last executing test programs: 11.821417468s ago: executing program 0 (id=383): socket$inet6_sctp(0xa, 0x801, 0x84) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) removexattr(0x0, 0x0) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)=ANY=[@ANYBLOB="e4050000160001000000000000000000e0000001000000000006000000000000fe88000000000000000000000000000100000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000200001f09000000000000000700000091230000ab0002006374722d6165732d636500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000cb8e892a23aa1faff0ca08bcbcbdbc09e75ff9da23961c863111c13df0946d7a81e1c2b09c76fcf63fb2c652f7b14ba657fcd70fd3f77a374e34293d4ba244e3cf40159c91ce8cdc34e3a34ab610b6850258e91a237498beb1255d172c7cc2954e098900050019006c00000034011100fe880000000000000000000000000001fc010000000000000000000000000000ff010000000000000000000000000001e00000020000000000000000000000006c030000000000000a000200e000000200000000000000000000000000000000000000000000000000000001e0000001000000000000000000000000e00000010000000000000000000000002b040000033500000200020000000000000000000000000000000000fc00000000000000000000000000000000000000000000000000fffffffffffffc0200000000000000000000000000013c010000043500000a000a0020010000000000000000000000000000fc010000000000000000000000000000fe800000000000000000000000000041200100000000000000000000000000012b020000023500000a000a00680002006362632873657270656e7429000000000000"], 0x5e4}}, 0x50) 11.484115354s ago: executing program 0 (id=384): syz_open_dev$dri(0x0, 0x1, 0x0) r0 = syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, 0x0, 0x4, &(0x7f00000004c0)) wait4(r0, 0x0, 0x40000000, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) ioctl$EVIOCGSW(0xffffffffffffffff, 0xc020660b, 0x0) 11.04100941s ago: executing program 0 (id=387): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'ip_vti0\x00', 0x7101}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) close(0x3) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000000400000006000000010000"]) mlock(&(0x7f0000a38000/0x1000)=nil, 0x1000) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000180)=0x1000089, 0x4) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0xfffffffffffffdb5, &(0x7f0000000080)='\x00\xc9\xf5\x00\x00\x00\x00\x00\x00\x00+\x1ct\xc6\fr\xbaU\xc1\xb2\xd2\xde\xbfk\xc0\x18\x94\xc5&\xec\x03\xa0w\"E\xc9\xf2,K4\x10\xc8\x8cuj\xd3\xf0\xb3\xa9f\xf7\xb7\x17\xdf\xca\xac\x8b\x81K\t\x14^\xc3\xb7<\xa1\x15\v4\xd0\xbe\xa8\x01\x00<:-Y\n<\x1d\xb2\xe0kU\xc0\xc1\x14') r3 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000000080108000000e2ff0000000a00000805000300060000000900010073797a310000000006000240655800001400048008000000000c46e3064000000002"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x80) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, 0x0) 9.217064542s ago: executing program 1 (id=390): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x301, 0x700, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0x58}, 0x1, 0x0, 0x0, 0x4000002}, 0x0) 8.774239374s ago: executing program 0 (id=391): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @rand_addr=0x64010100}, @vti_common_policy]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x58840}, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x47ff}) r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f909, 0x8002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}}) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}}) syz_emit_ethernet(0x4e, &(0x7f0000000480)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x4, 0x6, "fde9e2", 0x18, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @local}, {[@routing={0x3b, 0x2, 0x1, 0x3, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}]}]}}}}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xfffffffd, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f0000000480)={0x0, {{0xa, 0x4e21, 0x0, @mcast1={0xff, 0x7}, 0x80000000}}, {{0xa, 0x0, 0xffffffff, @remote, 0x8}}}, 0x108) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000440)={0x7, @pix_mp={0x6, 0x1, 0x32315659, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x4}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1}}) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$video(&(0x7f0000000280), 0x7fffffff, 0x129680) 8.77391772s ago: executing program 1 (id=392): syz_clone(0x60108000, &(0x7f0000000000)="d98d58e4625a3d2c5ea42e059fbf4288329178978f208e827d", 0x19, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="e3ad0570e30a9ca04577612b3e551c3ff1c94feb561605bacf2a67d25e18375139f1d59d0309178e21eec97e93c45e11f0788e70d0687c2e5b6929aba702436d8dcd4d5596746b030270720f44a642c39ace9555ebd58403fc0f61f594843f737eda2f539ff9c03875b078aa560f2990465fc513536828da61a2fc788faf5af7f0300dfc95573bfc42b77cc11b923b17a943925cb291a3b4188e56584c1dce1472537a72") r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x10000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0xc, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c7fe581b06788011314d528539f3fc279733f0374c17d8a0ba193b3e7772fd29f3526666674a385efc4c00", "24432e1e77a610174ff100000000000000004000000001800000000000000100", [0x0, 0xffffffffffffffff]}}) writev(r1, &(0x7f0000000300)=[{&(0x7f00000000c0)='\b\r4V', 0x7e00}], 0x1) 7.007549934s ago: executing program 2 (id=396): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xc3, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0005005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) 6.849206539s ago: executing program 0 (id=397): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/188, 0xbc) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1, 0x0, 0x3, 0x0) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x0, 0x37, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400) ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffe, 0x0, 0xb, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfffffff5, 0x0, 0x8, 0x0}) mlock2(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0) syz_usb_disconnect(r0) 6.807255653s ago: executing program 3 (id=398): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_open_dev$loop(&(0x7f00000004c0), 0x7, 0x82480) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r0, 0xa, 0x8004000013) accept4$inet(r0, 0x0, &(0x7f0000000400), 0x80800) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket(0x200000000000011, 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000100)="cb0fe036175a9141c5bbd3788ee722fab0b444263a26c6635696e5917114f170c4c2e7fa26ad47add5c752704c7e999d63876cdb8e993bc817c44e5e28e5dc21787fe6bb25d93aa67b92d01c1de609b864106868ed13e8da64dd3695d105947fb1db840805e3510a1245a03da2bf96db18ee541c3a016cc8db7ae1dbeccb9574e7eb3577d82f0b1581780f6c159024fa52e5922eec1bceecf38e44a7750faefcbe3aeefe0c4a25cb7d43f6adb04e194f7e27ffd03d3ea7cdb81e3dac3b39ce39e1b2", 0xc2}, {&(0x7f0000000280)="c6a4279ae75de3b2365e1a1ab4ed10604b258b5fc5363168715a5667011c62388023dde56329c4a2fe205027d14101a0551e1631e9bdc7a970371732207bf4a7d170c22553cadff3a1f25460de4d1a6ca9a605fdf8f5a66fbe", 0x59}], 0x2, &(0x7f0000000300)="088f7a9ec879b3913bd65beb38381773cf17185861c2713f0ed573e33987f4031a696293b56a86f9e12439035b32e06226883a4239028ad63d0d4ccd4c9c59ed8483c09f44d56d18977c61853928348540652afdef1cfff5bbdc7221bb2da59710aa91e05ddf5fe90203fd92f3c6b03e1f61aeef825f5d8e841d567a90b367b184501124913081cd4dfda8370de57701658c7fba82be7a049894dfc563653f946ee2fa56bd5f832d8e63f3b3cb2d8ecd1efaa8e6df18518857561f8a", 0xbc, 0x8010}, 0x4051) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0x8, 0x4]}, 0x0, 0x0, 0x8) 6.685775723s ago: executing program 1 (id=399): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) openat$vim2m(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f00000002c0)={0x0, 0x64000000, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x180, 0x0, 0x0, 0x200000, 0xfffffffffffffffe}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 6.667289319s ago: executing program 2 (id=400): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) unshare(0x22020600) syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) r0 = syz_open_procfs(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@private0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff}, {}, 0x5, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x32}, 0x0, @in=@empty}}, 0xe8) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) pwritev2(r4, &(0x7f00000001c0)=[{&(0x7f0000000040)='4', 0x1}], 0x1, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$fb0(0xffffff9c, 0x0, 0x10fd02, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={@map, 0xffffffffffffffff, 0x7}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="12010900875b0d20d8130100220e010203010902120001000000000904"], 0x0) 6.370225579s ago: executing program 3 (id=402): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'ip_vti0\x00', 0x7101}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) close(0x3) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000000400000006000000010000"]) mlock(&(0x7f0000a38000/0x1000)=nil, 0x1000) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000180)=0x1000089, 0x4) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0xfffffffffffffdb5, &(0x7f0000000080)='\x00\xc9\xf5\x00\x00\x00\x00\x00\x00\x00+\x1ct\xc6\fr\xbaU\xc1\xb2\xd2\xde\xbfk\xc0\x18\x94\xc5&\xec\x03\xa0w\"E\xc9\xf2,K4\x10\xc8\x8cuj\xd3\xf0\xb3\xa9f\xf7\xb7\x17\xdf\xca\xac\x8b\x81K\t\x14^\xc3\xb7<\xa1\x15\v4\xd0\xbe\xa8\x01\x00<:-Y\n<\x1d\xb2\xe0kU\xc0\xc1\x14') r3 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000000080108000000e2ff0000000a00000805000300060000000900010073797a310000000006000240655800001400048008000000000c46e3064000000002"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x80) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, 0x0) 5.728463562s ago: executing program 1 (id=403): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000fcc000/0x2000)=nil, 0x2000, 0x18) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f000086b000/0x4000)=nil, 0x400000, 0x2, 0x2}) 5.627061551s ago: executing program 4 (id=404): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x10bf, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0) (fail_nth: 6) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) 5.626530109s ago: executing program 2 (id=405): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8) r1 = dup(r0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000380)=0x1, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) gettid() prctl$PR_MCE_KILL_GET(0x22) mkdir(0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x2000000000001}}, 0x30) r5 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffffffffffe47, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0xe000) 5.393028051s ago: executing program 1 (id=406): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp\x00') syz_usb_connect(0x3, 0x34, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x9, 0x5a, 0x6c, 0x20, 0x1199, 0x68aa, 0xa470, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x7d, 0x3, 0x80, 0x3, [{{0x9, 0x4, 0x1b, 0x18, 0x1, 0xff, 0xff, 0xff, 0x4, [@generic={0x7, 0x5, "ba5f66cd00"}], [{{0x9, 0x5, 0x0, 0x0, 0x10, 0x8, 0x8, 0x2}}]}}]}}]}}, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0}) pread64(r0, &(0x7f0000000180)=""/109, 0x6d, 0x100) syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) (async) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0cc5605, &(0x7f0000000440)={0x1, @sdr={0x4f565559, 0x4}}) 4.675390159s ago: executing program 4 (id=407): socket$inet6_sctp(0xa, 0x801, 0x84) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) removexattr(0x0, 0x0) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)=ANY=[@ANYBLOB="e4050000160001000000000000000000e0000001000000000006000000000000fe88000000000000000000000000000100000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000200001f09000000000000000700000091230000ab0002006374722d6165732d636500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000cb8e892a23aa1faff0ca08bcbcbdbc09e75ff9da23961c863111c13df0946d7a81e1c2b09c76fcf63fb2c652f7b14ba657fcd70fd3f77a374e34293d4ba244e3cf40159c91ce8cdc34e3a34ab610b6850258e91a237498beb1255d172c7cc2954e098900050019006c00000034011100fe880000000000000000000000000001fc010000000000000000000000000000ff010000000000000000000000000001e00000020000000000000000000000006c030000000000000a000200e000000200000000000000000000000000000000000000000000000000000001e0000001000000000000000000000000e00000010000000000000000000000002b040000033500000200020000000000000000000000000000000000fc00000000000000000000000000000000000000000000000000fffffffffffffc0200000000000000000000000000013c010000043500000a000a0020010000000000000000000000000000fc010000000000000000000000000000fe800000000000000000000000000041200100000000000000000000000000012b020000023500000a000a00680002006362632873657270656e742900"/720], 0x5e4}}, 0x50) 4.59652361s ago: executing program 3 (id=408): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @rand_addr=0x64010100}, @vti_common_policy]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x58840}, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x47ff}) r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f909, 0x8002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}}) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}}) syz_emit_ethernet(0x4e, &(0x7f0000000480)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x4, 0x6, "fde9e2", 0x18, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @local}, {[@routing={0x3b, 0x2, 0x1, 0x3, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}]}]}}}}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xfffffffd, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f0000000480)={0x0, {{0xa, 0x4e21, 0x0, @mcast1={0xff, 0x7}, 0x80000000}}, {{0xa, 0x0, 0xffffffff, @remote, 0x8}}}, 0x108) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000440)={0x7, @pix_mp={0x6, 0x1, 0x32315659, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x4}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1}}) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$video(&(0x7f0000000280), 0x7fffffff, 0x129680) 4.29541625s ago: executing program 4 (id=409): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_open_dev$loop(&(0x7f00000004c0), 0x7, 0x82480) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket(0x200000000000011, 0x2, 0x0) sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000100)="cb0fe036175a9141c5bbd3788ee722fab0b444263a26c6635696e5917114f170c4c2e7fa26ad47add5c752704c7e999d63876cdb8e993bc817c44e5e28e5dc21787fe6bb25d93aa67b92d01c1de609b864106868ed13e8da64dd3695d105947fb1db840805e3510a1245a03da2bf96db18ee541c3a016cc8db7ae1dbeccb9574e7eb3577d82f0b1581780f6c159024fa52e5922eec1bceecf38e44a7750faefcbe3aeefe0c4a25cb7d43f6adb04e194f7e27ffd03d3ea7cdb81e3dac3b39ce39e1b2", 0xc2}, {&(0x7f0000000280)="c6a4279ae75de3b2365e1a1ab4ed10604b258b5fc5363168715a5667011c62388023dde56329c4a2fe205027d14101a0551e1631e9bdc7a970371732207bf4a7d170c22553cadff3a1f25460de4d1a6ca9a605fdf8f5a66fbe", 0x59}], 0x2, &(0x7f0000000300)="088f7a9ec879b3913bd65beb38381773cf17185861c2713f0ed573e33987f4031a696293b56a86f9e12439035b32e06226883a4239028ad63d0d4ccd4c9c59ed8483c09f44d56d18977c61853928348540652afdef1cfff5bbdc7221bb2da59710aa91e05ddf5fe90203fd92f3c6b03e1f61aeef825f5d8e841d567a90b367b184501124913081cd4dfda8370de57701658c7fba82be7a049894dfc563653f946ee2fa56bd5f832d8e63f3b3cb2d8ecd1efaa8e6df18518857561f8a", 0xbc, 0x8010}, 0x4051) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0x8, 0x4]}, 0x0, 0x0, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.297269329s ago: executing program 3 (id=410): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000540)=[@in={0x2, 0x4e24, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000001640)={&(0x7f0000000080)=@in={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000040)=')', 0xfffd}], 0x1, &(0x7f0000000680)=[@dstaddrv4={0x18, 0x84, 0x7, @rand_addr=0x64010102}], 0x18, 0x8000}, 0x2800c051) (fail_nth: 38) 3.238943902s ago: executing program 2 (id=411): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ptrace(0x10, 0x1) socket$kcm(0xa, 0x2, 0x3a) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x4a0f0000}, 0xc000) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_int(r6, 0x1, 0x8, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)={@val={0x0, 0x86dd}, @val={0x3, 0x0, 0xa, 0x0, 0x8d}, @mpls={[], @ipv6=@tipc_packet={0x8, 0x6, "09c2b4", 0x68, 0x6, 0xff, @private1, @mcast2, {[@dstopts={0x5e, 0x6, '\x00', [@generic={0x4, 0x2f, "1c7997d787e8513c85d2d0c48cae6c818f96c8e4784da8bf6ed4fce7126305a7a2c5ef39e2bef2ed4e6a567a6f04ca"}]}], @payload_named={{{{{0x28, 0x0, 0x0, 0x0, 0x1, 0xa, 0x2, 0x2, 0x4886, 0x0, 0x3, 0x9, 0x0, 0x2, 0x8, 0x0, 0x0, 0x4e23, 0x4e20}, 0xffffffff}, 0x2, 0x4}}}}}}}, 0x9e) getsockopt$bt_hci(r0, 0x0, 0x13, &(0x7f0000000080)=""/1, &(0x7f0000000000)=0x1) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0x40046f41, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_LEAVE_OCB(r8, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r9, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20001011}, 0x24000010) 2.744369625s ago: executing program 3 (id=412): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_open_dev$loop(&(0x7f00000004c0), 0x7, 0x82480) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r0, 0xa, 0x8004000013) accept4$inet(r0, 0x0, &(0x7f0000000400), 0x80800) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket(0x200000000000011, 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000100)="cb0fe036175a9141c5bbd3788ee722fab0b444263a26c6635696e5917114f170c4c2e7fa26ad47add5c752704c7e999d63876cdb8e993bc817c44e5e28e5dc21787fe6bb25d93aa67b92d01c1de609b864106868ed13e8da64dd3695d105947fb1db840805e3510a1245a03da2bf96db18ee541c3a016cc8db7ae1dbeccb9574e7eb3577d82f0b1581780f6c159024fa52e5922eec1bceecf38e44a7750faefcbe3aeefe0c4a25cb7d43f6adb04e194f7e27ffd03d3ea7cdb81e3dac3b39ce39e1b2", 0xc2}, {&(0x7f0000000280)="c6a4279ae75de3b2365e1a1ab4ed10604b258b5fc5363168715a5667011c62388023dde56329c4a2fe205027d14101a0551e1631e9bdc7a970371732207bf4a7d170c22553cadff3a1f25460de4d1a6ca9a605fdf8f5a66fbe", 0x59}], 0x2, &(0x7f0000000300)="088f7a9ec879b3913bd65beb38381773cf17185861c2713f0ed573e33987f4031a696293b56a86f9e12439035b32e06226883a4239028ad63d0d4ccd4c9c59ed8483c09f44d56d18977c61853928348540652afdef1cfff5bbdc7221bb2da59710aa91e05ddf5fe90203fd92f3c6b03e1f61aeef825f5d8e841d567a90b367b184501124913081cd4dfda8370de57701658c7fba82be7a049894dfc563653f946ee2fa56bd5f832d8e63f3b3cb2d8ecd1efaa8e6df18518857561f8a", 0xbc, 0x8010}, 0x4051) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0x8, 0x4]}, 0x0, 0x0, 0x8) 2.710966496s ago: executing program 1 (id=413): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x3, @local}}, 