L2 device video103 deregistered [ 503.434311][ T5887] em28xx 7-1:0.132: Remote control support is not available for this card. [ 503.733692][T12252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1581'. [ 504.825869][ T5900] usb 7-1: USB disconnect, device number 36 [ 504.832888][ T5900] em28xx 7-1:0.132: Disconnecting em28xx [ 504.838583][ T5900] em28xx 7-1:0.132: Closing input extension [ 504.880896][T12263] loop5: detected capacity change from 0 to 7 [ 504.920111][T12263] Dev loop5: unable to read RDB block 7 [ 504.936272][ T5900] em28xx 7-1:0.132: Freeing device [ 504.994300][T12263] loop5: AHDI p1 p2 p3 [ 505.021114][T12263] loop5: partition table partially beyond EOD, truncated [ 505.072204][T12263] loop5: p1 start 1818582900 is beyond EOD, truncated [ 505.115021][T12263] loop5: p3 start 335544320 is beyond EOD, truncated [ 505.337807][ T5196] Dev loop5: unable to read RDB block 7 [ 505.346654][ T5196] loop5: AHDI p1 p2 p3 [ 505.352151][ T5900] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 505.378583][ T5196] loop5: partition table partially beyond EOD, truncated [ 505.391586][ T5196] loop5: p1 start 1818582900 is beyond EOD, truncated [ 505.409786][ T5196] loop5: p3 start 335544320 is beyond EOD, truncated [ 505.526749][ T5900] usb 7-1: Using ep0 maxpacket: 16 [ 505.549422][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.601435][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.626686][ T5900] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 505.640092][ T5900] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 505.702945][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.737148][ T5900] usb 7-1: config 0 descriptor?? [ 505.761602][T12277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.789640][T12277] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.031412][ T1220] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 506.162901][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.170205][ T5900] microsoft 0003:045E:07DA.001E: ignoring exceeding usage max [ 506.183146][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.190436][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.198299][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.206032][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.214472][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.223694][ T1220] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12544, setting to 64 [ 506.235042][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.242621][ T1220] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 506.252091][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.259517][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.266976][ T1220] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.275155][ T5900] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 506.285221][ T1220] usb 6-1: config 0 descriptor?? [ 506.364916][ T5900] microsoft 0003:045E:07DA.001E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 506.397510][ T5900] microsoft 0003:045E:07DA.001E: no inputs found [ 506.424598][ T5900] microsoft 0003:045E:07DA.001E: could not initialize ff, continuing anyway [ 506.500078][ T1220] ath6kl: Failed to submit usb control message: -71 [ 506.529469][ T1220] ath6kl: unable to send the bmi data to the device: -71 [ 506.541887][ T1220] ath6kl: Unable to send get target info: -71 [ 506.559338][ T1220] ath6kl: Failed to init ath6kl core: -71 [ 506.568083][T12265] overlay: Unknown parameter 'fd' [ 506.578667][ T1220] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 506.606648][ T5900] usb 7-1: USB disconnect, device number 37 [ 506.636576][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.643144][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.654689][ T1220] usb 6-1: USB disconnect, device number 75 [ 506.877281][T12297] netlink: 'syz.0.1593': attribute type 10 has an invalid length. [ 506.895140][T12297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.906991][T12297] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 506.933414][T12299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.956137][T12299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.131087][T12303] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1594'. [ 507.246440][T12308] vlan2: entered promiscuous mode [ 507.276379][T12308] vlan2: entered allmulticast mode [ 507.638203][T12306] tipc: Enabled bearer , priority 0 [ 507.645806][T12306] syzkaller0: entered promiscuous mode [ 507.651450][T12306] syzkaller0: entered allmulticast mode [ 507.833815][ T5900] usb 7-1: new full-speed USB device number 38 using dummy_hcd [ 507.876916][T12306] tipc: Resetting bearer [ 507.998838][T12305] tipc: Resetting bearer [ 508.007021][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 508.018236][ T5900] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 508.027647][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.112834][ T5900] usb 7-1: config 0 descriptor?? [ 508.120729][T12305] tipc: Disabling bearer [ 508.143331][T12316] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22 [ 508.596235][ T5900] elan 0003:04F3:0755.001F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 508.714844][T12332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.762556][T12332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.278681][T12334] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1602'. [ 509.317955][T12334] unsupported nlmsg_type 40 [ 509.812129][ T799] usb 7-1: reset full-speed USB device number 38 using dummy_hcd [ 510.808474][T12365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.939493][T12365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.165401][T12373] syzkaller0: entered promiscuous mode [ 511.171185][T12373] syzkaller0: entered allmulticast mode [ 511.215166][T12373] tipc: Enabled bearer , priority 0 [ 511.398226][ T5900] usb 7-1: USB disconnect, device number 38 [ 511.734086][T12383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.782280][T12383] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.796314][T12383] binder: 12382:12383 unknown command 0 [ 511.822026][T12383] binder: 12382:12383 ioctl c0306201 200000000080 returned -22 [ 511.873422][T12384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.903579][T12384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.925605][T12384] program syz.3.1615 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 511.954056][T12372] tipc: Resetting bearer [ 511.998109][T12372] tipc: Disabling bearer [ 512.194933][T12391] binder: 12389:12391 ioctl c0306201 2000000003c0 returned -14 [ 512.491408][ T5887] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 512.631984][ T5887] usb 7-1: device descriptor read/64, error -71 [ 512.638916][T12403] syzkaller0: entered promiscuous mode [ 512.646942][T12403] syzkaller0: entered allmulticast mode [ 512.871787][ T5887] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 513.011321][ T5887] usb 7-1: device descriptor read/64, error -71 [ 513.122342][ T5887] usb usb7-port1: attempt power cycle [ 513.481880][ T5887] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 513.514384][ T5887] usb 7-1: device descriptor read/8, error -71 [ 513.765284][ T5887] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 513.802173][ T5887] usb 7-1: device descriptor read/8, error -71 [ 513.931618][ T5887] usb usb7-port1: unable to enumerate USB device [ 514.261196][T12428] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0 [ 514.811509][T12441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.820335][T12441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.844633][T12441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.872058][T12441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 515.087650][T12452] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1633'. [ 515.315669][ T5887] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 515.493106][ T5887] usb 6-1: config 1 has an invalid descriptor of length 161, skipping remainder of the config [ 515.510552][ T5887] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 515.534770][ T5887] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 515.546027][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 515.558018][ T5887] usb 6-1: SerialNumber: syz [ 515.572613][ T5887] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found [ 515.588905][ T5887] cdc_mbim 6-1:1.0: bind() failure [ 515.601732][ T5900] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 515.774952][ T5930] usb 6-1: USB disconnect, device number 77 [ 515.797920][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.851042][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.882489][ T5900] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 515.897005][ T5900] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 515.906405][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.933430][ T5900] usb 7-1: config 0 descriptor?? [ 515.943198][T12462] binder: 12461:12462 ioctl c0306201 2000000001c0 returned -14 [ 516.211016][T12471] fuse: Bad value for 'fd' [ 516.226333][T12473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 