last executing test programs: 8.800478918s ago: executing program 1 (id=4334): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0xf) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) gettid() fcntl$addseals(r1, 0x409, 0x9) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002a80)={'tunl0\x00', 0x0}) renameat2(0xffffffffffffff9c, 0x0, r0, &(0x7f0000000180)='./file5\x00', 0x3) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0xc2043, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000003c0)={0x30000004}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[@ANYBLOB="000000000000000018004a28e495d6e91be6fb1d9a20ff730e5fe4621b8768", @ANYRESDEC=r0, @ANYBLOB="000000000200"/21], 0x50) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r4, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) socket$netlink(0x10, 0x3, 0x5) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000040)={0x0, 0x46, 0x2}) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e24, @broadcast}, 0x10) io_submit(0x0, 0x0, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000041401002dbd700014b8fedbdf25080001000000020052228873b39a257f499ed5a895892cb3e4b98443aed9180dd2c99a4b3dd0"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) 8.582319626s ago: executing program 1 (id=4337): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 8.439851623s ago: executing program 0 (id=4338): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000180)=0xc, 0x4) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_usbip_server_init(0x6) r4 = socket$netlink(0x10, 0x3, 0x15) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r6 = open$dir(&(0x7f0000000340)='./file0\x00', 0x400080, 0x386) r7 = signalfd(r3, &(0x7f00000005c0)={[0xffffff57, 0x40]}, 0x8) linkat(r6, &(0x7f0000000400)='./file0\x00', r7, &(0x7f0000000680)='./file0\x00', 0x0) sendmsg$nl_route(r4, 0x0, 0x4040) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0xa4, 0x0, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xd9de}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x7ff}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x9e7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xc19}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x160fc7b7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8808}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80) 8.237659098s ago: executing program 2 (id=4339): syz_usb_connect(0x2, 0x34, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000094d9d4084e080110aeed010203010902220001000000000904000001437b6a00090500000000000000070594ef"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001) add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x8, &(0x7f0000000180)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8}, 0x94) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x45040) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0) 8.189318608s ago: executing program 1 (id=4347): gettid() truncate(0x0, 0x96f) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x2}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[]) chdir(&(0x7f0000000300)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r4, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r5, r4, 0x4, r4}, 0x10) write$binfmt_script(r3, &(0x7f0000000640)={'#! ', './file0', [{}, {0x20, 'rp\xee\xff\xe4'}, {0x20, '\x12~\x85\xecZ@\xb5\x18\xec\x182\xc9L\xdc\xb2\x81\xdam\xa8\xc5{\x92\x14\xce\xf2\xb8\xf7\xa9\xa7\x00X \x93t\x91!%\xff\x13\xdc\aIY\x0e\xb4zh\\\x06\r\xe8^Z\x81\xb8$:P\x83\x98_\xa1\x98\xd6\xd2g-\xefr\x14<\xd1\xb84\x94\xa09\x9f\x12I\xed\xd5dT#f\xb4\xf3\x88\xcf\xde\x00\xd4\x81WN\xca\xb5c\xbf\r\xb0Q\xa9\xbaC\xd2\xa2\x1d~\xc5D(\x92A\x12f\x83fn\xd0\xb6\x02\x116t:|\x94\xc7\xac\xf6\xbc~m\xd6\xd1\xe5\xe0\xdd\xc2\x9cl#\x85\xab\xe7\xa9\xcb\"\xd2\x97\x10\xa5\xa8\xc1\x8d@U\a]Gi^\xd2\xdf\xb0\xa5!\x836\x92\xc9\x92\xe4'}], 0xa, "7bad65c4da5338577feb172ca63250224c76e2027f000000000000007e2ac7fe2e31a2e87e3ee43ed92dfbb6bc0700de24db4ec870b8000000000002002c65e7495fe9afeb28bb60e91e23e104f6dbbf40e1fc2ab1a77fd9f6414e438f03"}, 0xfffffc43) 6.874349638s ago: executing program 0 (id=4341): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00001f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dd"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xffffffff}, 0x10}, 0x94) r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmmsg$inet(r5, &(0x7f0000001540), 0x0, 0x20000001) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mount(0x0, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='nilfs2\x00', 0x1a0c000, 0x0) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808b", 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc000000190001000000000000faffff1f010000000000000000000000000000ac1414aa00000000005c090000dd0e0000000000000000000a00000000007889cc1641b80ad3298540fd01906c71409e35805bd8b307b323b8c3f46bda2e6c3b97e7642a12dca23718b69e060e64a94b6a49d76ac85e75c9a36118d59ca8dc7980c2048e090c5b2cff980a5d127891dcc5c45d8fc5ed1ce970b5ad75d37276d2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffff16000000000000000000000000000002000000000000000000006b396f6a000000000000000000804000000000000000000800000000000000000000000044000500ac1414aa00"/132], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=ANY=[@ANYBLOB="cc000000210001000000000004000000fc020000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000050001100ff0200000000000000000000000000010a0101000000000000000000000000000a010100000000000000000000000000000000060000000000000000000000003c000000000000000a000a002c0093007f000001000000000000000000000000e0000001000000000000000000000000000000000a000000"], 0xcc}}, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x101, 0x147}}) ioctl$TIOCL_PASTESEL(r7, 0x541c, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 6.340320553s ago: executing program 3 (id=4342): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000180)=0xc, 0x4) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_usbip_server_init(0x6) r4 = socket$netlink(0x10, 0x3, 0x15) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r6 = open$dir(&(0x7f0000000340)='./file0\x00', 0x400080, 0x386) r7 = signalfd(r3, &(0x7f00000005c0)={[0xffffff57, 0x40]}, 0x8) linkat(r6, &(0x7f0000000400)='./file0\x00', r7, &(0x7f0000000680)='./file0\x00', 0x0) sendmsg$nl_route(r4, 0x0, 0x4040) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0xa4, 0x0, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xd9de}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x7ff}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x9e7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xc19}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x160fc7b7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8808}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80) 6.188571355s ago: executing program 1 (id=4343): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r4}, 0x10) syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x40000, 0x3ff, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990903, 0x7f, '\x00', @string=0x0}}) r6 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 5.835131586s ago: executing program 0 (id=4344): syz_open_dev$tty1(0xc, 0x4, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r1, 0x0, 0x78) r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0xc}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x28000, @dev={0xfe, 0x80, '\x00', 0x27}, 0x21}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x8}, r4, 0x8}}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4000008}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0), 0x0, 0x0) sendmmsg$inet(r6, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x7) r7 = dup2(0xffffffffffffffff, r6) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10) r8 = syz_io_uring_setup(0x3a62, &(0x7f0000000700)={0x0, 0xa011, 0x10108, 0x1, 0xffffffff}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r11, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0x9, 0x1a, 0x8}) syz_io_uring_submit(r9, r10, &(0x7f0000000680)=@IORING_OP_RECV=@pass_buffer={0x1b, 0xc, 0x0, r6, 0x0, &(0x7f0000000580)="e262edf39fcd68db03cef1ca227884975e34852780d9f31553a5172fa352a9067aff1687cbaf1fc1108a77f881485d593358ac01480f2f53feee0639c09d721b4ad6c9b1d039cf224055d77126a98786f3bfda817c5836900d926092236fd38bbc6949e1c99b3222652839e3586665f896e210a474032f6ac2c8c93cc3b6310ffe44dc644ec72d498c2f23ee3cc7dba69f721b6f9ef972865fd73b01ea2bb603177ad6f39be23e7f5e9edba73dc3b91e707a2c307216a85c61e022a279514db5d81e6f15b5811085e5c5cf3bc42cc2dc2076e8430da9cfc6356ab4d238a7c4a41c2c97588fadf907652ff0", 0xeb, 0x40000000, 0x1}) io_uring_enter(r8, 0x5d62, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r7}, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 5.247426448s ago: executing program 2 (id=4345): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0xf) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) gettid() fcntl$addseals(r1, 0x409, 0x9) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002a80)={'tunl0\x00', 0x0}) renameat2(0xffffffffffffff9c, 0x0, r0, &(0x7f0000000180)='./file5\x00', 0x3) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0xc2043, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000003c0)={0x30000004}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[@ANYBLOB="02000000", @ANYBLOB="000000000000000018004a28e495d6e91be6fb1d9a20ff730e5fe4621b8768", @ANYRESDEC=r0, @ANYBLOB="000000000200"/21], 0x50) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r4, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) socket$netlink(0x10, 0x3, 0x5) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000040)={0x0, 0x46, 0x2}) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e24, @broadcast}, 0x10) io_submit(0x0, 0x0, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000041401002dbd700014b8fedbdf25080001000000020052228873b39a257f499ed5a895892cb3e4b98443aed9180dd2c99a4b3dd0"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) 4.323524032s ago: executing program 2 (id=4346): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r2) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r4}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x40000, 0x3ff, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990903, 0x7f, '\x00', @string=0x0}}) r7 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r7, 0x80047c05, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 4.312183997s ago: executing program 1 (id=4348): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 4.115904277s ago: executing program 1 (id=4349): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00001f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0xffffffff}, 0x10}, 0x94) r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r5, &(0x7f0000001540)=[{{0x0, 0x5b, 0x0}}], 0x800000000000214, 0x20000001) close(r6) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mount(0x0, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='nilfs2\x00', 0x1a0c000, 0x0) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808b", 0x4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc000000190001000000000000faffff1f010000000000000000000000000000ac1414aa00000000005c090000dd0e0000000000000000000a00000000007889cc1641b80ad3298540fd01906c71409e35805bd8b307b323b8c3f46bda2e6c3b97e7642a12dca23718b69e060e64a94b6a49d76ac85e75c9a36118d59ca8dc7980c2048e090c5b2cff980a5d127891dcc5c45d8fc5ed1ce970b5ad75d37276d2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffff16000000000000000000000000000002000000000000000000006b396f6a000000000000000000804000000000000000000800000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffff7f000000000000000000000000000000000003000000000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=ANY=[@ANYBLOB="cc000000210001000000000004000000fc020000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000050001100ff0200000000000000000000000000010a0101000000000000000000000000000a010100000000000000000000000000000000060000000000000000000000003c000000000000000a000a002c0093007f000001000000000000000000000000e0000001000000000000000000000000000000000a000000"], 0xcc}}, 0x0) r9 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x0, 0x6, 0x4, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) ioctl$TIOCL_SETSEL(r9, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x101, 0x147}}) ioctl$TIOCL_PASTESEL(r9, 0x541c, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 4.109044724s ago: executing program 0 (id=4350): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r2}, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 3.91676428s ago: executing program 3 (id=4351): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 3.202294993s ago: executing program 2 (id=4352): socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001) add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8}, 0x94) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x45040) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0) 3.133615875s ago: executing program 0 (id=4353): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) preadv(r1, &(0x7f0000002880)=[{&(0x7f00000000c0)=""/91, 0x5b}], 0x1, 0xa2e1, 0xc) r2 = openat$cgroup_procs(r0, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000e00)=""/153, 0x99}], 0x1, 0x4, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f) ioctl$UI_SET_SWBIT(r6, 0x4004556d, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r7, 0x89f2, &(0x7f0000000080)={0xdf, 0x0, 0xdffff7f9, 0x40, 0x0, "bb40af00008000000000000800"}) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000) socket$inet6(0xa, 0x80002, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80882, 0x0) 2.91691667s ago: executing program 3 (id=4354): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r4}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0x200000, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x40000, 0x3ff, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990903, 0x7f, '\x00', @string=0x0}}) r6 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 1.921193287s ago: executing program 3 (id=4356): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 951.582727ms ago: executing program 3 (id=4357): socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 836.529149ms ago: executing program 2 (id=4358): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r4}, 0x10) syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x40000, 0x3ff, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990903, 0x7f, '\x00', @string=0x0}}) r6 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 359.549015ms ago: executing program 3 (id=4359): socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001) add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x8, &(0x7f0000000180)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8}, 0x94) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x45040) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0) 93.868639ms ago: executing program 0 (id=4360): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000180)=0xc, 0x4) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_usbip_server_init(0x6) r4 = socket$netlink(0x10, 0x3, 0x15) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r6 = open$dir(&(0x7f0000000340)='./file0\x00', 0x400080, 0x386) r7 = signalfd(r3, 0x0, 0x0) linkat(r6, &(0x7f0000000400)='./file0\x00', r7, &(0x7f0000000680)='./file0\x00', 0x0) sendmsg$nl_route(r4, 0x0, 0x4040) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0xa4, 0x0, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0xd9de}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x7ff}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x9e7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xc19}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x160fc7b7}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8808}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80) 0s ago: executing program 2 (id=4361): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000400)={0x2, 0x5a6b9e18ff896410}, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f0000000100)={0x40000, 0x3ff, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990903, 0x7f, '\x00', @string=0x0}}) r6 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffc}}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) kernel console output (not intermixed with test programs): over after parsing attributes in process `syz.3.3636'. [ 1047.156276][T20316] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3636'. [ 1047.160396][T20316] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3636'. [ 1048.771533][ T6364] usb 6-1: USB disconnect, device number 26 [ 1049.073503][T16093] usb 40-1: device descriptor read/8, error -110 [ 1049.161700][T20344] netlink: 'syz.3.3641': attribute type 4 has an invalid length. [ 1049.174255][T20344] netlink: 'syz.3.3641': attribute type 4 has an invalid length. [ 1049.395647][T20350] netlink: 'syz.1.3642': attribute type 4 has an invalid length. [ 