0x1e) connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000140)=0x86) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r4, r3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmmsg$unix(r5, &(0x7f0000001f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2022, 0x0) ppoll(&(0x7f00000002c0)=[{r3, 0xa100}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000340)=[@request_death], 0x0, 0x1000000, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000140)=ANY=[@ANYBLOB="200b0b000000040ab34bac89d32a24fd18aaeeb3e6592c9c937ced0e4742165a297a7403a7f1ae8ecd33c9eee4600d36fcd00f4ab727fa196a5053de6d12ade4d9217b6e08d395734dbd14d8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) socket(0x10, 0x3, 0x0) 1.712862412s ago: executing program 4 (id=414): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000380)=0x7ffd) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x20, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000000)={{r1}}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) 1.514947626s ago: executing program 3 (id=415): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x10, 0x80800) sendmsg$tipc(r0, &(0x7f0000000840)={&(0x7f0000000140)=@id={0x1e, 0x3, 0x2, {0x4e24}}, 0x10, &(0x7f0000000600)=[{&(0x7f00000001c0)="16fd07e8afd769b0b6fe9174", 0xc}, {&(0x7f0000000200)="438e6ceba449fc40c23dad972e8d091be3ee97e81ef76c5282672fb5af9faebde554c10c7775477292c26abce86843e84f0d4409ecd9ff6fdf6e89d9682155744ebef385bbb050050b2dac3c5cc1b194ceb7468469802c8e7c27a59a853a485542802c54c73c7f3eab1cb8e0669b4f601374264a6605f6af1a3d9656cf3d720eb6ac68e8c203962a79881d7e3a5d033ee65f88ee33e86fc52ce99edfdd7f7ca7cc0c1ae8f0bbc4ee20eb62e14c8b2f5c5a92a1779a1600a45a286879d183c3dcf62a8243c3628b5ba6a2e499d9a243677c", 0xd1}, {&(0x7f0000000340)="7309dc73ec9ddcc80077bd710dceec1ab854f4dcfe748ce1c063497c8bb2ec45d6e1cc05800acc761aeb0f792865aa793d8f7860a96afe1e259b72d815007cf39f453d11af7269a1ae66aebb8a20e3b824b93450118ebe33c9621e012bfd57d4887041b2f624df12b3a78fe05c82737d6a7fb71df2551df52f25d332a747c41fc7f52be8003251e97c50299b15930749923af929b0ef6e2251913758ae6bb473c8982dad3576377cf3fcd310b9b00f79ed3dc852efedc89ce0cb6908a7badc01545a68923f99d0a3b793e48ad31a81ef4c039f30bcac9e66b71ee1582f10ff82b0bcc69fafa91053285f92f64738528f748e4834", 0xf4}, {&(0x7f0000000440)="9b8733ff3033367ce1984eb0ff743cbabc0f7784e9bce18a78401b9087bc6252a457d3f527e31a675767794e2720c48c1122f710d8fd6d4fe8ce6b1ff8590148f341f7821b8ad924b4144708a73261890b150269b8f99ef7bc201b3ec9e3c19142d1bc455db75861b3b632da90ded5d7e9261a2ab6e1d0486542b849cc389c9f9deb93609bf7598a5c2c42e967d4f1e691c076f716c114336969c436ee26adc97f77866c0c89ad7b2641ff8c7c90dfa41ec1004e1dac6f782ce90f0bbf709f3220e436e5221efeb9fb53ecaca7c078c730bd3540b7c79a3f97b1a55f74bfebd62c656928b2411a9eea", 0xe9}, {&(0x7f0000000540)="1b57624624a1ff7423d95b64c6bf2ffa72bc678a77ef77c0a56b6d82b9946b3d62715f73b9d9fa41b5dc9c1e3fe42e792a8892baf41a13b56a4845d0bd61b0e0bc705a413023d47ac233fd0358132b676f1382a6d89c52536b6a9ee5e9fecf0f7921c17b197705d478460d1ce716a0a3ae4916fa62ae596ae69681926ac5fd8e2a67bf8a91ba8f2e522ba4721907ab0ed8", 0x91}, {&(0x7f0000000680)="984c7096b669cd151f470ebdcad70513ba88fa0c8901a1d2c8eca5a393d2d2100c2d334e0c163e07d2aea7d5e5618f4e78e62541f62d6c659fe076509e0a4f126d80df017a1a0443009c2bc102e44fb2e5c8731741a5917c247a0a0a9efdde6df7569168e7ff8bba078cdd8e5fa711d5527d8e043e454964312568a2410bc68498b5d858228f8dcf2c5fecdd30e9f3e47e74c28879557ae670f65dbd2d503afc53844203e870b89d73994dc1b8c458357288fe9d8984", 0xb6}], 0x6, &(0x7f0000000740)="00e09d680fc0f84e052da9d23380b315dacb171923d5ce382e489aa3bd2e59784603d9960a5d034c763508aec2eeb436c7a018ea03d30ada324227c820f9d28556844a8cba64e264afb6116d93fcda9356d22f9c917cd98f5d489423b8b6e48a660716cb1ff855b10a1697622555e70ff44cd5f55bde260f97eb47ab0efa27edec71b9a7f2d220352b82f94e8e201cd2ba072e73e2393988ab95e24a636a86b9e5f7fa9f83ed9d78280f0e9b2feda8666472de90e4702e6d4fa72afc33f524cbc2", 0xc1, 0x80}, 0x20000000) io_setup(0x5, &(0x7f0000000180)=0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_timeval(r2, 0x1, 0x4c, 0x0, &(0x7f0000000300)) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$rds(r3, &(0x7f0000000880)={0x2, 0x4e24, @remote}, 0x10) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000) recvfrom(r5, &(0x7f0000000140)=""/104, 0x68, 0x12020, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r4, 0xc0045004, &(0x7f0000000100)) io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) r7 = open_tree(0xffffffffffffffff, &(0x7f0000000640)='\x00', 0x89901) move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1020, 0x0) 1.487507557s ago: executing program 2 (id=416): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) unshare(0x22020600) syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) r0 = syz_open_procfs(0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@private0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff}, {}, 0x5, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x32}, 0x0, @in=@empty}}, 0xe8) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) pwritev2(r4, &(0x7f00000001c0)=[{&(0x7f0000000040)='4', 0x1}], 0x1, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$fb0(0xffffff9c, 0x0, 0x10fd02, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={@map, 0xffffffffffffffff, 0x7}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="12010900875b0d20d8130100220e010203010902120001000000000904"], 0x0) 1.479807116s ago: executing program 4 (id=417): poll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x2432}], 0x200000000000001f, 0x7) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x141841, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x8000, 0x0, 0x2e, 0x0, {0x0, 0x4, 0x4}, {}, {0x2, 0x0, 0xfffffffe}, {0x0, 0x0, 0x8000000}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000006, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x8}) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000380)={0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000ac0)={0x400000, 0x2d}) r4 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000340)={0xda1, 0x8169, 0xe, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000440)={0xde, 0x1ff, 0xf}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x4000000, 0x1, 0x0, 'queue0\x00'}) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000180)={0x0, 0x0, {0x2, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r7, 0x54a0) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r10, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) fchmod(r1, 0x2) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00464b4, &(0x7f0000000400)={r5}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, 0xb1404cf7d46e531e}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x4, 0xd8, 0x8}) 942.802722ms ago: executing program 4 (id=418): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'ip_vti0\x00', 0x7101}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000)=@device_b, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) close(0x3) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000000400000006000000010000"]) mlock(&(0x7f0000a38000/0x1000)=nil, 0x1000) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000180)=0x1000089, 0x4) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0xfffffffffffffdb5, &(0x7f0000000080)='\x00\xc9\xf5\x00\x00\x00\x00\x00\x00\x00+\x1ct\xc6\fr\xbaU\xc1\xb2\xd2\xde\xbfk\xc0\x18\x94\xc5&\xec\x03\xa0w\"E\xc9\xf2,K4\x10\xc8\x8cuj\xd3\xf0\xb3\xa9f\xf7\xb7\x17\xdf\xca\xac\x8b\x81K\t\x14^\xc3\xb7<\xa1\x15\v4\xd0\xbe\xa8\x01\x00<:-Y\n<\x1d\xb2\xe0kU\xc0\xc1\x14') r3 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000000080108000000e2ff0000000a00000805000300060000000900010073797a310000000006000240655800001400048008000000000c46e3064000000002"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x80) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, 0x0) 778.991403ms ago: executing program 0 (id=419): r0 = syz_io_uring_setup(0x5135, &(0x7f0000000100)={0x0, 0x0, 0x11680}, &(0x7f00000002c0)=0x0, &(0x7f00000000c0)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SYMLINKAT={0x26, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) io_uring_enter(r0, 0x6256, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) r6 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="400f00002f1f6f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000b00)={0x18, &(0x7f0000000740)={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io$uac1(r6, 0x0, &(0x7f0000000500)={0x24, &(0x7f0000000200)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r7 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg(r7, &(0x7f0000002080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=[{0xc, 0x10b, 0x4}, {0xc, 0x117, 0x3}], 0x18}}], 0x2, 0x8810) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f00000001c0)={0x6, 0x0, 0xffffffff, 0x7ff}, 0x10) write(r4, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40101}}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 0s ago: executing program 2 (id=420): socket$inet6_sctp(0xa, 0x801, 0x84) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) removexattr(0x0, 0x0) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)=ANY=[@ANYBLOB="e4050000160001000000000000000000e0000001000000000006000000000000fe88000000000000000000000000000100000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000033000000fc02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000200001f09000000000000000700000091230000ab0002006374722d6165732d636500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018030000cb8e892a23aa1faff0ca08bcbcbdbc09e75ff9da23961c863111c13df0946d7a81e1c2b09c76fcf63fb2c652f7b14ba657fcd70fd3f77a374e34293d4ba244e3cf40159c91ce8cdc34e3a34ab610b6850258e91a237498beb1255d172c7cc2954e098900050019006c00000034011100fe880000000000000000000000000001fc010000000000000000000000000000ff010000000000000000000000000001e00000020000000000000000000000006c030000000000000a000200e000000200000000000000000000000000000000000000000000000000000001e0000001000000000000000000000000e00000010000000000000000000000002b040000033500000200020000000000000000000000000000000000fc00000000000000000000000000000000000000000000000000fffffffffffffc0200000000000000000000000000013c010000043500000a000a0020010000000000000000000000000000fc010000000000000000000000000000fe800000000000000000000000000041200100000000000000000000000000012b020000023500000a000a00680002006362632873657270656e742900"/720], 0x5e4}}, 0x50) kernel console output (not intermixed with test programs): d cc 0x0c03 length: 249 > 1 [ 85.140478][ T5868] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.153542][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.160294][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.161324][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.169276][ T5874] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.176516][ T5183] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.182003][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.200256][ T5874] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.218150][ T5874] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.218529][ T5183] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.225755][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.243958][ T5874] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.252463][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.261009][ T5874] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.272017][ T5874] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.989546][ T5882] chnl_net:caif_netlink_parms(): no params data found [ 86.084982][ T5878] chnl_net:caif_netlink_parms(): no params data found [ 86.192790][ T5880] chnl_net:caif_netlink_parms(): no params data found [ 86.216728][ T5877] chnl_net:caif_netlink_parms(): no params data found [ 86.259503][ T5881] chnl_net:caif_netlink_parms(): no params data found [ 86.419763][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.427106][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.435447][ T5882] bridge_slave_0: entered allmulticast mode [ 86.442942][ T5882] bridge_slave_0: entered promiscuous mode [ 86.497356][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.504624][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.512479][ T5882] bridge_slave_1: entered allmulticast mode [ 86.520507][ T5882] bridge_slave_1: entered promiscuous mode [ 86.540262][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.547422][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.555042][ T5878] bridge_slave_0: entered allmulticast mode [ 86.562736][ T5878] bridge_slave_0: entered promiscuous mode [ 86.623522][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.630867][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.638041][ T5878] bridge_slave_1: entered allmulticast mode [ 86.647404][ T5878] bridge_slave_1: entered promiscuous mode [ 86.683651][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.690998][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.698366][ T5877] bridge_slave_0: entered allmulticast mode [ 86.706933][ T5877] bridge_slave_0: entered promiscuous mode [ 86.742879][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.750865][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.758099][ T5880] bridge_slave_0: entered allmulticast mode [ 86.766732][ T5880] bridge_slave_0: entered promiscuous mode [ 86.789935][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.797133][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.805318][ T5881] bridge_slave_0: entered allmulticast mode [ 86.812893][ T5881] bridge_slave_0: entered promiscuous mode [ 86.821817][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.829157][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.836612][ T5877] bridge_slave_1: entered allmulticast mode [ 86.844492][ T5877] bridge_slave_1: entered promiscuous mode [ 86.861140][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.874651][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.920119][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.935003][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.942907][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.955127][ T5880] bridge_slave_1: entered allmulticast mode [ 86.963378][ T5880] bridge_slave_1: entered promiscuous mode [ 86.999112][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.006368][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.014024][ T5881] bridge_slave_1: entered allmulticast mode [ 87.026735][ T5881] bridge_slave_1: entered promiscuous mode [ 87.115027][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.210387][ T5882] team0: Port device team_slave_0 added [ 87.243297][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.249783][ T5874] Bluetooth: hci4: command tx timeout [ 87.258477][ T5874] Bluetooth: hci1: command tx timeout [ 87.258919][ T5865] Bluetooth: hci0: command tx timeout [ 87.296174][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.313039][ T5882] team0: Port device team_slave_1 added [ 87.326845][ T5878] team0: Port device team_slave_0 added [ 87.333314][ T5865] Bluetooth: hci3: command tx timeout [ 87.334190][ T5874] Bluetooth: hci2: command tx timeout [ 87.345176][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.374084][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.386116][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.411344][ T5878] team0: Port device team_slave_1 added [ 87.432602][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.443351][ T5880] team0: Port device team_slave_0 added [ 87.509819][ T5880] team0: Port device team_slave_1 added [ 87.530702][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.538030][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.565268][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.592516][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.599846][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.626399][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.668364][ T5877] team0: Port device team_slave_0 added [ 87.676563][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.683722][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.710009][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.731311][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.738637][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.764785][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.784630][ T5881] team0: Port device team_slave_0 added [ 87.794406][ T5881] team0: Port device team_slave_1 added [ 87.816462][ T5877] team0: Port device team_slave_1 added [ 87.865686][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.874677][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.901068][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.914564][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.921839][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.947987][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.960950][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.967982][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.994662][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.056369][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.063426][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.090224][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.101841][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.109282][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.135983][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.168001][ T5882] hsr_slave_0: entered promiscuous mode [ 88.174672][ T5882] hsr_slave_1: entered promiscuous mode [ 88.212486][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.219802][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.246536][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.273887][ T5878] hsr_slave_0: entered promiscuous mode [ 88.281288][ T5878] hsr_slave_1: entered promiscuous mode [ 88.287419][ T5878] debugfs: 'hsr0' already exists in 'hsr' [ 88.296702][ T5878] Cannot create hsr debugfs directory [ 88.423277][ T5880] hsr_slave_0: entered promiscuous mode [ 88.440548][ T5880] hsr_slave_1: entered promiscuous mode [ 88.447242][ T5880] debugfs: 'hsr0' already exists in 'hsr' [ 88.459511][ T5880] Cannot create hsr debugfs directory [ 88.539699][ T5877] hsr_slave_0: entered promiscuous mode [ 88.546137][ T5877] hsr_slave_1: entered promiscuous mode [ 88.553280][ T5877] debugfs: 'hsr0' already exists in 'hsr' [ 88.559095][ T5877] Cannot create hsr debugfs directory [ 88.652571][ T5881] hsr_slave_0: entered promiscuous mode [ 88.659530][ T5881] hsr_slave_1: entered promiscuous mode [ 88.665699][ T5881] debugfs: 'hsr0' already exists in 'hsr' [ 88.671528][ T5881] Cannot create hsr debugfs directory [ 89.141086][ T5878] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.181247][ T5878] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.217472][ T5878] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.250666][ T5878] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.310097][ T5882] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.328648][ T5882] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.335594][ T5874] Bluetooth: hci0: command tx timeout [ 89.339509][ T5874] Bluetooth: hci1: command tx timeout [ 89.341702][ T5865] Bluetooth: hci4: command tx timeout [ 89.376814][ T5882] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.387673][ T5882] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.409540][ T5874] Bluetooth: hci2: command tx timeout [ 89.415071][ T5865] Bluetooth: hci3: command tx timeout [ 89.482260][ T5880] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.521868][ T5880] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.536810][ T5880] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.548435][ T5880] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.666998][ T5877] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.694759][ T5877] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.726290][ T5877] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.743551][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.767965][ T5877] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.862556][ T5878] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.881696][ T5881] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.902978][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.910284][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.922731][ T5881] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.937768][ T5881] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.953379][ T5881] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.983813][ T3529] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.991029][ T3529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.034247][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.154096][ T5882] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.183016][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.197401][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.204798][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.244968][ T3547] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.252195][ T3547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.305351][ T5880] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.334609][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.341918][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.379652][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.386755][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.402900][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.472848][ T5877] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.498284][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.505481][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.560997][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.568310][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.599514][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.634726][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.747054][ T5881] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.776357][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.783547][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.800159][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.807282][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.825634][ T5878] veth0_vlan: entered promiscuous mode [ 90.834432][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.869712][ T5878] veth1_vlan: entered promiscuous mode [ 90.896168][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.967915][ T5878] veth0_macvtap: entered promiscuous mode [ 90.993981][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.024347][ T5878] veth1_macvtap: entered promiscuous mode [ 91.080063][ T5882] veth0_vlan: entered promiscuous mode [ 91.114773][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.134586][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.176058][ T5882] veth1_vlan: entered promiscuous mode [ 91.183523][ T5880] veth0_vlan: entered promiscuous mode [ 91.207379][ T3547] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.217159][ T3547] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.248265][ T3547] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.259206][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.274760][ T5880] veth1_vlan: entered promiscuous mode [ 91.302191][ T5877] veth0_vlan: entered promiscuous mode [ 91.328679][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.338146][ T5877] veth1_vlan: entered promiscuous mode [ 91.387956][ T5882] veth0_macvtap: entered promiscuous mode [ 91.425261][ T5865] Bluetooth: hci4: command tx timeout [ 91.431258][ T5866] Bluetooth: hci0: command tx timeout [ 91.436758][ T5874] Bluetooth: hci1: command tx timeout [ 91.457649][ T5882] veth1_macvtap: entered promiscuous mode [ 91.473013][ T5880] veth0_macvtap: entered promiscuous mode [ 91.490232][ T5865] Bluetooth: hci2: command tx timeout [ 91.495842][ T5874] Bluetooth: hci3: command tx timeout [ 91.534803][ T5877] veth0_macvtap: entered promiscuous mode [ 91.565271][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.576215][ T5880] veth1_macvtap: entered promiscuous mode [ 91.585052][ T5877] veth1_macvtap: entered promiscuous mode [ 91.625529][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.664986][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.671235][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.695743][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.705149][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.715834][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.737089][ T5881] veth0_vlan: entered promiscuous mode [ 91.759605][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.766929][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.776230][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.786591][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.826813][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.844724][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.855939][ T5881] veth1_vlan: entered promiscuous mode [ 91.874903][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.884060][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.902583][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.917234][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.933309][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.947934][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.962697][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.975626][ T979] cfg80211: failed to load regulatory.db [ 92.018040][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.034337][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.093441][ T5878] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.168066][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.183603][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.206458][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.236995][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.302714][ T5881] veth0_macvtap: entered promiscuous mode [ 92.321771][ T5881] veth1_macvtap: entered promiscuous mode [ 92.346182][ T3529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.361258][ T3529] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.439877][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.460899][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.507918][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.585501][ T3547] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.597849][ T3529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.608147][ T3529] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.647429][ T5962] vti0: entered promiscuous mode [ 92.652624][ T5962] vti0: entered allmulticast mode [ 92.693213][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.752067][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.753306][ T3547] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.877816][ T3547] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.888861][ T3529] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.992681][ T2966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.045172][ T2966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.491423][ T5874] Bluetooth: hci1: command tx timeout [ 93.501150][ T5865] Bluetooth: hci4: command tx timeout [ 93.507327][ T5866] Bluetooth: hci0: command tx timeout [ 93.569804][ T5865] Bluetooth: hci3: command tx timeout [ 93.575372][ T5865] Bluetooth: hci2: command tx timeout [ 93.591213][ T3529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.600323][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.610965][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.639125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.642600][ T3529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.665110][ T5970] vti0: entered promiscuous mode [ 93.671293][ T5970] vti0: entered allmulticast mode [ 93.901867][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.993191][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.999282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.010651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.019245][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.187442][ T5979] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.6'. [ 94.669941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.953085][ T5981] netlink: 1264 bytes leftover after parsing attributes in process `syz.4.5'. [ 95.693615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.702563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.289236][ T6009] vti0: entered promiscuous mode [ 98.294325][ T6009] vti0: entered allmulticast mode [ 98.550984][ T6010] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.11'. [ 99.359450][ T6014] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.12'. [ 99.675865][ T6022] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.23'. [ 100.293529][ T6032] syz.2.13 uses obsolete (PF_INET,SOCK_PACKET) [ 102.381120][ T6023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.587356][ T6039] vti0: entered promiscuous mode [ 102.592424][ T6039] vti0: entered allmulticast mode [ 104.012756][ T6060] input: syz0 as /devices/virtual/input/input5 [ 104.436406][ T6064] netlink: 34 bytes leftover after parsing attributes in process `syz.1.20'. [ 104.679373][ T6064] Zero length message leads to an empty skb [ 106.169500][ T5954] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.618894][ T5954] usb 2-1: device descriptor read/64, error -71 [ 106.790912][ T6087] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.26'. [ 106.858964][ T5954] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 107.108896][ T5954] usb 2-1: device descriptor read/64, error -71 [ 107.246565][ T5954] usb usb2-port1: attempt power cycle [ 107.409629][ T6095] vti0: entered promiscuous mode [ 107.417035][ T6095] vti0: entered allmulticast mode [ 107.807368][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.41'. [ 109.255806][ T5954] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 109.881782][ T6122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.373602][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.35'. [ 110.568958][ T5954] usb 1-1: device descriptor read/64, error -71 [ 110.968880][ T5954] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 111.151731][ T5954] usb 1-1: Using ep0 maxpacket: 16 [ 111.187966][ T5954] usb 1-1: config 8 has an invalid interface number: 39 but max is 0 [ 111.196854][ T5954] usb 1-1: config 8 has no interface number 0 [ 111.228456][ T5954] usb 1-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 111.250727][ T5954] usb 1-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 111.282986][ T5954] usb 1-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 111.358074][ T5954] usb 1-1: config 8 interface 39 has no altsetting 0 [ 111.390204][ T5954] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 111.399771][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.411100][ T5954] usb 1-1: Product: syz [ 111.418687][ T5954] usb 1-1: Manufacturer: syz [ 111.429263][ T5954] usb 1-1: SerialNumber: syz [ 111.532889][ T6136] netlink: 1264 bytes leftover after parsing attributes in process `syz.4.40'. [ 111.676217][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.691486][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.754385][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.020544][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.036044][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.175432][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.254145][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.332345][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.407424][ T6125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.461248][ T6125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.699435][ T5954] ipheth 1-1:8.39: ipheth_get_macaddr: usb_control_msg: -71 [ 112.760144][ T5954] ipheth 1-1:8.39: probe with driver ipheth failed with error -71 [ 112.822217][ T5954] usb 1-1: USB disconnect, device number 3 [ 113.149065][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 113.374416][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 113.386705][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 113.397691][ T10] usb 4-1: config 8 has an invalid interface number: 67 but max is 0 [ 113.416171][ T10] usb 4-1: config 8 has no interface number 0 [ 113.444230][ T10] usb 4-1: config 8 interface 67 has no altsetting 0 [ 113.553328][ T10] usb 4-1: New USB device found, idVendor=04e8, idProduct=8001, bcdDevice=68.f7 [ 113.604260][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.713771][ T10] usb 4-1: Product: syz [ 113.717992][ T10] usb 4-1: Manufacturer: syz [ 113.747324][ T10] usb 4-1: SerialNumber: syz [ 113.809222][ T5954] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 114.024048][ T6156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.042002][ T6156] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.073069][ T10] usb 4-1: active config #8 != 1 ?? [ 114.087737][ T10] usb 4-1: USB disconnect, device number 2 [ 114.107377][ T5954] usb 3-1: Using ep0 maxpacket: 8 [ 114.174552][ T5954] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 114.219361][ T5954] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 114.228537][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.254891][ T5954] usb 3-1: config 0 descriptor?? [ 114.597951][ T6166] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.261465][ T6187] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.55'. [ 116.719047][ T5954] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 116.737691][ T5954] usb 3-1: USB disconnect, device number 2 [ 116.764895][ T6196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.113553][ T6199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.609262][ T5953] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 121.074122][ T6239] capability: warning: `syz.1.72' uses deprecated v2 capabilities in a way that may be insecure [ 121.302087][ T6246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.468854][ T5953] usb 3-1: device descriptor read/64, error -71 [ 121.909806][ T6249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.73'. [ 122.138927][ T5953] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 122.395705][ T5953] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 122.422556][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.437147][ T6260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.592450][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.74'. [ 123.314766][ T5953] usb 3-1: Product: syz [ 123.508795][ T5953] usb 3-1: Manufacturer: syz [ 123.548790][ T5953] usb 3-1: SerialNumber: syz [ 123.579979][ T5953] usb 3-1: config 0 descriptor?? [ 123.826774][ T5953] usb 3-1: USB disconnect, device number 4 [ 123.938100][ T5915] udevd[5915]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.989345][ T6283] ======================================================= [ 124.989345][ T6283] WARNING: The mand mount option has been deprecated and [ 124.989345][ T6283] and is ignored by this kernel. Remove the mand [ 124.989345][ T6283] option from the mount to silence this warning. [ 124.989345][ T6283] ======================================================= [ 125.024409][ C0] vkms_vblank_simulate: vblank timer overrun [ 125.661019][ T6295] tipc: Started in network mode [ 125.666242][ T6295] tipc: Node identity 16a71afe59c5, cluster identity 4711 [ 125.675651][ T6295] tipc: Enabled bearer , priority 0 [ 125.684151][ T6295] syzkaller0: entered promiscuous mode [ 125.690039][ T6295] syzkaller0: entered allmulticast mode [ 125.729856][ T6295] tipc: Resetting bearer [ 125.764399][ T6294] tipc: Resetting bearer [ 125.811885][ T6294] tipc: Disabling bearer [ 126.142123][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.165615][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.177634][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.191819][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.203104][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.212305][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.226455][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.236018][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.248278][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.263529][ T5954] hid-generic 6B95:0005:0001.0001: unknown main item tag 0x0 [ 126.298547][ T5954] hid-generic 6B95:0005:0001.0001: hidraw0: HID v0.0b Device [syz0] on syz1 [ 126.661360][ T6301] fido_id[6301]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 127.231507][ T6315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.101554][ T6326] bridge_slave_0: left allmulticast mode [ 128.107259][ T6326] bridge_slave_0: left promiscuous mode [ 128.145691][ T6326] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.183226][ T6326] bridge_slave_1: left allmulticast mode [ 128.213792][ T6326] bridge_slave_1: left promiscuous mode [ 128.231610][ T6326] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.308091][ T6326] bond0: (slave bond_slave_0): Releasing backup interface [ 128.325769][ T6326] bond0: (slave bond_slave_1): Releasing backup interface [ 128.356109][ T6326] team0: Port device team_slave_0 removed [ 128.377186][ T6326] team0: Port device team_slave_1 removed [ 128.391975][ T6326] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.408056][ T6326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.427421][ T6326] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.435420][ T6326] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 129.156015][ T6341] openvswitch: netlink: Key type 31 is not supported [ 129.291446][ T6346] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 130.178968][ T979] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 130.324707][ T979] usb 5-1: device descriptor read/64, error -71 [ 130.489604][ T30] audit: type=1326 audit(1755096934.640:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.2.107" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x0 [ 130.617493][ T979] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 130.838845][ T979] usb 5-1: device descriptor read/64, error -71 [ 130.899084][ T5953] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 130.961450][ T979] usb usb5-port1: attempt power cycle [ 131.111234][ T5953] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 131.119640][ T5953] usb 3-1: config 0 has no interface number 0 [ 131.130002][ T5953] usb 3-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 131.155887][ T5953] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 131.170318][ T5953] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 131.182014][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.235065][ T5953] usb 3-1: config 0 descriptor?? [ 131.238877][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 131.330335][ T979] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 131.349834][ T979] usb 5-1: device descriptor read/8, error -71 [ 131.378846][ T10] usb 2-1: device descriptor read/64, error -71 [ 131.619036][ T979] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 131.628981][ T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 131.740234][ T979] usb 5-1: device descriptor read/8, error -71 [ 131.872825][ T979] usb usb5-port1: unable to enumerate USB device [ 131.938864][ T10] usb 2-1: device descriptor read/64, error -71 [ 132.049117][ T10] usb usb2-port1: attempt power cycle [ 132.266254][ T6392] program syz.0.114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.315532][ T6393] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.518903][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 132.544771][ T10] usb 2-1: device descriptor read/8, error -71 [ 132.821325][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 132.836339][ T6399] tc_dump_action: action bad kind [ 132.853409][ T10] usb 2-1: device descriptor read/8, error -71 [ 133.068107][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.074676][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.089612][ T10] usb usb2-port1: unable to enumerate USB device [ 133.396429][ T5953] usb 3-1: USB disconnect, device number 5 [ 134.068929][ T5914] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 134.260301][ T5914] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 134.274339][ T5914] usb 5-1: config 0 has no interface number 0 [ 134.313267][ T30] audit: type=1326 audit(1755096938.460:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 134.377133][ T5914] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 134.438972][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.460364][ T30] audit: type=1326 audit(1755096938.460:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=460 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 134.502372][ T5914] usb 5-1: Product: syz [ 134.727039][ T5914] usb 5-1: Manufacturer: syz [ 134.757710][ T5914] usb 5-1: SerialNumber: syz [ 134.843338][ T5914] usb 5-1: config 0 descriptor?? [ 134.844502][ T30] audit: type=1326 audit(1755096938.460:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 135.157595][ T30] audit: type=1326 audit(1755096938.460:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 135.183734][ T30] audit: type=1326 audit(1755096938.460:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 135.206046][ T30] audit: type=1326 audit(1755096938.510:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 135.236063][ T30] audit: type=1326 audit(1755096938.510:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.0.119" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000 [ 135.521174][ T6405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.541393][ T6405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.445120][ T6430] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.123'. [ 136.532767][ T5914] usb 5-1: Firmware version (0.0) predates our first public release. [ 137.100075][ T5914] usb 5-1: Please update to version 0.2 or newer [ 137.322113][ T5914] usb 5-1: USB disconnect, device number 6 [ 138.369170][ T5914] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 138.553436][ T979] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 138.568901][ T5914] usb 1-1: Using ep0 maxpacket: 8 [ 138.593719][ T5914] usb 1-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 138.608642][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.640390][ T5914] usb 1-1: config 0 descriptor?? [ 138.712578][ T979] usb 5-1: device descriptor read/64, error -71 [ 138.834094][ T30] audit: type=1326 audit(1755096942.980:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 138.955038][ T30] audit: type=1326 audit(1755096942.980:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 138.980748][ T979] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 139.480105][ T979] usb 5-1: device descriptor read/64, error -71 [ 139.492933][ T30] audit: type=1326 audit(1755096942.980:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=460 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 139.514915][ T30] audit: type=1326 audit(1755096942.980:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 139.537074][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.552868][ T6468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.562907][ T30] audit: type=1326 audit(1755096942.980:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 139.584551][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.609322][ T979] usb usb5-port1: attempt power cycle [ 139.790448][ T30] audit: type=1326 audit(1755096943.010:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 139.819046][ T30] audit: type=1326 audit(1755096943.020:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000 [ 140.049106][ T979] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 140.095146][ T979] usb 5-1: device descriptor read/8, error -71 [ 140.338882][ T979] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 140.369636][ T979] usb 5-1: device descriptor read/8, error -71 [ 140.479379][ T979] usb usb5-port1: unable to enumerate USB device [ 140.732800][ T6481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.822228][ T6482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.145'. [ 141.560774][ T979] usb 1-1: USB disconnect, device number 4 [ 143.078955][ T5923] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 143.370603][ T979] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 143.381132][ T5923] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 143.400447][ T5923] usb 4-1: config 0 has no interface number 0 [ 143.452072][ T5923] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 143.468887][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.644029][ T5923] usb 4-1: Product: syz [ 143.648260][ T5923] usb 4-1: Manufacturer: syz [ 143.680385][ T5923] usb 4-1: SerialNumber: syz [ 143.723077][ T5923] usb 4-1: config 0 descriptor?? [ 144.353593][ T6494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.363000][ T6494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.467269][ T6511] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.141'. [ 145.419798][ T5923] usb 4-1: Firmware version (0.0) predates our first public release. [ 145.448349][ T5923] usb 4-1: Please update to version 0.2 or newer [ 145.699614][ T5954] usb 4-1: USB disconnect, device number 3 [ 146.388963][ T5954] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 146.546169][ T6533] netdevsim netdevsim0: Direct firmware load for . [ 146.546169][ T6533] failed with error -2 [ 146.559083][ T5954] usb 4-1: device descriptor read/64, error -71 [ 146.565958][ T6533] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 146.565958][ T6533] [ 146.704295][ T5914] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 146.809999][ T5954] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 146.881753][ T5914] usb 5-1: Using ep0 maxpacket: 8 [ 146.891166][ T5914] usb 5-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48 [ 146.915476][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.940027][ T5914] usb 5-1: config 0 descriptor?? [ 146.959053][ T5954] usb 4-1: device descriptor read/64, error -71 [ 147.069765][ T5954] usb usb4-port1: attempt power cycle [ 147.478941][ T5954] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 147.505210][ T6552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.599052][ T5954] usb 4-1: device descriptor read/8, error -71 [ 147.850546][ T5954] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 147.898997][ T5954] usb 4-1: device descriptor read/8, error -71 [ 148.018625][ T5954] usb usb4-port1: unable to enumerate USB device [ 148.062698][ T30] audit: type=1326 audit(1755096952.190:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065596][ T30] audit: type=1326 audit(1755096952.190:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=446 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065650][ T30] audit: type=1326 audit(1755096952.190:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065694][ T30] audit: type=1326 audit(1755096952.190:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065738][ T30] audit: type=1326 audit(1755096952.200:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065783][ T30] audit: type=1326 audit(1755096952.210:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065825][ T30] audit: type=1326 audit(1755096952.210:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065868][ T30] audit: type=1326 audit(1755096952.210:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065923][ T30] audit: type=1326 audit(1755096952.210:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.065968][ T30] audit: type=1326 audit(1755096952.210:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6557 comm="syz.1.156" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7ffc0000 [ 148.787648][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.053170][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.581003][ T5913] usb 5-1: USB disconnect, device number 12 [ 149.589080][ T5923] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 149.841350][ T5923] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 149.890313][ T5923] usb 3-1: config 0 has no interface number 0 [ 149.935498][ T5923] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 149.967970][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.067821][ T5923] usb 3-1: Product: syz [ 150.083013][ T5923] usb 3-1: Manufacturer: syz [ 150.095246][ T5923] usb 3-1: SerialNumber: syz [ 150.128430][ T5923] usb 3-1: config 0 descriptor?? [ 150.700061][ T6580] sg_read: process 113 (syz.0.161) changed security contexts after opening file descriptor, this is not allowed. [ 150.808216][ T6567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.839325][ T6567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.920034][ T5913] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 151.228303][ T6591] netlink: 20 bytes leftover after parsing attributes in process `syz.3.167'. [ 151.257261][ T6591] netlink: 76 bytes leftover after parsing attributes in process `syz.3.167'. [ 151.610558][ T5923] usb 3-1: Firmware version (0.0) predates our first public release. [ 151.618683][ T5923] usb 3-1: Please update to version 0.2 or newer [ 151.919001][ T5923] usb 3-1: USB disconnect, device number 6 [ 151.971510][ T6607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.496557][ T6613] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.505208][ T6613] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.398841][ T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.408970][ T5913] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 154.583384][ T5913] usb 3-1: device descriptor read/64, error -71 [ 154.888881][ T5913] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 154.993301][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 154.993321][ T30] audit: type=1326 audit(1755096959.140:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.021669][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.041883][ T5913] usb 3-1: device descriptor read/64, error -71 [ 155.048334][ T979] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 155.065219][ T30] audit: type=1326 audit(1755096959.140:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.087035][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.114765][ T30] audit: type=1326 audit(1755096959.140:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.136683][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.163358][ T5913] usb usb3-port1: attempt power cycle [ 155.218893][ T979] usb 1-1: Using ep0 maxpacket: 16 [ 155.259233][ T979] usb 1-1: config 7 has an invalid interface number: 29 but max is 2 [ 155.267399][ T979] usb 1-1: config 7 has an invalid interface number: 195 but max is 2 [ 155.275860][ T30] audit: type=1326 audit(1755096959.140:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.275916][ T30] audit: type=1326 audit(1755096959.140:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.275960][ T30] audit: type=1326 audit(1755096959.140:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.432529][ T979] usb 1-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 155.529375][ T979] usb 1-1: config 7 has an invalid interface number: 249 but max is 2 [ 155.561014][ T30] audit: type=1326 audit(1755096959.140:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.569039][ T5913] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 155.630228][ T979] usb 1-1: config 7 has no interface number 0 [ 155.636472][ T979] usb 1-1: config 7 has no interface number 1 [ 155.687313][ T30] audit: type=1326 audit(1755096959.140:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.827228][ T5913] usb 3-1: device descriptor read/8, error -71 [ 155.835431][ T979] usb 1-1: config 7 has no interface number 2 [ 155.841747][ T979] usb 1-1: config 7 interface 29 altsetting 8 has a duplicate endpoint with address 0x8, skipping [ 155.858792][ T979] usb 1-1: config 7 interface 29 altsetting 8 has a duplicate endpoint with address 0xC, skipping [ 155.861273][ T30] audit: type=1326 audit(1755096959.140:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 155.874330][ T979] usb 1-1: config 7 interface 195 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 155.976231][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 156.033130][ T30] audit: type=1326 audit(1755096959.140:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6644 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7539 code=0x7fc00000 [ 156.056540][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 156.109740][ T5913] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 156.132564][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 156.215089][ T5913] usb 3-1: device descriptor read/8, error -71 [ 156.221530][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 156.233462][ T979] usb 1-1: config 7 interface 195 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 156.244359][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 156.272445][ T979] usb 1-1: config 7 interface 195 altsetting 1 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 156.339172][ T5913] usb usb3-port1: unable to enumerate USB device [ 156.355982][ T979] usb 1-1: config 7 interface 195 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 156.384979][ T979] usb 1-1: config 7 interface 195 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1024 [ 156.395477][ T979] usb 1-1: config 7 interface 195 altsetting 1 has a duplicate endpoint with address 0x2, skipping [ 156.410543][ T979] usb 1-1: config 7 interface 195 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 156.423965][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 156.484344][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x1, skipping [ 156.528840][ T5954] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 156.529013][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 156.549018][ T43] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 156.565307][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x1, skipping [ 156.576973][ T979] usb 1-1: config 7 interface 249 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 156.590689][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x2, skipping [ 156.605184][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x1, skipping [ 156.675005][ T6682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.771600][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.785197][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x8, skipping [ 156.785573][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.796478][ T979] usb 1-1: config 7 interface 249 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 156.817394][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 156.839644][ T979] usb 1-1: config 7 interface 249 altsetting 3 has a duplicate endpoint with address 0x6, skipping [ 156.853035][ T979] usb 1-1: config 7 interface 29 has no altsetting 0 [ 156.897388][ T979] usb 1-1: config 7 interface 195 has no altsetting 0 [ 156.960179][ T979] usb 1-1: config 7 interface 249 has no altsetting 0 [ 156.976536][ T979] usb 1-1: New USB device found, idVendor=0471, idProduct=060c, bcdDevice=c5.ad [ 156.985930][ T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.994056][ T979] usb 1-1: Product: ⠁ [ 156.998346][ T979] usb 1-1: Manufacturer: 颡졯⫠⩆⺡㯩깂솵冓䘰舣ⷮ拨燥쳐 [ 157.014887][ T979] usb 1-1: SerialNumber: ю [ 157.037162][ T43] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 157.057077][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.080400][ T43] usb 2-1: config 0 descriptor?? [ 157.235276][ T6658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.259037][ T6659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.319570][ T6658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.348059][ T6657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.371933][ T6659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.389662][ T6657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.607394][ T43] hid_parser_main: 68 callbacks suppressed [ 157.607422][ T43] nzxt-smart2 