516.242981][T12473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.403727][ T5900] hid_parser_main: 1 callbacks suppressed [ 516.403751][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.425216][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.433102][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.440798][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.448761][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.456647][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.465542][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.473282][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.480843][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.488897][ T5900] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 516.547742][ T5900] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 516.631349][ T5887] usb 6-1: new full-speed USB device number 78 using dummy_hcd [ 516.812332][ T5887] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 516.828261][ T5887] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 516.856584][ T5887] usb 6-1: config 1 has no interface number 1 [ 516.881347][ T5887] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 516.932538][T12487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 516.933045][ T5887] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 516.961646][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.970393][ T5887] usb 6-1: Product: syz [ 516.984409][T12487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.991617][ T5887] usb 6-1: Manufacturer: syz [ 517.002348][ T5887] usb 6-1: SerialNumber: syz [ 517.236622][ T5887] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 517.311515][ T5887] usb 6-1: USB disconnect, device number 78 [ 517.398030][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 517.535129][ T30] audit: type=1400 audit(1770152903.459:417): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=12494 comm="syz.0.1648" [ 517.710027][T12488] x_tables: duplicate underflow at hook 3 [ 517.873708][T12503] input: syz1 as /devices/virtual/input/input35 [ 518.201414][ T5900] usb 7-1: reset high-speed USB device number 43 using dummy_hcd [ 518.435474][T12512] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 518.502066][T12512] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.432449][T12527] team_slave_0: left promiscuous mode [ 519.458502][T12527] team_slave_1: left promiscuous mode [ 519.516352][T12527] net_ratelimit: 539 callbacks suppressed [ 519.516374][T12527] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 519.573224][T12530] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1658'. [ 520.251343][ T5900] usb 7-1: device descriptor read/64, error -71 [ 520.431548][ T107] usb 6-1: new full-speed USB device number 79 using dummy_hcd [ 520.491454][ T5900] usb 7-1: reset high-speed USB device number 43 using dummy_hcd [ 520.505770][T12553] binder: BINDER_SET_CONTEXT_MGR already set [ 520.512007][T12553] binder: 12548:12553 ioctl 4018620d 200000000100 returned -16 [ 520.523586][T12553] binder: BINDER_SET_CONTEXT_MGR already set [ 520.529655][T12553] binder: 12548:12553 ioctl 4018620d 200000000040 returned -16 [ 520.569201][ T5900] usb 7-1: device reset changed ep0 maxpacket size! [ 520.579155][ T5930] usb 7-1: USB disconnect, device number 43 [ 520.615033][ T107] usb 6-1: config index 0 descriptor too short (expected 149, got 148) [ 520.650399][ T107] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 520.689408][ T107] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 520.715184][ T107] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 520.721560][ T5930] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 520.843916][ T107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 520.852135][ T107] usb 6-1: SerialNumber: syz [ 520.911827][ T107] usb 6-1: 0:2 : does not exist [ 521.106226][ T107] usb 6-1: USB disconnect, device number 79 [ 521.163163][ T5930] usb 7-1: Using ep0 maxpacket: 8 [ 521.353577][ T5930] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 521.366880][ T5930] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.386721][ T5930] usb 7-1: Product: syz [ 521.390937][ T5930] usb 7-1: Manufacturer: syz [ 521.403908][ T5930] usb 7-1: SerialNumber: syz [ 521.424303][ T5930] usb 7-1: config 0 descriptor?? [ 521.443391][ T5930] gspca_main: sq930x-2.14.0 probing 2770:930c [ 521.750476][T12559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 521.759610][T12559] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 521.849311][ T5930] gspca_sq930x: ucbus_write failed -71 [ 521.940822][T12566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 521.952460][T12566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 522.093964][ T5930] gspca_sq930x: Sensor ov9630 not yet treated [ 522.100154][ T5930] sq930x 7-1:0.0: probe with driver sq930x failed with error -22 [ 522.161794][ T5930] usb 7-1: USB disconnect, device number 44 [ 522.423111][T12573] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1671'. [ 522.479428][T12574] pim6reg1: entered promiscuous mode [ 522.490615][T12574] pim6reg1: entered allmulticast mode [ 522.717536][T12579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 522.736931][T12579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 522.814137][ T107] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 522.823261][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1671'. [ 522.837081][T12578] netlink: 'syz.1.1671': attribute type 13 has an invalid length. [ 522.847617][T12578] gretap0: refused to change device tx_queue_len [ 522.854458][T12578] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 522.889378][T12581] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 523.059705][ T107] usb 7-1: device descriptor read/64, error -71 [ 523.451625][ T107] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 523.632279][ T107] usb 7-1: device descriptor read/64, error -71 [ 523.757978][ T107] usb usb7-port1: attempt power cycle [ 524.101398][ T107] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 524.132315][ T107] usb 7-1: device descriptor read/8, error -71 [ 524.375750][ T107] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 524.414871][ T107] usb 7-1: device descriptor read/8, error -71 [ 524.532034][ T107] usb usb7-port1: unable to enumerate USB device [ 525.640448][T12608] tipc: Enabled bearer , priority 0 [ 525.655535][T12608] syzkaller0: entered promiscuous mode [ 525.664693][T12608] syzkaller0: entered allmulticast mode [ 525.671471][ T5887] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 525.736268][T12608] tipc: Resetting bearer [ 525.772369][T12607] tipc: Resetting bearer [ 525.845233][T12607] tipc: Disabling bearer [ 525.851442][ T5887] usb 6-1: Using ep0 maxpacket: 16 [ 525.858668][ T5887] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 525.871383][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 525.885330][ T5887] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 525.895554][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.908850][ T5887] usb 6-1: Product: syz [ 525.913668][ T5887] usb 6-1: Manufacturer: syz [ 525.918322][ T5887] usb 6-1: SerialNumber: syz [ 525.930039][ T5887] usb 6-1: config 0 descriptor?? [ 525.941832][ T5887] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 525.946696][ T1220] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 525.961547][ T5887] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 526.058877][T12627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1691'. [ 526.131770][ T1220] usb 7-1: Using ep0 maxpacket: 16 [ 526.144216][ T1220] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.162747][T12628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.181385][ T1220] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.195985][T12628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.210225][ T1220] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 526.228936][ T1220] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.252491][T12628] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1691'. [ 526.271542][ T1220] usb 7-1: config 0 descriptor?? [ 526.297690][T12628] netlink: 'syz.3.1691': attribute type 13 has an invalid length. [ 526.332254][T12628] 0ªî{X¹¦: refused to change device tx_queue_len [ 526.347339][T12628] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 526.367729][T12621] tipc: Enabling of bearer rejected, already enabled [ 526.549703][ T5887] em28xx 6-1:0.0: chip ID is em2874 [ 526.656249][T12639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.669051][T12639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.726196][ T1220] usbhid 7-1:0.0: can't add hid device: -71 [ 526.732549][ T1220] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 526.743992][ T1220] usb 7-1: USB disconnect, device number 49 [ 526.941940][ T5887] usb 6-1: USB disconnect, device number 80 [ 526.952410][ T5887] em28xx 6-1:0.0: Disconnecting em28xx [ 526.962284][ T5887] em28xx 6-1:0.0: Freeing device [ 527.276689][T12643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 527.290128][T12643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 