last executing test programs: 17m4.632524102s ago: executing program 2 (id=3): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) r3 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(r2, r2) socket$vsock_stream(0x28, 0x1, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) r10 = dup(r6) write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$can_raw(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4041810}, 0x4) readv(r5, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000380)=0x1) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) syz_usb_connect(0x2, 0x52, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 16m48.977632576s ago: executing program 32 (id=3): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) r3 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(r2, r2) socket$vsock_stream(0x28, 0x1, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) r10 = dup(r6) write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c) sendmsg$can_raw(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4041810}, 0x4) readv(r5, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000380)=0x1) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) syz_usb_connect(0x2, 0x52, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 14m14.086245467s ago: executing program 4 (id=729): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000580)='$\x00\x19y\x01\xff\xb4\x9e\x95oQE\xc9\x1f|\bZ\xf44\x7f)\x03c\x9a\x85\x01V\xb8p+\x84\xfb\xe6?\x88\xe9\x98Y\x0e\xd5P\xa2\xcc\x01*\xcd%v!\x82\xf1\xaaB\x04-\x88\xeb-q8\x03\xadO\xa0F\xc5Z\x0f\xee\x94\xfcy\xa5\xa4L\xa1\xd7g\x9d\xd2m5r\xef\xe1\xd1\x87\x1aM\xa6\xa8\xa2\xef\xb0\x9e\xa9d\xee\xacl\x9c\xcb\x03\x17\xbbG\x15\xba3\xa5r<]T\xc6R\x03\xee#\x0f\x88\xc4\xd3\x02\xd1 @\r\x1cc\xe4|\x13H\xc2\x1fq\x88\xdd\x98\xe1~\xb0\xedK\x17x\v\x9b\xaa\xb4\a\xb6\x8b\x9e*=\x8f\x05\x8b\x88\xc9\x12\xa6\x8fs\x98\xf1\xfe\xcdX\xce,AD\xd2v\xf4\xe5\xd3\xf3\xf1TY\x1c\x8a\x98\xf8\xcf6\xc3>]l\xdaQ\xac\n{)\xc9\x95\xb4\x12j}8\x03\xba&\xe8p\xe8\xf0\xa4\xa6e\xbc\xef\x93%/x\x19\xaa\xb5\x97\x98A\\\x91\x9a \xa8\xf8a\xd8\x97\x1eR\xaf\xc8\x9f', 0x0) read$ptp(r0, &(0x7f0000000280)=""/176, 0xb0) 14m13.904380002s ago: executing program 4 (id=732): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x8001, 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0xc0060, &(0x7f0000001300)={[{}, {@mode={'mode', 0x3d, 0x7}}]}) 14m13.704810969s ago: executing program 4 (id=734): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r4, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r5 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r5, 0xee01, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000080, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340), 0x0) 14m12.503371239s ago: executing program 4 (id=740): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000500)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000580)="02042700ea0e0000000000001eafbcf706e105000000000000001104ee1606d4b8bf4a828bda305775c43824cee8440000", 0x31}, {&(0x7f0000000100)="126873159fca3fa38fb198e9a6b363ceb3e6d803ab766b7a38e451d14e0b3457474fe6a51671e4124fcea96a873b10996816e100ed8a93b0a9053db57d60973369f58551c3091cb88d3b", 0x4a}, {&(0x7f0000000080)="088d85d1f4f8220aee8de7932b326f8a3164ae439862807a1589836c736d2341f7", 0x21}, {&(0x7f00000002c0)="df3b46a1330000000000000000000000000000f1bfb4aa068fc60c48ae2cd8ab1fcc903b7ebd3bf583aaa8d7c8db6df62ecfbbbf9d88e22299fc6bf8966fde2978d207040000001fc672f220fb612483c7392064f03ec88c0d80463164cc66bad573b1862f7e9dd8c88d2a5ad193407968b7cc9beb08c8754c9af20ed7b26b348cbec639fad8d724cedaa9836aa9d37d2530", 