last executing test programs: 11.233775683s ago: executing program 3 (id=453): r0 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendto$packet(r0, &(0x7f0000000400)="7538736d00ff37838b57f777409f7df488a8", 0x12, 0x24044885, &(0x7f0000000000)={0x11, 0x88a8, r2, 0x1, 0xfe, 0x6, @broadcast}, 0x14) 10.714802378s ago: executing program 3 (id=456): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x2, &(0x7f00000000c0)=[{0x3, 0x8, 0xc0, 0x7}, {0x2, 0x4, 0x1, 0x80000001}]}) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000000)=0x2, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='yeah', 0x39) getsockopt$inet_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000100)) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000180)={{@any, 0xffffffff}, 0x0, 0x1}) r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r7 = open(&(0x7f0000000780)='./bus\x00', 0x145c7e, 0x0) io_setup(0x5ff, &(0x7f0000000400)=0x0) io_submit(r8, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x80, r7, 0x0}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r6, 0x0, 0x0, 0xffffffffffffffff}]) 9.3343395s ago: executing program 4 (id=459): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) readv(r3, 0x0, 0x0) 9.175426886s ago: executing program 2 (id=460): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b40)={0x44, &(0x7f0000000900)={0x0, 0x9, 0x2, '_T'}, 0x0, 0x0, &(0x7f0000000a00)={0x20, 0x81, 0x1, 'A'}, 0x0, 0x0, 0x0, 0x0}) 9.034613895s ago: executing program 3 (id=461): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x14}}, 0x1c, 0x0}, 0x40) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000180)={0x14, 0x25, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 8.069135688s ago: executing program 4 (id=462): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_clone(0x2001100, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4094, 0xffe}], 0x1, 0x8, 0xd215) openat$procfs(0xffffffffffffff9c, &(0x7f000000c240)='/proc/asound/seq/timer\x00', 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$comedi(0xffffffffffffff9c, &(0x7f000000c280)='/dev/comedi5\x00', 0x20100, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x11, &(0x7f0000003d40)=ANY=[@ANYRES8=r2, @ANYRES64, @ANYBLOB="00000000f700000000b705000900020000850000009400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f000000c2c0)) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019540)=""/102392, 0x18ff8) sendmmsg$unix(r2, &(0x7f000000c3c0), 0x0, 0x20004001) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601020000000000000000020000020500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4) 7.915618766s ago: executing program 1 (id=463): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000340)={0x1f, 0x1, 0x3}, 0x6) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="030b000000000000dc00130000000c00098008000200"], 0x20}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0) write(0xffffffffffffffff, &(0x7f0000000080), 0x0) 7.280650224s ago: executing program 1 (id=464): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x4, 0x8, 0xc, 0x12}, 0x50) 7.128969038s ago: executing program 1 (id=465): openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0xfeff, 0x141102) r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000300)='./bus\x00', 0x15d) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe) syz_init_net_socket$x25(0x9, 0x5, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) ftruncate(r2, 0x2008002) sendfile(r1, r2, 0x0, 0x80000001) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, 0x0) 6.945546552s ago: executing program 2 (id=466): bind$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x0) 6.377519205s ago: executing program 1 (id=467): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x9, 0x0, 0x700, 0x0, 0x14, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x2}]}}}}}}, 0x46) 6.219428069s ago: executing program 2 (id=469): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)={0x0, 0x6, 0x7, {0x7, 0x23, "3d91419da5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 5.784712173s ago: executing program 0 (id=471): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x2, &(0x7f00000000c0)=[{0x3, 0x8, 0xc0, 0x7}, {0x2, 0x4, 0x1, 0x80000001}]}) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000000)=0x2, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='yeah', 0x39) getsockopt$inet_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000100)) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000180)={{@any, 0xffffffff}, 0x0, 0x1}) r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r7 = open(&(0x7f0000000780)='./bus\x00', 0x145c7e, 0x0) io_setup(0x5ff, &(0x7f0000000400)=0x0) io_submit(r8, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x80, r7, 0x0}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r6, 0x0, 0x0, 0xffffffffffffffff}]) 4.222532968s ago: executing program 0 (id=472): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) readv(r3, 0x0, 0x0) 3.215561352s ago: executing program 2 (id=473): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r0 = dup(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x18) r1 = gettid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4010) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = userfaultfd(0x801) read$FUSE(r0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x50d1, &(0x7f0000000000)={0x0, 0xfffffffa, 0x4000, 0x2, 0x37c}, &(0x7f0000000100), &(0x7f0000ff4000)) ioctl$SIOCAX25GETINFO(0xffffffffffffffff, 0x89ed, &(0x7f00000001c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) 2.935434222s ago: executing program 0 (id=474): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000340)={0x1f, 0x1, 0x3}, 0x6) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="030b000000000000dc00130000000c00098008000200"], 0x20}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0) write(0xffffffffffffffff, &(0x7f0000000080), 0x0) 2.10279265s ago: executing program 0 (id=475): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d7", 0x20}, {&(0x7f0000000040)="aa1d484ea0fffb00f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 2.012397821s ago: executing program 2 (id=476): prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) 1.950478402s ago: executing program 3 (id=477): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000080)={0x18, r1}) 1.949380487s ago: executing program 0 (id=478): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 1.752747586s ago: executing program 1 (id=479): socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e22, 0xf, @remote, 0xc7}}, 0x81, 0x2fcf}, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 1.752270488s ago: executing program 3 (id=480): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$can_raw(0x1d, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.751491746s ago: executing program 4 (id=481): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c643c, &(0x7f0000000300)={0x0, 0x300, r0}) 1.398327474s ago: executing program 0 (id=482): bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 1.263526223s ago: executing program 4 (id=483): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x4, 0x8, 0xc, 0x12}, 0x50) 1.211576137s ago: executing program 4 (id=484): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) readv(r3, 0x0, 0x0) 991.053358ms ago: executing program 3 (id=485): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000340)={0x1f, 0x1, 0x3}, 0x6) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="030b000000000000dc00130000000c00098008000200"], 0x20}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0) write(0xffffffffffffffff, &(0x7f0000000080), 0x0) 103.358986ms ago: executing program 4 (id=486): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ptrace$ARCH_GET_CPUID(0x1e, r0, 0x0, 0x1011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) write(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r4, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), 0xffffffffffffffff) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000080)={r6}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffb}]}) close_range(r7, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 73.376793ms ago: executing program 2 (id=487): socket$pptp(0x18, 0x1, 0x2) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x464f, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$igmp(0x2, 0x3, 0x2) r4 = socket(0x10, 0x2, 0x0) write(r4, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 0s ago: executing program 1 (id=488): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x14}}, 0x1c, 0x0}, 0x40) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000180)={0x14, 0x25, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. [ 82.861340][ T5785] cgroup: Unknown subsys name 'net' [ 83.081422][ T5785] cgroup: Unknown subsys name 'cpuset' [ 83.117148][ T5785] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.834332][ T5785] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.861356][ T31] cfg80211: failed to load regulatory.db [ 89.407824][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.408939][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.412514][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.414751][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.429372][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.434484][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.434999][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.436597][ T5818] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.436928][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.439283][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.440722][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.447789][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.448547][ T5818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.457764][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.465632][ T5820] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.476963][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.491125][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.491380][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.492573][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.493705][ T5819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.494442][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.498533][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.507158][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.508610][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.522765][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.488169][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 90.531319][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 90.568740][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 