527.378622][T12647] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1696'. [ 527.506534][T12655] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1698'. [ 527.689399][T12659] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1699'. [ 527.699612][T12659] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1699'. [ 527.714616][T12659] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1699'. [ 528.015059][T12664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 528.033018][T12664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 528.514316][T12664] veth1_macvtap: left allmulticast mode [ 528.570679][T12664] tipc: Resetting bearer [ 528.612181][T11454] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.639188][T11454] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.671852][T11454] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.692893][T11454] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.850641][T12667] tipc: Enabled bearer , priority 0 [ 528.861410][T12667] syzkaller0: entered promiscuous mode [ 528.867187][T12667] syzkaller0: entered allmulticast mode [ 528.907472][T12667] tipc: Resetting bearer [ 528.920028][T12666] tipc: Resetting bearer [ 528.979096][T12666] tipc: Disabling bearer [ 529.319020][T12675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.491113][T12675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.666869][T12684] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1705'. [ 529.784759][ T30] audit: type=1326 audit(1770152915.719:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 529.881693][ T30] audit: type=1326 audit(1770152915.739:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 529.921799][ T30] audit: type=1326 audit(1770152915.749:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 529.953846][ T30] audit: type=1326 audit(1770152915.749:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 529.999033][ T30] audit: type=1326 audit(1770152915.749:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.022229][ T30] audit: type=1326 audit(1770152915.759:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.051820][ T30] audit: type=1326 audit(1770152915.769:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.076761][ T30] audit: type=1326 audit(1770152915.769:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.111438][ T5887] usb 6-1: new full-speed USB device number 81 using dummy_hcd [ 530.141108][ T30] audit: type=1326 audit(1770152915.769:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.165026][ T30] audit: type=1326 audit(1770152915.769:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12687 comm="syz.5.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c42b9aeb9 code=0x7ffc0000 [ 530.273762][ T5887] usb 6-1: not running at top speed; connect to a high speed hub [ 530.284337][ T5887] usb 6-1: config 1 has an invalid interface number: 74 but max is 0 [ 530.295791][ T5887] usb 6-1: config 1 has no interface number 0 [ 530.304265][ T5887] usb 6-1: config 1 interface 74 has no altsetting 0 [ 530.318157][ T5887] usb 6-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice=22.be [ 530.327983][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.336227][ T5887] usb 6-1: Product: syz [ 530.342184][ T5887] usb 6-1: Manufacturer: syz [ 530.346994][ T5887] usb 6-1: SerialNumber: syz [ 530.484684][T12697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1713'. [ 530.570136][T12698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 530.580673][T12698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 530.602586][ T5887] usb 6-1: unknown interface protocol 0x55, assuming v1 [ 530.620184][ T5887] usb 6-1: cannot find UAC_HEADER [ 530.670523][T12698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1713'. [ 530.679534][ T5887] snd-usb-audio 6-1:1.74: probe with driver snd-usb-audio failed with error -22 [ 530.686312][ T5887] usb 6-1: USB disconnect, device number 81 [ 530.721919][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.74/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 530.757568][T12698] netlink: 'syz.3.1713': attribute type 13 has an invalid length. [ 530.809194][T12698] 0ªî{X¹¦: refused to change device tx_queue_len [ 530.836379][T12698] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 531.791393][ T1220] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 531.820138][T12705] tipc: Enabled bearer , priority 0 [ 531.828313][T12705] syzkaller0: entered promiscuous mode [ 531.834228][T12705] syzkaller0: entered allmulticast mode [ 531.882115][T12705] tipc: Resetting bearer [ 531.898948][T12704] tipc: Resetting bearer [ 531.931476][ T1220] usb 7-1: device descriptor read/64, error -71 [ 531.946318][T12704] tipc: Disabling bearer [ 531.958130][T12709] tipc: Enabling of bearer rejected, already enabled [ 531.968033][T12709] tipc: Resetting bearer [ 532.135862][T12713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.165590][T12714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.175568][T12713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 532.192569][ T1220] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 532.213884][T12714] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 532.225542][T12713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.238001][T12713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 532.263950][T12716] input: syz1 as /devices/virtual/input/input36 [ 532.341418][ T1220] usb 7-1: device descriptor read/64, error -71 [ 532.451726][ T1220] usb usb7-port1: attempt power cycle [ 532.553944][T12727] dummy0: entered promiscuous mode [ 532.562965][T12727] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 532.575638][T12727] debugfs: 'hsr1' already exists in 'hsr' [ 532.581848][T12727] Cannot create hsr debugfs directory [ 532.587918][T12727] hsr1: entered allmulticast mode [ 532.593093][T12727] dummy0: entered allmulticast mode [ 532.598472][T12727] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 532.624967][T12727] input: syz0 as /devices/virtual/input/input37 [ 532.801328][ T1220] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 532.822692][ T1220] usb 7-1: device descriptor read/8, error -71 [ 532.891298][ T5887] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 533.056195][ T5887] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.061618][ T1220] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 533.074612][ T5887] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 533.169548][ T1220] usb 7-1: device descriptor read/8, error -71 [ 533.178209][ T5887] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 533.226104][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.259040][ T5887] usb 6-1: config 0 descriptor?? [ 533.291614][ T1220] usb usb7-port1: unable to enumerate USB device [ 533.450966][T12732] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1723'. [ 533.540789][T12732] bond_slave_0: entered promiscuous mode [ 533.546947][T12732] bond_slave_1: entered promiscuous mode [ 533.552783][T12732] batadv0: entered promiscuous mode [ 533.573023][T12732] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 533.618239][T12732] bond_slave_0: left promiscuous mode [ 533.623852][T12732] bond_slave_1: left promiscuous mode [ 533.629522][T12732] batadv0: left promiscuous mode [ 534.102771][T12736] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1724'. [ 535.324031][T12754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 535.340723][T12754] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 535.649169][T12745] tipc: Enabled bearer , priority 0 [ 535.713443][T12755] syzkaller0: entered promiscuous mode [ 535.718992][T12755] syzkaller0: entered allmulticast mode [ 535.836966][T12745] tipc: Resetting bearer [ 535.875525][T12744] tipc: Resetting bearer [ 535.970022][T12744] tipc: Disabling bearer [ 536.633535][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1735'. [ 536.674673][T12771] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1735'. [ 536.731366][T12771] netlink: 'syz.6.1735': attribute type 18 has an invalid length. [ 536.739250][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1735'. [ 536.820098][T12776] trusted_key: encrypted_key: master key parameter '_°eƒþv`Tu-Èëµ0ýÂ#' is invalid [ 537.046807][T12782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1738'. [ 537.215857][T12784] loop5: detected capacity change from 0 to 7 [ 537.260772][T12784] Dev loop5: unable to read RDB block 7 [ 537.290307][T12784] loop5: unable to read partition table [ 537.346011][T12784] loop5: partition table beyond EOD, truncated [ 537.362891][T12784] loop_reread_partitions: partition scan of loop5 (þ被xü^>Ñà– ) failed (rc=-5) [ 538.778207][T12802] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 539.413870][ T5887] hid_parser_main: 5 callbacks suppressed [ 539.413893][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.461514][ T5900] usb 7-1: new full-speed USB device number 54 using dummy_hcd [ 539.480410][ T107] usb 6-1: USB disconnect, device number 82 [ 