1049.462263][T20352] netlink: 'syz.1.3642': attribute type 4 has an invalid length. [ 1049.946797][T20357] kAFS: No cell specified [ 1050.012955][T16093] usb usb40-port1: attempt power cycle [ 1050.024829][T20359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3644'. [ 1050.123025][T20363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3646'. [ 1050.132128][T20363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3646'. [ 1050.714005][T16093] usb usb40-port1: unable to enumerate USB device [ 1051.170418][T20372] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3648'. [ 1051.179924][T20372] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3648'. [ 1051.184000][T20372] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3648'. [ 1051.723444][ T6015] usb 5-1: new full-speed USB device number 47 using dummy_hcd [ 1051.896109][ T6015] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1051.900673][ T6015] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1051.904689][ T6015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1051.909682][ T6015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1051.914400][ T6015] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1051.921444][ T6015] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1051.928476][ T6015] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.931341][ T6015] usb 5-1: Product: syz [ 1051.932776][ T6015] usb 5-1: Manufacturer: syz [ 1051.934388][ T6015] usb 5-1: SerialNumber: syz [ 1051.937948][ T6015] usb 5-1: config 0 descriptor?? [ 1051.942382][ T6015] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input96 [ 1052.465663][T20390] netlink: 'syz.0.3649': attribute type 4 has an invalid length. [ 1052.506266][T20390] netlink: 'syz.0.3649': attribute type 4 has an invalid length. [ 1053.009310][T20395] netlink: 'syz.1.3653': attribute type 4 has an invalid length. [ 1053.038016][T20395] netlink: 'syz.1.3653': attribute type 4 has an invalid length. [ 1054.189938][T20409] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3658'. [ 1054.620991][ T6056] usb 5-1: USB disconnect, device number 47 [ 1054.912712][T20414] NILFS (nullb0): couldn't find nilfs on the device [ 1055.235289][T20422] netlink: 'syz.3.3662': attribute type 4 has an invalid length. [ 1056.938840][T20444] netlink: 'syz.3.3666': attribute type 4 has an invalid length. [ 1056.997842][T20445] netlink: 'syz.3.3666': attribute type 4 has an invalid length. [ 1057.314495][T20451] kAFS: No cell specified [ 1057.458970][T20451] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3668'. [ 1058.018251][T20463] netlink: 'syz.1.3677': attribute type 4 has an invalid length. [ 1058.024879][T20463] netlink: 'syz.1.3677': attribute type 4 has an invalid length. [ 1058.701656][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1058.704873][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1058.922201][T20478] NILFS (nullb0): couldn't find nilfs on the device [ 1059.213243][T16093] usb 8-1: new full-speed USB device number 50 using dummy_hcd [ 1059.394294][T16093] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1059.400791][T16093] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1059.406398][T16093] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1059.411336][T16093] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1059.416507][T16093] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1059.434050][T16093] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1059.438484][T16093] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1059.442799][T16093] usb 8-1: Product: syz [ 1059.445335][T16093] usb 8-1: Manufacturer: syz [ 1059.448565][T16093] usb 8-1: SerialNumber: syz [ 1059.482361][T16093] usb 8-1: config 0 descriptor?? [ 1059.499205][T20485] 9pnet_virtio: no channels available for device syz [ 1059.518873][T16093] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input97 [ 1060.653478][T20486] netlink: 'syz.3.3675': attribute type 4 has an invalid length. [ 1060.678794][T20486] netlink: 'syz.3.3675': attribute type 4 has an invalid length. [ 1061.100933][T20499] kAFS: No cell specified [ 1061.322312][T20500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3680'. [ 1062.495827][ T34] usb 8-1: USB disconnect, device number 50 [ 1062.896463][T20573] netlink: 'syz.1.3682': attribute type 4 has an invalid length. [ 1062.907302][T20573] netlink: 'syz.1.3682': attribute type 4 has an invalid length. [ 1063.631429][T20580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3687'. [ 1063.635712][T20580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3687'. [ 1063.806808][T20583] netlink: 'syz.2.3685': attribute type 4 has an invalid length. [ 1063.820417][T20583] netlink: 'syz.2.3685': attribute type 4 has an invalid length. [ 1063.953460][ T24] usb 8-1: new full-speed USB device number 51 using dummy_hcd [ 1064.093333][ T24] usb 8-1: device descriptor read/64, error -71 [ 1064.343375][ T24] usb 8-1: new full-speed USB device number 52 using dummy_hcd [ 1064.473431][ T24] usb 8-1: device descriptor read/64, error -71 [ 1064.583745][ T24] usb usb8-port1: attempt power cycle [ 1064.943347][ T24] usb 8-1: new full-speed USB device number 53 using dummy_hcd [ 1064.964015][ T24] usb 8-1: device descriptor read/8, error -71 [ 1065.003326][ T34] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 1065.130201][T20593] netlink: 'syz.2.3689': attribute type 4 has an invalid length. [ 1065.140596][T20593] netlink: 'syz.2.3689': attribute type 4 has an invalid length. [ 1065.184789][ T34] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1065.188541][ T34] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1065.193520][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1065.198252][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1065.202155][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1065.210152][ T34] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1065.214209][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1065.217561][ T34] usb 6-1: Product: syz [ 1065.219471][ T34] usb 6-1: Manufacturer: syz [ 1065.222877][ T34] usb 6-1: SerialNumber: syz [ 1065.227293][ T34] usb 6-1: config 0 descriptor?? [ 1065.233305][ T24] usb 8-1: new full-speed USB device number 54 using dummy_hcd [ 1065.234641][ T34] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input98 [ 1065.253938][ T24] usb 8-1: device descriptor read/8, error -71 [ 1065.363576][ T24] usb usb8-port1: unable to enumerate USB device [ 1065.693358][T20596] netlink: 'syz.1.3690': attribute type 4 has an invalid length. [ 1065.714415][T20596] netlink: 'syz.1.3690': attribute type 4 has an invalid length. [ 1066.934349][T20613] program syz.2.3697 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1066.979423][T20611] netlink: 'syz.3.3695': attribute type 4 has an invalid length. [ 1066.985705][T20611] netlink: 'syz.3.3695': attribute type 4 has an invalid length. [ 1067.046621][T20618] random: crng reseeded on system resumption [ 1067.792421][ T5646] usb 6-1: USB disconnect, device number 27 [ 1068.092805][T20631] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3699'. [ 1068.633930][T20633] netfs: Couldn't get user pages (rc=-14) [ 1069.283301][ T24] usb 5-1: new full-speed USB device number 48 using dummy_hcd [ 1069.408923][T20648] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3705'. [ 1069.413273][ T24] usb 5-1: device descriptor read/64, error -71 [ 1069.420909][T20648] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3705'. [ 1069.424940][T20648] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3705'. [ 1069.663355][ T24] usb 5-1: new full-speed USB device number 49 using dummy_hcd [ 1069.781058][T20651] netlink: 'syz.3.3706': attribute type 4 has an invalid length. [ 1069.793363][ T24] usb 5-1: device descriptor read/64, error -71 [ 1069.903636][ T24] usb usb5-port1: attempt power cycle [ 1069.913132][T20651] netlink: 'syz.3.3706': attribute type 4 has an invalid length. [ 1070.243904][ T24] usb 5-1: new full-speed USB device number 50 using dummy_hcd [ 1070.269880][ T24] usb 5-1: device descriptor read/8, error -71 [ 1070.284701][T20656] kAFS: No cell specified [ 1070.392578][T20656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3707'. [ 1070.524372][ T24] usb 5-1: new full-speed USB device number 51 using dummy_hcd [ 1070.544357][ T24] usb 5-1: device descriptor read/8, error -71 [ 1070.657561][ T24] usb usb5-port1: unable to enumerate USB device [ 1071.009263][T20663] kAFS: No cell specified [ 1071.293812][T20664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3711'. [ 1072.243990][T16093] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1072.384664][T16093] usb 5-1: device descriptor read/64, error -71 [ 1072.633475][T16093] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1072.763372][T16093] usb 5-1: device descriptor read/64, error -71 [ 1072.873766][T16093] usb usb5-port1: attempt power cycle [ 1073.213337][T16093] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1073.234024][T16093] usb 5-1: device descriptor read/8, error -71 [ 1073.240246][T20681] netlink: 'syz.1.3715': attribute type 4 has an invalid length. [ 1073.246801][T20681] netlink: 'syz.1.3715': attribute type 4 has an invalid length. [ 1073.322575][T20686] kAFS: No cell specified [ 1073.358896][T20677] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3713'. [ 1073.424683][T20691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3716'. [ 1073.623252][T16093] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1074.133798][T16093] usb 5-1: device descriptor read/8, error -71 [ 1074.253491][T16093] usb usb5-port1: unable to enumerate USB device [ 1074.578148][T20704] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3718'. [ 1075.932090][T20721] netlink: 'syz.2.3726': attribute type 4 has an invalid length. [ 1075.936844][T20721] netlink: 'syz.2.3726': attribute type 4 has an invalid length. [ 1076.121916][T20731] kAFS: No cell specified [ 1076.225447][T20731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3729'. [ 1076.934989][T20741] netlink: 'syz.0.3727': attribute type 4 has an invalid length. [ 1076.940573][T20741] netlink: 'syz.0.3727': attribute type 4 has an invalid length. [ 1077.110520][T20744] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3732'. [ 1077.223237][T16093] usb 8-1: new high-speed USB device number 55 using dummy_hcd [ 1077.363313][T16093] usb 8-1: device descriptor read/64, error -71 [ 1077.552320][T20753] kAFS: No cell specified [ 1077.623310][T16093] usb 8-1: new high-speed USB device number 56 using dummy_hcd [ 1077.708648][T20756] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 1077.711535][T20756] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1077.715482][T20756] vhci_hcd vhci_hcd.0: Device attached [ 1077.726517][T20759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3735'. [ 1077.773510][T16093] usb 8-1: device descriptor read/64, error -71 [ 1077.898254][T16093] usb usb8-port1: attempt power cycle [ 1078.003607][ T6364] usb 40-1: SetAddress Request (88) to port 0 [ 1078.006731][ T6364] usb 40-1: new SuperSpeed USB device number 88 using vhci_hcd [ 1078.253568][T16093] usb 8-1: new high-speed USB device number 57 using dummy_hcd [ 1078.286165][T16093] usb 8-1: device descriptor read/8, error -71 [ 1078.326981][T20757] vhci_hcd: connection reset by peer [ 1078.331539][T20518] vhci_hcd: stop threads [ 1078.333405][T20518] vhci_hcd: release socket [ 1078.334972][T20518] vhci_hcd: disconnect device [ 1078.533298][T16093] usb 8-1: new high-speed USB device number 58 using dummy_hcd [ 1078.553745][T16093] usb 8-1: device descriptor read/8, error -71 [ 1078.664236][T16093] usb usb8-port1: unable to enumerate USB device [ 1079.326616][T20774] kAFS: No cell specified [ 1079.348284][T20768] netlink: 'syz.1.3739': attribute type 4 has an invalid length. [ 1079.351396][T20768] netlink: 'syz.1.3739': attribute type 4 has an invalid length. [ 1079.444837][T20778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3741'. [ 1079.805468][T20786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3743'. [ 1080.408838][T20799] FAULT_INJECTION: forcing a failure. [ 1080.408838][T20799] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1080.426914][T20799] CPU: 2 UID: 0 PID: 20799 Comm: syz.2.3746 Not tainted syzkaller #0 PREEMPT(full) [ 1080.426957][T20799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1080.426969][T20799] Call Trace: [ 1080.426976][T20799] [ 1080.426983][T20799] dump_stack_lvl+0x16c/0x1f0 [ 1080.427011][T20799] should_fail_ex+0x512/0x640 [ 1080.427040][T20799] _copy_to_user+0x32/0xd0 [ 1080.427067][T20799] simple_read_from_buffer+0xcb/0x170 [ 1080.427098][T20799] proc_fail_nth_read+0x197/0x240 [ 1080.427120][T20799] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1080.427141][T20799] ? rw_verify_area+0xcf/0x6c0 [ 1080.427159][T20799] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1080.427179][T20799] vfs_read+0x1e1/0xcf0 [ 1080.427206][T20799] ? __pfx_vfs_read+0x10/0x10 [ 1080.427223][T20799] ? find_held_lock+0x2b/0x80 [ 1080.427253][T20799] ? __fget_files+0x20e/0x3c0 [ 1080.427281][T20799] ksys_read+0x12a/0x250 [ 1080.427300][T20799] ? __pfx_ksys_read+0x10/0x10 [ 1080.427323][T20799] ? rcu_is_watching+0x12/0xc0 [ 1080.427348][T20799] __do_fast_syscall_32+0x7c/0x300 [ 1080.427373][T20799] do_fast_syscall_32+0x32/0x80 [ 1080.427395][T20799] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1080.427418][T20799] RIP: 0023:0xf7f56579 [ 1080.427439][T20799] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1080.427457][T20799] RSP: 002b:00000000f53d1590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1080.427474][T20799] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f53d1620 [ 1080.427485][T20799] RDX: 000000000000000f RSI: 00000000f73e5ff4 RDI: 0000000000000000 [ 1080.427496][T20799] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1080.427506][T20799] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1080.427516][T20799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1080.427542][T20799] [ 1080.977464][T20819] kAFS: No cell specified [ 1081.114445][T20821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3754'. [ 1082.558886][T20840] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3761'. [ 1082.569701][T20840] hfs: can't find a HFS filesystem on dev loop3 [ 1083.446877][ T6364] usb 40-1: device descriptor read/8, error -110 [ 1084.241160][ T6364] usb usb40-port1: attempt power cycle [ 1084.736975][T20870] kAFS: No cell specified [ 1084.856017][ T6364] usb usb40-port1: unable to enumerate USB device [ 1086.676881][T20867] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3766'. [ 1086.876054][T20880] tipc: Enabling of bearer rejected, failed to enable media [ 1086.924723][T20876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3769'. [ 1088.157479][T20911] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3777'. [ 1088.980217][T20916] kAFS: No cell specified [ 1089.651001][T20916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3780'. [ 1090.469127][T20936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3785'. [ 1090.473745][T20936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3785'. [ 1090.990125][T20943] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1091.505038][T20952] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 1091.507185][T20952] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1091.514569][T20952] vhci_hcd vhci_hcd.0: Device attached [ 1091.623351][ T40] audit: type=1800 audit(1759776958.606:334): pid=20952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3789" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 1091.744151][T20959] kAFS: No cell specified [ 1091.753424][T20955] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3790'. [ 1091.845635][T20960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3791'. [ 1091.864002][ T6364] usb 40-1: SetAddress Request (92) to port 0 [ 1091.867119][ T6364] usb 40-1: new SuperSpeed USB device number 92 using vhci_hcd [ 1092.269560][T20953] vhci_hcd: connection reset by peer [ 1092.301656][T20517] vhci_hcd: stop threads [ 1092.303651][T20517] vhci_hcd: release socket [ 1092.317843][T20517] vhci_hcd: disconnect device [ 1092.748371][T20972] netlink: 'syz.3.3792': attribute type 4 has an invalid length. [ 1092.759854][T20972] netlink: 'syz.3.3792': attribute type 4 has an invalid length. [ 1092.783313][ T6056] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1092.916983][ T6056] usb 5-1: device descriptor read/64, error -71 [ 1093.153317][ T6056] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1093.264162][ T9] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1093.283298][ T6056] usb 5-1: device descriptor read/64, error -71 [ 1093.310691][T20979] 9pnet_fd: Insufficient options for proto=fd [ 1093.310749][T20978] 9pnet_fd: Insufficient options for proto=fd [ 1093.403616][ T6056] usb