90.698265][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 90.917688][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 91.474825][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.474911][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.475247][ T5804] bridge_slave_0: entered allmulticast mode [ 91.477311][ T5804] bridge_slave_0: entered promiscuous mode [ 91.497069][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.497196][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.497738][ T5803] bridge_slave_0: entered allmulticast mode [ 91.500479][ T5803] bridge_slave_0: entered promiscuous mode [ 91.578816][ T5809] Bluetooth: hci4: command tx timeout [ 91.579298][ T5817] Bluetooth: hci3: command tx timeout [ 91.579402][ T5813] Bluetooth: hci2: command tx timeout [ 91.579468][ T61] Bluetooth: hci1: command tx timeout [ 91.617106][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.617215][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.617388][ T5804] bridge_slave_1: entered allmulticast mode [ 91.619056][ T5804] bridge_slave_1: entered promiscuous mode [ 91.707575][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.707763][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.707898][ T5803] bridge_slave_1: entered allmulticast mode [ 91.709594][ T5803] bridge_slave_1: entered promiscuous mode [ 91.710826][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.711049][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.711174][ T5800] bridge_slave_0: entered allmulticast mode [ 91.712815][ T5800] bridge_slave_0: entered promiscuous mode [ 91.738031][ T5813] Bluetooth: hci0: command tx timeout [ 91.997453][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.997579][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.997694][ T5800] bridge_slave_1: entered allmulticast mode [ 91.999287][ T5800] bridge_slave_1: entered promiscuous mode [ 92.157617][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.157763][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.157946][ T5805] bridge_slave_0: entered allmulticast mode [ 92.159763][ T5805] bridge_slave_0: entered promiscuous mode [ 92.381180][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.381437][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.381562][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.381725][ T5805] bridge_slave_1: entered allmulticast mode [ 92.383948][ T5805] bridge_slave_1: entered promiscuous mode [ 92.390298][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.497576][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.497697][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.497873][ T5802] bridge_slave_0: entered allmulticast mode [ 92.499722][ T5802] bridge_slave_0: entered promiscuous mode [ 92.503402][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.590363][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.593325][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.593546][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.593685][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.593843][ T5802] bridge_slave_1: entered allmulticast mode [ 92.595709][ T5802] bridge_slave_1: entered promiscuous mode [ 92.949708][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.092768][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.359362][ T5804] team0: Port device team_slave_0 added [ 93.362097][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.363983][ T5803] team0: Port device team_slave_0 added [ 93.440629][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.442518][ T5804] team0: Port device team_slave_1 added [ 93.500796][ T5803] team0: Port device team_slave_1 added [ 93.503901][ T5800] team0: Port device team_slave_0 added [ 93.509692][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.656716][ T5813] Bluetooth: hci2: command tx timeout [ 93.656758][ T5817] Bluetooth: hci1: command tx timeout [ 93.656849][ T61] Bluetooth: hci4: command tx timeout [ 93.656849][ T5813] Bluetooth: hci3: command tx timeout [ 93.759072][ T5800] team0: Port device team_slave_1 added [ 93.816768][ T5813] Bluetooth: hci0: command tx timeout [ 93.939358][ T5805] team0: Port device team_slave_0 added [ 94.448532][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.448544][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.448557][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.451951][ T5805] team0: Port device team_slave_1 added [ 94.453024][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.453034][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.453046][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.543231][ T5802] team0: Port device team_slave_0 added [ 94.545565][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.545579][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.545603][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.628269][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.628281][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.628295][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.629240][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.629250][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.629263][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.632511][ T5802] team0: Port device team_slave_1 added [ 94.728364][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.728380][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.728405][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.819847][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.819859][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.819872][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.899673][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.899684][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.899697][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.902990][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.903000][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.903013][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.078799][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.078811][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.078824][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.359417][ T5804] hsr_slave_0: entered promiscuous mode [ 95.360406][ T5804] hsr_slave_1: entered promiscuous mode [ 95.442960][ T5803] hsr_slave_0: entered promiscuous mode [ 95.443790][ T5803] hsr_slave_1: entered promiscuous mode [ 95.444494][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 95.444583][ T5803] Cannot create hsr debugfs directory [ 95.572456][ T5800] hsr_slave_0: entered promiscuous mode [ 95.573304][ T5800] hsr_slave_1: entered promiscuous mode [ 95.573877][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 95.573897][ T5800] Cannot create hsr debugfs directory [ 95.736705][ T5813] Bluetooth: hci3: command tx timeout [ 95.736739][ T5813] Bluetooth: hci2: command tx timeout [ 95.736760][ T5813] Bluetooth: hci4: command tx timeout [ 95.736780][ T5813] Bluetooth: hci1: command tx timeout [ 95.862527][ T5805] hsr_slave_0: entered promiscuous mode [ 95.863408][ T5805] hsr_slave_1: entered promiscuous mode [ 95.863984][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 95.864003][ T5805] Cannot create hsr debugfs directory [ 95.897067][ T61] Bluetooth: hci0: command tx timeout [ 96.040303][ T5802] hsr_slave_0: entered promiscuous mode [ 96.041185][ T5802] hsr_slave_1: entered promiscuous mode [ 96.041729][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 96.041747][ T5802] Cannot create hsr debugfs directory [ 97.493295][ T5804] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 97.525277][ T5804] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 97.562136][ T5804] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 97.615546][ T5804] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 97.722334][ T5803] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.762648][ T5803] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.781361][ T5803] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.816826][ T61] Bluetooth: hci4: command tx timeout [ 97.816853][ T5813] Bluetooth: hci2: command tx timeout [ 97.816875][ T5813] Bluetooth: hci3: command tx timeout [ 97.816890][ T5813] Bluetooth: hci1: command tx timeout [ 97.851392][ T5803] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.949913][ T5800] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.976929][ T61] Bluetooth: hci0: command tx timeout [ 97.993730][ T5800] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.022651][ T5800] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.060388][ T5800] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.174984][ T5802] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.223966][ T5802] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.254467][ T5802] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.305246][ T5802] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.403968][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.434153][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.484331][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.513137][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.552834][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.629017][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.668185][ T162] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.668322][ T162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.695765][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.715756][ T162] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.715896][ T162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.789120][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.820192][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.841970][ T162] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.842070][ T162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.875251][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.875377][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.923977][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.950703][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.972394][ T162] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.973266][ T162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.020949][ T162] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.021157][ T162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.110293][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.151178][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.178345][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.178547][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.226482][ T1184] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.228092][ T1184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.300737][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.364517][ T4496] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.364737][ T4496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.425014][ T1184] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.425343][ T1184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.459644][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.670387][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.964555][ T5803] veth0_vlan: entered promiscuous mode [ 100.018418][ T5803] veth1_vlan: entered promiscuous mode [ 100.032329][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.133338][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.220938][ T5803] veth0_macvtap: entered promiscuous mode [ 100.251604][ T5803] veth1_macvtap: entered promiscuous mode [ 100.266288][ T5804] veth0_vlan: entered promiscuous mode [ 100.275402][ T5800] veth0_vlan: entered promiscuous mode [ 100.295676][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.313536][ T5804] veth1_vlan: entered promiscuous mode [ 100.332429][ T5800] veth1_vlan: entered promiscuous mode [ 100.340363][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.374603][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.376227][ T5802] veth0_vlan: entered promiscuous mode [ 100.409238][ T4496] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.416065][ T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.434697][ T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.447311][ T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.449483][ T5802] veth1_vlan: entered promiscuous mode [ 100.562072][ T5804] veth0_macvtap: entered promiscuous mode [ 100.579894][ T5800] veth0_macvtap: entered promiscuous mode [ 100.611413][ T5805] veth0_vlan: entered promiscuous mode [ 100.628686][ T5804] veth1_macvtap: entered promiscuous mode [ 100.659478][ T5800] veth1_macvtap: entered promiscuous mode [ 100.720497][ T5805] veth1_vlan: entered promiscuous mode [ 100.761562][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.761586][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.764803][ T5802] veth0_macvtap: entered promiscuous mode [ 100.776068][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.806019][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.822865][ T5802] veth1_macvtap: entered promiscuous mode [ 100.825281][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.876161][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.888992][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.889011][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.894635][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.901366][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.915053][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.954114][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.985413][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.003270][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.043752][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.056811][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.059078][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.060063][ T5805] veth0_macvtap: entered promiscuous mode [ 101.114524][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.165650][ T5805] veth1_macvtap: entered promiscuous mode [ 101.269791][ T162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.276039][ T162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.357000][ T162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.419710][ T69] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.811860][ T5924] netlink: 'syz.0.7': attribute type 10 has an invalid length. [ 102.064244][ T5924] team0: Port device dummy0 added [ 102.145515][ T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.146421][ T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.384701][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.580633][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.580647][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.649804][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.671398][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.677354][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.678935][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.707328][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.764386][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.764401][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.935051][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.935072][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.206564][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.246583][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.306578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.556828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.586962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.791130][ T5931] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 103.791165][ T5931] UDF-fs: Scanning with blocksize 512 failed [ 103.818856][ T5931] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 103.818951][ T5931] UDF-fs: Scanning with blocksize 1024 failed [ 103.826365][ T5931] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 103.827802][ T5931] UDF-fs: Scanning with blocksize 2048 failed [ 103.856567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.861299][ T5931] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 103.861649][ T5931] UDF-fs: Scanning with blocksize 4096 failed [ 104.155381][ T5938] capability: warning: `syz.4.5' uses deprecated v2 capabilities in a way that may be insecure [ 104.173610][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.173630][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.405665][ T5941] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.416737][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 104.488781][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.488800][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.525065][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.525084][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.436587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.455203][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.726573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.567340][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.567359][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.496819][ T5969] Zero length message leads to an empty skb [ 109.525747][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.421727][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.449635][ T5997] input: syz0 as /devices/virtual/input/input5 [ 110.481585][ C0] vkms_vblank_simulate: vblank timer overrun [ 111.302026][ C0] vkms_vblank_simulate: vblank timer overrun [ 112.501190][ T6017] netlink: 'syz.0.29': attribute type 109 has an invalid length. [ 113.967250][ C0] vkms_vblank_simulate: vblank timer overrun [ 114.228745][ C0] vkms_vblank_simulate: vblank timer overrun [ 114.658091][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.689469][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.773914][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.930978][ C0] vkms_vblank_simulate: vblank timer overrun [ 116.160897][ C0] vkms_vblank_simulate: vblank timer overrun [ 116.718762][ C0] vkms_vblank_simulate: vblank timer overrun [ 116.738911][ T6047] SQUASHFS error: Failed to read block 0x0: -5 [ 116.738946][ T6047] unable to read squashfs_super_block [ 117.698663][ C0] vkms_vblank_simulate: vblank timer overrun [ 118.768495][ T5899] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 118.774779][ T6061] bridge_slave_0: left allmulticast mode [ 118.774804][ T6061] bridge_slave_0: left promiscuous mode [ 118.794626][ T6061] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.924272][ T6061] bridge_slave_1: left allmulticast mode [ 118.924300][ T6061] bridge_slave_1: left promiscuous mode [ 118.924532][ T6061] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.976696][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 119.005567][ T5899] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 119.005595][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.005613][ T5899] usb 3-1: Product: syz [ 119.005625][ T5899] usb 3-1: Manufacturer: syz [ 119.005638][ T5899] usb 3-1: SerialNumber: syz [ 119.087866][ T5899] usb 3-1: config 0 descriptor?? [ 119.139700][ T6069] binder: 6060:6069 ioctl c0046209 ffffffffff600000 returned -22 [ 119.161644][ T5899] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 119.178422][ T6061] bond0: (slave bond_slave_0): Releasing backup interface [ 119.197393][ T994] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 119.319462][ T6061] bond0: (slave bond_slave_1): Releasing backup interface [ 119.600176][ T994] usb 5-1: Using ep0 maxpacket: 32 [ 119.841631][ T994] usb 5-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 119.841651][ T994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.841661][ T994] usb 5-1: Product: syz [ 119.841668][ T994] usb 5-1: Manufacturer: syz [ 119.841675][ T994] usb 5-1: SerialNumber: syz [ 119.867550][ T994] usb 5-1: config 0 descriptor?? [ 119.980670][ T6069] netlink: 'syz.3.41': attribute type 10 has an invalid length. [ 120.078031][ T994] ttusb_dec_send_command: command bulk message failed: error -22 [ 120.079843][ T994] ttusb-dec 5-1:0.0: probe with driver ttusb-dec failed with error -22 [ 120.359656][ T5899] gspca_sonixj: reg_r err -71 [ 120.359758][ T5899] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 120.373461][ T5899] usb 3-1: USB disconnect, device number 2 [ 121.389941][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.41'. [ 121.594146][ T6061] team0: Port device team_slave_0 removed [ 121.776226][ T6061] team0: Port device team_slave_1 removed [ 121.785927][ T6061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.786044][ T6061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.896138][ T6089] netlink: 'syz.2.47': attribute type 2 has an invalid length. [ 121.896152][ T6089] netlink: 'syz.2.47': attribute type 1 has an invalid length. [ 121.896426][ T6089] netlink: 'syz.2.47': attribute type 1 has an invalid length. [ 121.946109][ T6061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.956374][ T6061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.043063][ T6061] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 122.210852][ T6063] team0: Mode changed to "loadbalance" [ 122.950622][ T5975] usb 5-1: USB disconnect, device number 2 [ 123.046350][ T6069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.077047][ T6069] team0: Port device bond0 added [ 123.637695][ T5975] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 123.826596][ T5975] usb 3-1: Using ep0 maxpacket: 16 [ 123.882180][ T5975] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 123.882199][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.882209][ T5975] usb 3-1: Product: syz [ 123.882216][ T5975] usb 3-1: Manufacturer: syz [ 123.882223][ T5975] usb 3-1: SerialNumber: syz [ 124.188682][ T5975] usb 3-1: config 0 descriptor?? [ 124.729099][ T5975] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 124.784072][ T5975] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 124.785347][ T5975] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 124.809272][ T5975] usb 3-1: media controller created [ 124.877917][ T5975] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 124.963195][ T5975] zl10353_read_register: readreg error (reg=127, ret==0) [ 124.963262][ T5975] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 124.963282][ T5975] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 126.548411][ T994] usb 3-1: USB disconnect, device number 3 [ 126.671392][ T994] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 128.257629][ T6081] team0 (unregistering): Port device bond0 removed [ 128.570148][ T6147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.62'. [ 128.570170][ T6147] netlink: 348 bytes leftover after parsing attributes in process `syz.0.62'. [ 128.570186][ T6147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.62'. [ 128.570197][ T6147] netlink: 348 bytes leftover after parsing attributes in process `syz.0.62'. [ 128.570485][ T6147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.62'. [ 128.679115][ T994] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 128.826698][ T994] usb 5-1: Using ep0 maxpacket: 32 [ 128.845051][ T994] usb 5-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 128.845080][ T994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.845097][ T994] usb 5-1: Product: syz [ 128.845108][ T994] usb 5-1: Manufacturer: syz [ 128.845122][ T994] usb 5-1: SerialNumber: syz [ 128.891133][ T994] usb 5-1: config 0 descriptor?? [ 128.903924][ T994] ttusb_dec_send_command: command bulk message failed: error -22 [ 128.904161][ T994] ttusb-dec 5-1:0.0: probe with driver ttusb-dec failed with error -22 [ 131.836695][ T5787] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 131.998974][ T5787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.999031][ T5787] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 131.999052][ T5787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.008340][ T5787] usb 2-1: config 0 descriptor?? [ 132.066844][ T5787] pwc: Askey VC010 type 2 USB webcam detected. [ 132.144045][ T5975] usb 5-1: USB disconnect, device number 3 [ 132.616670][ T5787] pwc: recv_control_msg error -32 req 02 val 2b00 [ 132.684023][ T5787] pwc: recv_control_msg error -32 req 02 val 2700 [ 132.788405][ T5787] pwc: recv_control_msg error -32 req 02 val 2c00 [ 132.931694][ T5787] pwc: recv_control_msg error -32 req 04 val 1000 [ 132.987266][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.109471][ T5787] pwc: recv_control_msg error -32 req 04 val 1300 [ 133.137291][ T5787] pwc: recv_control_msg error -32 req 04 val 1400 [ 133.155449][ T5787] pwc: recv_control_msg error -32 req 02 val 2000 [ 133.365195][ T5787] pwc: recv_control_msg error -71 req 04 val 1500 [ 133.365678][ T5787] pwc: recv_control_msg error -71 req 02 val 2500 [ 133.366188][ T5787] pwc: recv_control_msg error -71 req 02 val 2400 [ 133.367435][ T5787] pwc: recv_control_msg error -71 req 02 val 2600 [ 133.368001][ T5787] pwc: recv_control_msg error -71 req 02 val 2900 [ 133.368475][ T5787] pwc: recv_control_msg error -71 req 02 val 2800 [ 133.396748][ T5787] pwc: recv_control_msg error -71 req 04 val 1100 [ 133.413524][ T5787] pwc: recv_control_msg error -71 req 04 val 1200 [ 133.515797][ T5787] pwc: Registered as video103. [ 133.535508][ T5787] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6 [ 133.571311][ T5787] usb 2-1: USB disconnect, device number 2 [ 134.146647][ T31] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 134.774228][ T31] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 134.774297][ T31] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 134.774410][ T31] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 134.774477][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.144137][ T6196] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 135.242664][ T31] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 137.976768][ T994] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 138.066635][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 138.139221][ T994] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 138.139239][ T994] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.139249][ T994] usb 4-1: Product: syz [ 138.139256][ T994] usb 4-1: Manufacturer: syz [ 138.139262][ T994] usb 4-1: SerialNumber: syz [ 138.146171][ T994] usb 4-1: config 0 descriptor?? [ 138.216640][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 138.223341][ T31] usb 2-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 138.223370][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.223388][ T31] usb 2-1: Product: syz [ 138.223402][ T31] usb 2-1: Manufacturer: syz [ 138.223415][ T31] usb 2-1: SerialNumber: syz [ 138.267512][ T31] usb 2-1: config 0 descriptor?? [ 138.282247][ T31] ttusb_dec_send_command: command bulk message failed: error -22 [ 138.282621][ T31] ttusb-dec 2-1:0.0: probe with driver ttusb-dec failed with error -22 [ 140.829724][ T994] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -110 [ 140.829807][ T994] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 141.237150][ T1562] usb 5-1: USB disconnect, device number 4 [ 143.005433][ T994] usb 2-1: USB disconnect, device number 3 [ 143.031484][ T9] usb 4-1: USB disconnect, device number 2 [ 143.589633][ T6260] warning: `syz.0.93' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 144.735108][ T6278] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 144.779963][ T37] audit: type=1326 audit(1760841665.990:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6272 comm="syz.1.99" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f009e4fefc9 code=0x0 [ 146.286710][ T31] IPVS: starting estimator thread 0... [ 146.467235][ T6295] IPVS: using max 9 ests per chain, 21600 per kthread [ 146.717310][ T6302] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 149.276891][ T6317] netlink: 165 bytes leftover after parsing attributes in process `syz.2.108'. [ 150.297894][ T6324] syz.1.113 (6324) used greatest stack depth: 16760 bytes left [ 153.185899][ T5899] kernel read not supported for file /dsp1 (pid: 5899 comm: kworker/0:4) [ 154.373129][ T37] audit: type=1326 audit(1760841675.620:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.373267][ T37] audit: type=1326 audit(1760841675.620:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.373570][ T37] audit: type=1326 audit(1760841675.620:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.373685][ T37] audit: type=1326 audit(1760841675.620:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.373829][ T37] audit: type=1326 audit(1760841675.620:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.373969][ T37] audit: type=1326 audit(1760841675.620:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 154.374403][ T37] audit: type=1326 audit(1760841675.620:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6a30e9f003 code=0x7ffc0000 [ 154.374543][ T37] audit: type=1326 audit(1760841675.620:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6a30e9f003 code=0x7ffc0000 [ 154.381126][ T37] audit: type=1326 audit(1760841675.630:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6a30e95e67 code=0x7ffc0000 [ 154.381175][ T37] audit: type=1326 audit(1760841675.630:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6363 comm="syz.0.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a30e3b099 code=0x7ffc0000 [ 154.406851][ T5899] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 154.574748][ T5899] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 154.574776][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.574794][ T5899] usb 5-1: Product: syz [ 154.574807][ T5899] usb 5-1: Manufacturer: syz [ 154.574931][ T5899] usb 5-1: SerialNumber: syz [ 154.610097][ T5899] usb 5-1: config 0 descriptor?? [ 154.893167][ T5899] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 161.448108][ T5899] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 161.492875][ T5899] usb 5-1: USB disconnect, device number 5 [ 161.712384][ T37] kauditd_printk_skb: 94 callbacks suppressed [ 161.712402][ T37] audit: type=1326 audit(1760841682.960:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 161.712450][ T37] audit: type=1326 audit(1760841682.960:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 161.712492][ T37] audit: type=1326 audit(1760841682.960:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 161.712534][ T37] audit: type=1326 audit(1760841682.960:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 161.712576][ T37] audit: type=1326 audit(1760841682.960:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6a30e9efc9 code=0x7ffc0000 [ 161.712618][ T37] audit: type=1326 audit(1760841682.960:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6a30e9f003 code=0x7ffc0000 [ 161.712659][ T37] audit: type=1326 audit(1760841682.960:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6a30e9f003 code=0x7ffc0000 [ 161.719356][ T37] audit: type=1326 audit(1760841682.970:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6a30e95e67 code=0x7ffc0000 [ 161.719407][ T37] audit: type=1326 audit(1760841682.970:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a30e3b099 code=0x7ffc0000 [ 161.729388][ T37] audit: type=1326 audit(1760841682.980:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6a30e95e67 code=0x7ffc0000 [ 162.067420][ T994] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 162.251966][ T994] usb 3-1: Using ep0 maxpacket: 32 [ 162.255835][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 162.333286][ T994] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 162.333314][ T994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.333333][ T994] usb 3-1: Product: syz [ 162.333347][ T994] usb 3-1: Manufacturer: syz [ 162.333361][ T994] usb 3-1: SerialNumber: syz [ 162.342700][ T994] usb 3-1: config 0 descriptor?? [ 162.765143][ T994] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 163.368223][ T994] gs_usb 3-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 163.368982][ T994] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71 [ 163.430569][ T994] usb 3-1: USB disconnect, device number 4 [ 163.662700][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.361873][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.571926][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.656762][ T994] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 165.809060][ T994] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.809109][ T994] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 165.809131][ T994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.827672][ T994] usb 4-1: config 0 descriptor?? [ 165.831824][ C1] vkms_vblank_simulate: vblank timer overrun [ 166.422832][ T994] steelseries 0003:1038:12B6.0001: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.3-1/input0 [ 166.767228][ T994] steelseries 0003:1038:12B6.0001: hid_hw_raw_request() failed with -71 [ 166.831417][ T994] usb 4-1: USB disconnect, device number 3 [ 167.332329][ T37] kauditd_printk_skb: 105 callbacks suppressed [ 167.332347][ T37] audit: type=1326 audit(1760841688.580:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8871d25e67 code=0x7ffc0000 [ 167.334135][ T37] audit: type=1326 audit(1760841688.580:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8871ccb099 code=0x7ffc0000 [ 167.335524][ T37] audit: type=1326 audit(1760841688.580:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8871d25e67 code=0x7ffc0000 [ 167.335789][ T37] audit: type=1326 audit(1760841688.580:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8871ccb099 code=0x7ffc0000 [ 167.337323][ T37] audit: type=1326 audit(1760841688.590:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 167.338552][ T37] audit: type=1326 audit(1760841688.590:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 167.340031][ T37] audit: type=1326 audit(1760841688.590:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 167.342179][ T37] audit: type=1326 audit(1760841688.590:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 167.348323][ T37] audit: type=1326 audit(1760841688.590:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8871d2f003 code=0x7ffc0000 [ 167.348713][ T37] audit: type=1326 audit(1760841688.600:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6482 comm="syz.3.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8871d25e67 code=0x7ffc0000 [ 168.624016][ T6502] syz.2.175 uses obsolete (PF_INET,SOCK_PACKET) [ 169.115618][ T6508] netlink: 'syz.4.178': attribute type 30 has an invalid length. [ 169.336866][ T5899] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 169.503558][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.521445][ T5899] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 169.521472][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.552913][ T5899] usb 2-1: config 0 descriptor?? [ 169.610340][ T994] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 169.756971][ T994] usb 3-1: Using ep0 maxpacket: 32 [ 169.771919][ T994] usb 3-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42 [ 169.771936][ T994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.771946][ T994] usb 3-1: Product: syz [ 169.771953][ T994] usb 3-1: Manufacturer: syz [ 169.771960][ T994] usb 3-1: SerialNumber: syz [ 169.843352][ T994] usb 3-1: config 0 descriptor?? [ 169.879307][ T994] ttusb_dec_send_command: command bulk message failed: error -22 [ 169.879800][ T994] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22 [ 169.954413][ T6513] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.959906][ T6513] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.972284][ T5899] usbhid 2-1:0.0: can't add hid device: -71 [ 169.972488][ T5899] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 169.994776][ T5899] usb 2-1: USB disconnect, device number 4 [ 170.206980][ T31] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 170.437165][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 171.065288][ T31] usb 4-1: config 6 has an invalid interface number: 170 but max is 0 [ 171.065314][ T31] usb 4-1: config 6 has no interface number 0 [ 171.092492][ T31] usb 4-1: New USB device found, idVendor=a168, idProduct=0611, bcdDevice=81.2f [ 171.092569][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.092580][ T31] usb 4-1: Product: syz [ 171.092588][ T31] usb 4-1: Manufacturer: syz [ 171.092595][ T31] usb 4-1: SerialNumber: syz [ 171.354781][ T31] gspca_main: gspca_sn9c20x-2.14.0 probing a168:0611 [ 171.355315][ T31] gspca_sn9c20x: Write register 1000 failed -71 [ 171.355333][ T31] gspca_sn9c20x: Device initialization failed [ 171.355384][ T31] gspca_sn9c20x 4-1:6.170: probe with driver gspca_sn9c20x failed with error -71 [ 171.387000][ T31] usb 4-1: USB disconnect, device number 4 [ 171.545386][ T6513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.565197][ T6513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.472476][ T9] usb 3-1: USB disconnect, device number 5 [ 173.708644][ T6543] netlink: 165 bytes leftover after parsing attributes in process `syz.1.187'. [ 175.366724][ T9] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 175.522037][ T9] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 175.522065][ T9] usb 4-1: config 0 has no interface number 0 [ 175.522114][ T9] usb 4-1: config 0 interface 41 has no altsetting 0 [ 175.524588][ T9] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 175.524616][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.524635][ T9] usb 4-1: Product: syz [ 175.524647][ T9] usb 4-1: Manufacturer: syz [ 175.524659][ T9] usb 4-1: SerialNumber: syz [ 175.576661][ T5889] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 175.589562][ T9] usb 4-1: config 0 descriptor?? [ 175.736715][ T5889] usb 2-1: Using ep0 maxpacket: 32 [ 175.739123][ T5889] usb 2-1: config 0 interface 0 has no altsetting 0 [ 175.742180][ T5889] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 175.742205][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.742224][ T5889] usb 2-1: Product: syz [ 175.742237][ T5889] usb 2-1: Manufacturer: syz [ 175.742250][ T5889] usb 2-1: SerialNumber: syz [ 175.748594][ T5889] usb 2-1: config 0 descriptor?? [ 176.051258][ T162] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.051304][ T162] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.051340][ T162] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.051427][ T162] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.218610][ T9] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -32 [ 176.221730][ T5889] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 176.450303][ T37] kauditd_printk_skb: 58 callbacks suppressed [ 176.450493][ T37] audit: type=1326 audit(1760841697.650:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6566 comm="syz.2.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d78fefc9 code=0x7ffc0000 [ 176.450818][ T37] audit: type=1326 audit(1760841697.650:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6566 comm="syz.2.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d78fefc9 code=0x7ffc0000 [ 176.451963][ T37] audit: type=1326 audit(1760841697.660:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6566 comm="syz.2.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fa6d78fefc9 code=0x7ffc0000 [ 176.452904][ T37] audit: type=1326 audit(1760841697.660:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6566 comm="syz.2.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d78fefc9 code=0x7ffc0000 [ 176.453767][ T37] audit: type=1326 audit(1760841697.660:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6566 comm="syz.2.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d78fefc9 code=0x7ffc0000 [ 176.631679][ T5889] gs_usb 2-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 176.654001][ T5889] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -32 [ 177.684752][ T9] usb 4-1: USB disconnect, device number 5 [ 178.385556][ T5787] usb 2-1: USB disconnect, device number 5 [ 178.618376][ T6586] 9pnet_fd: Insufficient options for proto=fd [ 179.102636][ T37] audit: type=1326 audit(1760841700.230:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 179.103550][ T37] audit: type=1326 audit(1760841700.230:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 179.103843][ T37] audit: type=1326 audit(1760841700.230:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 179.104092][ T37] audit: type=1326 audit(1760841700.230:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 179.104531][ T37] audit: type=1326 audit(1760841700.230:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 180.066792][ T6602] netlink: 165 bytes leftover after parsing attributes in process `syz.0.204'. [ 183.616680][ T5975] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 183.826685][ T5975] usb 3-1: Using ep0 maxpacket: 32 [ 183.833161][ T5975] usb 3-1: config 0 interface 0 has no altsetting 0 [ 183.839078][ T5975] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 183.839111][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.839129][ T5975] usb 3-1: Product: syz [ 183.839142][ T5975] usb 3-1: Manufacturer: syz [ 183.839156][ T5975] usb 3-1: SerialNumber: syz [ 183.853070][ T6638] 9pnet_fd: Insufficient options for proto=fd [ 183.967324][ T5975] usb 3-1: config 0 descriptor?? [ 184.381301][ T5975] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 184.584410][ T5975] gs_usb 3-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 184.584460][ T5975] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -32 [ 185.326694][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 185.481414][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 185.496182][ T9] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 185.496210][ T9] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 185.496229][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 185.496247][ T9] usb 4-1: config 1 has no interface number 0 [ 185.496308][ T9] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 185.496330][ T9] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 185.496371][ T9] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 185.496393][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.550306][ T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 185.641561][ T5975] usb 3-1: USB disconnect, device number 6 [ 185.738963][ T9] snd_usb_pod 4-1:1.1: invalid control EP [ 185.738981][ T9] snd_usb_pod 4-1:1.1: cannot start listening: -22 [ 185.739731][ T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 185.740325][ T9] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 188.897361][ T9] usb 4-1: USB disconnect, device number 6 [ 189.377566][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 189.636910][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 