0x92}, {&(0x7f00000005c0)="b72abab9439ca41f5cf14d6435575ba774ee5f5c23ff2f5176f5773d08a15668ec280cfe4ea416cf769dbf978a8191bbe006e0da50029176c0f24e3ff4d3e895a2afbf52cef2fe1ca31edd842b126ec4be67e6e3624b9ddf806fc146c645ec1d37fe7e3b025c156d5d520104b53f7fb2af436201cfd5dca170edea5a190e4786bfaac544b60f514d7ef420526c467f14790dcfa5ab915d7dbcdf2765bbcad014c991f8b829c79f53586de79f0b987ad796f9de4a6e53136a07a39ab1f5a2ce30aded70a9b72d1beff7e8b6405fd6331e5635ee71e809be2d58f412dcd7b2e856d692dbfed19045ff13244acce351b6e450395568063569c71ea80a04f83fbe6ad1d0862fb97f816576c4844da65d751ee1fdc522ae1158670de297cdb2117bc0adc1486e016a6bcc922a162fce6a9ecc8c42b0c44c566004eda037864e5f339bbb0998cdaf2b8e49ae003659bc033668f7c8e550197ed95c420461254ba1883dbd9403672d579cee85c37f103ee9a350a768286017158784baeb063c8c684b91b022b0db2238b679092a1f6909f0cd9228500e088f5cc7bac4c0dc56e80fedac93554aec79715ce02e8bf3fcbd70382f619bfe3dcf06890d8542022ee58bdfb075d319c9fc8474cadc8de5c3dd3f682d3f68324d0af7a727064053ad84c94643eef190783c616467628f84620044c084b80e3e57bfcdf293c9c36b4474a52398b35e49e2ad4a4ac090bffc5cd27d3c69b4ae5f841d5b0766ccd36d25eb58d8f01621a05744b79ede39019ab9d7a1946353d8f3b7f833ce1a102a8c97a9e3f32138ffafd305448f2518ccdb7eef594a890eaeaff3f876f742fec22669a97085ed93b18228ecbe9e354e8f69967ca749fd2b1cf026665ca912e3fc0188b294519078b46676052de4fe22798290bd1e232c9791fc01ddb4ae776b5769143df2867042e8a3ddfa8e786bd8a244076956d4ab137939ad381650dd4fefd2b942a98d6f2edfd7019ae473e7608647b86d643e8ff3d7d4e89ed826e4b8c6e8fed224c528d805ade85c5b45261b2692c0f403dec050bd973b0999df214689f4402dd1598a16b0c7671e5e204a00b06376ddee7cb99292a8b835c0b451642b71f2ffa1aeea56255817b2384bfe4f8213ccfc1f762f250592896102e5f6d34cdd726bc0f86af52fd7c4483d32e23e5af770e960c7445b8e67b6086f0cadcd22d0d4bdadc31b5a94dd687379dc6e078210ccc71f8e67eb58d330394425ab17e55d1ca8f868f6bf738af291d2293c3dfa2ccff25061ded22878b3cc6532d19e5a00d1f0f1b9de35305fac2c6cfd5d77a2b02618735b7d392738bd5cd3eabb7039c790a9f193913f16e06605d405d6a0cf0011a2e5f935d8563fef1722692dd266c3d320b9f5eeb2a4b2f72155522f0ed72ff1efa0b6ee78e70d3d45241609e7f87d7bcfe1af71159baa11ad667a0ead3986b2b06500ba2615ee966ea86ca68d02de4802bd9ef18dac5ba53ca98b90df49ef4e3268ceee538973620e5a60513ea330989642626420b67dceebc569478657aedeb62c45b079348796923ad1fba5a99e6b150cf97ba2a570150053309c6dca7fa352fa1678c9b919fbc47ae0a84175a7fc25a00fa5888cb017e8d8225fadb29e34bd3c5bbccfb22a83255fec3967c991d5b3e6719ade82fb7ef85c8a4b9e7ad8ef2a3a7bc78de424572224affb1f9e0c5a969e61ee2ebb4f247bfa09384bdad04438f2efbfae303d47c3afe7e8d3a157b2a6f37572ea3ecc441dfb208ba755f781f144e58d80aea590abcfccbe8678ec6de47511f9d61cc408cbbe90eeab2cffe6d1a48dc3eb4e48e228fd43cafd7ff2c85c3ed52e99fe16887be28fcd2cd4ba4cac414c92c96294fa7d628e4356c748c173f790a7f30071d0bd53817c78d163249c7402b222b8f28668cae7afd17b97dbaf10b75b61409ca6f5b285d1ab09207c5a91c68b0d4b5da6d6b5a495c8debd7f4400e56d9e22d1cc330f782f2b5441a31b9ccf35aa1a151219cdcff5ab8b240af5b5a751eca67773c057412a935e3a7a367b2bcd28463904ee040a586d6f4f969cee56d55b6b4d97d1fe93b67e2f6bd47925054c4702ec8969a1a6211ea8f6783ca0e8ae333922ce19eceb24e2ff714a0208d2489a62f299aa50cdbfe5a826e872ab231bbddf5bd2fca92d4460379e05e13ff34a200fd921dcb67a002873bda8d86536cddaccb54eb72dd4e399fe9195ad5574ad85d9ed2eaae4106234f0a8db05a230ff377b59b54fd0919d1b86b938622ae6098f003db7f4d45d6874f54c33064ce6184dccc99fece2d994e9572d4840b0cbdd704fd70b4f625912d48a512339f883533768f09a4f614583dfb72defe713ee38f61184df279461b7d35becd8e67d01f0ec27e901d88215554d5a69db373a662085733d09ad9153e7d432c94f872ff7cd72995b3a581ea17722ed13a191b366208f75661112b1a7d42c252c907488ca8dd8f819d4618b0053d4bcddb3b5975cb8615ebc472e052552ee74d5253174a2b0cb96e1eaf6349b6c39be975123ee72b0ffe1367df7aba54de26c9135a3422d21067034551be5efc5daf8b8f59bc725e4fd171378fd9f16a785f1b0378823c85eec521e0b2aca70