usb5-port1: attempt power cycle [ 1093.424343][ T9] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 1093.434297][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.438482][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.442491][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.449608][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.453770][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.458545][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.462339][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.466174][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.470129][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.473841][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.477924][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.483111][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.487151][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.490316][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.496363][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.500827][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.504902][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.509232][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.512721][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.516303][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.521721][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.526155][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1093.529377][ T9] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1093.533318][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1093.537869][ T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1093.541164][ T9] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1093.544423][ T9] usb 6-1: Product: syz [ 1093.546284][ T9] usb 6-1: Manufacturer: syz [ 1093.548364][ T9] usb 6-1: SerialNumber: syz [ 1093.552431][ T9] usb 6-1: config 0 descriptor?? [ 1093.560826][ T9] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 1093.743434][ T6056] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1093.763969][ T6056] usb 5-1: device descriptor read/8, error -71 [ 1093.771857][ T9] usb 6-1: USB disconnect, device number 28 [ 1093.784634][ T9] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 1094.043568][ T6056] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1094.069346][ T6056] usb 5-1: device descriptor read/8, error -71 [ 1094.183637][ T6056] usb usb5-port1: unable to enumerate USB device [ 1094.207682][T20995] fuse: Bad value for 'group_id' [ 1094.209835][T20995] fuse: Bad value for 'group_id' [ 1094.659304][T21005] kAFS: No cell specified [ 1094.754043][T21005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3802'. [ 1095.564002][T21021] vlan2: entered promiscuous mode [ 1095.566557][T21021] bridge0: entered promiscuous mode [ 1095.732012][T21022] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3803'. [ 1096.310569][T21036] kAFS: No cell specified [ 1096.421969][T21037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3811'. [ 1096.923368][ T6364] usb 40-1: device descriptor read/8, error -110 [ 1097.335244][ T6364] usb usb40-port1: attempt power cycle [ 1097.587834][T21052] netlink: 'syz.1.3815': attribute type 4 has an invalid length. [ 1097.596592][T21052] netlink: 'syz.1.3815': attribute type 4 has an invalid length. [ 1097.974020][ T6364] usb usb40-port1: unable to enumerate USB device [ 1098.143346][ T6015] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1098.293255][ T6015] usb 5-1: device descriptor read/64, error -71 [ 1098.418780][T21065] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1098.421682][T21065] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1098.433614][T21065] vhci_hcd vhci_hcd.0: Device attached [ 1098.479574][T21065] netlink: 'syz.1.3818': attribute type 10 has an invalid length. [ 1098.533365][ T6015] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1098.663622][ T6015] usb 5-1: device descriptor read/64, error -71 [ 1098.678023][T21066] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3819'. [ 1098.778962][ T6015] usb usb5-port1: attempt power cycle [ 1098.883445][ T6364] usb 40-1: SetAddress Request (96) to port 0 [ 1098.886258][ T6364] usb 40-1: new SuperSpeed USB device number 96 using vhci_hcd [ 1099.030846][T21067] vhci_hcd: connection reset by peer [ 1099.034650][T20575] vhci_hcd: stop threads [ 1099.037017][T20575] vhci_hcd: release socket [ 1099.039201][T20575] vhci_hcd: disconnect device [ 1099.115988][ T6015] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1099.135875][ T6015] usb 5-1: device descriptor read/8, error -71 [ 1099.158436][T21075] kAFS: No cell specified [ 1099.288612][T21076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3821'. [ 1099.373396][ T6015] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1099.398412][ T6015] usb 5-1: device descriptor read/8, error -71 [ 1099.504488][ T6015] usb usb5-port1: unable to enumerate USB device [ 1100.666469][T21093] kAFS: No cell specified [ 1100.781002][T21095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3825'. [ 1102.167119][T21100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3827'. [ 1102.978866][T21118] kAFS: No cell specified [ 1103.089469][T21119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3831'. [ 1103.668238][T21126] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1103.671350][T21126] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1103.678115][T21126] vhci_hcd vhci_hcd.0: Device attached [ 1103.711624][T21126] netlink: 'syz.1.3830': attribute type 10 has an invalid length. [ 1105.235646][T21133] kAFS: No cell specified [ 1105.304787][T21124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3833'. [ 1105.355439][T21136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3836'. [ 1105.358369][T21136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3836'. [ 1105.648317][T21127] vhci_hcd: connection closed [ 1105.692705][T20523] vhci_hcd: stop threads [ 1105.698015][T20523] vhci_hcd: release socket [ 1105.705019][T20523] vhci_hcd: disconnect device [ 1105.705046][ T6364] usb 40-1: device descriptor read/8, error -110 [ 1106.047342][T21145] netlink: 'syz.0.3840': attribute type 4 has an invalid length. [ 1106.069283][T21145] netlink: 'syz.0.3840': attribute type 4 has an invalid length. [ 1106.226356][ T6364] usb usb40-port1: attempt power cycle [ 1106.612856][T21157] kAFS: No cell specified [ 1106.738758][T21159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3843'. [ 1106.882852][ T6364] usb usb40-port1: unable to enumerate USB device [ 1107.005243][T21164] vhci_hcd vhci_hcd.0: port 0 already used [ 1107.082393][ T40] audit: type=1800 audit(1759776974.066:335): pid=21164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3842" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 1107.475780][T21172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3846'. [ 1107.479545][T21172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3846'. [ 1108.803367][T17807] usb 8-1: new full-speed USB device number 59 using dummy_hcd [ 1108.873334][T21191] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1108.876206][T21191] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1108.882040][T21191] vhci_hcd vhci_hcd.0: Device attached [ 1108.901518][T21191] netlink: 'syz.0.3851': attribute type 10 has an invalid length. [ 1108.981122][T17807] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1108.990603][T17807] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1108.996066][T17807] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1109.000920][T17807] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1109.007082][T17807] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1109.014300][T17807] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1109.019531][T17807] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1109.023601][T17807] usb 8-1: Product: syz [ 1109.026605][T17807] usb 8-1: Manufacturer: syz [ 1109.028573][T17807] usb 8-1: SerialNumber: syz [ 1109.039996][T17807] usb 8-1: config 0 descriptor?? [ 1109.048983][T17807] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input99 [ 1109.163377][T16093] usb 38-1: SetAddress Request (101) to port 0 [ 1109.166947][T16093] usb 38-1: new SuperSpeed USB device number 101 using vhci_hcd [ 1109.457225][T21192] vhci_hcd: connection reset by peer [ 1109.461641][T20523] vhci_hcd: stop threads [ 1109.463357][T20523] vhci_hcd: release socket [ 1109.465117][T20523] vhci_hcd: disconnect device [ 1109.700642][T21198] netlink: 'syz.3.3848': attribute type 4 has an invalid length. [ 1109.712822][T21198] netlink: 'syz.3.3848': attribute type 4 has an invalid length. [ 1109.834592][T21199] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3853'. [ 1110.102100][T21204] kAFS: No cell specified [ 1110.202394][T21206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3854'. [ 1111.523924][T21229] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.647555][T21229] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.667157][T21231] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1111.669995][T21231] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1111.674025][T21231] vhci_hcd vhci_hcd.0: Device attached [ 1111.679785][T21231] netlink: 'syz.0.3862': attribute type 10 has an invalid length. [ 1111.745751][T21229] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.769657][T17807] usb 8-1: USB disconnect, device number 59 [ 1111.841554][T21229] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.144861][T20575] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.161890][T20575] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.172527][T20575] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.198246][T20516] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.247610][T21232] vhci_hcd: connection closed [ 1112.248133][T20516] vhci_hcd: stop threads [ 1112.252473][T20516] vhci_hcd: release socket [ 1112.254723][T20516] vhci_hcd: disconnect device [ 1112.340374][T21240] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3864'. [ 1113.693464][T21256] netlink: 'syz.3.3868': attribute type 27 has an invalid length. [ 1114.085346][ T7065] usb 8-1: new high-speed USB device number 60 using dummy_hcd [ 1114.108783][T21259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1114.121715][T21259] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1114.129590][T20575] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.133573][T20575] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.139472][T20535] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.144753][T20567] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.203343][T16093] usb 38-1: device descriptor read/8, error -110 [ 1114.243235][ T7065] usb 8-1: Using ep0 maxpacket: 16 [ 1114.248123][ T7065] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 1114.251689][ T7065] usb 8-1: config 0 has no interface number 0 [ 1114.256359][ T7065] usb 8-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1114.259866][ T7065] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1114.262509][ T7065] usb 8-1: Product: syz [ 1114.264122][ T7065] usb 8-1: Manufacturer: syz [ 1114.265993][ T7065] usb 8-1: SerialNumber: syz [ 1114.269243][ T7065] usb 8-1: config 0 descriptor?? [ 1114.274424][ T7065] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1114.403538][ T24] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1114.553589][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 1114.564988][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1114.573372][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1114.577248][ T24] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1114.593463][ T24] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1114.603248][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1114.617969][ T24] hub 5-1:1.0: bad descriptor, ignoring hub [ 1114.620489][ T24] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1114.633882][ T24] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1114.643377][T16093] usb usb38-port1: attempt power cycle [ 1114.933443][ T53] usb 5-1: USB disconnect, device number 64 [ 1115.014624][ T7065] gspca_spca1528: reg_w err -110 [ 1115.035342][ T7065] spca1528 8-1:0.1: probe with driver spca1528 failed with error -110 [ 1115.253844][T16093] usb usb38-port1: unable to enumerate USB device [ 1115.283305][ T53] usb 5-1: new full-speed USB device number 65 using dummy_hcd [ 1115.464705][ T53] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1115.468478][ T53] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1115.471689][ T53] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1115.476655][ T53] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1115.479791][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.486218][ T53] hub 5-1:1.0: bad descriptor, ignoring hub [ 1115.490457][ T53] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1115.493564][ T53] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1115.793470][ T53] usb 5-1: USB disconnect, device number 65 [ 1116.010963][T21277] vhci_hcd vhci_hcd.0: port 0 already used [ 1116.017965][T21277] netlink: 'syz.2.3874': attribute type 10 has an invalid length. [ 1116.227184][ T5968] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1116.593089][ T839] usb 8-1: USB disconnect, device number 60 [ 1116.696164][T21289] kAFS: No cell specified [ 1116.807227][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3877'. [ 1117.773265][ T839] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 1117.893439][ T6015] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1117.894310][T21310] netlink: 'syz.0.3884': attribute type 4 has an invalid length. [ 1117.933938][ T839] usb 8-1: Using ep0 maxpacket: 8 [ 1117.938172][ T839] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1117.942101][ T839] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1117.946368][ T839] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1117.952047][ T839] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1117.955992][ T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.969430][ T839] hub 8-1:1.0: bad descriptor, ignoring hub [ 1117.972549][ T839] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1117.976107][ T839] cdc_wdm 8-1:1.0: skipping garbage [ 1117.978112][ T839] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1118.043382][ T6015] usb 6-1: Using ep0 maxpacket: 16 [ 1118.047755][ T6015] usb 6-1: config 0 has no interfaces? [ 1118.050067][ T6015] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00 [ 1118.054236][ T6015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1118.063803][ T6015] usb 6-1: config 0 descriptor?? [ 1118.165535][T21318] kAFS: No cell specified [ 1118.278955][ T5968] Bluetooth: hci2: command 0x0406 tx timeout [ 1118.298475][ T839] usb 6-1: USB disconnect, device number 29 [ 1118.326524][ T6015] usb 8-1: USB disconnect, device number 61 [ 1118.461426][T21318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3885'. [ 1118.694474][ T6015] usb 8-1: new full-speed USB device number 62 using dummy_hcd [ 1118.875851][ T6015] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1118.880645][ T6015] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1118.885673][ T6015] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1118.890941][ T6015] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1118.896269][ T6015] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1118.939330][ T6015] hub 8-1:1.0: bad descriptor, ignoring hub [ 1118.943329][ T6015] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1118.953101][ T6015] cdc_wdm 8-1:1.0: skipping garbage [ 1118.960394][ T6015] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1119.201828][T21333] netfs: Couldn't get user pages (rc=-14) [ 1119.273724][ T6015] usb 8-1: USB disconnect, device number 62 [ 1119.551736][T21343] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1119.554198][T21343] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1119.557586][T21343] vhci_hcd vhci_hcd.0: Device attached [ 1119.566254][T21346] kAFS: No cell specified [ 1119.592960][T21343] netlink: 'syz.0.3891': attribute type 10 has an invalid length. [ 1119.664838][T21348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3892'. [ 1119.873413][T17807] usb 38-1: SetAddress Request (105) to port 0 [ 1119.875592][T17807] usb 38-1: new SuperSpeed USB device number 105 using vhci_hcd [ 1120.085871][T21344] vhci_hcd: connection reset by peer [ 1120.088903][T20535] vhci_hcd: stop threads [ 1120.090437][T20535] vhci_hcd: release socket [ 1120.092111][T20535] vhci_hcd: disconnect device [ 1120.117619][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1120.120492][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.266296][T21367] netlink: 'syz.0.3897': attribute type 4 has an invalid length. [ 1121.276528][T21367] netlink: 'syz.0.3897': attribute type 