189.717374][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.946365][ T9] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 189.946394][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.946412][ T9] usb 4-1: Product: syz [ 189.946425][ T9] usb 4-1: Manufacturer: syz [ 189.946439][ T9] usb 4-1: SerialNumber: syz [ 190.168739][ T9] usb 4-1: config 0 descriptor?? [ 190.843632][ T9] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 191.318403][ T9] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 191.318482][ T9] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -32 [ 192.594085][ T5787] usb 4-1: USB disconnect, device number 7 [ 192.898213][ T6719] netlink: 165 bytes leftover after parsing attributes in process `syz.2.239'. [ 194.431539][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.491557][ T6726] Bluetooth: MGMT ver 1.23 [ 195.154238][ T6737] nvme_fabrics: missing parameter 'transport=%s' [ 195.154255][ T6737] nvme_fabrics: missing parameter 'nqn=%s' [ 195.228144][ T6740] nvme_fabrics: missing parameter 'transport=%s' [ 195.228161][ T6740] nvme_fabrics: missing parameter 'nqn=%s' [ 201.246658][ T1562] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 201.400686][ T1562] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 201.400712][ T1562] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.402575][ T1562] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 201.402600][ T1562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 201.402618][ T1562] usb 1-1: SerialNumber: syz [ 201.466672][ T5899] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 201.620297][ T5899] usb 5-1: too many endpoints for config 1 interface 0 altsetting 93: 255, using maximum allowed: 30 [ 201.620351][ T5899] usb 5-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 201.620376][ T5899] usb 5-1: config 1 interface 0 has no altsetting 0 [ 201.621879][ T5899] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 201.621906][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 201.621924][ T5899] usb 5-1: SerialNumber: syz [ 201.752082][ T1562] usb 1-1: 0:2 : does not exist [ 201.895339][ T5899] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 201.922533][ T1562] usb 1-1: USB disconnect, device number 2 [ 201.946960][ T5899] usb 5-1: USB disconnect, device number 6 [ 203.082132][ T6080] udevd[6080]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 203.526719][ T5899] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 203.670119][ T5899] usb 5-1: device descriptor read/64, error -71 [ 203.756644][ T1562] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 203.911079][ T1562] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 203.911106][ T1562] usb 1-1: config 0 has no interface number 0 [ 203.911154][ T1562] usb 1-1: config 0 interface 41 has no altsetting 0 [ 203.918086][ T5899] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 203.929591][ T1562] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 203.929619][ T1562] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.929636][ T1562] usb 1-1: Product: syz [ 203.929649][ T1562] usb 1-1: Manufacturer: syz [ 203.929661][ T1562] usb 1-1: SerialNumber: syz [ 203.943472][ T1562] usb 1-1: config 0 descriptor?? [ 204.058232][ T5899] usb 5-1: device descriptor read/64, error -71 [ 204.359129][ T5899] usb usb5-port1: attempt power cycle [ 204.965616][ T5899] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 205.020966][ T6842] binder: Unknown parameter 'batadv' [ 205.181788][ T5899] usb 5-1: device descriptor read/8, error -71 [ 205.358885][ T1562] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -32 [ 205.486669][ T5899] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 205.507429][ T5899] usb 5-1: device descriptor read/8, error -71 [ 205.573376][ T6845] netlink: 20 bytes leftover after parsing attributes in process `syz.1.285'. [ 205.617119][ T5899] usb usb5-port1: unable to enumerate USB device [ 205.848083][ T37] audit: type=1326 audit(1760841727.090:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 205.848134][ T37] audit: type=1326 audit(1760841727.100:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 205.848175][ T37] audit: type=1326 audit(1760841727.100:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 205.848218][ T37] audit: type=1326 audit(1760841727.100:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8871d2efc9 code=0x7ffc0000 [ 205.848259][ T37] audit: type=1326 audit(1760841727.100:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8871d2f003 code=0x7ffc0000 [ 205.848299][ T37] audit: type=1326 audit(1760841727.100:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8871d2f003 code=0x7ffc0000 [ 205.854965][ T37] audit: type=1326 audit(1760841727.100:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8871d25e67 code=0x7ffc0000 [ 205.855017][ T37] audit: type=1326 audit(1760841727.100:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8871ccb099 code=0x7ffc0000 [ 205.864971][ T37] audit: type=1326 audit(1760841727.110:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8871d25e67 code=0x7ffc0000 [ 205.865021][ T37] audit: type=1326 audit(1760841727.110:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6850 comm="syz.3.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8871ccb099 code=0x7ffc0000 [ 206.429788][ T5787] usb 1-1: USB disconnect, device number 3 [ 211.296719][ T5975] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 211.331285][ T6908] netlink: 20 bytes leftover after parsing attributes in process `syz.1.306'. [ 211.446623][ T5975] usb 3-1: Using ep0 maxpacket: 8 [ 211.450342][ T5975] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 211.450373][ T5975] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 211.450395][ T5975] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 211.450416][ T5975] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 211.450456][ T5975] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 211.450477][ T5975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.725582][ T6912] Invalid ELF header magic: != ELF [ 211.742651][ T5975] usb 3-1: usb_control_msg returned -32 [ 211.742681][ T5975] usbtmc 3-1:16.0: can't read capabilities [ 211.823580][ T5975] usb 3-1: USB disconnect, device number 7 [ 211.899544][ T5817] Bluetooth: hci1: command 0x0406 tx timeout [ 211.899581][ T5817] Bluetooth: hci2: command 0x0406 tx timeout [ 211.899599][ T5819] Bluetooth: hci3: command 0x0406 tx timeout [ 211.900295][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 213.038963][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.531231][ T6949] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 215.167398][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.367847][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.895072][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.116693][ T1562] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 216.315734][ T1562] usb 4-1: device descriptor read/64, error -71 [ 216.546660][ T1562] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 216.676651][ T1562] usb 4-1: device descriptor read/64, error -71 [ 216.787122][ T1562] usb usb4-port1: attempt power cycle [ 217.136634][ T1562] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 217.159615][ T1562] usb 4-1: device descriptor read/8, error -71 [ 217.657430][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.228760][ T1562] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 218.247462][ T1562] usb 4-1: device descriptor read/8, error -71 [ 218.279053][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.460532][ T1562] usb usb4-port1: unable to enumerate USB device [ 218.831475][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.639147][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.640640][ T1562] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 220.792915][ T1562] usb 1-1: New USB device found, idVendor=046d, idProduct=c286, bcdDevice= 0.00 [ 220.792943][ T1562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.882391][ T1562] usb 1-1: config 0 descriptor?? [ 221.321014][ T1562] logitech 0003:046D:C286.0002: hidraw0: USB HID v0.05 Device [HID 046d:c286] on usb-dummy_hcd.0-1/input0 [ 221.321058][ T1562] logitech 0003:046D:C286.0002: no inputs found [ 221.396751][ T5787] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 221.508030][ T1562] usb 1-1: USB disconnect, device number 4 [ 221.546764][ T5787] usb 3-1: Using ep0 maxpacket: 32 [ 221.578599][ T5787] usb 3-1: config 0 interface 0 has no altsetting 0 [ 221.584143][ T5787] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 221.584170][ T5787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.584190][ T5787] usb 3-1: Product: syz [ 221.584202][ T5787] usb 3-1: Manufacturer: syz [ 221.584214][ T5787] usb 3-1: SerialNumber: syz [ 221.632654][ T5787] usb 3-1: config 0 descriptor?? [ 221.698303][ T7019] fido_id[7019]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 222.041845][ T5787] gs_usb 3-1:0.0: Configuring for 150 interfaces [ 222.245133][ T5787] gs_usb 3-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 222.245208][ T5787] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -32 [ 222.755540][ T7023] netlink: 9 bytes leftover after parsing attributes in process `syz.0.346'. [ 222.755988][ T7023] gretap0: entered promiscuous mode [ 224.017533][ T994] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 224.021688][ T5899] usb 3-1: USB disconnect, device number 8 [ 224.209124][ T994] usb 5-1: config 134 has an invalid interface number: 4 but max is 0 [ 224.209150][ T994] usb 5-1: config 134 has no interface number 0 [ 224.209178][ T994] usb 5-1: config 134 interface 4 has no altsetting 0 [ 224.250181][ T994] usb 5-1: New USB device found, idVendor=1e2d, idProduct=0053, bcdDevice=52.30 [ 224.250208][ T994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.250226][ T994] usb 5-1: Product: syz [ 224.250239][ T994] usb 5-1: Manufacturer: syz [ 224.250252][ T994] usb 5-1: SerialNumber: syz [ 224.578974][ T994] usb 5-1: USB disconnect, device number 11 [ 226.567542][ T7057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.358'. [ 228.079423][ T31] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 228.373675][ T31] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 228.373706][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.422659][ T31] usb 1-1: config 0 descriptor?? [ 229.478666][ T31] usb 1-1: Cannot set autoneg [ 229.478945][ T31] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 229.620587][ T31] usb 1-1: USB disconnect, device number 5 [ 231.186628][ T1562] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 231.442021][ T1562] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 