b7b72b719a20eb2fb0addc0b05851c8e181607f49dad7323bc255309097584c2099574db1ed7940fd16796aef19d30acd714dc1f898716df64db87d852eddf2f86e78fd7fd64868b4cb6cc626efcdea49c4a2779a0e777bbe23968e14233a810d9883680894de93023a8deae51ccbf32e6d1e53618ebee95c761221a33bc3263fff0f5ae23e14dba0418cf3f31effcb36956e06c57a17620044260419a208ae1d2296ec9472d44be74a8ed0a33a23181acdef8c7d2695ce9485ed8d17d9f6f30b9b128ee0ba15c42cbf6059bcfef008c09db8855343f79c3ce1c4d79077c8a62237d4e400a5aa88e7424f2f99df6c2070d6ed071f4968376581e20e52d64e9c4f8a6f73bb33f5b6b62c1deecc85bf789565fde14e4454306ed8f09af08afb360ee4fb40dd5dca0be43ccff75e5c0ef85ea7c521cb4840d61e99e1ce4661e721446d5a571cddffbc3643ec9b58237fd416376906bdca09485c2c80f82b23e8e7bbf22035fdbcacd804ae3771fd616901184ced46987d533017eef717e9b34a5531c3efe2d77c9b6cb0617382d69951545378a4118e71c64a1f16d096a8f933580922083d0536b90ae1715c63f682e8241b42e1646b0c52e34aa9c91efe2b6b787ce0747d4ff0dd07d6ebc9ce27e0ef35705eb7b78763a9829b464523ff3ed9078aff6ee29e6e7a59a5243825e8bb9235f8e49a9dfb5932536666c3dc75b29e515dbca4c84268cf23cd7b6da6814328a3cb26d7b1d6c28e20b36f9a2c9e2fcf663c314f72f37d2b8f405cfc686a6b35400435be0eab01709c2c4b3005491cbb0b560e33547b77ba9f25f01b194e20534199a3786ddfaf0a75aafb65cd4df4da7b5f98fe72a8bc7d045339fd41508cecca791c717a10d4fed8aa69eec80955bd899a6f8aaf3411be40568149e631ccbe17c68f85e87b58da81ba78def8b1a48c49b2dc7613f7d6ea8b158bed077666d37d1caba9a23b7cb2772e780f70872113e5bcaebaf9f9499f651dc894be3bba1e99d58b33d60c0eda397df91d7cf9fb072f247fa9a9f59c4f59c4284a3832ff0a1f9ce8f6346cb5c08a9dcb2851c7f169af688fc13f00cf9519ade547671698caaa3f4d4921fee83753b9ab0875707836343eddb5b87bec86aae023c9571b8e389ff3f4c692b6fb19686105249ce033116777d919ceb4559a67ee6b6ad9d4b53d2be24315429de3bf201107fe7dff9cbc92dbf9173391d555b0a1b8ea3252fd7d7fd15d8a3cc70cecdbdd43c4edcc4bb2fbbf646d5ec7dad0d3156a513d14184e0c316f8155e774f7dcea485f904828edf28510d692b66b1500c5a704371c2188a2812bd323de012f36a79674082b5f5e9f7f4ce1a75ed854b71555e9fcd1f0322c22a9e543674c79a74404e08e61860f505dc56e1b52977b9a9af18be4064b5f6aa7c891382bbbe65e70a4cee33176570341a525fb6b25c0b20bfa3f2ee4a01584f259f43c3b63a2dfc376f435827211379ab3ca8912cbe01e4f837920666fbda682f6954d1c156f21e12547b885f485c38f62e765013144be8ca92b1d4872790a5c02671517f6a8f0ceb247e08c64268ad8970b57bb6d077c9b8ebe7fb1183087c9a3baee06100609204be588621253b9b120c08db9f28c2d38c9bc3f59018bb7216d73186048770d1e556faa49df23a40a64b40cdda2041dccf5619db09b7a7795fd7eb631c0e0bffc3b64422bf6acd84b7fae8bd05b057260a4d7c4851829c7bbf0b6f27c5db0ff10f42df3528f79dc9bbd591965259cd0389deb124b1fadc5dfd3ade9742d29261379ea3d98929512371dec991f0636fbda5dac355a04e363beeb4751781d9cef3a0b6ac6500895d223ad43ed75cac8b0a868253fffa10bf6c2de99c687fd056e075cf0632b6d8ed2263ca08ad95b6f335a3b6d8ab7801422ac8597441ac1bbe289b50af31eb221d19a2d3177d4ad1056d616295e89471e65d811b8fa4fe2c0c12793f43ef7e75c7f657f6c26ca9cbae63ce99301069ab257ae77c38778d35afd326d569c626a68f3904b2c376dfaa05568892f346f86fb05e71fb751e09cd22525cb63512a7d2e4670bd31109b87818278e66dc73fa9667e35c5bc6588cd36d2b62592a4103803d93c194f8edd5d20c6597231321b909bbb3c1d13408e5cf27728883e333b391222e6b6665454892dfedd17a1066f1145163e1a31ba9a3e3cee925e55d794b89462a0a092a639ccd4a24514083cb68224c87c18f0bb39ff721cc598e686b5fef169bc30f9ec6df397905f8340f6ae7ad826aac774cc46bfb9dfe8192e9ef10e8355d7c2810269eb73c7ecb8d3ffa33437142b8e596cdb778cd3cdda5bbbd09a8ea919929adbc63ff1004490c45a9ea59def65fabc884c39beac1b74a218f59c5e31ba85dcc4b8bd81d7a66d8aaf0edb64b505f760442e16fb7f07a069aba88601c3ace27762cef8196da3d44b14796b04e7fa3bab37209190a1de6e6ecfd99353279ef64376681", 0xe2c}], 0x5}, 0x40000) 14m12.143352442s ago: executing program 4 (id=743): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x8, 0x8) 