4 has an invalid length. [ 1122.373263][ T53] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1122.484202][T21389] 9pnet_virtio: no channels available for device syz [ 1122.543246][ T53] usb 5-1: Using ep0 maxpacket: 8 [ 1122.546669][ T53] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1122.550780][ T53] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1122.554113][ T53] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1122.559410][ T53] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1122.562783][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1122.574327][ T53] hub 5-1:1.0: bad descriptor, ignoring hub [ 1122.581277][ T53] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1122.584325][ T53] cdc_wdm 5-1:1.0: skipping garbage [ 1122.586459][ T53] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1122.873485][ T839] usb 5-1: USB disconnect, device number 66 [ 1123.223514][ T839] usb 5-1: new full-speed USB device number 67 using dummy_hcd [ 1123.391692][ T839] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1123.397173][ T839] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1123.402454][ T839] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1123.418248][ T839] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1123.427295][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1123.482954][ T839] hub 5-1:1.0: bad descriptor, ignoring hub [ 1123.486797][ T839] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1123.499400][ T839] cdc_wdm 5-1:1.0: skipping garbage [ 1123.502767][ T839] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1123.549929][T21399] vhci_hcd vhci_hcd.0: port 0 already used [ 1123.561279][T21399] netlink: 'syz.2.3905': attribute type 10 has an invalid length. [ 1123.797596][ T6015] usb 5-1: USB disconnect, device number 67 [ 1124.540941][T21411] netlink: 'syz.0.3909': attribute type 4 has an invalid length. [ 1124.593035][T21411] netlink: 'syz.0.3909': attribute type 4 has an invalid length. [ 1124.981601][T17807] usb 38-1: device descriptor read/8, error -110 [ 1125.384227][T17807] usb usb38-port1: attempt power cycle [ 1125.644098][T21426] kAFS: No cell specified [ 1125.826610][T21430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3911'. [ 1126.002337][T17807] usb usb38-port1: unable to enumerate USB device [ 1126.686090][T21435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3916'. [ 1126.695893][T21435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3916'. [ 1126.997539][T17807] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1127.163311][T17807] usb 5-1: Using ep0 maxpacket: 8 [ 1127.166658][T17807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1127.174188][T17807] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1127.177674][T17807] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1127.183022][T17807] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1127.186116][T17807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.195588][T17807] hub 5-1:1.0: bad descriptor, ignoring hub [ 1127.198000][T17807] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1127.205317][T17807] cdc_wdm 5-1:1.0: skipping garbage [ 1127.208694][T17807] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1127.250473][T21441] kAFS: No cell specified [ 1127.416508][T21442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3918'. [ 1127.507845][T17807] usb 5-1: USB disconnect, device number 68 [ 1127.863391][T17807] usb 5-1: new full-speed USB device number 69 using dummy_hcd [ 1128.014456][T17807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1128.018391][T17807] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1128.022292][T17807] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1128.027247][T17807] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1128.031254][T17807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1128.045569][T17807] hub 5-1:1.0: bad descriptor, ignoring hub [ 1128.050636][T17807] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1128.058599][T17807] cdc_wdm 5-1:1.0: skipping garbage [ 1128.061086][T17807] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1128.294004][T17807] usb 5-1: USB disconnect, device number 69 [ 1128.652262][T21463] netlink: 'syz.3.3922': attribute type 4 has an invalid length. [ 1128.682428][T21463] netlink: 'syz.3.3922': attribute type 4 has an invalid length. [ 1130.739284][T21475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3925'. [ 1130.749244][T21475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3925'. [ 1131.055608][T21483] kAFS: No cell specified [ 1131.202633][T21483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3929'. [ 1131.886558][ T53] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1132.043392][ T53] usb 6-1: Using ep0 maxpacket: 8 [ 1132.047592][ T53] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1132.052645][ T53] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1132.056658][ T53] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1132.061853][ T53] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1132.065767][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1132.077433][ T53] hub 6-1:1.0: bad descriptor, ignoring hub [ 1132.079931][ T53] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1132.086191][ T53] cdc_wdm 6-1:1.0: skipping garbage [ 1132.089132][ T53] cdc_wdm 6-1:1.0: skipping garbage [ 1132.091261][ T53] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1132.396041][T17807] usb 6-1: USB disconnect, device number 30 [ 1132.743261][ T6056] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 1133.027614][ T6056] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1133.031639][ T6056] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1133.035763][ T6056] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1133.041398][ T6056] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1133.046966][ T6056] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.057100][ T6056] hub 6-1:1.0: bad descriptor, ignoring hub [ 1133.059320][ T6056] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1133.062204][ T6056] cdc_wdm 6-1:1.0: skipping garbage [ 1133.064422][ T6056] cdc_wdm 6-1:1.0: skipping garbage [ 1133.066621][ T6056] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1133.200168][T21508] netlink: 'syz.2.3935': attribute type 4 has an invalid length. [ 1133.383616][ T6015] usb 6-1: USB disconnect, device number 31 [ 1133.474615][T21518] netlink: 'syz.2.3937': attribute type 4 has an invalid length. [ 1133.489667][T21518] netlink: 'syz.2.3937': attribute type 4 has an invalid length. [ 1133.644562][T21517] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3936'. [ 1134.712786][T21532] kAFS: No cell specified [ 1134.868412][T21535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3940'. [ 1136.984211][T21567] netlink: 'syz.0.3949': attribute type 4 has an invalid length. [ 1137.070674][T21568] netlink: 'syz.0.3949': attribute type 4 has an invalid length. [ 1137.695883][T21574] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3950'. [ 1137.977153][T21585] kAFS: No cell specified [ 1138.016645][T21585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3953'. [ 1138.093759][T17807] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1138.253682][T17807] usb 5-1: Using ep0 maxpacket: 32 [ 1138.264260][T17807] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1138.268919][T17807] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1138.275115][T17807] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1138.280263][T17807] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1138.287112][T17807] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1138.306088][T17807] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1138.309457][T17807] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1138.314399][T17807] usb 5-1: Product: syz [ 1138.316349][T17807] usb 5-1: Manufacturer: syz [ 1138.318576][T17807] usb 5-1: SerialNumber: syz [ 1138.376658][T17807] usb 5-1: config 0 descriptor?? [ 1138.385912][T17807] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1138.414147][T17807] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1138.509340][T21590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3956'. [ 1138.788060][ C0] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 1138.791259][T17807] usb 5-1: USB disconnect, device number 70 [ 1138.794042][T21581] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 1138.797207][T21600] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -19 [ 1138.800458][T17807] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1139.450729][T21611] netlink: 'syz.2.3960': attribute type 4 has an invalid length. [ 1139.467738][T21611] netlink: 'syz.2.3960': attribute type 4 has an invalid length. [ 1139.669927][T21617] kAFS: No cell specified [ 1139.830823][T21623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3962'. [ 1140.022196][T21627] netlink: 'syz.3.3964': attribute type 27 has an invalid length. [ 1141.244415][T21631] binder: 21630:21631 ioctl c0306201 80000180 returned -14 [ 1141.314070][T21628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1141.332270][T21628] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1141.563416][ T839] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 1141.565964][ T24] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1141.713380][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 1141.726533][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1141.743402][ T24] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1141.746735][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1141.749665][ T24] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1141.754272][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1141.758254][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1141.761707][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1141.764832][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1141.768937][ T24] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1141.771841][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1141.785146][ T839] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1141.788304][ T839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.790947][ T839] usb 5-1: Product: syz [ 1141.792417][ T839] usb 5-1: Manufacturer: syz [ 1141.803666][ T24] hub 6-1:1.0: bad descriptor, ignoring hub [ 1141.806137][ T24] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1141.809475][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 1141.811705][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 1141.814205][ T839] usb 5-1: SerialNumber: syz [ 1141.817503][ T24] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1141.822003][ T839] usb 5-1: config 0 descriptor?? [ 1141.836736][ T839] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input103 [ 1142.120989][ T6056] usb 6-1: USB disconnect, device number 32 [ 1142.258242][T21647] netlink: 'syz.0.3967': attribute type 4 has an invalid length. [ 1142.273965][T21647] netlink: 'syz.0.3967': attribute type 4 has an invalid length. [ 1142.329041][T21649] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3971'. [ 1142.350048][T21651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3972'. [ 1142.443321][T17807] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 1142.455898][T21649] infiniband syz0: set down [ 1142.461430][T21649] infiniband syz0: added veth1_vlan [ 1142.464650][T21654] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1142.468101][T21654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3972'. [ 1142.471130][T21654] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3972'. [ 1142.480678][T21649] RDS/IB: syz0: added [ 1142.595287][T17807] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1142.599439][T17807] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1142.603618][T17807] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1142.608872][T17807] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1142.611840][T17807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1142.621545][T17807] hub 6-1:1.0: bad descriptor, ignoring hub [ 1142.624589][T17807] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1142.627792][T17807] cdc_wdm 6-1:1.0: skipping garbage [ 1142.630451][T17807] cdc_wdm 6-1:1.0: skipping garbage [ 1142.633346][T17807] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1142.938427][T17807] usb 6-1: USB disconnect, device number 33 [ 1142.948383][T21659] kAFS: No cell specified [ 1142.999076][T21659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3973'. [ 1143.893879][T21672] netlink: 'syz.3.3977': attribute type 4 has an invalid length. [ 1143.907292][T21672] netlink: 'syz.3.3977': attribute type 4 has an invalid length. [ 1145.632332][ T6056] usb 5-1: USB disconnect, device number 71 [ 1146.230118][T21697] kAFS: No cell specified [ 1146.506628][T21701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3986'. [ 1146.517971][T21702] kAFS: No cell specified [ 1146.636584][T21704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3985'. [ 1147.398445][T21716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3990'. [ 1147.637651][T21719] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3988'. [ 1148.016973][T21724] netlink: 'syz.1.3991': attribute type 4 has an invalid length. [ 1148.065086][T21724] netlink: 'syz.1.3991': attribute type 4 has an invalid length. [ 1148.603803][ T53] usb 5-1: new full-speed USB device number 72 using dummy_hcd [ 1148.775121][ T53] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1148.778438][ T53] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1148.781921][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1148.785681][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1148.789133][ T53] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1148.797974][ T53] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1148.800767][ T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.801363][T21740] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1148.803367][ T53] usb 5-1: Product: syz [ 1148.805957][T21740] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1148.806732][T21740] vhci_hcd vhci_hcd.0: Device attached [ 1148.807353][ T53] usb 5-1: Manufacturer: syz [ 1148.807363][ T53] usb 5-1: SerialNumber: syz [ 1148.817158][ T53] usb 5-1: config 0 descriptor?? [ 1148.821459][ T53] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input104 [ 1148.848803][T21740] netlink: 'syz.1.3995': attribute type 10 has an invalid length. [ 1149.173423][ T6056] usb 40-1: SetAddress Request (100) to port 0 [ 1149.175742][ T6056] usb 40-1: new SuperSpeed USB device number 100 using vhci_hcd [ 1149.251566][T21745] netlink: 'syz.0.3992': attribute type 4 has an invalid length. [ 1149.269258][T21745] netlink: 'syz.0.3992': attribute type 4 has an invalid length. [ 1149.425118][T21741] vhci_hcd: connection reset by peer [ 1149.429197][T20539] vhci_hcd: stop threads [ 1149.432337][T20539] vhci_hcd: release socket [ 1149.434204][T20539] vhci_hcd: disconnect device [ 1149.626695][T21749] kAFS: No cell specified [ 1149.670643][T21749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3997'. [ 1152.076400][T21778] netlink: 'syz.3.4003': attribute type 4 has an invalid length. [ 1152.096911][T21778] netlink: 'syz.3.4003': attribute type 4 has an invalid length. [ 1152.119640][T21776] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4001'. [ 1152.133400][ T5646] usb 5-1: USB disconnect, device number 72 [ 1152.783643][T21794] kAFS: No cell specified [ 1152.833409][ T5646] usb 5-1: new full-speed USB device number 73 using dummy_hcd [ 1152.995033][ T5646] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1152.999138][ T5646] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1153.003684][ T5646] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1153.009990][ T5646] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1153.016037][ T5646] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1153.024733][ T5646] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1153.028660][ T5646] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.053356][ T5646] usb 5-1: Product: syz [ 1153.055633][ T5646] usb 5-1: Manufacturer: syz [ 1153.058077][ T5646] usb 5-1: SerialNumber: syz [ 1153.062762][ T5646] usb 5-1: config 0 descriptor?? [ 1153.073364][ T5646] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input105 [ 1153.084011][T21794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4006'. [ 1153.512939][T21802] netlink: 'syz.0.4013': attribute type 4 has an invalid length. [ 1153.531542][T21802] netlink: 'syz.0.4013': attribute type 4 has an invalid length. [ 1154.274301][ T6056] usb 40-1: device descriptor read/8, error -110 [ 1154.338127][T21812] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1154.822355][T21821] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4014'. [ 