231.442051][ T1562] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.442071][ T1562] usb 2-1: Product: syz [ 231.442084][ T1562] usb 2-1: Manufacturer: syz [ 231.442097][ T1562] usb 2-1: SerialNumber: syz [ 231.449048][ T1562] usb 2-1: config 0 descriptor?? [ 232.315774][ T1562] usb 2-1: f81604_read: reg: 105 failed: -EPIPE [ 232.315800][ T1562] f81604 2-1:0.0: Setting termination of CH#1 failed: -EPIPE [ 232.315838][ T1562] f81604 2-1:0.0: probe with driver f81604 failed with error -32 [ 233.462199][ T7115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.378'. [ 233.937583][ T9] usb 2-1: USB disconnect, device number 6 [ 234.262470][ T7130] input: syz0 as /devices/virtual/input/input8 [ 234.564021][ T7134] 9pnet_fd: Insufficient options for proto=fd [ 235.953353][ T44] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 237.026629][ T44] usb 3-1: Using ep0 maxpacket: 8 [ 237.031393][ T44] usb 3-1: unable to get BOS descriptor or descriptor too short [ 237.033711][ T44] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.033734][ T44] usb 3-1: config 0 has no interfaces? [ 237.037885][ T44] usb 3-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 237.037910][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.037928][ T44] usb 3-1: Product: syz [ 237.037941][ T44] usb 3-1: Manufacturer: syz [ 237.037954][ T44] usb 3-1: SerialNumber: syz [ 237.044697][ T44] usb 3-1: config 0 descriptor?? [ 237.618160][ T7159] netlink: 'syz.2.389': attribute type 4 has an invalid length. [ 237.618212][ T7159] netlink: 17 bytes leftover after parsing attributes in process `syz.2.389'. [ 240.163480][ T44] usb 3-1: USB disconnect, device number 9 [ 240.787140][ T44] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 241.058883][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 241.285036][ T44] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 241.285063][ T44] usb 4-1: config 0 has no interface number 0 [ 241.285138][ T44] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.285162][ T44] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.285201][ T44] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 241.285222][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.308877][ T7182] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 241.373091][ T44] usb 4-1: config 0 descriptor?? [ 241.956687][ T5787] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 241.986922][ T31] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 242.027686][ T44] uclogic 0003:28BD:0094.0003: pen parameters not found [ 242.027705][ T44] uclogic 0003:28BD:0094.0003: interface is invalid, ignoring [ 242.130467][ T5787] usb 5-1: Using ep0 maxpacket: 32 [ 242.148794][ T5787] usb 5-1: config 0 interface 0 has no altsetting 0 [ 242.149903][ T31] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 242.149928][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.153238][ T5787] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 242.153263][ T5787] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.153280][ T5787] usb 5-1: Product: syz [ 242.153291][ T5787] usb 5-1: Manufacturer: syz [ 242.153303][ T5787] usb 5-1: SerialNumber: syz [ 242.214978][ T31] usb 2-1: config 0 descriptor?? [ 242.222990][ T5787] usb 5-1: config 0 descriptor?? [ 242.234297][ T44] usb 4-1: USB disconnect, device number 12 [ 242.640346][ T5787] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 243.046193][ T5787] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPIPE) [ 244.434876][ T31] usb 2-1: Cannot set autoneg [ 244.435124][ T31] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 244.485887][ T31] usb 2-1: USB disconnect, device number 7 [ 244.552165][ T5787] usb 5-1: USB disconnect, device number 12 [ 250.796652][ T5975] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 252.544197][ T5975] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 252.544226][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.550765][ T5975] usb 4-1: config 0 descriptor?? [ 254.605748][ T5975] usb 4-1: Cannot set autoneg [ 254.608424][ T5975] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 254.812772][ T5975] usb 4-1: USB disconnect, device number 13 [ 255.318233][ T7306] netlink: 108 bytes leftover after parsing attributes in process `syz.2.438'. [ 255.686888][ T5975] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 255.776936][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 255.836691][ T5975] usb 5-1: Using ep0 maxpacket: 32 [ 256.204914][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.239257][ T5975] usb 5-1: config 0 has an invalid interface number: 35 but max is 0 [ 256.239284][ T5975] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.239301][ T5975] usb 5-1: config 0 has no interface number 0 [ 256.281063][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.281119][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 256.281131][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.285810][ T5975] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 256.285837][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.285850][ T5975] usb 5-1: Product: syz [ 256.285857][ T5975] usb 5-1: Manufacturer: syz [ 256.285864][ T5975] usb 5-1: SerialNumber: syz [ 256.438337][ T5975] usb 5-1: config 0 descriptor?? [ 256.442604][ T10] usb 2-1: config 0 descriptor?? [ 256.520609][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 256.885332][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 256.886457][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 256.901206][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 256.902331][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 256.903288][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 256.904161][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 256.905203][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 256.906226][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 256.948222][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 257.150946][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 257.151325][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 257.151707][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 257.152059][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 257.154919][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 257.155370][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 257.700322][ T10] pwc: Registered as video103. [ 257.703738][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 257.779849][ T10] usb 2-1: USB disconnect, device number 8 [ 258.214167][ T7338] dlm: no locking on control device [ 258.486367][ T10] usb 5-1: USB disconnect, device number 13 [ 261.640886][ T5899] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 262.106179][ T5899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.106237][ T5899] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 262.106259][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.155437][ T5899] usb 3-1: config 0 descriptor?? [ 262.168815][ T5899] pwc: Askey VC010 type 2 USB webcam detected. [ 262.587601][ T5899] pwc: recv_control_msg error -32 req 02 val 2b00 [ 262.588258][ T5899] pwc: recv_control_msg error -32 req 02 val 2700 [ 262.588754][ T5899] pwc: recv_control_msg error -32 req 02 val 2c00 [ 262.589272][ T5899] pwc: recv_control_msg error -32 req 04 val 1000 [ 262.589937][ T5899] pwc: recv_control_msg error -32 req 04 val 1300 [ 262.628811][ T5899] pwc: recv_control_msg error -32 req 04 val 1400 [ 262.629399][ T5899] pwc: recv_control_msg error -32 req 02 val 2000 [ 262.631393][ T5899] pwc: recv_control_msg error -32 req 02 val 2100 [ 262.631967][ T5899] pwc: recv_control_msg error -32 req 04 val 1500 [ 262.834831][ T5899] pwc: recv_control_msg error -71 req 02 val 2400 [ 262.835342][ T5899] pwc: recv_control_msg error -71 req 02 val 2600 [ 262.835814][ T5899] pwc: recv_control_msg error -71 req 02 val 2900 [ 262.836286][ T5899] pwc: recv_control_msg error -71 req 02 val 2800 [ 262.866830][ T5899] pwc: recv_control_msg error -71 req 04 val 1100 [ 262.869280][ T5899] pwc: recv_control_msg error -71 req 04 val 1200 [ 262.898420][ T5899] pwc: Registered as video103. [ 262.901889][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11 [ 263.089685][ T5899] usb 3-1: USB disconnect, device number 10 [ 264.586669][ T1562] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 264.759209][ T1562] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.759257][ T1562] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 264.759278][ T1562] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.080917][ T1562] usb 3-1: config 0 descriptor?? [ 266.611533][ T1562] steelseries 0003:1038:12B6.0004: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.2-1/input0 [ 267.558018][ T1562] steelseries 0003:1038:12B6.0004: hid_hw_raw_request() failed with -71 [ 268.240994][ T1562] usb 3-1: USB disconnect, device number 11 [ 269.433334][ C0] vkms_vblank_simulate: vblank timer overrun [ 270.329140][ C0] vkms_vblank_simulate: vblank timer overrun [ 270.645560][ C0] vkms_vblank_simulate: vblank timer overrun [ 270.910301][ C0] vkms_vblank_simulate: vblank timer overrun [ 271.007550][ C0] [ 271.007550][ C0] vkms_vblank_simulate: vblank timer overrun [ 271.038455][ T7458] ================================================================== [ 271.038473][ T7458] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 271.038519][ T7458] Read of size 8 at addr ffff8880351636f8 by task syz.4.486/7458 [ 271.038536][ T7458] [ 271.038557][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz.4.486 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 271.038581][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 271.038600][ T7458] Call Trace: [ 271.038611][ T7458] [ 271.038620][ T7458] dump_stack_lvl+0x189/0x250 [ 271.038644][ T7458] ? __kasan_check_byte+0x12/0x40 [ 271.038666][ T7458] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.038688][ T7458] ? lock_release+0x4b/0x3e0 [ 271.038716][ T7458] ? __virt_addr_valid+0x4a5/0x5c0 [ 271.038740][ T7458] print_report+0xca/0x240 [ 271.038766][ T7458] ? change_page_attr_set_clr+0x625/0xfc0 [ 271.038792][ T7458] kasan_report+0x118/0x150 [ 271.038813][ T7458] ? change_page_attr_set_clr+0x625/0xfc0 [ 271.038844][ T7458] change_page_attr_set_clr+0x625/0xfc0 [ 271.038874][ T7458] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 271.038901][ T7458] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 271.038932][ T7458] ? memtype_reserve+0x874/0xb30 [ 271.038963][ T7458] _set_pages_array+0x145/0x270 [ 271.038984][ T7458] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 271.039007][ T7458] ? drm_gem_shmem_mmap+0x18b/0x450 [ 271.039031][ T7458] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 