0003:1E71:2009.0002: unknown main item tag 0x0 [ 157.682028][ T43] nzxt-smart2 0003:1E71:2009.0002: item 0 0 0 8 parsing failed [ 157.729797][ T43] nzxt-smart2 0003:1E71:2009.0002: probe with driver nzxt-smart2 failed with error -22 [ 157.798872][ T5913] usb 2-1: USB disconnect, device number 11 [ 157.900874][ T979] usb 1-1: USB disconnect, device number 6 [ 159.817341][ T2966] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.903897][ T2966] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.084468][ T2966] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.154570][ T2966] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.978930][ T5923] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 161.130425][ T6731] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 161.138088][ T6731] IPv6: NLM_F_CREATE should be set when creating new route [ 161.289466][ T5923] usb 4-1: Using ep0 maxpacket: 32 [ 161.408965][ T5923] usb 4-1: unable to get BOS descriptor or descriptor too short [ 161.464392][ T5923] usb 4-1: config 128 has an invalid interface number: 6 but max is 2 [ 161.479683][ T5923] usb 4-1: config 128 has an invalid interface number: 8 but max is 2 [ 161.508006][ T5923] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 161.529600][ T5923] usb 4-1: config 128 has 2 interfaces, different from the descriptor's value: 3 [ 161.601603][ T5923] usb 4-1: config 128 has no interface number 0 [ 161.615359][ T5923] usb 4-1: config 128 has no interface number 1 [ 161.719431][ T5923] usb 4-1: config 128 interface 6 has no altsetting 0 [ 161.737966][ T5923] usb 4-1: config 128 interface 8 has no altsetting 0 [ 161.767761][ T5923] usb 4-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=8c.42 [ 161.808053][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.819032][ T43] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 161.826886][ T5923] usb 4-1: Product: syz [ 161.831879][ T5923] usb 4-1: Manufacturer: syz [ 161.846283][ T5923] usb 4-1: SerialNumber: syz [ 161.971454][ T43] usb 5-1: device descriptor read/64, error -71 [ 162.127207][ T6755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.177182][ T5913] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 162.356771][ T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 162.393508][ T5923] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner [ 162.414139][ T5923] usb 4-1: selecting invalid altsetting 0 [ 162.441446][ T5913] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 162.456889][ T2344] pvrusb2: Invalid write control endpoint [ 162.460899][ T5913] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x51, changing to 0x1 [ 162.480279][ T5923] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner [ 162.499371][ T43] usb 5-1: device descriptor read/64, error -71 [ 162.524008][ T5923] usb 4-1: selecting invalid altsetting 0 [ 162.535633][ T5913] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 162.577909][ T5923] usb 4-1: USB disconnect, device number 8 [ 162.613082][ T43] usb usb5-port1: attempt power cycle [ 162.615199][ T5913] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 162.643349][ T2344] pvrusb2: Invalid write control endpoint [ 162.667801][ T2344] pvrusb2: Invalid write control endpoint [ 162.674634][ T5913] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 162.683013][ T2344] pvrusb2: Invalid write control endpoint [ 162.693749][ T2344] pvrusb2: Invalid write control endpoint [ 162.700201][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.700524][ T2344] pvrusb2: Invalid write control endpoint [ 162.921982][ T2344] pvrusb2: Invalid write control endpoint [ 162.927745][ T2344] pvrusb2: Invalid write control endpoint [ 162.972049][ T2344] pvrusb2: Invalid write control endpoint [ 163.102852][ T2344] pvrusb2: Invalid write control endpoint [ 163.158438][ T5913] ath6kl: Failed to submit usb control message: -71 [ 163.170779][ T5913] ath6kl: unable to send the bmi data to the device: -71 [ 163.186396][ T5913] ath6kl: Unable to send get target info: -71 [ 163.207631][ T2344] pvrusb2: Invalid write control endpoint [ 163.226347][ T5913] ath6kl: Failed to init ath6kl core: -71 [ 163.234425][ T2344] pvrusb2: Invalid write control endpoint [ 163.251272][ T2344] pvrusb2: Invalid write control endpoint [ 163.259089][ T43] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 163.269784][ T5913] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 163.295870][ T2344] pvrusb2: Invalid write control endpoint [ 163.310595][ T2344] pvrusb2: Invalid write control endpoint [ 163.326708][ T43] usb 5-1: device descriptor read/8, error -71 [ 163.334513][ T2344] pvrusb2: Invalid write control endpoint [ 163.365314][ T2344] pvrusb2: Invalid write control endpoint [ 163.375957][ T2344] pvrusb2: Invalid write control endpoint [ 163.383573][ T5913] usb 2-1: USB disconnect, device number 12 [ 163.401159][ T2344] pvrusb2: Invalid write control endpoint [ 163.412634][ T2344] pvrusb2: Invalid write control endpoint [ 163.425687][ T2344] pvrusb2: Invalid write control endpoint [ 163.446258][ T2344] pvrusb2: Invalid write control endpoint [ 163.456801][ T2344] pvrusb2: Invalid write control endpoint [ 163.482622][ T2344] pvrusb2: Invalid write control endpoint [ 163.588839][ T43] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 163.609182][ T2344] pvrusb2: Invalid write control endpoint [ 163.639181][ T2344] pvrusb2: Invalid write control endpoint [ 163.663233][ T43] usb 5-1: device descriptor read/8, error -71 [ 163.671852][ T2344] pvrusb2: Invalid write control endpoint [ 163.678874][ T2344] pvrusb2: Invalid write control endpoint [ 163.710202][ T2344] pvrusb2: Invalid write control endpoint [ 163.742045][ T2344] pvrusb2: Invalid write control endpoint [ 163.772808][ T2344] pvrusb2: Invalid write control endpoint [ 163.780006][ T43] usb usb5-port1: unable to enumerate USB device [ 163.845934][ T2344] pvrusb2: Invalid write control endpoint [ 163.885505][ T2344] pvrusb2: Invalid write control endpoint [ 164.023933][ T2344] pvrusb2: Module ID 3 (saa7115) for device OnAir USB2 Hybrid USB tuner failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 164.216639][ T2344] cs53l32a 1-0011: chip found @ 0x22 (pvrusb2_a) [ 164.347241][ T2344] pvrusb2: Invalid write control endpoint [ 164.398827][ T2344] pvrusb2: Invalid write control endpoint [ 164.487023][ T2344] pvrusb2: Invalid write control endpoint [ 164.513020][ T2344] pvrusb2: Invalid write control endpoint [ 164.541421][ T2344] pvrusb2: Invalid write control endpoint [ 164.561124][ T2344] pvrusb2: Invalid write control endpoint [ 164.571036][ T2344] pvrusb2: Invalid write control endpoint [ 164.584917][ T2344] pvrusb2: Invalid write control endpoint [ 164.748969][ T2344] pvrusb2: Invalid write control endpoint [ 164.756653][ T2344] pvrusb2: Invalid write control endpoint [ 164.835946][ T2344] pvrusb2: Invalid write control endpoint [ 164.855283][ T2344] pvrusb2: Invalid write control endpoint [ 164.855307][ T2344] pvrusb2: Invalid write control endpoint [ 164.855337][ T2344] pvrusb2: Invalid write control endpoint [ 164.855354][ T2344] pvrusb2: Invalid write control endpoint [ 164.855370][ T2344] pvrusb2: Invalid write control endpoint [ 164.855386][ T2344] pvrusb2: Invalid write control endpoint [ 164.855402][ T2344] pvrusb2: Invalid write control endpoint [ 164.855417][ T2344] pvrusb2: Invalid write control endpoint [ 164.855433][ T2344] pvrusb2: Invalid write control endpoint [ 164.855449][ T2344] pvrusb2: Invalid write control endpoint [ 164.875741][ T2344] pvrusb2: Attached sub-driver cs53l32a [ 165.742025][ T2344] pvrusb2: Invalid write control endpoint [ 165.742090][ T2344] pvrusb2: Invalid write control endpoint [ 165.742101][ T2344] pvrusb2: Invalid write control endpoint [ 165.742112][ T2344] pvrusb2: Invalid write control endpoint [ 165.742118][ T2344] pvrusb2: Module ID 4 (tuner) for device OnAir USB2 Hybrid USB tuner failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 165.742132][ T2344] pvrusb2: Device being rendered inoperable [ 165.742150][ T2344] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. [ 165.743008][ T2344] pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. [ 165.743056][ T2344] pvrusb2: Invalid write control endpoint [ 165.815106][ T2344] pvrusb2: Invalid write control endpoint [ 165.815126][ T2344] pvrusb2: Invalid write control endpoint [ 165.815135][ T2344] pvrusb2: Invalid write control endpoint [ 165.815144][ T2344] pvrusb2: Invalid write control endpoint [ 165.815152][ T2344] pvrusb2: Invalid write control endpoint [ 165.815161][ T2344] pvrusb2: Invalid write control endpoint [ 165.815170][ T2344] pvrusb2: Invalid write control endpoint [ 165.815178][ T2344] pvrusb2: Invalid write control endpoint [ 165.815187][ T2344] pvrusb2: Invalid write control endpoint [ 165.815195][ T2344] pvrusb2: Invalid write control endpoint [ 165.815204][ T2344] pvrusb2: Invalid write control endpoint [ 165.815212][ T2344] pvrusb2: Invalid write control endpoint [ 165.815221][ T2344] pvrusb2: Invalid write control endpoint [ 165.815229][ T2344] pvrusb2: Invalid write control endpoint [ 165.815238][ T2344] pvrusb2: Invalid write control endpoint [ 165.815246][ T2344] pvrusb2: Invalid write control endpoint [ 165.815255][ T2344] pvrusb2: Invalid write control endpoint [ 165.815263][ T2344] pvrusb2: Invalid write control endpoint [ 165.815272][ T2344] pvrusb2: Invalid write control endpoint [ 165.815280][ T2344] pvrusb2: Invalid write control endpoint [ 165.815289][ T2344] pvrusb2: Invalid write control endpoint [ 165.815297][ T2344] pvrusb2: Invalid write control endpoint [ 165.815325][ T2344] pvrusb2: Invalid write control endpoint [ 165.815334][ T2344] pvrusb2: Invalid write control endpoint [ 165.815343][ T2344] pvrusb2: Invalid write control endpoint [ 165.815351][ T2344] pvrusb2: Invalid write control endpoint [ 165.815359][ T2344] pvrusb2: Invalid write control endpoint [ 165.815368][ T2344] pvrusb2: Invalid write control endpoint [ 165.815376][ T2344] pvrusb2: Invalid write control endpoint [ 165.815384][ T2344] pvrusb2: Invalid write control endpoint [ 165.815393][ T2344] pvrusb2: Invalid write control endpoint [ 165.815401][ T2344] pvrusb2: Invalid write control endpoint [ 165.817378][ T2344] pvrusb2: Module ID 3 (saa7115) for device OnAir USB2 Hybrid USB tuner failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 165.987559][ T2344] cs53l32a 2-0011: chip found @ 0x22 (pvrusb2_b) [ 165.987618][ T2344] pvrusb2: Invalid write control endpoint [ 165.987629][ T2344] pvrusb2: Invalid write control endpoint [ 165.987638][ T2344] pvrusb2: Invalid write control endpoint [ 165.987646][ T2344] pvrusb2: Invalid write control endpoint [ 165.987655][ T2344] pvrusb2: Invalid write control endpoint [ 165.987663][ T2344] pvrusb2: Invalid write control endpoint [ 165.987672][ T2344] pvrusb2: Invalid write control endpoint [ 165.987785][ T2344] pvrusb2: Invalid write control endpoint [ 165.987794][ T2344] pvrusb2: Invalid write control endpoint [ 165.987803][ T2344] pvrusb2: Invalid write control endpoint [ 165.987811][ T2344] pvrusb2: Invalid write control endpoint [ 165.987819][ T2344] pvrusb2: Invalid write control endpoint [ 165.987827][ T2344] pvrusb2: Invalid write control endpoint [ 165.987836][ T2344] pvrusb2: Invalid write control endpoint [ 165.987844][ T2344] pvrusb2: Invalid write control endpoint [ 165.987853][ T2344] pvrusb2: Invalid write control endpoint [ 165.987861][ T2344] pvrusb2: Invalid write control endpoint [ 165.987870][ T2344] pvrusb2: Invalid write control endpoint [ 165.987878][ T2344] pvrusb2: Invalid write control endpoint [ 165.987887][ T2344] pvrusb2: Invalid write control endpoint [ 165.987895][ T2344] pvrusb2: Invalid write control endpoint [ 165.988051][ T2344] pvrusb2: Attached sub-driver cs53l32a [ 166.270197][ T2344] pvrusb2: Invalid write control endpoint [ 166.270228][ T2344] pvrusb2: Invalid write control endpoint [ 166.270248][ T2344] pvrusb2: Invalid write control endpoint [ 166.270267][ T2344] pvrusb2: Invalid write control endpoint [ 166.270279][ T2344] pvrusb2: Module ID 4 (tuner) for device OnAir USB2 Hybrid USB tuner failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 166.270301][ T2344] pvrusb2: Device being rendered inoperable [ 166.270327][ T2344] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. [ 166.270340][ T2344] pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. [ 167.105019][ T6805] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.226'. [ 167.748849][ T5923] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 167.901023][ T5923] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 167.901060][ T5923] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 167.915308][ T5923] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.915331][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.915344][ T5923] usb 4-1: Product: ࠬ [ 167.915353][ T5923] usb 4-1: Manufacturer: ч [ 167.915363][ T5923] usb 4-1: SerialNumber: ᚿ泻繸꺘ꜥꝝ荎憇듘잴ꤴ≔訹࿖嫘됴ꍒꩨ矂/秛嚀⤚网竵௒䒻䑛鴕虁項悞㇈ᇂ쪈资啪咙돋្僎軔뢆ᵂ鴘ꋔ肥䣈颉깎겳⺩泤㸯ꞙ疑곗鮰䅲⃷ [ 168.186170][ T5923] cdc_ncm 4-1:1.0: bind() failure [ 168.193678][ T5923] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 168.193718][ T5923] cdc_ncm 4-1:1.1: bind() failure [ 168.238082][ T5923] usb 4-1: USB disconnect, device number 9 [ 168.580312][ T6825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.735529][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.913582][ T6845] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.238'. [ 170.767344][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.240'. [ 170.893498][ T6864] netlink: 12 bytes leftover after parsing attributes in process `syz.1.240'. [ 170.991135][ T6855] netlink: 16 bytes leftover after parsing attributes in process `syz.1.240'. [ 171.013292][ T6855] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.207503][ T6881] kvm: kvm [6880]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x9 [ 172.522812][ T6887] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.250'. [ 172.929054][ T5923] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 173.155190][ T6904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.380234][ T979] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 173.667446][ T6899] FAULT_INJECTION: forcing a failure. [ 173.667446][ T6899] name failslab, interval 1, probability 0, space 0, times 1 [ 173.670885][ T5923] usb 1-1: unable to get BOS descriptor or descriptor too short [ 173.777546][ T6899] CPU: 0 UID: 0 PID: 6899 Comm: syz.2.253 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 173.777577][ T6899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 173.777588][ T6899] Call Trace: [ 173.777615][ T6899] [ 173.777624][ T6899] dump_stack_lvl+0x189/0x250 [ 173.777656][ T6899] ? __pfx____ratelimit+0x10/0x10 [ 173.777682][ T6899] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.777705][ T6899] ? __pfx__printk+0x10/0x10 [ 173.777739][ T6899] ? __pfx___might_resched+0x10/0x10 [ 173.777759][ T6899] ? fs_reclaim_acquire+0x7d/0x100 [ 173.777793][ T6899] should_fail_ex+0x414/0x560 [ 173.777823][ T6899] should_failslab+0xa8/0x100 [ 173.777852][ T6899] __kmalloc_noprof+0xcb/0x4f0 [ 173.777874][ T6899] ? kfree+0x4d/0x440 [ 173.777893][ T6899] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 173.777918][ T6899] tomoyo_realpath_from_path+0xe3/0x5d0 [ 173.777939][ T6899] ? tomoyo_domain+0xd9/0x130 [ 173.777964][ T6899] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 173.777990][ T6899] tomoyo_path_number_perm+0x1e8/0x5a0 [ 173.778019][ T6899] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 173.778066][ T6899] ? __lock_acquire+0xab9/0xd20 [ 173.778114][ T6899] ? __fget_files+0x2a/0x420 [ 173.778136][ T6899] ? __fget_files+0x3a0/0x420 [ 173.778152][ T6899] ? __fget_files+0x2a/0x420 [ 173.778173][ T6899] security_file_ioctl_compat+0xcb/0x2d0 [ 173.778202][ T6899] __ia32_compat_sys_ioctl+0x128/0x840 [ 173.778229][ T6899] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 173.778252][ T6899] ? __fget_files+0x3a0/0x420 [ 173.778277][ T6899] ? fput+0xa0/0xd0 [ 173.778298][ T6899] ? ksys_write+0x22a/0x250 [ 173.778335][ T6899] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.778362][ T6899] __do_fast_syscall_32+0xb6/0x2b0 [ 173.778389][ T6899] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.778418][ T6899] do_fast_syscall_32+0x34/0x80 [ 173.778454][ T6899] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.778477][ T6899] RIP: 0023:0xf70de539 [ 173.778495][ T6899] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 173.778511][ T6899] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 173.778533][ T6899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000004008ae89 [ 173.778546][ T6899] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.778558][ T6899] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.778568][ T6899] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 173.778579][ T6899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.778610][ T6899] [ 173.778643][ T6899] ERROR: Out of memory at tomoyo_realpath_from_path. [ 174.067725][ T5923] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 174.077751][ T5923] usb 1-1: can't read configurations, error -71 [ 174.180016][ T979] usb 3-1: unable to get BOS descriptor or descriptor too short [ 174.206606][ T979] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 174.264647][ T979] usb 3-1: can't read configurations, error -71 [ 174.819672][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 174.954224][ T6928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.260'. [ 174.963503][ T6928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 174.970816][ T6928] IPv6: NLM_F_CREATE should be set when creating new route [ 175.639250][ T10] usb 4-1: device descriptor read/64, error -71 [ 175.920254][ T6941] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.265'. [ 175.938876][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 176.036017][ T6943] hsr0: entered promiscuous mode [ 176.080577][ T6938] netlink: 4 bytes leftover after parsing attributes in process `syz.4.263'. [ 176.103377][ T6938] hsr_slave_0: left promiscuous mode [ 176.178914][ T10] usb 4-1: device descriptor read/64, error -71 [ 176.184303][ T6938] hsr_slave_1: left promiscuous mode [ 176.283622][ T6938] hsr0 (unregistering): left promiscuous mode [ 176.350030][ T10] usb usb4-port1: attempt power cycle [ 176.751626][ T6948] futex_wake_op: syz.0.264 tries to shift op by 32; fix this program [ 176.820824][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'. [ 177.048832][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 177.069805][ T10] usb 4-1: device descriptor read/8, error -71 [ 177.341173][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 177.399854][ T10] usb 4-1: device