1154.907564][ T6056] usb usb40-port1: attempt power cycle [ 1154.983901][T21823] netlink: 'syz.1.4015': attribute type 4 has an invalid length. [ 1155.002054][T21823] netlink: 'syz.1.4015': attribute type 4 has an invalid length. [ 1155.455517][T21828] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4017'. [ 1155.465850][ T6056] usb usb40-port1: unable to enumerate USB device [ 1155.512031][ T6056] usb 5-1: USB disconnect, device number 73 [ 1155.678070][T21837] kAFS: No cell specified [ 1155.737305][T21829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4017'. [ 1155.810341][T21839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4018'. [ 1156.193892][ T53] usb 8-1: new high-speed USB device number 63 using dummy_hcd [ 1156.573382][ T53] usb 8-1: Using ep0 maxpacket: 8 [ 1156.576412][ T53] usb 8-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1156.580026][ T53] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1156.583367][ T53] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1156.587952][ T53] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1156.590929][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1156.606087][ T53] hub 8-1:1.0: bad descriptor, ignoring hub [ 1156.608550][ T53] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1156.611324][ T53] cdc_wdm 8-1:1.0: skipping garbage [ 1156.614387][ T53] cdc_wdm 8-1:1.0: skipping garbage [ 1156.616285][ T53] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1156.719487][T21845] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1156.721560][T21845] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1156.725563][T21845] vhci_hcd vhci_hcd.0: Device attached [ 1156.730185][T21845] netlink: 'syz.0.4020': attribute type 10 has an invalid length. [ 1156.953470][ T5996] usb 8-1: USB disconnect, device number 63 [ 1157.003517][ T53] usb 38-1: SetAddress Request (109) to port 0 [ 1157.006237][ T53] usb 38-1: new SuperSpeed USB device number 109 using vhci_hcd [ 1157.273325][ T5996] usb 8-1: new full-speed USB device number 64 using dummy_hcd [ 1157.332935][T21846] vhci_hcd: connection reset by peer [ 1157.335190][T20550] vhci_hcd: stop threads [ 1157.336734][T20550] vhci_hcd: release socket [ 1157.338332][T20550] vhci_hcd: disconnect device [ 1157.523711][ T5996] usb 8-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 1157.527065][ T5996] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1157.529964][ T5996] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1157.534170][ T5996] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1157.537158][ T5996] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1157.548370][ T5996] hub 8-1:1.0: bad descriptor, ignoring hub [ 1157.550283][ T5996] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1157.552746][ T5996] cdc_wdm 8-1:1.0: skipping garbage [ 1157.565582][ T5996] cdc_wdm 8-1:1.0: skipping garbage [ 1157.567489][ T5996] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1157.853540][ T5996] usb 8-1: USB disconnect, device number 64 [ 1158.473361][T16093] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1158.538201][T21867] netlink: 'syz.3.4026': attribute type 4 has an invalid length. [ 1158.553526][T21867] netlink: 'syz.3.4026': attribute type 4 has an invalid length. [ 1158.608873][T21866] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4024'. [ 1158.623417][T16093] usb 6-1: Using ep0 maxpacket: 16 [ 1158.633986][T16093] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1158.637257][T16093] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1158.640264][T16093] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1158.644483][T16093] usb 6-1: config 1 interface 0 has no altsetting 0 [ 1158.648650][T16093] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1158.652100][T16093] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1158.654670][T16093] usb 6-1: Product: syz [ 1158.655988][T16093] usb 6-1: Manufacturer: syz [ 1158.657578][T16093] usb 6-1: SerialNumber: syz [ 1158.775373][T21872] kAFS: No cell specified [ 1158.850294][T21874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4027'. [ 1159.347694][ T40] audit: type=1800 audit(1759777026.336:336): pid=21882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4031" name="file1" dev="tmpfs" ino=2223 res=0 errno=0 [ 1160.004301][T21885] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1160.007052][T21885] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1160.012478][T21885] vhci_hcd vhci_hcd.0: Device attached [ 1160.014295][T16093] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 1160.314056][ T5646] usb 44-1: SetAddress Request (100) to port 0 [ 1160.316891][ T5646] usb 44-1: new SuperSpeed USB device number 100 using vhci_hcd [ 1161.089835][T21886] vhci_hcd: connection reset by peer [ 1161.096412][T20554] vhci_hcd: stop threads [ 1161.098651][T20554] vhci_hcd: release socket [ 1161.101312][T20554] vhci_hcd: disconnect device [ 1161.338152][T21896] vhci_hcd vhci_hcd.0: port 0 already used [ 1161.362218][T21896] netlink: 'syz.2.4032': attribute type 10 has an invalid length. [ 1161.983371][ T5996] usb 8-1: new high-speed USB device number 65 using dummy_hcd [ 1162.043408][ T53] usb 38-1: device descriptor read/8, error -110 [ 1162.143333][ T5996] usb 8-1: Using ep0 maxpacket: 8 [ 1162.147665][ T5996] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1162.151768][ T5996] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1162.155639][ T5996] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1162.161471][ T5996] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1162.165620][ T5996] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1162.174816][ T5996] hub 8-1:1.0: bad descriptor, ignoring hub [ 1162.177375][ T5996] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1162.180907][ T5996] cdc_wdm 8-1:1.0: skipping garbage [ 1162.183760][ T5996] cdc_wdm 8-1:1.0: skipping garbage [ 1162.186419][ T5996] cdc_wdm 8-1:1.0: skipping garbage [ 1162.188454][ T5996] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1162.308354][T16093] usb 6-1: USB disconnect, device number 34 [ 1162.314696][T16093] usblp0: removed [ 1162.458427][ T53] usb usb38-port1: attempt power cycle [ 1162.483550][ T7065] usb 8-1: USB disconnect, device number 65 [ 1162.792600][T21911] siw: device registration error -23 [ 1162.793472][T21908] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4036'. [ 1162.813638][T16093] usb 8-1: new full-speed USB device number 66 using dummy_hcd [ 1162.964862][T16093] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1162.969262][T16093] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1162.972882][T16093] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1162.978482][T16093] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1162.982895][T16093] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1162.996031][T16093] hub 8-1:1.0: bad descriptor, ignoring hub [ 1162.999014][T16093] hub 8-1:1.0: probe with driver hub failed with error -5 [ 1163.002759][T16093] cdc_wdm 8-1:1.0: skipping garbage [ 1163.004911][T16093] cdc_wdm 8-1:1.0: skipping garbage [ 1163.007048][T16093] cdc_wdm 8-1:1.0: skipping garbage [ 1163.009211][T16093] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1163.023825][ T53] usb usb38-port1: unable to enumerate USB device [ 1163.278548][T21914] batadv_slave_1: entered promiscuous mode [ 1163.282191][T21913] batadv_slave_1: left promiscuous mode [ 1163.303885][T16093] usb 8-1: USB disconnect, device number 66 [ 1163.405521][T21919] kAFS: No cell specified [ 1163.561699][T21921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4040'. [ 1164.554074][ T839] usb 6-1: new full-speed USB device number 35 using dummy_hcd [ 1164.811551][ T839] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1164.816988][ T839] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1164.832565][ T839] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1164.841444][ T839] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1164.846009][ T839] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1164.862256][ T839] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1164.869554][ T839] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.873517][ T839] usb 6-1: Product: syz [ 1164.875098][ T839] usb 6-1: Manufacturer: syz [ 1164.878473][ T839] usb 6-1: SerialNumber: syz [ 1164.886880][ T839] usb 6-1: config 0 descriptor?? [ 1164.914740][ T839] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input106 [ 1164.977914][T21943] vhci_hcd vhci_hcd.0: port 0 already used [ 1164.984304][T21943] netlink: 'syz.2.4045': attribute type 10 has an invalid length. [ 1165.497857][ T5646] usb 44-1: device descriptor read/8, error -110 [ 1165.674389][T21948] netlink: 'syz.1.4043': attribute type 4 has an invalid length. [ 1165.682356][T21948] netlink: 'syz.1.4043': attribute type 4 has an invalid length. [ 1166.062803][T21952] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4046'. [ 1166.133869][ T5646] usb usb44-port1: attempt power cycle [ 1166.405544][T21965] kAFS: No cell specified [ 1166.516173][T21969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4051'. [ 1166.751834][ T5646] usb usb44-port1: unable to enumerate USB device [ 1167.289406][ T5646] usb 6-1: USB disconnect, device number 35 [ 1167.345523][T21972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4053'. [ 1167.349386][T21972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4053'. [ 1167.722916][T21987] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1167.725736][T21987] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1167.734618][T21987] vhci_hcd vhci_hcd.0: Device attached [ 1167.739728][T21987] netlink: 'syz.1.4056': attribute type 10 has an invalid length. [ 1168.013306][T16093] usb 40-1: SetAddress Request (104) to port 0 [ 1168.015993][T16093] usb 40-1: new SuperSpeed USB device number 104 using vhci_hcd [ 1168.190885][T21983] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1168.192964][T21983] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1168.196464][T21983] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1168.198498][T21983] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1168.264529][T21988] vhci_hcd: connection reset by peer [ 1168.267876][T20555] vhci_hcd: stop threads [ 1168.269981][T20555] vhci_hcd: release socket [ 1168.271945][T20555] vhci_hcd: disconnect device [ 1168.327867][T22000] veth1_to_batadv: entered allmulticast mode [ 1168.330000][T22000] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 1168.670646][T22006] kAFS: No cell specified [ 1168.793543][T22006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4061'. [ 1169.686619][T22017] kAFS: No cell specified [ 1169.713408][ T5968] Bluetooth: hci4: command 0x0406 tx timeout [ 1169.870378][T22020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4064'. [ 1170.273371][ T5968] Bluetooth: hci2: command 0x0406 tx timeout [ 1170.454621][T22021] netlink: 'syz.2.4063': attribute type 4 has an invalid length. [ 1170.475268][T22021] netlink: 'syz.2.4063': attribute type 4 has an invalid length. [ 1170.676777][T22032] tipc: Started in network mode [ 1170.678527][T22032] tipc: Node identity 02f190293376, cluster identity 4711 [ 1170.680872][T22032] tipc: Enabled bearer , priority 0 [ 1170.697620][T22032] tipc: Disabling bearer [ 1171.006643][T22039] netlink: 'syz.0.4065': attribute type 4 has an invalid length. [ 1171.100528][T22041] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1171.102602][T22041] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1171.106888][T22041] vhci_hcd vhci_hcd.0: Device attached [ 1171.111057][T22041] netlink: 'syz.3.4070': attribute type 10 has an invalid length. [ 1171.253455][T22034] netlink: 'syz.0.4065': attribute type 4 has an invalid length. [ 1171.368100][T22046] kAFS: No cell specified [ 1171.433487][ T53] usb 44-1: SetAddress Request (104) to port 0 [ 1171.435725][ T53] usb 44-1: new SuperSpeed USB device number 104 using vhci_hcd [ 1171.465817][T22046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4071'. [ 1171.749674][T22042] vhci_hcd: connection reset by peer [ 1171.752273][T20555] vhci_hcd: stop threads [ 1171.755553][T20555] vhci_hcd: release socket [ 1171.757903][T20555] vhci_hcd: disconnect device [ 1171.793391][ T5968] Bluetooth: hci4: command 0x0406 tx timeout [ 1172.141455][T22033] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4067'. [ 1172.575319][T22059] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1172.577415][T22059] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1172.580287][T22059] vhci_hcd vhci_hcd.0: Device attached [ 1172.586547][T22059] netlink: 'syz.3.4074': attribute type 10 has an invalid length. [ 1173.083334][T16093] usb 40-1: device descriptor read/8, error -110 [ 1173.196420][T22060] vhci_hcd: connection closed [ 1173.196864][T20557] vhci_hcd: stop threads [ 1173.201187][T20557] vhci_hcd: release socket [ 1173.205143][T20557] vhci_hcd: disconnect device [ 1173.384993][T22070] netlink: 'syz.1.4077': attribute type 4 has an invalid length. [ 1173.406736][T22070] netlink: 'syz.1.4077': attribute type 4 has an invalid length. [ 1173.484247][T16093] usb usb40-port1: attempt power cycle [ 1173.806688][T22075] fuse: Unknown parameter '000000000000000000000030x0000000000000004' [ 1173.931965][T22080] kAFS: No cell specified [ 1173.940695][T22079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4081'. [ 1173.949635][T22079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4081'. [ 1174.045417][T22084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4080'. [ 1174.206346][T16093] usb usb40-port1: unable to enumerate USB device [ 1174.328765][T22089] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1174.331001][T22089] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1174.335564][T22089] vhci_hcd vhci_hcd.0: Device attached [ 1174.385918][T22089] netlink: 'syz.0.4082': attribute type 10 has an invalid length. [ 1174.457162][T22092] netlink: 'syz.1.4083': attribute type 4 has an invalid length. [ 1174.604126][ T24] usb 38-1: SetAddress Request (113) to port 0 [ 1174.606910][ T24] usb 38-1: new SuperSpeed USB device number 113 using vhci_hcd [ 1174.917432][T22090] vhci_hcd: connection reset by peer [ 1174.919560][T20554] vhci_hcd: stop threads [ 1174.921819][T20554] vhci_hcd: release socket [ 1174.924790][T20554] vhci_hcd: disconnect device [ 1175.324078][ T40] audit: type=1800 audit(1759777042.316:337): pid=22104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4087" name="file1" dev="tmpfs" ino=2136 res=0 errno=0 [ 1175.513314][T17807] usb 6-1: new full-speed USB device number 36 using dummy_hcd [ 1175.639770][T22106] vhci_hcd vhci_hcd.0: port 0 already used [ 1175.760306][T17807] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1175.763876][T17807] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1175.767665][T17807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1175.771545][T17807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1175.775803][T17807] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1175.782947][T17807] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1175.785944][T17807] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1175.788746][T17807] usb 6-1: Product: syz [ 1175.790996][T17807] usb 6-1: Manufacturer: syz [ 1175.793839][T17807] usb 6-1: SerialNumber: syz [ 1175.833565][T17807] usb 6-1: config 0 descriptor?? [ 1175.858298][T17807] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input107 [ 1175.937356][T16093] usb 8-1: new full-speed USB device number 67 using dummy_hcd [ 1176.094651][T16093] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1176.098185][T16093] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1176.101927][T16093] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1176.105798][T16093] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1176.109202][T16093] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1176.114974][T16093] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1176.117830][T16093] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1176.120410][T16093] usb 8-1: Product: syz [ 1176.121829][T16093] usb 8-1: Manufacturer: syz [ 1176.123662][T16093] usb 8-1: SerialNumber: syz [ 1176.128147][T16093] usb 8-1: config 0 descriptor?? [ 1176.140868][T16093] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input108 [ 1176.434819][T22117] validate_nla: 1 callbacks suppressed [ 1176.434831][T22117] netlink: 'syz.1.4086': attribute type 4 has an invalid length. [ 1176.444028][T22117] netlink: 'syz.1.4086': attribute type 4 has an invalid length. [ 1176.523368][ T53] usb 44-1: device descriptor read/8, error -110 [ 1176.933979][ T53] usb usb44-port1: attempt power cycle [ 1177.107721][T22130] kAFS: No cell specified [ 1177.135658][T22130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4092'. [ 1177.494416][ T53] usb usb44-port1: unable to enumerate