539.486873][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.539382][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.624690][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.666594][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.731406][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.739010][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.761310][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.779112][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.792659][ T5887] hid-generic 00A0:0006:0003.0021: unknown main item tag 0x0 [ 539.820582][ T5887] hid-generic 00A0:0006:0003.0021: hidraw0: HID v0.05 Device [syz1] on syz0 [ 540.036062][T12816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 540.046935][T12816] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 540.144350][ T5900] usb 7-1: config 0 has an invalid interface number: 113 but max is 0 [ 540.191397][ T5900] usb 7-1: config 0 has no interface number 0 [ 540.197624][ T5900] usb 7-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 540.238245][T12814] fido_id[12814]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 540.339923][ T5900] usb 7-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 540.376856][ T5900] usb 7-1: config 0 interface 113 has no altsetting 0 [ 540.963151][ T5900] usb 7-1: string descriptor 0 read error: -71 [ 540.987623][ T5900] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 540.999509][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1750'. [ 541.017211][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.027350][T12825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1750'. [ 541.048891][ T5900] usb 7-1: config 0 descriptor?? [ 541.061399][T12825] netlink: 'syz.3.1750': attribute type 18 has an invalid length. [ 541.085955][ T5900] usb 7-1: can't set config #0, error -71 [ 541.108886][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1750'. [ 541.143454][ T5900] usb 7-1: USB disconnect, device number 54 [ 541.352323][T12832] fuse: Bad value for 'fd' [ 541.927927][T12823] tipc: Enabled bearer , priority 0 [ 541.935335][T12823] syzkaller0: entered promiscuous mode [ 541.940863][T12823] syzkaller0: entered allmulticast mode [ 542.074819][T12839] tipc: Resetting bearer [ 542.086646][T12822] tipc: Resetting bearer [ 542.114013][T12822] tipc: Disabling bearer [ 542.138329][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1754'. [ 542.148074][T12841] 8021q: VLANs not supported on vxcan0 [ 542.719441][T12846] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1756'. [ 542.938894][T12760] syz.1.1732 (12760): drop_caches: 1 [ 543.033070][T12849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 543.061510][ T107] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 543.082087][T12849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 543.154314][T12849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 543.168492][T12849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 543.224766][T12855] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1757'. [ 543.972733][ T107] usb 6-1: unable to get BOS descriptor or descriptor too short [ 544.001863][ T107] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 544.016439][ T107] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 544.082283][ T107] usb 6-1: config 1 interface 0 has no altsetting 1 [ 544.142461][ T107] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 544.161715][ T107] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.169801][ T107] usb 6-1: Product: syz [ 544.178505][ T107] usb 6-1: Manufacturer: syz [ 544.183588][ T107] usb 6-1: SerialNumber: syz [ 544.321763][ T107] smsusb:smsusb_probe: board id=8, interface number 0 [ 544.398720][ T107] smsusb:smsusb_probe: Device initialized with return code -19 [ 544.452173][T12863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1762'. [ 544.471658][T12863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1762'. [ 544.482445][T12863] netlink: 'syz.3.1762': attribute type 18 has an invalid length. [ 544.490591][T12863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1762'. [ 544.608836][T12847] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1756'. [ 544.628703][T12847] netlink: 'syz.5.1756': attribute type 13 has an invalid length. [ 544.677720][T12847] gretap0: refused to change device tx_queue_len [ 544.732063][T12847] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 544.961470][ T5918] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 545.111893][ T5918] usb 7-1: Using ep0 maxpacket: 8 [ 545.123469][ T5918] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 545.137270][ T5918] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 545.158114][ T5918] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 545.168581][ T5918] usb 7-1: Product: syz [ 545.173159][ T5918] usb 7-1: Manufacturer: syz [ 545.177800][ T5918] usb 7-1: SerialNumber: syz [ 545.444100][T12872] syzkaller0: entered promiscuous mode [ 545.461286][T12872] syzkaller0: entered allmulticast mode [ 545.521719][ T5918] usb 7-1: palm_os_3_probe - error -110 getting connection information [ 545.538694][ T5918] visor 7-1:1.0: probe with driver visor failed with error -110 [ 545.661053][ T1220] usb 7-1: USB disconnect, device number 55 [ 545.840209][ T5918] usb 6-1: USB disconnect, device number 83 [ 546.264057][T12892] __nla_validate_parse: 1 callbacks suppressed [ 546.264078][T12892] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1771'. [ 546.554067][ T1220] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 546.738639][ T1220] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 546.760248][ T1220] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.779956][ T1220] usb 7-1: Product: syz [ 546.812153][ T1220] usb 7-1: Manufacturer: syz [ 546.816818][ T1220] usb 7-1: SerialNumber: syz [ 546.904778][ T1220] usb 7-1: config 0 descriptor?? [ 546.919459][ T1220] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 547.026539][T12900] tipc: Enabled bearer , priority 0 [ 547.039553][T12900] syzkaller0: entered promiscuous mode [ 547.047461][T12900] syzkaller0: entered allmulticast mode [ 547.211953][ T1220] usb 7-1: USB disconnect, device number 56 [ 547.270528][T12914] tipc: Resetting bearer [ 547.274046][T12916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1776'. [ 547.301433][T12916] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1776'. [ 547.333096][T12916] netlink: 'syz.6.1776': attribute type 18 has an invalid length. [ 547.371714][T12916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1776'. [ 547.422805][T12899] tipc: Resetting bearer [ 547.490789][T12899] tipc: Disabling bearer [ 548.718682][T12939] syzkaller0: entered promiscuous mode [ 548.724454][T12939] syzkaller0: entered allmulticast mode [ 548.880022][T12942] netlink: 164 bytes leftover after parsing attributes in process `syz.6.1784'. [ 549.296408][T12951] FAULT_INJECTION: forcing a failure. [ 549.296408][T12951] name failslab, interval 1, probability 0, space 0, times 0 [ 549.317409][T12951] CPU: 0 UID: 0 PID: 12951 Comm: syz.5.1786 Tainted: G L syzkaller #0 PREEMPT(full) [ 549.317443][T12951] Tainted: [L]=SOFTLOCKUP [ 549.317451][T12951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 549.317470][T12951] Call Trace: [ 549.317478][T12951] [ 549.317487][T12951] dump_stack_lvl+0xe8/0x150 [ 549.317518][T12951] should_fail_ex+0x412/0x560 [ 549.317545][T12951] should_failslab+0xa8/0x100 [ 549.317569][T12951] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 549.317602][T12951] ? __alloc_skb+0x1d7/0x390 [ 549.317624][T12951] ? __local_bh_enable_ip+0xd0/0x130 [ 549.317645][T12951] ? __alloc_skb+0x193/0x390 [ 549.317670][T12951] __alloc_skb+0x1d7/0x390 [ 549.317699][T12951] xfrm_send_acquire+0x15f/0xf20 [ 549.317734][T12951] ? km_query+0x2e/0x210 [ 549.317762][T12951] ? __pfx_xfrm_send_acquire+0x10/0x10 [ 549.317792][T12951] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 549.317824][T12951] ? xfrm_init_tempstate+0xa59/0x1290 [ 549.317852][T12951] ? km_query+0x2e/0x210 [ 549.317880][T12951] km_query+0x11c/0x210 [ 549.317905][T12951] ? km_query+0x2e/0x210 [ 549.317933][T12951] xfrm_state_find+0x419b/0x5c60 [ 549.317970][T12951] ? __pfx___find_rr_leaf+0x10/0x10 [ 549.317999][T12951] ? __pfx_fib6_node_lookup+0x10/0x10 [ 549.318029][T12951] ? xfrm_state_find+0x1fd/0x5c60 [ 549.318061][T12951] ? __pfx_xfrm_state_find+0x10/0x10 [ 549.318087][T12951] ? __lock_acquire+0x6b5/0x2cf0 [ 549.318129][T12951] ? __rt6_find_exception_rcu+0x144/0x500 [ 549.318167][T12951] xfrm_resolve_and_create_bundle+0x81c/0x30a0 [ 549.318207][T12951] ? __lock_acquire+0x6b5/0x2cf0 [ 549.318240][T12951] ? ipv6_addr_label+0x2f/0x240 [ 549.318264][T12951] ? ipv6_addr_label+0x1b5/0x240 [ 549.318293][T12951] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 549.318315][T12951] ? __lock_acquire+0x6b5/0x2cf0 [ 549.318353][T12951] ? xfrm_sk_policy_lookup+0x90/0x720 [ 549.318396][T12951] ? xfrm_sk_policy_lookup+0x6dc/0x720 [ 549.318430][T12951] ? xfrm_expand_policies+0x489/0x740 [ 549.318456][T12951] xfrm_lookup_with_ifid+0x28b/0x1b90 [ 549.318486][T12951] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 549.318506][T12951] ? ip6_datagram_dst_update+0x546/0xd10 [ 549.318544][T12951] xfrm_lookup_route+0x3c/0x1c0 [ 