271.039057][ T7458] ? rt_read_unlock+0x150/0x220 [ 271.039083][ T7458] drm_gem_shmem_mmap+0x193/0x450 [ 271.039107][ T7458] drm_gem_mmap_obj+0x18a/0x4e0 [ 271.039127][ T7458] drm_gem_mmap+0x38d/0x640 [ 271.039146][ T7458] ? __pfx_drm_gem_mmap+0x10/0x10 [ 271.039166][ T7458] ? __mas_set_range+0x12f/0x3c0 [ 271.039192][ T7458] mmap_region+0x18c9/0x20f0 [ 271.039216][ T7458] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.039251][ T7458] ? __pfx_mmap_region+0x10/0x10 [ 271.039309][ T7458] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 271.039345][ T7458] ? bpf_lsm_mmap_addr+0x9/0x20 [ 271.039367][ T7458] ? security_mmap_addr+0x71/0x270 [ 271.039392][ T7458] ? shmem_mapping+0xd/0x50 [ 271.039418][ T7458] ? memfd_check_seals_mmap+0xcb/0x210 [ 271.039443][ T7458] do_mmap+0xc23/0x10c0 [ 271.039464][ T7458] ? __pfx_do_mmap+0x10/0x10 [ 271.039480][ T7458] ? rwbase_write_lock+0x56f/0x750 [ 271.039501][ T7458] ? __lock_acquire+0xab9/0xd20 [ 271.039523][ T7458] vm_mmap_pgoff+0x2a9/0x4d0 [ 271.039554][ T7458] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 271.039581][ T7458] ? __fget_files+0x2a/0x420 [ 271.039603][ T7458] ? __fget_files+0x3a6/0x420 [ 271.039622][ T7458] ? __fget_files+0x2a/0x420 [ 271.039643][ T7458] ksys_mmap_pgoff+0x4e9/0x720 [ 271.039661][ T7458] ? __x64_sys_mmap+0x7f/0x140 [ 271.039689][ T7458] do_syscall_64+0xfa/0xfa0 [ 271.039716][ T7458] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.039742][ T7458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.039761][ T7458] ? clear_bhb_loop+0x60/0xb0 [ 271.039783][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.039802][ T7458] RIP: 0033:0x7facc3daefc9 [ 271.039825][ T7458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.039846][ T7458] RSP: 002b:00007facc1bb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 271.039876][ T7458] RAX: ffffffffffffffda RBX: 00007facc4006270 RCX: 00007facc3daefc9 [ 271.039892][ T7458] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 271.039905][ T7458] RBP: 00007facc3e31f91 R08: 0000000000000007 R09: 0000000100000000 [ 271.039919][ T7458] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 271.039937][ T7458] R13: 00007facc4006308 R14: 00007facc4006270 R15: 00007ffdac10be48 [ 271.039960][ T7458] [ 271.039967][ T7458] [ 271.039975][ T7458] Allocated by task 7458: [ 271.039985][ T7458] kasan_save_track+0x3e/0x80 [ 271.040001][ T7458] __kasan_kmalloc+0x93/0xb0 [ 271.040017][ T7458] __kvmalloc_node_noprof+0x3fd/0x920 [ 271.040037][ T7458] drm_gem_get_pages+0x169/0xa30 [ 271.040063][ T7458] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 271.040083][ T7458] drm_gem_shmem_mmap+0x193/0x450 [ 271.040103][ T7458] drm_gem_mmap_obj+0x18a/0x4e0 [ 271.040119][ T7458] drm_gem_mmap+0x38d/0x640 [ 271.040134][ T7458] mmap_region+0x18c9/0x20f0 [ 271.040156][ T7458] do_mmap+0xc23/0x10c0 [ 271.040170][ T7458] vm_mmap_pgoff+0x2a9/0x4d0 [ 271.040193][ T7458] ksys_mmap_pgoff+0x4e9/0x720 [ 271.040208][ T7458] do_syscall_64+0xfa/0xfa0 [ 271.040232][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.040249][ T7458] [ 271.040254][ T7458] The buggy address belongs to the object at ffff888035163600 [ 271.040254][ T7458] which belongs to the cache kmalloc-256 of size 256 [ 271.040270][ T7458] The buggy address is located 0 bytes to the right of [ 271.040270][ T7458] allocated 248-byte region [ffff888035163600, ffff8880351636f8) [ 271.040290][ T7458] [ 271.040295][ T7458] The buggy address belongs to the physical page: [ 271.040313][ T7458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35162 [ 271.040331][ T7458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 271.040347][ T7458] ksm flags: 0x80000000000040(head|node=0|zone=1) [ 271.040367][ T7458] page_type: f5(slab) [ 271.040387][ T7458] raw: 0080000000000040 ffff88813ff26b40 ffffea00008eac80 dead000000000007 [ 271.040403][ T7458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 271.040422][ T7458] head: 0080000000000040 ffff88813ff26b40 ffffea00008eac80 dead000000000007 [ 271.040439][ T7458] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 271.040457][ T7458] head: 0080000000000001 ffffea0000d45881 00000000ffffffff 00000000ffffffff [ 271.040473][ T7458] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 [ 271.040483][ T7458] page dumped because: kasan: bad access detected [ 271.040496][ T7458] page_owner tracks the page as allocated [ 271.040503][ T7458] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5169, tgid 5169 (udevadm), ts 29011847089, free_ts 28874042030 [ 271.040536][ T7458] post_alloc_hook+0x240/0x2a0 [ 271.040553][ T7458] get_page_from_freelist+0x28c0/0x2960 [ 271.040575][ T7458] __alloc_frozen_pages_noprof+0x181/0x370 [ 271.040595][ T7458] alloc_pages_mpol+0xd1/0x380 [ 271.040614][ T7458] allocate_slab+0x96/0x3a0 [ 271.040636][ T7458] ___slab_alloc+0xb12/0x13f0 [ 271.040656][ T7458] __slab_alloc+0xc6/0x1f0 [ 271.040676][ T7458] __kmalloc_cache_noprof+0xec/0x6c0 [ 271.040693][ T7458] smk_fetch+0x95/0x140 [ 271.040717][ T7458] smack_d_instantiate+0x6f5/0x940 [ 271.040738][ T7458] security_d_instantiate+0x10a/0x200 [ 271.040754][ T7458] d_splice_alias_ops+0x71/0x370 [ 271.040777][ T7458] path_openat+0x110d/0x3840 [ 271.040799][ T7458] do_filp_open+0x1fa/0x410 [ 271.040821][ T7458] do_sys_openat2+0x121/0x1c0 [ 271.040841][ T7458] __x64_sys_openat+0x138/0x170 [ 271.040862][ T7458] page last free pid 5174 tgid 5174 stack trace: [ 271.040872][ T7458] __free_frozen_pages+0xfb6/0x1140 [ 271.040890][ T7458] __slab_free+0x2c6/0x370 [ 271.040912][ T7458] qlist_free_all+0x97/0x140 [ 271.040940][ T7458] kasan_quarantine_reduce+0x148/0x160 [ 271.040965][ T7458] __kasan_slab_alloc+0x22/0x80 [ 271.040981][ T7458] kmem_cache_alloc_node_noprof+0x23b/0x6e0 [ 271.041007][ T7458] __alloc_skb+0x112/0x2d0 [ 271.041031][ T7458] netlink_sendmsg+0x5c6/0xb30 [ 271.041055][ T7458] __sock_sendmsg+0x21c/0x270 [ 271.041074][ T7458] ____sys_sendmsg+0x508/0x820 [ 271.041089][ T7458] ___sys_sendmsg+0x21f/0x2a0 [ 271.041104][ T7458] __x64_sys_sendmsg+0x1a1/0x260 [ 271.041119][ T7458] do_syscall_64+0xfa/0xfa0 [ 271.041143][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.041161][ T7458] [ 271.041165][ T7458] Memory state around the buggy address: [ 271.041174][ T7458] ffff888035163580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.041188][ T7458] ffff888035163600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 271.041201][ T7458] >ffff888035163680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 271.041210][ T7458] ^ [ 271.041222][ T7458] ffff888035163700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.041234][ T7458] ffff888035163780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 271.041244][ T7458] ================================================================== [ 271.041263][ T7458] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 271.041279][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz.4.486 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 271.041301][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 271.041312][ T7458] Call Trace: [ 271.041320][ T7458] [ 271.041328][ T7458] dump_stack_lvl+0x99/0x250 [ 271.041351][ T7458] ? __asan_memcpy+0x40/0x70 [ 271.041376][ T7458] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.041398][ T7458] ? __pfx__printk+0x10/0x10 [ 271.041427][ T7458] vpanic+0x237/0x6d0 [ 271.041445][ T7458] ? __pfx_vpanic+0x10/0x10 [ 271.041469][ T7458] panic+0xb9/0xc0 [ 271.041485][ T7458] ? __pfx_panic+0x10/0x10 [ 271.041502][ T7458] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 271.041532][ T7458] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 271.041563][ T7458] ? change_page_attr_set_clr+0x625/0xfc0 [ 271.041589][ T7458] check_panic_on_warn+0x89/0xb0 [ 271.041613][ T7458] ? change_page_attr_set_clr+0x625/0xfc0 [ 271.041638][ T7458] end_report+0x78/0x160 [ 271.041657][ T7458] kasan_report+0x129/0x150 [ 271.041678][ T7458] ? change_page_attr_set_clr+0x625/0xfc0 [ 271.041708][ T7458] change_page_attr_set_clr+0x625/0xfc0 [ 271.041738][ T7458] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 271.041764][ T7458] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 271.041787][ T7458] ? memtype_reserve+0x874/0xb30 [ 271.041818][ T7458] _set_pages_array+0x145/0x270 [ 271.041838][ T7458] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 271.041861][ T7458] ? drm_gem_shmem_mmap+0x18b/0x450 [ 271.041884][ T7458] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 271.041910][ T7458] ? rt_read_unlock+0x150/0x220 [ 271.041940][ T7458] drm_gem_shmem_mmap+0x193/0x450 [ 271.041964][ T7458] drm_gem_mmap_obj+0x18a/0x4e0 [ 271.041985][ T7458] drm_gem_mmap+0x38d/0x640 [ 271.042004][ T7458] ? __pfx_drm_gem_mmap+0x10/0x10 [ 271.042024][ T7458] ? __mas_set_range+0x12f/0x3c0 [ 271.042053][ T7458] mmap_region+0x18c9/0x20f0 [ 271.042077][ T7458] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.042112][ T7458] ? __pfx_mmap_region+0x10/0x10 [ 271.042170][ T7458] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 271.042205][ T7458] ? bpf_lsm_mmap_addr+0x9/0x20 [ 271.042227][ T7458] ? security_mmap_addr+0x71/0x270 [ 271.042252][ T7458] ? shmem_mapping+0xd/0x50 [ 271.042278][ T7458] ? memfd_check_seals_mmap+0xcb/0x210 [ 271.042302][ T7458] do_mmap+0xc23/0x10c0 [ 271.042324][ T7458] ? __pfx_do_mmap+0x10/0x10 [ 271.042340][ T7458] ? rwbase_write_lock+0x56f/0x750 [ 271.042361][ T7458] ? __lock_acquire+0xab9/0xd20 [ 271.042383][ T7458] vm_mmap_pgoff+0x2a9/0x4d0 [ 271.042414][ T7458] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 271.042441][ T7458] ? __fget_files+0x2a/0x420 [ 271.042462][ T7458] ? __fget_files+0x3a6/0x420 [ 271.042481][ T7458] ? __fget_files+0x2a/0x420 [ 271.042502][ T7458] ksys_mmap_pgoff+0x4e9/0x720 [ 271.042521][ T7458] ? __x64_sys_mmap+0x7f/0x140 [ 271.042549][ T7458] do_syscall_64+0xfa/0xfa0 [ 271.042575][ T7458] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.042601][ T7458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.042620][ T7458] ? clear_bhb_loop+0x60/0xb0 [ 271.042641][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.042660][ T7458] RIP: 0033:0x7facc3daefc9 [ 271.042676][ T7458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.042692][ T7458] RSP: 002b:00007facc1bb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 271.042713][ T7458] RAX: ffffffffffffffda RBX: 00007facc4006270 RCX: 00007facc3daefc9 [ 271.042728][ T7458] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 271.042741][ T7458] RBP: 00007facc3e31f91 R08: 0000000000000007 R09: 0000000100000000 [ 271.042755][ T7458] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 271.042767][ T7458] R13: 00007facc4006308 R14: 00007facc4006270 R15: 00007ffdac10be48 [ 271.042790][ T7458] [ 271.043062][ T7458] Kernel Offset: disabled