USB device [ 1178.206156][T22137] netlink: 'syz.0.4094': attribute type 4 has an invalid length. [ 1178.216428][T22137] netlink: 'syz.0.4094': attribute type 4 has an invalid length. [ 1178.345715][ T5646] usb 6-1: USB disconnect, device number 36 [ 1178.699837][ T5646] usb 8-1: USB disconnect, device number 67 [ 1178.757185][T22144] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 1178.759277][T22144] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1178.761957][T22144] vhci_hcd vhci_hcd.0: Device attached [ 1178.766084][T22144] netlink: 'syz.1.4096': attribute type 10 has an invalid length. [ 1179.033317][ T839] usb 40-1: SetAddress Request (108) to port 0 [ 1179.036853][ T839] usb 40-1: new SuperSpeed USB device number 108 using vhci_hcd [ 1179.376953][T22155] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4097'. [ 1179.403309][T22145] vhci_hcd: connection reset by peer [ 1179.405879][T20521] vhci_hcd: stop threads [ 1179.407976][T20521] vhci_hcd: release socket [ 1179.410104][T20521] vhci_hcd: disconnect device [ 1179.509149][T22157] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4099'. [ 1179.633745][ T24] usb 38-1: device descriptor read/8, error -110 [ 1179.797042][ T40] audit: type=1326 audit(1759777046.786:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.805323][ T40] audit: type=1326 audit(1759777046.786:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.811810][T22160] lo: entered promiscuous mode [ 1179.812082][ T40] audit: type=1326 audit(1759777046.786:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.816228][T22160] lo: left promiscuous mode [ 1179.821801][ T40] audit: type=1326 audit(1759777046.786:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.830589][ T40] audit: type=1326 audit(1759777046.786:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.837857][ T40] audit: type=1326 audit(1759777046.786:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.845987][ T40] audit: type=1326 audit(1759777046.786:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.852814][ T40] audit: type=1326 audit(1759777046.786:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.860440][ T40] audit: type=1326 audit(1759777046.786:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22159 comm="syz.3.4100" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 1179.871584][T22160] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4100'. [ 1179.875143][T22160] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4100'. [ 1180.053463][T22168] kAFS: No cell specified [ 1180.133888][T22171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4102'. [ 1180.197849][ T24] usb usb38-port1: attempt power cycle [ 1180.273462][ T53] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 1180.441085][ T53] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1180.446547][ T53] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1180.451585][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1180.457310][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1180.461149][ T53] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1180.480945][ T53] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1180.486386][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1180.489961][ T53] usb 6-1: Product: syz [ 1180.491939][ T53] usb 6-1: Manufacturer: syz [ 1180.494280][ T53] usb 6-1: SerialNumber: syz [ 1180.534282][ T53] usb 6-1: config 0 descriptor?? [ 1180.655997][ T53] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input109 [ 1181.251036][ T24] usb usb38-port1: unable to enumerate USB device [ 1181.432236][T22188] netfs: Couldn't get user pages (rc=-14) [ 1181.472036][T22190] netlink: 'syz.0.4106': attribute type 4 has an invalid length. [ 1181.491894][T22190] netlink: 'syz.0.4106': attribute type 4 has an invalid length. [ 1181.554898][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1181.557133][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1181.932666][T22164] netlink: 'syz.1.4103': attribute type 4 has an invalid length. [ 1181.947707][T22164] netlink: 'syz.1.4103': attribute type 4 has an invalid length. [ 1183.066149][T22195] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4109'. [ 1183.074297][ T6015] usb 6-1: USB disconnect, device number 37 [ 1183.182025][T22204] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1183.184945][T22204] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1183.190180][T22204] vhci_hcd vhci_hcd.0: Device attached [ 1183.246626][T22204] netlink: 'syz.3.4111': attribute type 10 has an invalid length. [ 1183.483413][ T6056] usb 44-1: SetAddress Request (108) to port 0 [ 1183.485808][ T6056] usb 44-1: new SuperSpeed USB device number 108 using vhci_hcd [ 1183.723321][T17807] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1183.794280][T22205] vhci_hcd: connection reset by peer [ 1183.796846][T20521] vhci_hcd: stop threads [ 1183.798207][T20521] vhci_hcd: release socket [ 1183.799753][T20521] vhci_hcd: disconnect device [ 1183.883373][T17807] usb 5-1: Using ep0 maxpacket: 8 [ 1183.886944][T17807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1183.890368][T17807] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1183.893234][T17807] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1183.896922][T17807] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1183.900687][T17807] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1183.904775][T17807] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1183.908095][T17807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1183.914716][T17807] hub 5-1:1.0: bad descriptor, ignoring hub [ 1183.916755][T17807] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1183.919502][T17807] cdc_wdm 5-1:1.0: skipping garbage [ 1183.921235][T17807] cdc_wdm 5-1:1.0: skipping garbage [ 1183.922893][T17807] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1184.089314][T22215] kAFS: No cell specified [ 1184.113515][ T839] usb 40-1: device descriptor read/8, error -110 [ 1184.124763][T22215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4114'. [ 1184.234861][ T53] usb 5-1: USB disconnect, device number 74 [ 1184.604099][ T53] usb 5-1: new full-speed USB device number 75 using dummy_hcd [ 1184.787576][ T839] usb usb40-port1: attempt power cycle [ 1184.799272][ T53] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1184.806254][ T53] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1184.810376][ T53] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1184.816693][ T53] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 26984, setting to 64 [ 1184.823358][ T53] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1184.827742][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1184.857150][T22210] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1184.876653][ T53] hub 5-1:1.0: bad descriptor, ignoring hub [ 1184.888004][ T53] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1184.897875][ T53] cdc_wdm 5-1:1.0: skipping garbage [ 1184.903063][ T53] cdc_wdm 5-1:1.0: skipping garbage [ 1184.906007][ T53] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1185.213385][ T53] usb 5-1: USB disconnect, device number 75 [ 1185.520843][T22236] netlink: zone id is out of range [ 1185.522475][T22236] netlink: zone id is out of range [ 1185.531034][T22236] netlink: zone id is out of range [ 1185.532673][T22236] netlink: zone id is out of range [ 1185.693372][T22236] netlink: zone id is out of range [ 1185.695266][T22236] netlink: zone id is out of range [ 1185.777268][T22236] netlink: zone id is out of range [ 1185.780094][T22236] netlink: zone id is out of range [ 1185.782555][T22236] netlink: zone id is out of range [ 1185.816953][T22236] netlink: set zone limit has 4 unknown bytes [ 1185.943810][ T839] usb usb40-port1: unable to enumerate USB device [ 1186.165575][T22248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 1186.168060][T22248] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1186.170877][T22248] vhci_hcd vhci_hcd.0: Device attached [ 1186.389621][T22261] kAFS: No cell specified [ 1186.470934][T22261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4129'. [ 1186.547040][ T53] usb 8-1: new full-speed USB device number 68 using dummy_hcd [ 1186.813253][T16093] usb 38-1: SetAddress Request (117) to port 0 [ 1186.815308][T16093] usb 38-1: new SuperSpeed USB device number 117 using vhci_hcd [ 1187.269270][ T53] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1187.282554][ T53] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1187.287589][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1187.292501][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1187.296229][ T53] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1187.328567][ T53] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1187.333815][ T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1187.336439][ T53] usb 8-1: Product: syz [ 1187.337852][ T53] usb 8-1: Manufacturer: syz [ 1187.339523][ T53] usb 8-1: SerialNumber: syz [ 1187.351028][ T53] usb 8-1: config 0 descriptor?? [ 1187.414951][ T53] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input110 [ 1187.833707][T22253] vhci_hcd: connection reset by peer [ 1187.836219][T20521] vhci_hcd: stop threads [ 1187.837612][T20521] vhci_hcd: release socket [ 1187.839066][T20521] vhci_hcd: disconnect device [ 1187.882173][T22274] netlink: 'syz.3.4126': attribute type 4 has an invalid length. [ 1187.908091][T22274] netlink: 'syz.3.4126': attribute type 4 has an invalid length. [ 1188.515649][ T6056] usb 44-1: device descriptor read/8, error -110 [ 1188.637632][ T53] IPVS: starting estimator thread 0... [ 1188.723361][T22287] IPVS: using max 45 ests per chain, 108000 per kthread [ 1188.886178][T22289] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 1188.888366][T22289] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1188.891190][T22289] vhci_hcd vhci_hcd.0: Device attached [ 1188.913843][ T6056] usb usb44-port1: attempt power cycle [ 1189.258857][T21783] usb 8-1: USB disconnect, device number 68 [ 1189.285078][T22295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4138'. [ 1189.437780][T22300] kAFS: No cell specified [ 1189.477946][T22290] vhci_hcd: connection closed [ 1189.478430][T20521] vhci_hcd: stop threads [ 1189.485003][T20521] vhci_hcd: release socket [ 1189.491142][ T6056] usb usb44-port1: unable to enumerate USB device [ 1189.497651][T20521] vhci_hcd: disconnect device [ 1189.521625][T22300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4140'. [ 1190.821767][T22311] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1190.824591][T22311] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1190.829029][T22311] vhci_hcd vhci_hcd.0: Device attached [ 1190.941416][T22311] netlink: 'syz.3.4143': attribute type 10 has an invalid length. [ 1191.157405][ T5996] usb 44-1: SetAddress Request (112) to port 0 [ 1191.160103][ T5996] usb 44-1: new SuperSpeed USB device number 112 using vhci_hcd [ 1191.443342][ T53] usb 5-1: new full-speed USB device number 76 using dummy_hcd [ 1191.530483][T22323] netlink: 'syz.2.4144': attribute type 4 has an invalid length. [ 1191.596062][ T53] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1191.600986][ T53] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1191.606552][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1191.612182][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1191.616574][ T53] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1191.623953][ T53] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1191.627731][ T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.629420][T22323] netlink: 'syz.2.4144': attribute type 4 has an invalid length. [ 1191.631260][ T53] usb 5-1: Product: syz [ 1191.635593][ T53] usb 5-1: Manufacturer: syz [ 1191.637698][ T53] usb 5-1: SerialNumber: syz [ 1191.642312][ T53] usb 5-1: config 0 descriptor?? [ 1191.651801][ T53] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input111 [ 1191.822861][T22312] vhci_hcd: connection reset by peer [ 1191.827292][T20557] vhci_hcd: stop threads [ 1191.829049][T20557] vhci_hcd: release socket [ 1191.830814][T20557] vhci_hcd: disconnect device [ 1192.185571][T22325] netlink: 'syz.0.4147': attribute type 4 has an invalid length. [ 1192.198208][T22325] netlink: 'syz.0.4147': attribute type 4 has an invalid length. [ 1192.203276][T16093] usb 38-1: device descriptor read/8, error -110 [ 1192.594196][T16093] usb usb38-port1: attempt power cycle [ 1192.643352][ T6015] usb 8-1: new high-speed USB device number 69 using dummy_hcd [ 1192.793341][ T6015] usb 8-1: Using ep0 maxpacket: 16 [ 1192.797714][ T6015] usb 8-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1192.801798][ T6015] usb 8-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1192.807237][ T6015] usb 8-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1192.813594][ T6015] usb 8-1: config 1 interface 0 has no altsetting 0 [ 1192.818972][ T6015] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1192.822760][ T6015] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1192.826832][ T6015] usb 8-1: Product: syz [ 1192.828760][ T6015] usb 8-1: Manufacturer: syz [ 1192.831016][ T6015] usb 8-1: SerialNumber: syz [ 1193.045531][ T6015] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 69 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 1193.132828][T22331] kAFS: No cell specified [ 1193.143371][T22333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4150'. [ 1193.146250][T22333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4150'. [ 1193.174639][T22335] macvtap0: Device is already in use. [ 1193.228047][T22331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4149'. [ 1193.361387][T16093] usb usb38-port1: unable to enumerate USB device [ 1193.413853][T22341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1193.414336][T22328] usblp0:failed reading printer status (-32) [ 1193.421383][T22341] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1193.426423][T21783] usb 8-1: USB disconnect, device number 69 [ 1193.429889][T21783] usblp0: removed [ 1193.433374][ T5646] vhci_hcd: vhci_device speed not set [ 1194.016612][T22346] kAFS: No cell specified [ 1194.134351][T22349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4153'. [ 1194.230724][T21783] usb 5-1: USB disconnect, device number 76 [ 1194.876908][T22354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4156'. [ 1194.880029][T22354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4156'. [ 1195.132227][T22357] netfs: Couldn't get user pages (rc=-14) [ 1195.551329][T22366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4166'. [ 1195.556500][T22366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4166'. [ 1196.193618][ T5996] usb 44-1: device descriptor read/8, error -110 [ 1196.302724][T22374] kAFS: No cell specified [ 1196.334292][T22375] binder: 22370:22375 unknown command 0 [ 1196.336272][T22375] binder: 22370:22375 ioctl c0306201 800001c0 returned -22 [ 1196.384159][T22374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4159'. [ 1197.005554][ T5996] usb usb44-port1: attempt power cycle [ 1197.086908][T22384] netlink: 'syz.3.4162': attribute type 4 has an invalid length. [ 1197.111344][T22384] netlink: 'syz.3.4162': attribute type 4 has an invalid length. [ 1197.229044][T22389] kAFS: No cell specified [ 1197.328679][T22389] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4164'. [ 1197.713997][ T5996] usb usb44-port1: unable to enumerate USB device [ 1198.145974][ T40] kauditd_printk_skb: 79 callbacks suppressed [ 1198.145987][ T40] audit: type=1326 audit(1759777065.136:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22402 comm="syz.1.4169" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x0 [ 1198.186070][T22407] binder: 22406:22407 ioctl c0306201 80000480 returned -14 [ 1198.363262][ T839] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1198.523226][ T839] usb 5-1: Using ep0 maxpacket: 8 [ 1198.529220][ T839] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1198.532608][ T839] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1199.211061][ T839] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1199.235712][ T839] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1199.240665][ T839] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1199.246776][ T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.260983][ T839] hub 5-1:1.0: bad descriptor, ignoring hub [ 1199.264601][ T839] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1199.268515][ T839] cdc_wdm 5-1:1.0: skipping garbage [ 1199.270654][ T839] cdc_wdm 5-1:1.0: skipping garbage [ 1199.279871][ T839] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1199.282631][ T839] cdc_wdm 5-1:1.0: Unknown control protocol [ 1200.265216][T22427] kAFS: No cell specified [ 1200.294279][T22399] cdc_wdm 5-1:1.0: Error autopm - -16 [ 1200.295778][T16093] usb 5-1: USB disconnect, device number 77 [ 