549.318564][T12951] ? ip6_datagram_dst_update+0x546/0xd10 [ 549.318590][T12951] ip6_datagram_dst_update+0x791/0xd10 [ 549.318622][T12951] ? __pfx_ip6_datagram_dst_update+0x10/0x10 [ 549.318664][T12951] ? __ip6_datagram_connect+0xb92/0x1150 [ 549.318694][T12951] __ip6_datagram_connect+0xbd1/0x1150 [ 549.318729][T12951] ? __pfx___ip6_datagram_connect+0x10/0x10 [ 549.318762][T12951] ? __local_bh_enable_ip+0xd0/0x130 [ 549.318785][T12951] ip6_datagram_connect_v6_only+0x63/0xa0 [ 549.318813][T12951] __sys_connect+0x312/0x450 [ 549.318841][T12951] ? __pfx___sys_connect+0x10/0x10 [ 549.318878][T12951] ? __pfx_ksys_write+0x10/0x10 [ 549.318916][T12951] __x64_sys_connect+0x7a/0x90 [ 549.318941][T12951] do_syscall_64+0xe2/0xf80 [ 549.318962][T12951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.318982][T12951] ? trace_irq_disable+0x37/0x100 [ 549.319000][T12951] ? clear_bhb_loop+0x60/0xb0 [ 549.319024][T12951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.319049][T12951] RIP: 0033:0x7f8c42b9aeb9 [ 549.319068][T12951] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.319085][T12951] RSP: 002b:00007f8c43ada028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 549.319107][T12951] RAX: ffffffffffffffda RBX: 00007f8c42e15fa0 RCX: 00007f8c42b9aeb9 [ 549.319127][T12951] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 549.319140][T12951] RBP: 00007f8c43ada090 R08: 0000000000000000 R09: 0000000000000000 [ 549.319153][T12951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.319165][T12951] R13: 00007f8c42e16038 R14: 00007f8c42e15fa0 R15: 00007f8c42f3fa48 [ 549.319199][T12951] [ 550.358274][ T5918] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 550.506319][T12978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 550.532126][T12978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 550.541862][ T5918] usb 6-1: Using ep0 maxpacket: 32 [ 550.573894][ T5918] usb 6-1: config 0 has an invalid interface number: 23 but max is 0 [ 550.591564][ T5918] usb 6-1: config 0 has no interface number 0 [ 550.601302][ T5918] usb 6-1: config 0 interface 23 has no altsetting 0 [ 550.692060][ T5918] usb 6-1: New USB device found, idVendor=1d50, idProduct=614d, bcdDevice=f9.bf [ 550.711836][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.721123][ T5918] usb 6-1: Product: syz [ 550.726369][ T5918] usb 6-1: Manufacturer: syz [ 550.731011][ T5918] usb 6-1: SerialNumber: syz [ 550.747379][ T5918] usb 6-1: config 0 descriptor?? [ 550.933400][T12966] tipc: Enabling of bearer rejected, already enabled [ 551.128432][T12982] netlink: 'syz.6.1794': attribute type 2 has an invalid length. [ 551.249283][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 551.249300][ T30] audit: type=1326 audit(1770152937.179:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.311348][ T30] audit: type=1326 audit(1770152937.209:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.361360][ T30] audit: type=1326 audit(1770152937.209:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.434996][ T30] audit: type=1326 audit(1770152937.209:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.496893][ T30] audit: type=1326 audit(1770152937.209:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.581185][ T30] audit: type=1326 audit(1770152937.209:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.603990][ T1220] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 551.656205][ T30] audit: type=1326 audit(1770152937.209:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.723192][ T30] audit: type=1326 audit(1770152937.219:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.767559][T12992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 551.781341][ T1220] usb 7-1: Using ep0 maxpacket: 32 [ 551.791148][ T1220] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.811765][T12992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 551.821717][ T1220] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.831723][ T30] audit: type=1326 audit(1770152937.269:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.866331][ T1220] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 551.885910][ T1220] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.901376][ T30] audit: type=1326 audit(1770152937.269:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12981 comm="syz.6.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc307d9aeb9 code=0x7ffc0000 [ 551.932324][ T1220] usb 7-1: config 0 descriptor?? [ 552.059079][T12986] tipc: Enabled bearer , priority 0 [ 552.080621][T12986] syzkaller0: entered promiscuous mode [ 552.097633][T12986] syzkaller0: entered allmulticast mode [ 552.123616][T12986] tipc: Resetting bearer [ 552.132560][T12985] tipc: Resetting bearer [ 552.166817][T12985] tipc: Disabling bearer [ 552.953266][ T5918] usb 6-1: USB disconnect, device number 84 [ 552.984705][T13003] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 553.096495][T13006] ======================================================= [ 553.096495][T13006] WARNING: The mand mount option has been deprecated and [ 553.096495][T13006] and is ignored by this kernel. Remove the mand [ 553.096495][T13006] option from the mount to silence this warning. [ 553.096495][T13006] ======================================================= [ 553.503333][T13019] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1804'. [ 553.517466][T13019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1804'. [ 553.576810][T13019] netlink: 'syz.1.1804': attribute type 18 has an invalid length. [ 553.589277][T13019] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1804'. [ 553.738763][T13023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1807'. [ 553.858481][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.895407][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 553.935494][T13024] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1807'. [ 553.967767][T13024] netlink: 'syz.3.1807': attribute type 13 has an invalid length. [ 554.003173][T13024] 0ªî{X¹¦: refused to change device tx_queue_len [ 554.041969][T13024] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 554.352978][ T1220] usbhid 7-1:0.0: can't add hid device: -71 [ 554.359296][ T1220] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 554.417546][ T1220] usb 7-1: USB disconnect, device number 57 [ 555.189383][T13049] openvswitch: netlink: Missing key (keys=40, expected=80) [ 556.401349][ T5918] usb 7-1: new high-speed USB device number 58 using dummy_hcd [ 556.567639][T13069] binder: 13068:13069 ioctl 40046205 0 returned -22 [ 556.581355][ T5918] usb 7-1: Using ep0 maxpacket: 8 [ 556.592807][ T5918] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 556.602835][ T5918] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 556.615008][ T5918] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 556.628593][ T5918] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 556.640778][ T5918] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.655602][ T5918] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 556.665533][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.833718][T13077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.998522][ T5918] usb 7-1: GET_CAPABILITIES returned 0 [ 557.008597][T13077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.020113][ T5918] usbtmc 7-1:16.0: can't read capabilities [ 557.316264][T13058] usbtmc 7-1:16.0: usb_control_msg returned -71 [ 557.327736][ T5918] usb 7-1: USB disconnect, device number 58 [ 557.806380][T13093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 557.893106][T13093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.086642][T13111] netlink: 'syz.1.1833': attribute type 9 has an invalid length. [ 559.223100][ T5887] usb 7-1: new high-speed USB device number 59 using dummy_hcd [ 559.391585][ T5887] usb 7-1: unable to get BOS descriptor or descriptor too short [ 559.405939][ T5887] usb 7-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 559.434364][ T5887] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 559.451130][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.461012][ T5887] usb 7-1: Product: syz [ 559.465544][ T5887] usb 7-1: Manufacturer: syz [ 559.470186][ T5887] usb 7-1: SerialNumber: syz [ 559.843546][ T5887] usb 7-1: reset high-speed USB device number 59 using dummy_hcd [ 559.928732][T11453] wlan0: Trigger new scan to find an IBSS to join [ 560.450828][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 560.450842][ T30] audit: type=1326 audit(1770152946.379:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.1.1839" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f7c6a594cd7 code=0x0 [ 560.737515][T13136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 560.905170][ T5887] usb 7-1: USB disconnect, device number 59 [ 560.907782][T13136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.445000][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 562.459523][T13157] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1845'. [ 562.511436][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 562.551164][ T5887] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 