descriptor read/8, error -71 [ 177.504218][ T6952] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.523693][ T10] usb usb4-port1: unable to enumerate USB device [ 178.048821][ T5954] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 178.460484][ T6968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.963431][ T6982] mmap: syz.2.275 (6982) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 178.977112][ T6981] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.276'. [ 180.519744][ T7000] fuse: Unknown parameter 'fdJ>' [ 180.902355][ T7000] fuse: Bad value for 'fd' [ 180.907267][ T7001] fuse: Bad value for 'fd' [ 181.518509][ T7019] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.288'. [ 181.848610][ T7031] netlink: 'syz.3.292': attribute type 10 has an invalid length. [ 181.923771][ T7035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.069962][ T7031] syz_tun: entered promiscuous mode [ 182.092481][ T7031] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 183.513682][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.297'. [ 183.939357][ T7063] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.302'. [ 184.066547][ T7067] netlink: 'syz.4.304': attribute type 8 has an invalid length. [ 184.074562][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.304'. [ 184.151949][ T7067] bond0: entered promiscuous mode [ 184.159543][ T7067] bond0: left promiscuous mode [ 184.236088][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 184.236108][ T30] audit: type=1326 audit(1755096988.380:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7069 comm="syz.3.305" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd5539 code=0x0 [ 184.268846][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 184.437103][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.460024][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 184.488658][ T10] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 184.504531][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 184.519721][ T10] usb 2-1: SerialNumber: syz [ 184.540574][ T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 184.704200][ T43] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 184.719089][ T43] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 184.753813][ T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 184.764928][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 184.780105][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 184.816814][ T43] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 184.837446][ T43] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 184.853661][ T43] usb 1-1: Product: syz [ 184.858248][ T43] usb 1-1: Manufacturer: syz [ 184.867669][ T7082] netlink: 'syz.4.309': attribute type 11 has an invalid length. [ 184.898393][ T43] cdc_wdm 1-1:1.0: skipping garbage [ 184.903292][ T10] usb 2-1: 0:2 : does not exist [ 184.904078][ T43] cdc_wdm 1-1:1.0: skipping garbage [ 184.938633][ T43] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 184.949971][ T43] cdc_wdm 1-1:1.0: Unknown control protocol [ 184.988294][ T10] usb 2-1: USB disconnect, device number 13 [ 185.067499][ T6061] udevd[6061]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 185.209134][ T5923] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 185.348957][ T7073] process 'syz.0.306' launched '/dev/fd/10' with NULL argv: empty string added [ 185.374954][ T5923] usb 3-1: device descriptor read/64, error -71 [ 185.618300][ T43] usb 1-1: USB disconnect, device number 9 [ 185.656310][ T5923] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 185.767383][ T7097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.969010][ T5923] usb 3-1: device descriptor read/64, error -71 [ 186.080732][ T5923] usb usb3-port1: attempt power cycle [ 186.419907][ T5923] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 186.449719][ T5923] usb 3-1: device descriptor read/8, error -71 [ 186.459056][ T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 186.476421][ T7102] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.316'. [ 186.643611][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 186.652711][ T9] usb 4-1: config 0 has no interface number 0 [ 186.659037][ T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.672478][ T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.683924][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 186.699477][ T5923] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 186.717524][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.740145][ T5923] usb 3-1: device descriptor read/8, error -71 [ 186.753352][ T9] usb 4-1: config 0 descriptor?? [ 186.868808][ T5923] usb usb3-port1: unable to enumerate USB device [ 186.924455][ T7113] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 187.079904][ T7099] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 187.093991][ T7099] syzkaller1: entered promiscuous mode [ 187.099996][ T7099] syzkaller1: entered allmulticast mode [ 187.516324][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.530659][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.538240][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.569145][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.576439][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.597722][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.606416][ T9] prodikeys 0003:041E:2801.0003: unknown main item tag 0x0 [ 187.765606][ T9] prodikeys 0003:041E:2801.0003: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.3-1/input1 [ 187.843974][ T9] hid_prodikeys: hid-prodikeys: failed to find output report [ 187.843974][ T9] [ 187.899893][ T43] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 188.226685][ T9] usb 4-1: USB disconnect, device number 16 [ 188.354053][ T7124] fido_id[7124]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 188.650078][ T7132] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.661666][ T7132] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.989914][ T1212] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.069629][ T1212] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.078648][ T1212] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.153726][ T1212] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.228860][ T10] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 190.404768][ T7164] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.330'. [ 190.464992][ T7168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 190.572891][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 190.591770][ T10] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 190.602187][ T10] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 190.612661][ T10] usb 5-1: config 135 has no interface number 0 [ 190.833289][ T10] usb 5-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 190.840676][ T7173] usb usb8: usbfs: process 7173 (syz.1.333) did not claim interface 0 before use [ 190.892458][ T10] usb 5-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 191.036692][ T7176] loop6: detected capacity change from 0 to 2560 [ 191.047912][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.078831][ T10] usb 5-1: config 135 interface 230 has no altsetting 0 [ 191.080484][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.141204][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.151984][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.162095][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.207420][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.222777][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.241450][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.256357][ T5915] ldm_validate_partition_table(): Disk read failed. [ 191.264502][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.268855][ T10] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 191.281283][ T5915] Buffer I/O error on dev loop6, logical block 0, async page read [ 191.294582][ T5915] Dev loop6: unable to read RDB block 0 [ 191.305161][ T5915] loop6: unable to read partition table [ 191.311148][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.311177][ T10] usb 5-1: Product: syz [ 191.311192][ T10] usb 5-1: Manufacturer: syz [ 191.311208][ T10] usb 5-1: SerialNumber: syz [ 191.345530][ T7176] ldm_validate_partition_table(): Disk read failed. [ 191.355434][ T10] usb 5-1: Found UVC 0.00 device syz (18ec:3288) [ 191.367549][ T7176] Dev loop6: unable to read RDB block 0 [ 191.384686][ T10] usb 5-1: No valid video chain found. [ 191.410839][ T7176] loop6: unable to read partition table [ 191.446414][ T7176] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 191.558689][ T7156] usb usb8: usbfs: process 7156 (syz.4.328) did not claim interface 0 before use [ 191.590843][ T10] usb 5-1: USB disconnect, device number 19 [ 192.102480][ T5923] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 192.141725][ T7187] FAULT_INJECTION: forcing a failure. [ 192.141725][ T7187] name failslab, interval 1, probability 0, space 0, times 0 [ 192.208967][ T7187] CPU: 0 UID: 0 PID: 7187 Comm: syz.1.337 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 192.208988][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 192.208995][ T7187] Call Trace: [ 192.209000][ T7187] [ 192.209005][ T7187] dump_stack_lvl+0x189/0x250 [ 192.209025][ T7187] ? __pfx____ratelimit+0x10/0x10 [ 192.209041][ T7187] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.209055][ T7187] ? __pfx__printk+0x10/0x10 [ 192.209075][ T7187] ? __pfx___might_resched+0x10/0x10 [ 192.209086][ T7187] ? fs_reclaim_acquire+0x7d/0x100 [ 192.209106][ T7187] should_fail_ex+0x414/0x560 [ 192.209124][ T7187] should_failslab+0xa8/0x100 [ 192.209142][ T7187] __kmalloc_noprof+0xcb/0x4f0 [ 192.209156][ T7187] ? kfree+0x4d/0x440 [ 192.209168][ T7187] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 192.209184][ T7187] tomoyo_realpath_from_path+0xe3/0x5d0 [ 192.209196][ T7187] ? tomoyo_domain+0xd9/0x130 [ 192.209211][ T7187] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 192.209235][ T7187] tomoyo_path_number_perm+0x1e8/0x5a0 [ 192.209257][ T7187] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 192.209284][ T7187] ? __lock_acquire+0xab9/0xd20 [ 192.209330][ T7187] ? __fget_files+0x2a/0x420 [ 192.209354][ T7187] ? __fget_files+0x3a0/0x420 [ 192.209368][ T7187] ? __fget_files+0x2a/0x420 [ 192.209390][ T7187] security_file_ioctl_compat+0xcb/0x2d0 [ 192.209418][ T7187] __ia32_compat_sys_ioctl+0x128/0x840 [ 192.209436][ T7187] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 192.209450][ T7187] ? __fget_files+0x3a0/0x420 [ 192.209464][ T7187] ? fput+0xa0/0xd0 [ 192.209477][ T7187] ? ksys_write+0x22a/0x250 [ 192.209498][ T7187] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.209516][ T7187] __do_fast_syscall_32+0xb6/0x2b0 [ 192.209533][ T7187] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.209550][ T7187] do_fast_syscall_32+0x34/0x80 [ 192.209566][ T7187] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 192.209580][ T7187] RIP: 0023:0xf7fa7539 [ 192.209591][ T7187] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 192.209601][ T7187] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 192.209616][ T7187] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080085504 [ 192.209624][ T7187] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 192.209631][ T7187] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 192.209637][ T7187] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 192.209644][ T7187] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 192.209662][ T7187] [ 192.209692][ T7187] ERROR: Out of memory at tomoyo_realpath_from_path. [ 192.508262][ T7187] usb usb8: usbfs: process 7187 (syz.1.337) did not claim interface 0 before use [ 192.937113][ T7197] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.343'. [ 194.354807][ T5923] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 194.394246][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.400773][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.588478][ T5923] usb 2-1: too many configurations: 79, using maximum allowed: 8 [ 194.628169][ T5923] usb 2-1: config index 0 descriptor too short (expected 65134, got 72) [ 194.701206][ T5923] usb 2-1: config index 1 descriptor too short (expected 65134, got 72) [ 194.775540][ T5923] usb 2-1: config index 2 descriptor too short (expected 65134, got 72) [ 194.805729][ T5923] usb 2-1: config index 3 descriptor too short (expected 65134, got 72) [ 194.853810][ T5923] usb 2-1: config index 4 descriptor too short (expected 65134, got 72) [ 194.864959][ T5923] usb 2-1: config index 5 descriptor too short (expected 65134, got 72) [ 194.880792][ T5923] usb 2-1: config index 6 descriptor too short (expected 65134, got 72) [ 194.947158][ T7233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.127282][ T5923] usb 2-1: config index 7 descriptor too short (expected 65134, got 72) [ 195.147540][ T7235] warning: `syz.3.355' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 195.186188][ T5923] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 195.265056][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.289247][ T5923] usb 2-1: Product: syz [ 195.332779][ T5923] usb 2-1: Manufacturer: syz [ 195.348525][ T7239] netlink: 1264 bytes leftover after parsing attributes in process `syz.3.357'. [ 195.359010][ T5923] usb 2-1: SerialNumber: syz [ 195.359670][ T7142] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 195.455594][ T5923] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 195.481393][ T5924] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 196.354519][ T7220] netlink: 72 bytes leftover after parsing attributes in process `syz.1.349'. [ 196.399100][ T7220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.349'. [ 196.510004][ T7220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.590827][ T7220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.843145][ T7142] usb 2-1: USB disconnect, device number 15 [ 197.009366][ T5924] usb 2-1: Service connection timeout for: 256 [ 197.053573][ T5924] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 197.054359][ T7257] FAULT_INJECTION: forcing a failure. [ 197.054359][ T7257] name failslab, interval 1, probability 0, space 0, times 0 [ 197.115656][ T5924] ath9k_htc: Failed to initialize the device [ 197.129967][ T7257] CPU: 1 UID: 0 PID: 7257 Comm: syz.4.362 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 197.129996][ T7257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 197.130007][ T7257] Call Trace: [ 197.130015][ T7257] [ 197.130024][ T7257] dump_stack_lvl+0x189/0x250 [ 197.130054][ T7257] ? __pfx____ratelimit+0x10/0x10 [ 197.130081][ T7257] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.130104][ T7257] ? __pfx__printk+0x10/0x10 [ 197.130139][ T7257] ? __pfx___might_resched+0x10/0x10 [ 197.130158][ T7257] ? fs_reclaim_acquire+0x7d/0x100 [ 197.130210][ T7257] should_fail_ex+0x414/0x560 [ 197.130241][ T7257] should_failslab+0xa8/0x100 [ 197.130270][ T7257] __kmalloc_noprof+0xcb/0x4f0 [ 197.130294][ T7257] ? kfree+0x4d/0x440 [ 197.130314][ T7257] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 197.130340][ T7257] tomoyo_realpath_from_path+0xe3/0x5d0 [ 197.130362][ T7257] ? tomoyo_domain+0xd9/0x130 [ 197.130389][ T7257] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 197.130415][ T7257] tomoyo_path_number_perm+0x1e8/0x5a0 [ 197.130446][ T7257] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 197.130493][ T7257] ? __lock_acquire+0xab9/0xd20 [ 197.130544][ T7257] ? __fget_files+0x2a/0x420 [ 197.130579][ T7257] ? __fget_files+0x3a0/0x420 [ 197.130595][ T7257] ? __fget_files+0x2a/0x420 [ 197.130625][ T7257] security_file_ioctl_compat+0xcb/0x2d0 [ 197.130655][ T7257] __ia32_compat_sys_ioctl+0x128/0x840 [ 197.130685][ T7257] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 197.130710][ T7257] ? __fget_files+0x3a0/0x420 [ 197.130736][ T7257] ? fput+0xa0/0xd0 [ 197.130757][ T7257] ? ksys_write+0x22a/0x250 [ 197.130794][ T7257] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.130823][ T7257] __do_fast_syscall_32+0xb6/0x2b0 [ 197.130852][ T7257] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.130881][ T7257] do_fast_syscall_32+0x34/0x80 [ 197.130910][ T7257] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 197.130933][ T7257] RIP: 0023:0xf711e539 [ 197.130950][ T7257] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 197.130967][ T7257] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 197.130988][ T7257] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c028aa03 [ 197.131002][ T7257] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.131014][ T7257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 197.131024][ T7257] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 197.131035][ T7257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 197.131067][ T7257] [ 197.131157][ T7257] ERROR: Out of memory at tomoyo_realpath_from_path. [ 197.415977][ T7142] usb 2-1: ath9k_htc: USB layer deinitialized [ 197.578917][ T30] audit: type=1326 audit(1755097001.720:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 197.600876][ C1] vkms_vblank_simulate: vblank timer overrun [ 197.661456][ T30] audit: type=1326 audit(1755097001.720:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 197.683399][ C1] vkms_vblank_simulate: vblank timer overrun [ 197.788856][ T30] audit: type=1326 audit(1755097001.720:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 197.825793][ T30] audit: type=1326 audit(1755097001.720:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd5558 code=0x7ffc0000 [ 197.945790][ T30] audit: type=1326 audit(1755097001.720:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 197.967834][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.054610][ T30] audit: type=1326 audit(1755097001.720:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd5558 code=0x7ffc0000 [ 198.110901][ T7272] FAULT_INJECTION: forcing a failure. [ 198.110901][ T7272] name failslab, interval 1, probability 0, space 0, times 0 [ 198.127983][ T7272] CPU: 1 UID: 0 PID: 7272 Comm: syz.4.367 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 198.128013][ T7272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 198.128024][ T7272] Call Trace: [ 198.128032][ T7272] [ 198.128040][ T7272] dump_stack_lvl+0x189/0x250 [ 198.128069][ T7272] ? __pfx____ratelimit+0x10/0x10 [ 198.128098][ T7272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.128121][ T7272] ? __pfx__printk+0x10/0x10 [ 198.128152][ T7272] ? __pfx___might_resched+0x10/0x10 [ 198.128184][ T7272] ? fs_reclaim_acquire+0x7d/0x100 [ 198.128220][ T7272] should_fail_ex+0x414/0x560 [ 198.128252][ T7272] should_failslab+0xa8/0x100 [ 198.128283][ T7272] __kmalloc_noprof+0xcb/0x4f0 [ 198.128309][ T7272] ? tomoyo_encode+0x28b/0x550 [ 198.128334][ T7272] tomoyo_encode+0x28b/0x550 [ 198.128361][ T7272] tomoyo_realpath_from_path+0x58d/0x5d0 [ 198.128394][ T7272] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 198.128421][ T7272] tomoyo_path_number_perm+0x1e8/0x5a0 [ 198.128451][ T7272] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 198.128499][ T7272] ? __lock_acquire+0xab9/0xd20 [ 198.128552][ T7272] ? __fget_files+0x2a/0x420 [ 198.128576][ T7272] ? __fget_files+0x3a0/0x420 [ 198.128592][ T7272] ? __fget_files+0x2a/0x420 [ 198.128613][ T7272] security_file_ioctl_compat+0xcb/0x2d0 [ 198.128643][ T7272] __ia32_compat_sys_ioctl+0x128/0x840 [ 198.128672][ T7272] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 198.128703][ T7272] ? __fget_files+0x3a0/0x420 [ 198.128728][ T7272] ? fput+0xa0/0xd0 [ 198.128748][ T7272] ? ksys_write+0x22a/0x250 [ 198.128785][ T7272] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.128815][ T7272] __do_fast_syscall_32+0xb6/0x2b0 [ 198.128843][ T7272] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.128874][ T7272] do_fast_syscall_32+0x34/0x80 [ 198.128901][ T7272] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 198.128924][ T7272] RIP: 0023:0xf711e539 [ 198.128942][ T7272] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 198.128957][ T7272] RSP: 002b:00000000f550e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 198.128979][ T7272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040107447 [ 198.128992][ T7272] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.129004][ T7272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.129015][ T7272] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 198.129027][ T7272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.129059][ T7272] [ 198.385234][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.393367][ T30] audit: type=1326 audit(1755097001.720:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 198.428932][ T30] audit: type=1326 audit(1755097001.720:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fd5558 code=0x7ffc0000 [ 198.451154][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.457921][ T30] audit: type=1326 audit(1755097001.720:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 198.479886][ T30] audit: type=1326 audit(1755097001.750:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7251 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 198.501674][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.614512][ T7272] ERROR: Out of memory at tomoyo_realpath_from_path. [ 199.080098][ T7285] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.370'. [ 199.171088][ T7142] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 199.341305][ T7142] usb 2-1: config 135 has an invalid interface number: 230 but max is 0 [ 199.707260][ T7296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.835255][ T7142] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 199.846887][ T7142] usb 2-1: config 135 has no interface number 0 [ 199.889046][ T7142] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 199.951068][ T7142] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 199.960586][ T7142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.975566][ T7142] usb 2-1: Product: syz [ 199.983312][ T7142] usb 2-1: Manufacturer: syz [ 199.988150][ T7142] usb 2-1: SerialNumber: syz [ 200.028048][ T7142] usb 2-1: Found UVC 0.00 device syz (18ec:3288) [ 200.035763][ T7142] usb 2-1: No valid video chain found. [ 200.468969][ T7142] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 200.634407][ T5924] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 200.681210][ T7142] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.693073][ T7142] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.828808][ T7142] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 200.877975][ T7142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.910249][ T7142] usb 4-1: config 0 descriptor?? [ 201.363057][ T7142] hkems 0003:2006:0118.0004: reserved main item tag 0xe [ 201.380754][ T7142] hkems 0003:2006:0118.0004: item fetching failed at offset 4/7 [ 201.408948][ T7142] hkems 0003:2006:0118.0004: parse failed [ 201.419251][ T7142] hkems 0003:2006:0118.0004: probe with driver hkems failed with error -22 [ 201.509128][ T5924] usb 5-1: device descriptor read/64, error -71 [ 201.529128][ T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 201.560073][ T7142] usb 4-1: USB disconnect, device number 17 [ 201.679050][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 201.690849][ T10] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 201.701981][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.711388][ T10] usb 3-1: Product: syz [ 201.715761][ T10] usb 3-1: Manufacturer: syz [ 201.725232][ T10] usb 3-1: SerialNumber: syz [ 201.748908][ T5924] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 201.817909][ T10] usb 3-1: config 0 descriptor?? [ 201.830615][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 201.843060][ T10] usb 3-1: setting power ON [ 201.847932][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 201.959054][ T5924] usb 5-1: Using ep0 maxpacket: 8 [ 201.971466][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 201.985413][ T5924] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 202.003025][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 202.020092][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.035259][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 202.073960][ T5924] usb 5-1: config 0 descriptor?? [ 202.079084][ T10] usb 3-1: media controller created [ 202.091152][ T7314] dvb-usb: bulk message failed: -22 (3/0) [ 202.097132][ T7314] dvb-usb: bulk message failed: -22 (4/0) [ 202.103032][ T7314] cxusb: i2c read failed [ 202.195564][ T7142] usb 2-1: USB disconnect, device number 16 [ 202.281660][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 202.334859][ T5924] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 202.399714][ T10] usb 3-1: selecting invalid altsetting 6 [ 202.409208][ T10] usb 3-1: digital interface selection failed (-22) [ 202.415846][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 202.445844][ T10] usb 3-1: setting power OFF [ 202.458188][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 202.469894][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 202.491404][ T10] (NULL device *): no alternate interface [ 202.520890][ T7322] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.383'. [ 202.611697][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 202.656998][ T10] usb 3-1: USB disconnect, device number 19 [ 203.368167][ T7340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.063512][ T7142] usb 5-1: USB disconnect, device number 21 [ 204.528848][ T5924] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 204.649135][ T7347] netlink: 'syz.4.389': attribute type 2 has an invalid length. [ 205.666762][ T7358] loop6: detected capacity change from 0 to 63 [ 205.721253][ T6061] buffer_io_error: 27 callbacks suppressed [ 205.721265][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.757642][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.875937][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.911110][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.941621][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.982192][ T7362] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 205.989940][ T7362] FAULT_INJECTION: forcing a failure. [ 205.989940][ T7362] name failslab, interval 1, probability 0, space 0, times 0 [ 206.009001][ T6061] Buffer I/O error on dev loop6, logical block 0, async page read [ 206.030570][ T7362] CPU: 1 UID: 0 PID: 7362 Comm: syz.2.394 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 206.030590][ T7362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 206.030597][ T7362] Call Trace: [ 206.030602][ T7362] [ 206.030608][ T7362] dump_stack_lvl+0x189/0x250 [ 206.030629][ T7362] ? __pfx____ratelimit+0x10/0x10 [ 206.030646][ T7362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.030660][ T7362] ? __pfx__printk+0x10/0x10 [ 206.030684][ T7362] should_fail_ex+0x414/0x560 [ 206.030703][ T7362] should_failslab+0xa8/0x100 [ 206.030721][ T7362] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 206.030738][ T7362] ? __alloc_skb+0x112/0x2d0 [ 206.030754][ T7362] ? devlink_nl_port_handle_size+0xe6/0x110 [ 206.030773][ T7362] __alloc_skb+0x112/0x2d0 [ 206.030793][ T7362] rtmsg_ifinfo_build_skb+0x84/0x260 [ 206.030813][ T7362] rtmsg_ifinfo+0x8c/0x1a0 [ 206.030831][ T7362] __dev_notify_flags+0xf4/0x2e0 [ 206.030845][ T7362] ? __pfx___dev_notify_flags+0x10/0x10 [ 206.030854][ T7362] ? __dev_change_flags+0x4cc/0x6d0 [ 206.030869][ T7362] ? __pfx___dev_change_flags+0x10/0x10 [ 206.030884][ T7362] ? netif_set_alias+0x88/0x1e0 [ 206.030901][ T7362] netif_change_flags+0xe8/0x1a0 [ 206.030915][ T7362] do_setlink+0xc55/0x41c0 [ 206.030925][ T7362] ? rcu_is_watching+0x15/0xb0 [ 206.030939][ T7362] ? __schedule+0x17ae/0x4cc0 [ 206.030957][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.030975][ T7362] ? __pfx_do_setlink+0x10/0x10 [ 206.030985][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031015][ T7362] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 206.031029][ T7362] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.031045][ T7362] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 206.031059][ T7362] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 206.031076][ T7362] ? rcu_is_watching+0x15/0xb0 [ 206.031090][ T7362] ? __mutex_lock+0xd36/0x1360 [ 206.031108][ T7362] ? __mutex_lock+0x5b6/0x1360 [ 206.031127][ T7362] ? rtnl_newlink+0x8db/0x1c70 [ 206.031145][ T7362] ? __pfx___mutex_lock+0x10/0x10 [ 206.031172][ T7362] ? full_name_hash+0x92/0xe0 [ 206.031187][ T7362] ? netdev_name_node_lookup+0xdf/0x120 [ 206.031204][ T7362] rtnl_newlink+0x160b/0x1c70 [ 206.031229][ T7362] ? __pfx_rtnl_newlink+0x10/0x10 [ 206.031256][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031281][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031310][ T7362] ? is_bpf_text_address+0x26/0x2b0 [ 206.031330][ T7362] ? is_bpf_text_address+0x292/0x2b0 [ 206.031347][ T7362] ? is_bpf_text_address+0x26/0x2b0 [ 206.031368][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031400][ T7362] ? __pfx_rtnl_newlink+0x10/0x10 [ 206.031415][ T7362] rtnetlink_rcv_msg+0x7cc/0xb70 [ 206.031431][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031448][ T7362] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 206.031464][ T7362] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 206.031490][ T7362] netlink_rcv_skb+0x208/0x470 [ 206.031506][ T7362] ? __lock_acquire+0xab9/0xd20 [ 206.031522][ T7362] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 206.031544][ T7362] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 206.031568][ T7362] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.031589][ T7362] netlink_unicast+0x82c/0x9e0 [ 206.031610][ T7362] ? __pfx_netlink_unicast+0x10/0x10 [ 206.031626][ T7362] ? netlink_sendmsg+0x642/0xb30 [ 206.031641][ T7362] ? skb_put+0x11b/0x210 [ 206.031654][ T7362] netlink_sendmsg+0x805/0xb30 [ 206.031676][ T7362] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.031694][ T7362] ? __import_iovec+0x5d4/0x7f0 [ 206.031706][ T7362] ? aa_sock_msg_perm+0xf1/0x1d0 [ 206.031725][ T7362] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 206.031737][ T7362] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.031754][ T7362] __sock_sendmsg+0x21c/0x270 [ 206.031772][ T7362] ____sys_sendmsg+0x505/0x830 [ 206.031788][ T7362] ? __pfx_____sys_sendmsg+0x10/0x10 [ 206.031811][ T7362] ___sys_sendmsg+0x21f/0x2a0 [ 206.031824][ T7362] ? __pfx____sys_sendmsg+0x10/0x10 [ 206.031860][ T7362] ? __fget_files+0x2a/0x420 [ 206.031869][ T7362] ? __fget_files+0x3a0/0x420 [ 206.031886][ T7362] __sys_sendmsg+0x164/0x220 [ 206.031899][ T7362] ? __pfx___sys_sendmsg+0x10/0x10 [ 206.031922][ T7362] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.031939][ T7362] __do_fast_syscall_32+0xb6/0x2b0 [ 206.031957][ T7362] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.031975][ T7362] do_fast_syscall_32+0x34/0x80 [ 206.031991][ T7362] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.032005][ T7362] RIP: 0023:0xf70de539 [ 206.032016][ T7362] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 206.032026][ T7362] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 206.032040][ T7362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 206.032049][ T7362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.032055][ T7362] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.032062][ T7362] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 206.032068][ T7362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.032086][ T7362] [ 206.033738][ T6061] Buffer I/O error on dev loop6, logical block 1, async page read [ 206.571163][ T7362] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 206.811967][ T7364] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.395'. [ 207.181379][ T7359] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 207.219005][ T7359] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 207.229263][ T6061] Buffer I/O error on dev loop6, logical block 3, async page read [ 207.304154][ T6061] loop6: unable to read partition table [ 207.383331][ T7366] netlink: 14 bytes leftover after parsing attributes in process `syz.2.396'. [ 207.738818][ T7142] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 207.909137][ T7142] usb 1-1: Using ep0 maxpacket: 32 [ 207.920393][ T7142] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 207.943417][ T7142] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 207.963739][ T7142] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 207.988742][ T7142] usb 1-1: Product: syz [ 207.993093][ T7142] usb 1-1: Manufacturer: syz [ 207.998452][ T7142] usb 1-1: SerialNumber: syz [ 208.022356][ T7383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.157103][ T7142] usb 1-1: config 0 descriptor?? [ 208.171339][ T7369] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 208.194596][ T7142] hub 1-1:0.0: bad descriptor, ignoring hub [ 208.202778][ T7142] hub 1-1:0.0: probe with driver hub failed with error -5 [ 208.278885][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 208.918547][ T7395] netlink: 4 bytes leftover after parsing attributes in process `syz.2.405'. [ 208.965004][ T13] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.974856][ T13] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.990342][ T13] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.016709][ T13] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.139051][ T7142] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 209.408947][ T7142] usb 2-1: Using ep0 maxpacket: 32 [ 209.427017][ T7142] usb 2-1: unable to get BOS descriptor or descriptor too short [ 209.439151][ T7142] usb 2-1: config 125 has an invalid interface number: 27 but max is 0 [ 209.453479][ T7142] usb 2-1: config 125 has no interface number 0 [ 209.488046][ T7142] usb 2-1: config 125 interface 27 altsetting 24 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 209.603479][ T7142] usb 2-1: config 125 interface 27 altsetting 24 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 209.658743][ T7142] usb 2-1: config 125 interface 27 altsetting 24 endpoint 0x8A has invalid maxpacket 50534, setting to 1024 [ 209.717971][ T7398] netlink: 1264 bytes leftover after parsing attributes in process `syz.4.407'. [ 209.785588][ T7142] usb 2-1: config 125 interface 27 altsetting 24 has an invalid descriptor for endpoint zero, skipping [ 209.937957][ T7142] usb 2-1: config 125 interface 27 altsetting 24 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 209.978153][ T7142] usb 2-1: config 125 interface 27 has no altsetting 0 [ 210.013753][ T7142] usb 2-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=a4.70 [ 210.033071][ T7142] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.053677][ T7142] usb 2-1: Product: syz [ 210.241886][ T7142] usb 2-1: Manufacturer: syz [ 210.262540][ T7142] usb 2-1: SerialNumber: syz [ 210.290220][ T7394] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 210.519527][ T7142] hub 2-1:125.27: bad descriptor, ignoring hub [ 210.532227][ T7142] hub 2-1:125.27: probe with driver hub failed with error -5 [ 210.563063][ T7142] sierra 2-1:125.27: Sierra USB modem converter detected [ 210.637713][ T7142] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 210.690418][ T7142] usb 2-1: USB disconnect, device number 18 [ 210.704434][ T7142] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 210.797920][ T7142] sierra 2-1:125.27: device disconnected [ 211.030167][ T7408] FAULT_INJECTION: forcing a failure. [ 211.030167][ T7408] name failslab, interval 1, probability 0, space 0, times 0 [ 211.083036][ T7408] CPU: 0 UID: 0 PID: 7408 Comm: syz.3.410 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 211.083064][ T7408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 211.083075][ T7408] Call Trace: [ 211.083082][ T7408] [ 211.083091][ T7408] dump_stack_lvl+0x189/0x250 [ 211.083120][ T7408] ? __pfx____ratelimit+0x10/0x10 [ 211.083146][ T7408] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.083168][ T7408] ? __pfx__printk+0x10/0x10 [ 211.083198][ T7408] ? __pfx___might_resched+0x10/0x10 [ 211.083217][ T7408] ? fs_reclaim_acquire+0x7d/0x100 [ 211.083252][ T7408] should_fail_ex+0x414/0x560 [ 211.083281][ T7408] should_failslab+0xa8/0x100 [ 211.083311][ T7408] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 211.083350][ T7408] ? _copy_from_iter+0x24c/0x16f0 [ 211.083367][ T7408] ? __alloc_skb+0x112/0x2d0 [ 211.083399][ T7408] __alloc_skb+0x112/0x2d0 [ 211.083431][ T7408] _sctp_make_chunk+0x5e/0x430 [ 211.083463][ T7408] sctp_make_datafrag_empty+0x122/0x230 [ 211.083493][ T7408] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 211.083520][ T7408] ? sctp_user_addto_chunk+0xa8/0x240 [ 211.083550][ T7408] sctp_datamsg_from_user+0x726/0xef0 [ 211.083603][ T7408] sctp_sendmsg_to_asoc+0x1003/0x1810 [ 211.083642][ T7408] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 211.083672][ T7408] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 211.083702][ T7408] ? __pfx_sctp_connect_add_peer+0x10/0x10 [ 211.083728][ T7408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 211.083757][ T7408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 211.083785][ T7408] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 211.083812][ T7408] ? sctp_sendmsg+0x2044/0x2810 [ 211.083843][ T7408] sctp_sendmsg+0x1941/0x2810 [ 211.083885][ T7408] ? __pfx_sctp_sendmsg+0x10/0x10 [ 211.083917][ T7408] ? aa_sk_perm+0x81e/0x950 [ 211.083945][ T7408] ? _copy_from_user+0x94/0xb0 [ 211.083969][ T7408] ? __pfx_aa_sk_perm+0x10/0x10 [ 211.083999][ T7408] ? sock_rps_record_flow+0x19/0x410 [ 211.084026][ T7408] ? inet_sendmsg+0x2f4/0x370 [ 211.084048][ T7408] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.084079][ T7408] __sock_sendmsg+0x19c/0x270 [ 211.084109][ T7408] ____sys_sendmsg+0x505/0x830 [ 211.084136][ T7408] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.084176][ T7408] ___sys_sendmsg+0x21f/0x2a0 [ 211.084199][ T7408] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.084264][ T7408] ? __fget_files+0x2a/0x420 [ 211.084281][ T7408] ? __fget_files+0x3a0/0x420 [ 211.084311][ T7408] __sys_sendmsg+0x164/0x220 [ 211.084342][ T7408] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.084381][ T7408] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.084410][ T7408] __do_fast_syscall_32+0xb6/0x2b0 [ 211.084438][ T7408] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.084466][ T7408] do_fast_syscall_32+0x34/0x80 [ 211.084493][ T7408] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 211.084517][ T7408] RIP: 0023:0xf7fd5539 [ 211.084534][ T7408] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 211.084551][ T7408] RSP: 002b:00000000f54f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 211.084574][ T7408] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001640 [ 211.084588][ T7408] RDX: 000000002800c051 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.084600][ T7408] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 211.084611][ T7408] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 211.084621][ T7408] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 211.084650][ T7408] [ 211.619071][ T7415] ptrace attach of "./syz-executor exec"[5881] was attempted by "./syz-executor exec"[7415] [ 211.658148][ T7415] batadv1: entered promiscuous mode [ 211.682339][ T7415] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 211.811831][ T5868] Bluetooth: hci0: command 0x0406 tx timeout [ 211.818064][ T5183] Bluetooth: hci1: command 0x0406 tx timeout [ 211.818131][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 211.824170][ T5183] Bluetooth: hci2: command 0x0406 tx timeout [ 211.824224][ T5183] Bluetooth: hci3: command 0x0406 tx timeout [ 211.908882][ T5923] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 212.118826][ T5923] usb 2-1: Using ep0 maxpacket: 32 [ 212.131601][ T5923] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 212.140220][ T5923] usb 2-1: config 0 has no interface number 0 [ 212.160170][ T5923] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 212.180773][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.211172][ T5923] usb 2-1: Product: syz [ 212.226739][ T5923] usb 2-1: Manufacturer: syz [ 212.293993][ T5923] usb 2-1: SerialNumber: syz [ 212.303337][ T5923] usb 2-1: config 0 descriptor?? [ 212.311525][ T5923] smsc95xx v2.0.0 [ 212.735539][ T5923] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 212.764068][ T5923] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 213.311643][ T5924] usb 1-1: USB disconnect, device number 11 [ 213.626285][ T7438] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.800658][ T5923] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 213.823404][ T7142] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 213.925046][ T5923] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -32 [ 213.978799][ T5924] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 214.109005][ T5924] usb 1-1: device descriptor read/64, error -71 [ 214.389513][ T5924] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 214.422780][ T7440] netlink: 1264 bytes leftover after parsing attributes in process `syz.2.420'. [ 214.518901][ T5924] usb 1-1: device descriptor read/64, error -71 [ 354.558553][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 144s! [swapper/0:0] [ 354.558583][ C0] Modules linked in: [ 354.558597][ C0] irq event stamp: 2440187 [ 354.558605][ C0] hardirqs last enabled at (2440186): [] kvm_wait+0x1fb/0x290 [ 354.558637][ C0] hardirqs last disabled at (2440187): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 354.558663][ C0] softirqs last enabled at (2386480): [] __irq_exit_rcu+0xca/0x1f0 [ 354.558684][ C0] softirqs last disabled at (2386487): [] __irq_exit_rcu+0xca/0x1f0 [ 354.558707][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 354.558728][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 354.558739][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 354.558762][ C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f7 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 354.558777][ C0] RSP: 0018:ffffc900000077b8 EFLAGS: 00000246 [ 354.558792][ C0] RAX: ffffffff8172213d RBX: 0000000000000003 RCX: ffffffff8de95100 [ 354.558805][ C0] RDX: 0000000000000100 RSI: ffffffff8d9b6da5 RDI: ffffffff8be33400 [ 354.558818][ C0] RBP: ffffc90000007890 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 354.558830][ C0] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: dffffc0000000000 [ 354.558843][ C0] R13: 0000000000000200 R14: 0000000000000003 R15: 1ffff92000000efc [ 354.558854][ C0] FS: 0000000000000000(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 [ 354.558869][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.558880][ C0] CR2: 0000563a9e26fa58 CR3: 000000000df36000 CR4: 00000000003526f0 [ 354.558909][ C0] Call Trace: [ 354.558922][ C0] [ 354.558928][ C0] kvm_wait+0x232/0x290 [ 354.558952][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.558976][ C0] ? __pfx_kvm_wait+0x10/0x10 [ 354.559011][ C0] __pv_queued_spin_lock_slowpath+0x7bf/0xb60 [ 354.559046][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 354.559076][ C0] ? __lock_acquire+0xab9/0xd20 [ 354.559108][ C0] queued_spin_lock_slowpath+0x43/0x50 [ 354.559130][ C0] do_raw_spin_lock+0x21f/0x290 [ 354.559154][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 354.559188][ C0] __xfrm_state_delete+0xba/0xca0 [ 354.559212][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 354.559233][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 354.559261][ C0] xfrm_timer_handler+0x18f/0xa00 [ 354.559297][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 354.559319][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 354.559340][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.559364][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 354.559385][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 354.559412][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 354.559437][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 354.559460][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 354.559498][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 354.559514][ C0] ? read_tsc+0x9/0x20 [ 354.559537][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 354.559563][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 354.559586][ C0] handle_softirqs+0x283/0x870 [ 354.559607][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 354.559630][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 354.559651][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 354.559676][ C0] __irq_exit_rcu+0xca/0x1f0 [ 354.559693][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 354.559719][ C0] irq_exit_rcu+0x9/0x30 [ 354.559734][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 354.559756][ C0] [ 354.559761][ C0] [ 354.559769][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 354.559788][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 354.559809][ C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f7 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 354.559824][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 354.559838][ C0] RAX: 3d439e448e506a00 RBX: ffffffff81968308 RCX: 3d439e448e506a00 [ 354.559850][ C0] RDX: 0000000000000001 RSI: ffffffff8d9b6da5 RDI: ffffffff8be33400 [ 354.559862][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3 [ 354.559875][ C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa37e30 [ 354.559887][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20 [ 354.559910][ C0] ? do_idle+0x1e8/0x510 [ 354.559936][ C0] default_idle+0x13/0x20 [ 354.559950][ C0] default_idle_call+0x74/0xb0 [ 354.559965][ C0] do_idle+0x1e8/0x510 [ 354.559988][ C0] ? __pfx_do_idle+0x10/0x10 [ 354.560022][ C0] cpu_startup_entry+0x44/0x60 [ 354.560038][ C0] rest_init+0x2de/0x300 [ 354.560057][ C0] start_kernel+0x3a9/0x410 [ 354.560079][ C0] x86_64_start_reservations+0x24/0x30 [ 354.560102][ C0] x86_64_start_kernel+0x143/0x1c0 [ 354.560125][ C0] common_startup_64+0x13e/0x147 [ 354.560164][ C0] [ 354.560171][ C0] Sending NMI from CPU 0 to CPUs 1: [ 355.053781][ C1] NMI backtrace for cpu 1 [ 355.053799][ C1] CPU: 1 UID: 0 PID: 7440 Comm: syz.2.420 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 355.053820][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 355.053830][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70 [ 355.053857][ C1] Code: cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 40 a0 92 65 8b 15 68 94 e0 10 <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 [ 355.053870][ C1] RSP: 0000:ffffc9001d36f0d8 EFLAGS: 00000297 [ 355.053885][ C1] RAX: ffffffff8a216ca4 RBX: 0000000001000000 RCX: ffff888028cb8000 [ 355.053896][ C1] RDX: 0000000000000402 RSI: 000000000007ffff RDI: 0000000000080000 [ 355.053906][ C1] RBP: ffffc9001d36f230 R08: 0000000000000000 R09: ffffffff8a216a10 [ 355.053917][ C1] R10: dffffc0000000000 R11: fffff52003a6de0c R12: dffffc0000000000 [ 355.053928][ C1] R13: ffff88805489b300 R14: 0000000007000000 R15: ffffc9001d36f6a0 [ 355.053939][ C1] FS: 0000000000000000(0000) GS:ffff888125d1c000(0063) knlGS:00000000f54ceb40 [ 355.053952][ C1] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 355.053962][ C1] CR2: 0000000000000000 CR3: 0000000072956000 CR4: 00000000003526f0 [ 355.053977][ C1] DR0: 0000040000000000 DR1: 000000000000064f DR2: 0000000000000006 [ 355.053987][ C1] DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 355.053997][ C1] Call Trace: [ 355.054005][ C1] [ 355.054011][ C1] xfrm_alloc_spi+0x534/0xf30 [ 355.054031][ C1] ? xfrm_alloc_spi+0x2a0/0xf30 [ 355.054053][ C1] ? __pfx_xfrm_alloc_spi+0x10/0x10 [ 355.054068][ C1] ? xfrm_find_acq+0x87/0xa0 [ 355.054087][ C1] xfrm_alloc_userspi+0x70b/0xc90 [ 355.054111][ C1] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 355.054130][ C1] ? __nla_parse+0x40/0x60 [ 355.054153][ C1] xfrm_user_rcv_msg+0x7a0/0xab0 [ 355.054172][ C1] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 355.054202][ C1] ? __pfx___mutex_trylock_common+0x10/0x10 [ 355.054221][ C1] ? rcu_is_watching+0x15/0xb0 [ 355.054236][ C1] ? trace_contention_end+0x39/0x120 [ 355.054252][ C1] ? __mutex_lock+0x335/0x1360 [ 355.054275][ C1] netlink_rcv_skb+0x208/0x470 [ 355.054296][ C1] ? rcu_is_watching+0x15/0xb0 [ 355.054310][ C1] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 355.054328][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 355.054353][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 355.054375][ C1] xfrm_netlink_rcv+0x79/0x90 [ 355.054392][ C1] netlink_unicast+0x82c/0x9e0 [ 355.054414][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 355.054432][ C1] ? netlink_sendmsg+0x642/0xb30 [ 355.054451][ C1] ? skb_put+0x11b/0x210 [ 355.054466][ C1] netlink_sendmsg+0x805/0xb30 [ 355.054490][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 355.054512][ C1] ? __import_iovec+0x5d4/0x7f0 [ 355.054528][ C1] ? aa_sock_msg_perm+0xf1/0x1d0 [ 355.054552][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 355.054569][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 355.054589][ C1] __sock_sendmsg+0x21c/0x270 [ 355.054611][ C1] ____sys_sendmsg+0x505/0x830 [ 355.054628][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 355.054645][ C1] ? finish_task_switch+0x266/0x950 [ 355.054675][ C1] ___sys_sendmsg+0x21f/0x2a0 [ 355.054690][ C1] ? __pfx____sys_sendmsg+0x10/0x10 [ 355.054718][ C1] ? __fget_files+0x2a/0x420 [ 355.054732][ C1] ? __fget_files+0x3a0/0x420 [ 355.054748][ C1] __sys_sendmsg+0x164/0x220 [ 355.054764][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 355.054785][ C1] ? syscall_enter_from_user_mode_prepare+0x91/0x110 [ 355.054809][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 355.054830][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.054851][ C1] do_fast_syscall_32+0x34/0x80 [ 355.054871][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 355.054890][ C1] RIP: 0023:0xf70de539 [ 355.054903][ C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 355.054916][ C1] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 355.054932][ C1] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000740 [ 355.054943][ C1] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 355.054952][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 355.054961][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 355.054971][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 355.054987][ C1] [ 355.055777][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 355.504978][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) [ 355.518275][ C0] Tainted: [L]=SOFTLOCKUP [ 355.522604][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 355.532756][ C0] Call Trace: [ 355.536047][ C0] [ 355.538917][ C0] dump_stack_lvl+0x99/0x250 [ 355.543538][ C0] ? __asan_memcpy+0x40/0x70 [ 355.548136][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.553349][ C0] ? __pfx__printk+0x10/0x10 [ 355.557974][ C0] vpanic+0x281/0x750 [ 355.561993][ C0] ? __pfx__printk+0x10/0x10 [ 355.566599][ C0] ? __pfx_vpanic+0x10/0x10 [ 355.571135][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 355.577240][ C0] panic+0xb9/0xc0 [ 355.580975][ C0] ? __pfx_panic+0x10/0x10 [ 355.585490][ C0] ? nmi_backtrace_stall_check+0x433/0x440 [ 355.591425][ C0] ? irq_work_queue+0xc3/0x140 [ 355.596326][ C0] watchdog_timer_fn+0x862/0x870 [ 355.601390][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 355.606892][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 355.613024][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 355.619379][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 355.624855][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 355.630332][ C0] __hrtimer_run_queues+0x4e0/0xc60 [ 355.635562][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 355.641288][ C0] ? ktime_get_update_offsets_now+0x3ab/0x3d0 [ 355.647378][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 355.652356][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 355.658529][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 355.664177][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 355.670169][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 355.675903][ C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f7 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 355.695535][ C0] RSP: 0018:ffffc900000077b8 EFLAGS: 00000246 [ 355.701619][ C0] RAX: ffffffff8172213d RBX: 0000000000000003 RCX: ffffffff8de95100 [ 355.709601][ C0] RDX: 0000000000000100 RSI: ffffffff8d9b6da5 RDI: ffffffff8be33400 [ 355.717581][ C0] RBP: ffffc90000007890 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 355.725732][ C0] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: dffffc0000000000 [ 355.733916][ C0] R13: 0000000000000200 R14: 0000000000000003 R15: 1ffff92000000efc [ 355.741924][ C0] ? kvm_wait+0x22d/0x290 [ 355.746367][ C0] kvm_wait+0x232/0x290 [ 355.750534][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.756007][ C0] ? __pfx_kvm_wait+0x10/0x10 [ 355.760727][ C0] __pv_queued_spin_lock_slowpath+0x7bf/0xb60 [ 355.766825][ C0] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 355.773440][ C0] ? __lock_acquire+0xab9/0xd20 [ 355.778327][ C0] queued_spin_lock_slowpath+0x43/0x50 [ 355.783836][ C0] do_raw_spin_lock+0x21f/0x290 [ 355.788813][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 355.794308][ C0] __xfrm_state_delete+0xba/0xca0 [ 355.799443][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 355.804839][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 355.810244][ C0] xfrm_timer_handler+0x18f/0xa00 [ 355.815560][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 355.821122][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 355.827027][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.832256][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 355.838162][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 355.844528][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 355.850136][ C0] ? __pfx_xfrm_timer_handler+0x10/0x10 [ 355.855791][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 355.861034][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 355.866776][ C0] ? read_tsc+0x9/0x20 [ 355.870865][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 355.876777][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 355.881906][ C0] handle_softirqs+0x283/0x870 [ 355.886802][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 355.891588][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 355.896890][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 355.902120][ C0] __irq_exit_rcu+0xca/0x1f0 [ 355.906758][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 355.911985][ C0] irq_exit_rcu+0x9/0x30 [ 355.916506][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 355.922175][ C0] [ 355.925292][ C0] [ 355.928232][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 355.934238][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 355.939998][ C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f7 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 355.959625][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 355.965712][ C0] RAX: 3d439e448e506a00 RBX: ffffffff81968308 RCX: 3d439e448e506a00 [ 355.973693][ C0] RDX: 0000000000000001 RSI: ffffffff8d9b6da5 RDI: ffffffff8be33400 [ 355.981672][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3 [ 355.989828][ C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa37e30 [ 355.997811][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20 [ 356.005887][ C0] ? do_idle+0x1e8/0x510 [ 356.010162][ C0] default_idle+0x13/0x20 [ 356.014503][ C0] default_idle_call+0x74/0xb0 [ 356.019281][ C0] do_idle+0x1e8/0x510 [ 356.023626][ C0] ? __pfx_do_idle+0x10/0x10 [ 356.028253][ C0] cpu_startup_entry+0x44/0x60 [ 356.033029][ C0] rest_init+0x2de/0x300 [ 356.037286][ C0] start_kernel+0x3a9/0x410 [ 356.041805][ C0] x86_64_start_reservations+0x24/0x30 [ 356.047365][ C0] x86_64_start_kernel+0x143/0x1c0 [ 356.052492][ C0] common_startup_64+0x13e/0x147 [ 356.057468][ C0] [ 356.060854][ C0] Kernel Offset: disabled [ 356.065365][ C0] Rebooting in 86400 seconds..