1200.300790][T22427] __nla_validate_parse: 1 callbacks suppressed [ 1200.300809][T22427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4177'. [ 1200.388926][T22431] bridge_slave_0: entered promiscuous mode [ 1200.396704][ T5968] Bluetooth: hci0: unexpected event for opcode 0x0c2d [ 1200.397172][T22431] siw: device registration error -23 [ 1200.462663][T22432] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4175'. [ 1200.499819][T22429] bridge_slave_0: left promiscuous mode [ 1201.253872][ T839] kernel write not supported for file /input/event2 (pid: 839 comm: kworker/2:2) [ 1201.698296][T22457] netlink: 'syz.0.4183': attribute type 4 has an invalid length. [ 1201.722754][T22457] netlink: 'syz.0.4183': attribute type 4 has an invalid length. [ 1201.891697][T22462] 9pnet_virtio: no channels available for device syz [ 1202.889714][T22474] kAFS: No cell specified [ 1203.009882][T22479] kAFS: No cell specified [ 1203.068499][T22482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4189'. [ 1203.122013][T22481] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4187'. [ 1203.136975][T22483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4190'. [ 1203.813381][ T5996] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1203.897034][T22494] binder: 22489:22494 ioctl 8933 80000000 returned -22 [ 1203.964772][ T5996] usb 5-1: Using ep0 maxpacket: 8 [ 1203.972308][ T5996] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1203.976695][ T5996] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1203.978740][T22494] binder: 22489:22494 ioctl 80247008 80000940 returned -22 [ 1203.979943][ T5996] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1203.988730][ T5996] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1203.997573][ T5996] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1204.004805][ T5996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1204.050930][ T5996] hub 5-1:1.0: bad descriptor, ignoring hub [ 1204.064691][ T5996] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1204.077467][ T5996] cdc_wdm 5-1:1.0: skipping garbage [ 1204.083432][ T5996] cdc_wdm 5-1:1.0: skipping garbage [ 1204.098014][ T5996] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1204.106298][ T5996] cdc_wdm 5-1:1.0: Unknown control protocol [ 1204.363930][ T9] usb 5-1: USB disconnect, device number 78 [ 1204.927723][T22512] netfs: Couldn't get user pages (rc=-14) [ 1205.178306][T22514] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4197'. [ 1205.211347][T22516] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4198'. [ 1205.233535][T22517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4197'. [ 1205.237311][T22517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4197'. [ 1205.411885][T22524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4200'. [ 1205.466143][T22524] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4200'. [ 1206.608655][T22544] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4208'. [ 1206.713375][ T9] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1207.108665][T22555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4209'. [ 1207.212524][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1207.383809][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1207.387418][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1207.394783][ T9] usb 5-1: config 0 descriptor?? [ 1207.712247][T22562] vhci_hcd vhci_hcd.0: port 0 already used [ 1207.829337][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 1207.831833][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1207.838895][ T40] audit: type=1800 audit(1759777074.826:427): pid=22562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4212" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 1207.840717][ T9] usb 5-1: USB disconnect, device number 79 [ 1207.858182][T22561] delete_channel: no stack [ 1207.955330][T22570] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1207.958312][T22570] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1207.962200][T22570] vhci_hcd vhci_hcd.0: Device attached [ 1207.968556][T22570] netlink: 'syz.3.4213': attribute type 10 has an invalid length. [ 1208.233332][T16093] usb 44-1: SetAddress Request (116) to port 0 [ 1208.236489][T16093] usb 44-1: new SuperSpeed USB device number 116 using vhci_hcd [ 1208.243238][ T9] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1208.393265][ T5996] delete_channel: no stack [ 1208.403365][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1208.408070][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1208.416840][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 1208.420505][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1208.426143][ T9] usb 5-1: config 0 descriptor?? [ 1208.430985][ T9] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1208.436130][ T9] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1208.560930][T22571] vhci_hcd: connection reset by peer [ 1208.563055][T20570] vhci_hcd: stop threads [ 1208.565545][T20570] vhci_hcd: release socket [ 1208.568184][T20570] vhci_hcd: disconnect device [ 1208.928239][T22579] 9pnet_virtio: no channels available for device syz [ 1209.269840][ T53] usb 5-1: USB disconnect, device number 80 [ 1209.362529][ T53] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1209.556773][T22587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4217'. [ 1209.559553][T22587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4217'. [ 1209.659502][T22590] kAFS: No cell specified [ 1209.767733][T22590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4218'. [ 1209.854964][T22595] FAULT_INJECTION: forcing a failure. [ 1209.854964][T22595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1209.861092][T22595] CPU: 0 UID: 0 PID: 22595 Comm: syz.3.4220 Not tainted syzkaller #0 PREEMPT(full) [ 1209.861118][T22595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1209.861130][T22595] Call Trace: [ 1209.861136][T22595] [ 1209.861142][T22595] dump_stack_lvl+0x16c/0x1f0 [ 1209.861170][T22595] should_fail_ex+0x512/0x640 [ 1209.861204][T22595] _copy_to_user+0x32/0xd0 [ 1209.861246][T22595] simple_read_from_buffer+0xcb/0x170 [ 1209.861277][T22595] proc_fail_nth_read+0x197/0x240 [ 1209.861297][T22595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1209.861319][T22595] ? rw_verify_area+0xcf/0x6c0 [ 1209.861334][T22595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1209.861354][T22595] vfs_read+0x1e1/0xcf0 [ 1209.861378][T22595] ? __pfx_vfs_read+0x10/0x10 [ 1209.861394][T22595] ? find_held_lock+0x2b/0x80 [ 1209.861421][T22595] ? __fget_files+0x20e/0x3c0 [ 1209.861447][T22595] ksys_read+0x12a/0x250 [ 1209.861464][T22595] ? __pfx_ksys_read+0x10/0x10 [ 1209.861485][T22595] ? rcu_is_watching+0x12/0xc0 [ 1209.861509][T22595] __do_fast_syscall_32+0x7c/0x300 [ 1209.861531][T22595] do_fast_syscall_32+0x32/0x80 [ 1209.861565][T22595] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1209.861586][T22595] RIP: 0023:0xf707e579 [ 1209.861599][T22595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1209.861615][T22595] RSP: 002b:00000000f546e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1209.861631][T22595] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f546e620 [ 1209.861643][T22595] RDX: 000000000000000f RSI: 00000000f7415ff4 RDI: 0000000000000000 [ 1209.861652][T22595] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1209.861660][T22595] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1209.861671][T22595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1209.861693][T22595] [ 1210.203396][ T9] usb 8-1: new full-speed USB device number 70 using dummy_hcd [ 1210.355327][ T9] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1210.358972][ T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1210.364244][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1210.367980][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1210.371109][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1210.377560][ T9] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1210.380435][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1210.383040][ T9] usb 8-1: Product: syz [ 1210.384484][ T9] usb 8-1: Manufacturer: syz [ 1210.386232][ T9] usb 8-1: SerialNumber: syz [ 1210.389651][ T9] usb 8-1: config 0 descriptor?? [ 1210.398174][ T9] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input112 [ 1210.894389][ T839] usb 5-1: new full-speed USB device number 81 using dummy_hcd [ 1210.967896][T22606] netlink: 'syz.3.4222': attribute type 4 has an invalid length. [ 1210.992720][T22606] netlink: 'syz.3.4222': attribute type 4 has an invalid length. [ 1211.055591][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1211.059960][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1211.073229][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1211.074138][T22611] vhci_hcd vhci_hcd.0: port 0 already used [ 1211.079206][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1211.079223][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1211.092682][ T839] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1211.098172][ T839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1211.102251][ T839] usb 5-1: Product: syz [ 1211.104793][T22611] netlink: 'syz.2.4225': attribute type 10 has an invalid length. [ 1211.108199][ T839] usb 5-1: Manufacturer: syz [ 1211.110286][ T839] usb 5-1: SerialNumber: syz [ 1211.114686][ T839] usb 5-1: config 0 descriptor?? [ 1211.122847][ T839] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input113 [ 1211.752882][T22616] netlink: 'syz.0.4221': attribute type 4 has an invalid length. [ 1211.768114][T22616] netlink: 'syz.0.4221': attribute type 4 has an invalid length. [ 1212.376716][T22623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4227'. [ 1212.380915][T22623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4227'. [ 1212.541840][T22628] kAFS: No cell specified [ 1212.686324][T22630] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4229'. [ 1213.313399][T16093] usb 44-1: device descriptor read/8, error -110 [ 1213.428594][ T6056] usb 8-1: USB disconnect, device number 70 [ 1213.742794][T22642] netfs: Couldn't get user pages (rc=-14) [ 1213.746648][T16093] usb usb44-port1: attempt power cycle [ 1214.131249][ T6056] usb 5-1: USB disconnect, device number 81 [ 1214.472884][T16093] usb usb44-port1: unable to enumerate USB device [ 1214.601715][T22647] vhci_hcd vhci_hcd.0: port 0 already used [ 1214.697560][T22652] netlink: 'syz.0.4233': attribute type 10 has an invalid length. [ 1215.849575][T22666] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4236'. [ 1216.419346][T22669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4237'. [ 1216.422361][T22669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4237'. [ 1219.267231][T22704] kAFS: No cell specified [ 1219.504452][T22704] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4246'. [ 1219.574066][T22707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4247'. [ 1219.577614][T22707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4247'. [ 1220.553347][T16093] usb 5-1: new full-speed USB device number 82 using dummy_hcd [ 1220.715206][T16093] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1220.720506][T16093] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1220.726936][T16093] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1220.733053][T16093] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1220.738132][T16093] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1220.747918][T16093] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1220.752478][T16093] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1220.757001][T16093] usb 5-1: Product: syz [ 1220.759419][T16093] usb 5-1: Manufacturer: syz [ 1220.762040][T16093] usb 5-1: SerialNumber: syz [ 1220.769224][T16093] usb 5-1: config 0 descriptor?? [ 1220.792872][T16093] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input114 [ 1221.436147][T22732] netlink: 'syz.0.4258': attribute type 4 has an invalid length. [ 1221.460572][T22732] netlink: 'syz.0.4258': attribute type 4 has an invalid length. [ 1221.557781][T22733] netlink: 'syz.1.4251': attribute type 4 has an invalid length. [ 1221.609433][T22733] netlink: 'syz.1.4251': attribute type 4 has an invalid length. [ 1222.560860][T22740] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4255'. [ 1222.589082][T22740] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4255'. [ 1222.662213][T22742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4253'. [ 1222.768468][T22745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4256'. [ 1222.771332][T22745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4256'. [ 1223.368838][ T6056] usb 5-1: USB disconnect, device number 82 [ 1223.601528][T22754] kAFS: No cell specified [ 1223.622845][T22755] kAFS: No cell specified [ 1223.715539][T22758] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4260'. [ 1223.751002][T22759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4259'. [ 1224.754941][T22766] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4262'. [ 1225.432036][T22778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4266'. [ 1225.436371][T22778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4266'. [ 1225.539209][T22781] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1225.541262][T22781] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1225.555230][T22781] vhci_hcd vhci_hcd.0: Device attached [ 1225.589100][T22781] netlink: 'syz.3.4265': attribute type 10 has an invalid length. [ 1225.843282][T21783] usb 44-1: SetAddress Request (120) to port 0 [ 1225.845279][T21783] usb 44-1: new SuperSpeed USB device number 120 using vhci_hcd [ 1225.961160][T22785] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4274'. [ 1226.074826][T22782] vhci_hcd: connection reset by peer [ 1226.078647][T20570] vhci_hcd: stop threads [ 1226.080327][T20570] vhci_hcd: release socket [ 1226.082047][T20570] vhci_hcd: disconnect device [ 1226.746044][T22793] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4267'. [ 1226.899885][T22795] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4267'. [ 1227.594338][T22801] kAFS: No cell specified [ 1227.721004][T22807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4269'. [ 1228.643524][T22811] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4276'. [ 1228.664875][T22816] kAFS: No cell specified [ 1228.745476][T22819] netlink: 'syz.2.4271': attribute type 4 has an invalid length. [ 1228.761589][T22820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4272'. [ 1228.767034][T22815] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4268'. [ 1229.829215][T22838] netlink: 'syz.1.4279': attribute type 4 has an invalid length. [ 1230.028422][T22840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4280'. [ 1230.176916][T22840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4280'. [ 1230.648054][T22849] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4282'. [ 1230.700768][T22853] netlink: 'syz.0.4283': attribute type 4 has an invalid length. [ 1230.913648][T21783] usb 44-1: device descriptor read/8, error -110 [ 1230.947903][T22863] kAFS: No cell specified [ 1231.097344][T22866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4287'. [ 1231.265834][T22867] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4284'. [ 1231.306987][T21783] usb usb44-port1: attempt power cycle [ 1231.871898][T22890] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4293'. [ 1231.913080][T21783] usb usb44-port1: unable to enumerate USB device [ 1232.029600][T22894] comedi comedi2: comedi_config --init_data is deprecated [ 1232.574204][T22909] netlink: 'syz.3.4297': attribute type 4 has an invalid length. [ 1232.829304][T22917] kAFS: No cell specified [ 1232.933440][T22919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4299'. [ 1233.365458][T22921] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4300'. [ 1233.540608][T16093] kernel write not supported for file /input/event2 (pid: 16093 comm: kworker/3:3) [ 1233.673279][ T5996] usb 8-1: new full-speed USB device number 71 using dummy_hcd [ 1233.830349][ T5996] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1233.833824][ T5996] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1233.837723][ T5996] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1233.842101][ T5996] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1233.845648][ T5996] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1233.853132][ T5996] usb 8-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1233.855915][ T5996] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.858297][ T5996] usb 8-1: Product: syz [ 1233.859626][ T5996] usb 8-1: Manufacturer: syz [ 1233.861151][ T5996] usb 8-1: SerialNumber: syz [ 1233.865440][ T5996] usb 8-1: config 0 descriptor?? [ 1233.871795][ T5996] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input115 [ 