562.576974][T13160] dvmrp0: entered allmulticast mode [ 562.711830][ T5887] usb 7-1: Using ep0 maxpacket: 8 [ 562.721140][ T5887] usb 7-1: config 7 interface 0 has no altsetting 0 [ 562.749190][ T5887] usb 7-1: New USB device found, idVendor=0471, idProduct=0310, bcdDevice=58.70 [ 562.782992][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.814613][ T5887] usb 7-1: Product: syz [ 562.828357][ T5887] usb 7-1: Manufacturer: syz [ 562.850227][ T5887] usb 7-1: SerialNumber: syz [ 562.973429][T13169] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 563.120760][ T5887] pwc: Philips PCVC730K (ToUCam Fun)/PCVC830 (ToUCam II) USB webcam detected. [ 563.132377][ T5887] pwc: Failed to set LED on/off time (-71) [ 563.139063][ T5887] pwc: send_video_command error -71 [ 563.145930][ T5887] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 563.154080][ T5887] Philips webcam 7-1:7.0: probe with driver Philips webcam failed with error -71 [ 563.172584][ T5887] usb 7-1: USB disconnect, device number 60 [ 563.914373][T11452] wlan0: Trigger new scan to find an IBSS to join [ 564.003803][ T5887] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 564.211475][ T5887] usb 6-1: Using ep0 maxpacket: 16 [ 564.250199][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.281780][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.341291][ T5887] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 564.440278][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.482717][ T5887] usb 6-1: config 0 descriptor?? [ 564.912377][ T5887] usbhid 6-1:0.0: can't add hid device: -71 [ 564.921427][ T5887] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 564.964737][ T5887] usb 6-1: USB disconnect, device number 85 [ 564.971137][T11453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.671504][ T8622] IPVS: ip_vs_send_async error -101 [ 565.901136][T13202] fuse: Bad value for 'fd' [ 566.047821][T13204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.094131][T13204] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.318014][T13210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.328587][T13211] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1864'. [ 566.358037][T13210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.408513][T13210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.422806][T13210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.434576][T13214] IPv6: NLM_F_CREATE should be specified when creating new route [ 566.578264][T13220] netlink: 'syz.6.1869': attribute type 1 has an invalid length. [ 566.615771][ T1220] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 566.863185][T13223] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1870'. [ 566.901321][ T1220] usb 6-1: device descriptor read/64, error -71 [ 567.064955][T13229] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1872'. [ 567.181387][ T1220] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 567.323792][ T1220] usb 6-1: device descriptor read/64, error -71 [ 567.440731][T13238] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 567.486746][ T1220] usb usb6-port1: attempt power cycle [ 567.572450][T13240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.582253][T13240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 567.971385][ T1220] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 568.032308][ T1220] usb 6-1: device descriptor read/8, error -71 [ 568.084707][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.091768][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.331433][ T1220] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 568.362547][ T1220] usb 6-1: device descriptor read/8, error -71 [ 568.383396][T13236] tipc: Enabled bearer , priority 0 [ 568.392040][T13236] syzkaller0: entered promiscuous mode [ 568.397687][T13236] syzkaller0: entered allmulticast mode [ 568.487680][T13253] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1876'. [ 568.499315][ T1220] usb usb6-port1: unable to enumerate USB device [ 568.537020][T13236] tipc: Resetting bearer [ 568.592740][T13235] tipc: Resetting bearer [ 568.805881][T13235] tipc: Disabling bearer [ 570.701458][T13283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.733464][T13283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.460055][T13300] tipc: Enabled bearer , priority 0 [ 572.529282][T13300] syzkaller0: entered promiscuous mode [ 572.586437][T13300] syzkaller0: entered allmulticast mode [ 572.607386][T13315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.616411][T13315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.702762][T13300] tipc: Resetting bearer [ 572.721887][ T5918] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 572.762248][T13299] tipc: Resetting bearer [ 572.783176][T13299] tipc: Disabling bearer [ 572.890807][ T5918] usb 7-1: Using ep0 maxpacket: 8 [ 572.910255][ T5918] usb 7-1: config 121 has too many interfaces: 106, using maximum allowed: 32 [ 572.938586][ T5918] usb 7-1: config 121 has an invalid descriptor of length 152, skipping remainder of the config [ 573.079694][ T5918] usb 7-1: config 121 has 0 interfaces, different from the descriptor's value: 106 [ 573.148718][ T5918] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 573.172633][ T5918] usb 7-1: New USB device strings: Mfr=9, Product=2, SerialNumber=37 [ 573.199728][ T5918] usb 7-1: Product: syz [ 573.208837][ T5918] usb 7-1: Manufacturer: syz [ 573.222826][ T5918] usb 7-1: SerialNumber: syz [ 573.733486][T13329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.766949][T13329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.076766][T13335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.105447][T13335] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.389953][ T30] audit: type=1400 audit(1770152960.319:528): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="\" pid=13334 comm="syz.3.1897" [ 574.456289][T13339] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1897'. [ 575.682194][ T5930] usb 7-1: USB disconnect, device number 61 [ 576.581307][ T5918] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 577.105591][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.116699][ T5918] usb 6-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 577.126062][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.157844][ T5918] usb 6-1: config 0 descriptor?? [ 577.608473][ T5918] lg-g15 0003:046D:C222.0022: unbalanced delimiter at end of report description [ 577.622247][T13380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.630925][T13380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.746816][ T5918] lg-g15 0003:046D:C222.0022: probe with driver lg-g15 failed with error -22 [ 578.931605][ T5918] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 579.091600][ T5918] usb 7-1: Using ep0 maxpacket: 8 [ 579.099298][ T5918] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 579.123682][ T5918] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 579.142074][ T5918] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 579.190937][ T5918] usb 7-1: Product: syz [ 579.210490][ T5918] usb 7-1: Manufacturer: syz [ 579.238986][ T5918] usb 7-1: SerialNumber: syz [ 579.328494][T13403] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1914'. [ 579.403505][ T5930] usb 6-1: USB disconnect, device number 90 [ 579.648291][T13405] xt_CT: You must specify a L4 protocol and not use inversions on it [ 579.651020][T13397] syzkaller0: entered promiscuous mode [ 579.712939][T13397] syzkaller0: entered allmulticast mode [ 579.741839][ T5918] usb 7-1: palm_os_3_probe - error -110 getting connection information [ 579.769938][ T5918] visor 7-1:1.0: probe with driver visor failed with error -110 [ 579.952954][T13406] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 579.963081][T13405] netlink: 'syz.5.1915': attribute type 21 has an invalid length. [ 580.061109][ T5918] usb 7-1: USB disconnect, device number 62 [ 580.485242][T13423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.641718][T13423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.917877][T13429] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.1921'. [ 581.066990][ T5930] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 581.302716][T13440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1922'. [ 581.341323][ T5930] usb 7-1: Using ep0 maxpacket: 32 [ 581.422854][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.456804][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 581.470711][ T5930] usb 7-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00 [ 581.504426][ T30] audit: type=1400 audit(1770152967.429:529): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=13443 comm="syz.1.1924" [ 581.610432][T13448] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1924'. [ 581.614072][ T5930] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.747954][ T5930] usb 7-1: config 0 descriptor?? [ 581.916824][T13451] netlink: 'syz.0.1925': attribute type 1 has an invalid length. [ 582.034116][ T5930] hid_parser_main: 5 callbacks suppressed [ 582.034139][ T5930] elecom 0003:056E:00FD.0023: unknown main item tag 0x4 [ 582.078463][ T5930] elecom 0003:056E:00FD.0023: hidraw0: USB HID v0.00 Device [HID 056e:00fd] on usb-dummy_hcd.6-1/input0 [ 582.140693][T13451] 8021q: adding VLAN 0 to HW filter on device bond2 [ 582.422122][T13461] input: syz0 as /devices/virtual/input/input38 [ 582.743710][ T5918] usb 7-1: USB disconnect, device number 63 [ 583.162662][T13477] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1932'. [ 584.471511][ T5918] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 584.524698][T13487] binder: BINDER_SET_CONTEXT_MGR already set [ 584.531805][T13487] binder: 13485:13487 ioctl 4018620d 2000000000c0 returned -16 [ 584.541871][T13487] binder: BINDER_SET_CONTEXT_MGR already set [ 584.547916][T13487] binder: 13485:13487 ioctl 4018620d 200000000040 returned -16 [ 585.065140][T13492] syzkaller1: entered promiscuous mode [ 585.080940][T13492] syzkaller1: entered allmulticast mode [ 585.272313][T13496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 585.301783][T13496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 585.361712][ T107] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 585.531769][ T107] usb 6-1: Using ep0 maxpacket: 32 [ 585.543409][ T107] usb 6-1: config 2 has an invalid interface number: 88 but max is 0 [ 585.552379][ T107] usb 6-1: config 2 has no interface number 0 [ 585.558527][ T107] usb 6-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 585.584082][ T107] usb 6-1: config 2 interface 88 has no altsetting 0 [ 585.595460][ T107] usb 6-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 585.605357][ T107] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.613491][ T107] usb 6-1: Product: syz [ 585.617852][ T107] usb 6-1: Manufacturer: syz [ 585.625329][ T107] usb 6-1: SerialNumber: syz [ 585.649657][T13494] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22 [ 585.868024][T13494] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22 [ 585.958493][T13513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 585.974219][T13513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.311328][ T5918] usb 7-1: new full-speed USB device number 65 using dummy_hcd [ 586.463331][ T5918] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 586.477051][ T5918] usb 7-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00 [ 586.486917][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.513764][ T5918] usb 7-1: config 0 descriptor?? [ 586.679956][T13523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.692035][T13523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.728426][ T5918] usbhid 7-1:0.0: can't add hid device: -71 [ 586.737030][ T5918] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 586.756479][ T5918] usb 7-1: USB disconnect, device number 65 [ 586.904263][ T107] asix 6-1:2.88 (unnamed net_device) (uninitialized): invalid hw address, using random [ 587.108026][ T107] asix 6-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 587.120461][ T107] asix 6-1:2.88 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 587.132358][ T107] asix 6-1:2.88: probe with driver asix failed with error -71 [ 587.159577][ T107] usb 6-1: USB disconnect, device number 91 [ 587.190682][T13530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 587.206531][T13530] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 587.221638][ T5918] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 587.263985][T13532] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1955'. [ 587.316074][T13534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 587.328753][T13534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 587.371753][ T5918] usb 7-1: Using ep0 maxpacket: 32 [ 587.379625][ T5918] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 587.393517][ T5918] usb 7-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00 [ 587.402712][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.418896][ T5918] usb 7-1: config 0 descriptor?? [ 587.839482][ T5918] itetech 0003:06CB:73F6.0024: unknown main item tag 0x0 [ 587.852203][ T5918] itetech 0003:06CB:73F6.0024: unknown main item tag 0x0 [ 587.859501][ T5918] itetech 0003:06CB:73F6.0024: unknown main item tag 0x0 [ 587.868077][ T5918] itetech 0003:06CB:73F6.0024: unknown main item tag 0x0 [ 587.875645][ T5918] itetech 0003:06CB:73F6.0024: unknown main item tag 0x0 [ 587.897716][ T5918] itetech 0003:06CB:73F6.0024: hidraw0: USB HID v0.00 Device [HID 06cb:73f6] on usb-dummy_hcd.6-1/input0 [ 588.002787][T13546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.030013][ T1220] usb 7-1: USB disconnect, device number 66 [ 588.037886][T13546] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 588.119452][T13549] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 588.439146][ T1220] usb 4-1: USB disconnect, device number 30 [ 588.510019][T11402] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.690112][T11402] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.804998][T11402] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.931994][T11402] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.051461][ T5918] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 589.175982][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 589.185894][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 589.195988][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 589.206488][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 589.247515][ T5918] usb 6-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 589.273549][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 589.279712][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.339405][ T5918] usb 6-1: Product: syz [ 589.358547][T11402] erspan0: left allmulticast mode [ 589.363919][ T5918] usb 6-1: Manufacturer: syz [ 589.368503][T11402] erspan0: left promiscuous mode [ 589.369194][T11402] bridge0: port 3(erspan0) entered disabled state [ 589.389236][ T5918] usb 6-1: SerialNumber: syz [ 589.393669][T11402] bridge_slave_1: left allmulticast mode [ 589.399707][T11402] bridge_slave_1: left promiscuous mode [ 589.405898][T11402] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.417581][T11402] bridge_slave_0: left allmulticast mode [ 589.418730][ T5918] usb 6-1: config 0 descriptor?? [ 589.424620][T11402] bridge_slave_0: left promiscuous mode [ 589.424820][T11402] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.486032][ T5918] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 589.702941][T13576] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 590.117299][T11402] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.134548][T11402] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 590.158960][T11402] bond0 (unregistering): Released all slaves [ 590.183677][T11402] bond1 (unregistering): Released all slaves [ 590.298756][ T5918] usb 6-1: USB disconnect, device number 92 [ 590.353255][T11402] bond2 (unregistering): Released all slaves [ 590.481588][T11402] bond3 (unregistering): Released all slaves [ 590.496202][T11402] bond4 (unregistering): Released all slaves [ 590.511669][T11402] bond5 (unregistering): Released all slaves [ 590.635798][T11402] : left promiscuous mode [ 590.733298][T13586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 590.757014][T13586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 590.773695][T11402] tipc: Disabling bearer [ 590.797193][T11402] tipc: Left network mode [ 590.959392][T11402] IPVS: stopping master sync thread 11461 ... [ 591.257466][T13572] chnl_net:caif_netlink_parms(): no params data found [ 591.352285][ T5830] Bluetooth: hci0: command tx timeout [ 591.473018][ T799] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 591.532508][T13618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.549720][T13618] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 591.626055][T13572] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.634240][T13572] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.641990][T13572] bridge_slave_0: entered allmulticast mode [ 591.649895][T13572] bridge_slave_0: entered promiscuous mode [ 591.656458][ T799] usb 6-1: Using ep0 maxpacket: 8 [ 591.676464][ T799] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 591.693715][ T799] usb 6-1: config 0 has no interface number 0 [ 591.705442][ T799] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 591.719079][ T799] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 591.733736][ T799] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 591.745251][ T799] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 591.759305][ T799] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 591.769506][ T799] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.802206][ T799] usb 6-1: config 0 descriptor?? [ 591.829341][T13572] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.837897][T13572] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.845061][ T799] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 591.881832][T13572] bridge_slave_1: entered allmulticast mode [ 591.889208][T13572] bridge_slave_1: entered promiscuous mode [ 591.983085][T11402] batadv0: left promiscuous mode [ 592.015000][T11402] macvlan1: left promiscuous mode [ 