1233.903257][ T839] usb 5-1: new full-speed USB device number 83 using dummy_hcd [ 1234.054613][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1234.058466][ T839] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1234.062695][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1234.066962][ T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1234.070007][ T839] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1234.075903][ T839] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1234.078847][ T839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1234.081565][ T839] usb 5-1: Product: syz [ 1234.083696][ T839] usb 5-1: Manufacturer: syz [ 1234.085393][ T839] usb 5-1: SerialNumber: syz [ 1234.088473][ T839] usb 5-1: config 0 descriptor?? [ 1234.097424][ T839] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input116 [ 1234.279079][T22942] netlink: 'syz.1.4309': attribute type 4 has an invalid length. [ 1234.441193][T22946] netlink: 'syz.3.4301': attribute type 4 has an invalid length. [ 1234.480611][T22946] netlink: 'syz.3.4301': attribute type 4 has an invalid length. [ 1234.750800][T22949] netlink: 'syz.0.4303': attribute type 4 has an invalid length. [ 1234.775391][T22949] netlink: 'syz.0.4303': attribute type 4 has an invalid length. [ 1235.175514][T22955] kAFS: No cell specified [ 1235.295493][T22958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4311'. [ 1236.047706][T21783] kernel write not supported for file /input/event2 (pid: 21783 comm: kworker/1:1) [ 1236.344902][T22968] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4314'. [ 1236.475196][T21783] usb 8-1: USB disconnect, device number 71 [ 1236.672981][ T6056] usb 5-1: USB disconnect, device number 83 [ 1236.985023][T16093] IPVS: starting estimator thread 0... [ 1237.083439][T22985] IPVS: using max 28 ests per chain, 67200 per kthread [ 1237.153070][T22986] netlink: 'syz.2.4318': attribute type 4 has an invalid length. [ 1237.166917][T22990] kAFS: No cell specified [ 1237.253778][T22993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4320'. [ 1237.985012][T22998] kAFS: No cell specified [ 1238.142204][T22998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4321'. [ 1238.263784][T16093] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 1238.445392][T16093] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1238.449208][T16093] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1238.453106][T16093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1238.457638][T16093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1238.461058][T16093] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1238.466747][T16093] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1238.469759][T16093] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.472263][T16093] usb 6-1: Product: syz [ 1238.473694][T16093] usb 6-1: Manufacturer: syz [ 1238.475262][T16093] usb 6-1: SerialNumber: syz [ 1238.479423][T16093] usb 6-1: config 0 descriptor?? [ 1238.484913][T16093] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input117 [ 1238.864154][T23007] netlink: 'syz.3.4324': attribute type 4 has an invalid length. [ 1238.879590][T23007] netlink: 'syz.3.4324': attribute type 4 has an invalid length. [ 1238.933697][T23008] netlink: 'syz.1.4323': attribute type 4 has an invalid length. [ 1238.964402][T23008] netlink: 'syz.1.4323': attribute type 4 has an invalid length. [ 1240.049688][T23021] netlink: 'syz.3.4326': attribute type 4 has an invalid length. [ 1241.060212][T23029] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4328'. [ 1241.097370][ T5646] usb 6-1: USB disconnect, device number 38 [ 1241.543714][T23037] netlink: 'syz.1.4330': attribute type 4 has an invalid length. [ 1242.229256][T23046] kAFS: No cell specified [ 1242.262699][T23047] kAFS: No cell specified [ 1242.328073][T23048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4331'. [ 1242.414738][T23049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4334'. [ 1243.003804][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1243.005772][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1243.824218][T23070] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1243.826701][T23070] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1243.830125][T23070] vhci_hcd vhci_hcd.0: Device attached [ 1243.840859][T23070] netlink: 'syz.0.4338': attribute type 10 has an invalid length. [ 1243.855416][T23068] netfs: Couldn't get user pages (rc=-14) [ 1244.103292][ T53] usb 38-1: SetAddress Request (121) to port 0 [ 1244.121568][ T53] usb 38-1: new SuperSpeed USB device number 121 using vhci_hcd [ 1244.251162][T23071] vhci_hcd: connection reset by peer [ 1244.254321][T20521] vhci_hcd: stop threads [ 1244.256114][T20521] vhci_hcd: release socket [ 1244.257987][T20521] vhci_hcd: disconnect device [ 1244.763576][T23077] netlink: 'syz.3.4340': attribute type 4 has an invalid length. [ 1244.784604][T23077] netlink: 'syz.3.4340': attribute type 4 has an invalid length. [ 1245.777839][T23086] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 1245.780067][T23086] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1245.782980][T23086] vhci_hcd vhci_hcd.0: Device attached [ 1245.805025][T23086] netlink: 'syz.3.4342': attribute type 10 has an invalid length. [ 1246.364455][T23087] vhci_hcd: connection closed [ 1246.364678][T20539] vhci_hcd: stop threads [ 1246.367638][T20539] vhci_hcd: release socket [ 1246.369948][T20539] vhci_hcd: disconnect device [ 1246.667923][T23099] kAFS: No cell specified [ 1246.782948][T23101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4345'. [ 1248.340920][T23117] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4349'. [ 1249.174906][T23129] ubi31: attaching mtd0 [ 1249.178323][T23129] ubi31: scanning is finished [ 1249.538643][T21282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1249.552388][T21282] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1249.560868][T21282] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1249.576581][T21282] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1249.618063][T21282] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1249.624139][T20017] syz_tun (unregistering): left allmulticast mode [ 1249.644939][T23133] netlink: 'syz.2.4352': attribute type 4 has an invalid length. [ 1249.683293][ T53] usb 38-1: device descriptor read/8, error -110 [ 1249.719007][T23136] netlink: 'syz.2.4352': attribute type 4 has an invalid length. [ 1249.957021][T23129] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1249.959606][T23129] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1249.963303][T23129] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1249.965733][T23129] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1249.968256][T23129] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1249.970574][T23129] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1249.973325][T23129] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2838403069 [ 1249.983853][T23129] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1249.993397][T23139] ubi31: background thread "ubi_bgt31d" started, PID 23139 [ 1250.153768][ T53] usb usb38-port1: attempt power cycle [ 1250.714331][ T53] usb usb38-port1: unable to enumerate USB device [ 1251.562400][T23134] chnl_net:caif_netlink_parms(): no params data found [ 1251.793405][ T5968] Bluetooth: hci1: command tx timeout [ 1252.044357][T23162] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1252.046581][T23162] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1252.049377][T23162] vhci_hcd vhci_hcd.0: Device attached [ 1252.147640][T23162] netlink: 'syz.0.4360': attribute type 10 has an invalid length. [ 1252.290908][T23134] bridge0: port 1(bridge_slave_0) entered blocking state [ 1252.294078][T23134] bridge0: port 1(bridge_slave_0) entered disabled state [ 1252.296790][T23134] bridge_slave_0: entered allmulticast mode [ 1252.300529][T23134] bridge_slave_0: entered promiscuous mode [ 1252.305556][T23134] bridge0: port 2(bridge_slave_1) entered blocking state [ 1252.308825][T23134] bridge0: port 2(bridge_slave_1) entered disabled state [ 1252.311915][T23134] bridge_slave_1: entered allmulticast mode [ 1252.322677][T23134] bridge_slave_1: entered promiscuous mode [ 1252.343514][ T6056] usb 38-1: SetAddress Request (125) to port 0 [ 1252.347298][ T6056] usb 38-1: new SuperSpeed USB device number 125 using vhci_hcd [ 1252.416319][T20571] ------------[ cut here ]------------ [ 1252.419298][T20571] GID entry ref leak for dev syz1 index 2 ref=2 [ 1252.431571][T20571] WARNING: CPU: 1 PID: 20571 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x387/0x4b0 [ 1252.435061][T20571] Modules linked in: [ 1252.436867][T20571] CPU: 1 UID: 0 PID: 20571 Comm: kworker/u32:65 Not tainted syzkaller #0 PREEMPT(full) [ 1252.441844][T20571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1252.445408][T20571] Workqueue: ib-unreg-wq ib_unregister_work [ 1252.447422][T20571] RIP: 0010:gid_table_release_one+0x387/0x4b0 [ 1252.449403][T20571] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 41 e5 63 f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 80 d3 74 8c e8 aa bb 22 f9 90 <0f> 0b 90 90 e9 6e fe ff ff e8 1b e5 63 f9 48 8d bd 78 07 00 00 48 [ 1252.455626][T20571] RSP: 0018:ffffc90006c9fb50 EFLAGS: 00010286 [ 1252.457622][T20571] RAX: 0000000000000000 RBX: ffff88804f6ca000 RCX: ffffffff81796af8 [ 1252.460181][T20571] RDX: ffff888070f18000 RSI: ffffffff81796b05 RDI: 0000000000000001 [ 1252.462699][T20571] RBP: ffff88806b380000 R08: 0000000000000001 R09: 0000000000000000 [ 1252.465243][T20571] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1009ed941b [ 1252.467780][T20571] R13: 0000000000000002 R14: 0000000000000002 R15: dffffc0000000000 [ 1252.470715][T20571] FS: 0000000000000000(0000) GS:ffff888097d6f000(0000) knlGS:0000000000000000 [ 1252.474679][T20571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1252.476971][T20571] CR2: 00000000800af000 CR3: 00000000229d8000 CR4: 0000000000352ef0 [ 1252.479502][T20571] Call Trace: [ 1252.480576][T20571] [ 1252.481539][T20571] ib_device_release+0xef/0x1e0 [ 1252.483322][T20571] ? __pfx_ib_device_release+0x10/0x10 [ 1252.485048][T20571] device_release+0xa4/0x240 [ 1252.486581][T20571] kobject_put+0x1e7/0x5a0 [ 1252.488018][T20571] put_device+0x1f/0x30 [ 1252.489361][T20571] process_one_work+0x9cc/0x1b70 [ 1252.490993][T20571] ? __pfx_ib_unregister_work+0x10/0x10 [ 1252.493119][T20571] ? __pfx_process_one_work+0x10/0x10 [ 1252.495233][T20571] ? assign_work+0x1a0/0x250 [ 1252.496937][T20571] worker_thread+0x6c8/0xf10 [ 1252.498638][T20571] ? __pfx_worker_thread+0x10/0x10 [ 1252.500336][T20571] kthread+0x3c5/0x780 [ 1252.501638][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.503341][T20571] ? rcu_is_watching+0x12/0xc0 [ 1252.505319][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.507219][T20571] ret_from_fork+0x56a/0x730 [ 1252.509230][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.511297][T20571] ret_from_fork_asm+0x1a/0x30 [ 1252.513069][T20571] [ 1252.514164][T20571] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1252.516500][T20571] CPU: 1 UID: 0 PID: 20571 Comm: kworker/u32:65 Not tainted syzkaller #0 PREEMPT(full) [ 1252.519590][T20571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1252.523207][T20571] Workqueue: ib-unreg-wq ib_unregister_work [ 1252.525179][T20571] Call Trace: [ 1252.526392][T20571] [ 1252.527549][T20571] dump_stack_lvl+0x3d/0x1f0 [ 1252.529382][T20571] vpanic+0x640/0x6f0 [ 1252.530942][T20571] ? gid_table_release_one+0x387/0x4b0 [ 1252.532915][T20571] panic+0xca/0xd0 [ 1252.534201][T20571] ? __pfx_panic+0x10/0x10 [ 1252.535736][T20571] ? check_panic_on_warn+0x1f/0xb0 [ 1252.537379][T20571] check_panic_on_warn+0xab/0xb0 [ 1252.538975][T20571] __warn+0xf6/0x3c0 [ 1252.540247][T20571] ? gid_table_release_one+0x387/0x4b0 [ 1252.541971][T20571] report_bug+0x3c3/0x580 [ 1252.543394][T20571] ? gid_table_release_one+0x387/0x4b0 [ 1252.545104][T20571] handle_bug+0x184/0x210 [ 1252.546497][T20571] exc_invalid_op+0x17/0x50 [ 1252.547936][T20571] asm_exc_invalid_op+0x1a/0x20 [ 1252.549475][T20571] RIP: 0010:gid_table_release_one+0x387/0x4b0 [ 1252.551418][T20571] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 41 e5 63 f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 80 d3 74 8c e8 aa bb 22 f9 90 <0f> 0b 90 90 e9 6e fe ff ff e8 1b e5 63 f9 48 8d bd 78 07 00 00 48 [ 1252.557705][T20571] RSP: 0018:ffffc90006c9fb50 EFLAGS: 00010286 [ 1252.559876][T20571] RAX: 0000000000000000 RBX: ffff88804f6ca000 RCX: ffffffff81796af8 [ 1252.562743][T20571] RDX: ffff888070f18000 RSI: ffffffff81796b05 RDI: 0000000000000001 [ 1252.565439][T20571] RBP: ffff88806b380000 R08: 0000000000000001 R09: 0000000000000000 [ 1252.567962][T20571] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1009ed941b [ 1252.570467][T20571] R13: 0000000000000002 R14: 0000000000000002 R15: dffffc0000000000 [ 1252.572932][T20571] ? __warn_printk+0x198/0x350 [ 1252.574451][T20571] ? __warn_printk+0x1a5/0x350 [ 1252.576091][T20571] ib_device_release+0xef/0x1e0 [ 1252.577652][T20571] ? __pfx_ib_device_release+0x10/0x10 [ 1252.579367][T20571] device_release+0xa4/0x240 [ 1252.580838][T20571] kobject_put+0x1e7/0x5a0 [ 1252.582244][T20571] put_device+0x1f/0x30 [ 1252.583612][T20571] process_one_work+0x9cc/0x1b70 [ 1252.585223][T20571] ? __pfx_ib_unregister_work+0x10/0x10 [ 1252.587043][T20571] ? __pfx_process_one_work+0x10/0x10 [ 1252.588983][T20571] ? assign_work+0x1a0/0x250 [ 1252.590706][T20571] worker_thread+0x6c8/0xf10 [ 1252.592376][T20571] ? __pfx_worker_thread+0x10/0x10 [ 1252.594029][T20571] kthread+0x3c5/0x780 [ 1252.595320][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.596841][T20571] ? rcu_is_watching+0x12/0xc0 [ 1252.598519][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.600064][T20571] ret_from_fork+0x56a/0x730 [ 1252.601541][T20571] ? __pfx_kthread+0x10/0x10 [ 1252.603148][T20571] ret_from_fork_asm+0x1a/0x30 [ 1252.604687][T20571] [ 1252.606749][T20571] Kernel Offset: disabled [ 1252.608115][T20571] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:58:39 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000007 RBX=ffffc9000225fd58 RCX=ffffffff894b4449 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000400 RBP=0000000000000000 RSP=ffffc9000225fa38 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffffc9000225fb70 R14=0000000000000000 R15=00000000801552e0 RIP=ffffffff81ba8e28 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097c6f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080155000 CR3=00000000229d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000104080 Opmask01=000000000000003f Opmask02=00000000fffdffbf Opmask03=0000000000000000 Opmask04=00000000ffff7fff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d75c306080 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65683f1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f65683f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6568352c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 317a79732f646e61 62696e69666e692f 6c6175747269762f 736563697665642f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 540018534b4e494c 56454400184d4554 5359534255530018 4854415056454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a72737c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000077 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85207e15 RDI=ffffffff9ab61060 RBP=ffffffff9ab61020 RSP=ffffc90006c9f4c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000077 R14=ffffffff9ab61020 R15=ffffffff85207db0 RIP=ffffffff85207e3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097d6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800af000 CR3=00000000229d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffffffffffff RBX=0000000000000000 RCX=0000000000000007 RDX=0000000000000200 RSI=00000000000000ff RDI=ffffed100ecf4000 RBP=0000000000000001 RSP=ffffc9000373f348 R8 =0000000000001000 R9 =0000000000000000 R10=ffffed100ecf4000 R11=0000000000000000 R12=ffffffff8dabf480 R13=dffffc0000000000 R14=ffffea0001d9e800 R15=0000000000000000 RIP=ffffffff8b4e3db6 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097e6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f06e40 CR3=000000000df80000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73a5ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000001a71e77 RBX=0000000000000003 RCX=ffffffff8b4e2a59 RDX=0000000000000000 RSI=ffffffff8d8245c1 RDI=ffffffff8bd04640 RBP=ffffed1003761000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056e6655 R10=ffff88802b7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801bb08000 R14=ffffffff905ff090 R15=0000000000000000 RIP=ffffffff8b4e157f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097f6f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3da305 CR3=0000000027fa7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000