592.101461][T11402] hsr_slave_0: left promiscuous mode [ 592.146624][T11402] hsr_slave_1: left promiscuous mode [ 592.162437][T11402] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 592.196551][T11402] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 592.213591][T11402] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 592.225010][T11402] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 592.242085][ T5830] Bluetooth: hci4: SCO packet for unknown connection handle 200 [ 592.343913][T11402] veth1_macvtap: left promiscuous mode [ 592.364797][T11402] veth0_macvtap: left promiscuous mode [ 592.411889][T11402] veth1_vlan: left allmulticast mode [ 592.417278][T11402] veth1_vlan: left promiscuous mode [ 592.431104][T11402] veth0_vlan: left promiscuous mode [ 592.445702][T13641] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1994'. [ 592.845050][T11402] macvlan0 (unregistering): left allmulticast mode [ 593.316381][T11402] team0 (unregistering): Port device team_slave_1 removed [ 593.378816][T11402] team0 (unregistering): Port device team_slave_0 removed [ 593.441364][ T5830] Bluetooth: hci0: command tx timeout [ 593.704667][T13650] ================================================================== [ 593.712794][T13650] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 593.721434][T13650] Write of size 1280 at addr ffffc9000b4bdb40 by task vivid-000-vid-c/13650 [ 593.730149][T13650] [ 593.732524][T13650] CPU: 1 UID: 0 PID: 13650 Comm: vivid-000-vid-c Tainted: G L syzkaller #0 PREEMPT(full) [ 593.732553][T13650] Tainted: [L]=SOFTLOCKUP [ 593.732560][T13650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 593.732574][T13650] Call Trace: [ 593.732582][T13650] [ 593.732590][T13650] dump_stack_lvl+0xe8/0x150 [ 593.732621][T13650] print_report+0xba/0x230 [ 593.732641][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 593.732682][T13650] kasan_report+0x117/0x150 [ 593.732704][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 593.732741][T13650] kasan_check_range+0x264/0x2c0 [ 593.732763][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 593.732786][T13650] __asan_memcpy+0x40/0x70 [ 593.732816][T13650] tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 593.732879][T13650] vivid_thread_vid_cap_tick+0x1035/0x6040 [ 593.732902][T13650] ? __lock_acquire+0x6b5/0x2cf0 [ 593.732959][T13650] ? __perf_event_task_sched_in+0x1606/0x1800 [ 593.732990][T13650] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 593.733021][T13650] ? vivid_thread_vid_cap+0x491/0x1190 [ 593.733058][T13650] vivid_thread_vid_cap+0x909/0x1190 [ 593.733099][T13650] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 593.733123][T13650] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 593.733189][T13650] ? __kthread_parkme+0x7a/0x1f0 [ 593.733208][T13650] ? __kthread_parkme+0x19c/0x1f0 [ 593.733229][T13650] kthread+0x726/0x8b0 [ 593.733251][T13650] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 593.733276][T13650] ? __pfx_kthread+0x10/0x10 [ 593.733301][T13650] ? _raw_spin_unlock_irq+0x23/0x50 [ 593.733372][T13650] ? __pfx_kthread+0x10/0x10 [ 593.733393][T13650] ret_from_fork+0x51b/0xa40 [ 593.733426][T13650] ? __pfx_ret_from_fork+0x10/0x10 [ 593.733454][T13650] ? __switch_to+0xc82/0x1410 [ 593.733480][T13650] ? __pfx_kthread+0x10/0x10 [ 593.733501][T13650] ret_from_fork_asm+0x1a/0x30 [ 593.733531][T13650] [ 593.733536][T13650] [ 593.919626][T13650] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc9000b4bb000 allocated at vb2_vmalloc_alloc+0xef/0x360 [ 593.932872][T13650] The buggy address belongs to the physical page: [ 593.939318][T13650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x49859 [ 593.949410][T13650] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 593.956552][T13650] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 593.965165][T13650] raw: ffffffffffffffff 0000000000000000 00000001ffffffff 0000000000000000 [ 593.973767][T13650] page dumped because: kasan: bad access detected [ 593.980210][T13650] page_owner tracks the page as allocated [ 593.985946][T13650] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_NOWARN), pid 13649, tgid 13648 (syz.1.1997), ts 593699614771, free_ts 593699455370 [ 594.004491][T13650] post_alloc_hook+0x228/0x280 [ 594.009313][T13650] get_page_from_freelist+0x24dc/0x2580 [ 594.014882][T13650] __alloc_frozen_pages_noprof+0x18d/0x380 [ 594.020706][T13650] alloc_pages_bulk_noprof+0x558/0x700 [ 594.026190][T13650] alloc_pages_bulk_mempolicy_noprof+0x34e/0x1680 [ 594.032644][T13650] __vmalloc_node_range_noprof+0xa32/0x1730 [ 594.038563][T13650] vmalloc_user_noprof+0xad/0xe0 [ 594.043519][T13650] vb2_vmalloc_alloc+0xef/0x360 [ 594.048398][T13650] __vb2_queue_alloc+0x9c2/0x15a0 [ 594.053449][T13650] vb2_core_reqbufs+0xc1f/0x1410 [ 594.058413][T13650] __vb2_init_fileio+0x318/0xff0 [ 594.063391][T13650] vb2_core_poll+0x4c1/0x840 [ 594.068010][T13650] vb2_fop_poll+0x193/0x310 [ 594.072543][T13650] v4l2_poll+0x147/0x2c0 [ 594.076815][T13650] do_sys_poll+0x969/0x1120 [ 594.081351][T13650] __se_sys_ppoll+0x209/0x2b0 [ 594.086062][T13650] page last free pid 13649 tgid 13648 stack trace: [ 594.092587][T13650] __free_frozen_pages+0xbf8/0xd70 [ 594.097725][T13650] __kasan_populate_vmalloc+0x1b2/0x1d0 [ 594.103329][T13650] alloc_vmap_area+0xdbc/0x14a0 [ 594.108212][T13650] __get_vm_area_node+0x1f8/0x300 [ 594.113283][T13650] __vmalloc_node_range_noprof+0x372/0x1730 [ 594.119206][T13650] vmalloc_user_noprof+0xad/0xe0 [ 594.124175][T13650] vb2_vmalloc_alloc+0xef/0x360 [ 594.129074][T13650] __vb2_queue_alloc+0x9c2/0x15a0 [ 594.134144][T13650] vb2_core_reqbufs+0xc1f/0x1410 [ 594.139109][T13650] __vb2_init_fileio+0x318/0xff0 [ 594.144085][T13650] vb2_core_poll+0x4c1/0x840 [ 594.148701][T13650] vb2_fop_poll+0x193/0x310 [ 594.153239][T13650] v4l2_poll+0x147/0x2c0 [ 594.157509][T13650] do_sys_poll+0x969/0x1120 [ 594.162036][T13650] __se_sys_ppoll+0x209/0x2b0 [ 594.166764][T13650] do_syscall_64+0xe2/0xf80 [ 594.171299][T13650] [ 594.173649][T13650] Memory state around the buggy address: [ 594.179302][T13650] ffffc9000b4bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 594.187383][T13650] ffffc9000b4bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 594.195467][T13650] >ffffc9000b4be000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 594.203548][T13650] ^ [ 594.207637][T13650] ffffc9000b4be080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 594.215741][T13650] ffffc9000b4be100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 594.223833][T13650] ================================================================== [ 594.253559][ T799] usb 6-1: USB disconnect, device number 93 [ 594.273682][ T799] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 594.307548][T13650] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 594.314821][T13650] CPU: 1 UID: 0 PID: 13650 Comm: vivid-000-vid-c Tainted: G L syzkaller #0 PREEMPT(full) [ 594.326244][T13650] Tainted: [L]=SOFTLOCKUP [ 594.330597][T13650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 594.340684][T13650] Call Trace: [ 594.344007][T13650] [ 594.346969][T13650] vpanic+0x1e0/0x670 [ 594.350999][T13650] panic+0xc5/0xd0 [ 594.354763][T13650] ? __pfx_panic+0x10/0x10 [ 594.359313][T13650] ? preempt_schedule_thunk+0x16/0x30 [ 594.364744][T13650] ? preempt_schedule_thunk+0x16/0x30 [ 594.370169][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 594.375852][T13650] check_panic_on_warn+0x89/0xb0 [ 594.380831][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 594.386499][T13650] end_report+0x6f/0x140 [ 594.390788][T13650] kasan_report+0x128/0x150 [ 594.395334][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 594.401017][T13650] kasan_check_range+0x264/0x2c0 [ 594.405979][T13650] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 594.411641][T13650] __asan_memcpy+0x40/0x70 [ 594.416085][T13650] tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 594.421600][T13650] vivid_thread_vid_cap_tick+0x1035/0x6040 [ 594.427434][T13650] ? __lock_acquire+0x6b5/0x2cf0 [ 594.432410][T13650] ? __perf_event_task_sched_in+0x1606/0x1800 [ 594.438504][T13650] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 594.444688][T13650] ? vivid_thread_vid_cap+0x491/0x1190 [ 594.450195][T13650] vivid_thread_vid_cap+0x909/0x1190 [ 594.455516][T13650] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 594.461284][T13650] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 594.467133][T13650] ? __kthread_parkme+0x7a/0x1f0 [ 594.472093][T13650] ? __kthread_parkme+0x19c/0x1f0 [ 594.477137][T13650] kthread+0x726/0x8b0 [ 594.481227][T13650] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 594.486975][T13650] ? __pfx_kthread+0x10/0x10 [ 594.491605][T13650] ? _raw_spin_unlock_irq+0x23/0x50 [ 594.496829][T13650] ? __pfx_kthread+0x10/0x10 [ 594.501455][T13650] ret_from_fork+0x51b/0xa40 [ 594.506084][T13650] ? __pfx_ret_from_fork+0x10/0x10 [ 594.511220][T13650] ? __switch_to+0xc82/0x1410 [ 594.515919][T13650] ? __pfx_kthread+0x10/0x10 [ 594.520532][T13650] ret_from_fork_asm+0x1a/0x30 [ 594.525338][T13650] [ 594.529002][T13650] Kernel Offset: disabled [ 594.533337][T13650] Rebooting in 86400 seconds..