14m11.451953665s ago: executing program 4 (id=746): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') r4 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r4, 0xee01, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a1", 0xf, 0x20000080, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 13m56.052495693s ago: executing program 33 (id=746): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') r4 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r4, 0xee01, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a1", 0xf, 0x20000080, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 6m0.654298746s ago: executing program 6 (id=4638): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mount(0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp\x00') pread64(r4, &(0x7f0000000340)=""/246, 0xf6, 0x100000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmsg$unix(r6, 0x0, 0x84) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0xff, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x2b, 0x0, 0x0, @in6={0xa, 0x4e21, 0x0, @mcast1}}, @sadb_x_policy={0x8, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x6, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@private1, @in6=@rand_addr=' \x01\x00'}}]}, 0xa0}}, 0x0) 5m58.778109983s ago: executing program 6 (id=4640): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, 0x0, &(0x7f0000000240)}, 0x20) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r4, 0x8912, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e"], 0xec) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a32000000001400"], 0x88}}, 0x0) 5m56.589532318s ago: executing program 6 (id=4646): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = mq_open(0x0, 0x42, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='attr\x00') mkdirat(r2, &(0x7f0000000000)='./file0/file0\x00', 0x14f) mq_timedsend(r1, &(0x7f0000000600), 0x0, 0x6, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x1, 0x40001043, 0xffffffffffffffff, 0x0) keyctl$update(0x2, 0x0, &(0x7f00000001c0), 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0) 5m54.872592519s ago: executing program 6 (id=4650): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) getrlimit(0xb, &(0x7f00000002c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8) write$P9_RSTATu(r2, &(0x7f0000000080)={0x234, 0x7d, 0x0, {{0x500, 0xf3, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04\xff\x00\x00\x00v{evoo~\x05\xc6\x00\x05\x00\x007\xd9:\x8b\xcd2W\x92\x00', 0x38, 'pJ\x86\x02\x00\x02\x00|\xfag>\xff\xeb\t\xb5{\x82\x00\xb5\x00\x01+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xd6\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00'/56, 0x18, '\xcf\xc2\x9ci\xab\x9d\xe6L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z\x00\x00\x00\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x234) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073795d310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01030000000000000000010020000c00024000"], 0xe8}}, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x43403d0e, &(0x7f0000000000)={0x0, 0xc}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000013c0)={0x1c, 0x4a, 0x201, 0x0, 0x0, {0xa, 0x0, 0x300}, [@generic="93b5477387"]}, 0x1c}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r0, 0x0, 0x4000) 5m52.659811024s ago: executing program 6 (id=4658): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000280)=0x8001) close(r3) 5m51.035967347s ago: executing program 6 (id=4662): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$kcm(0x29, 0x2, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0xffdfffff}, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000540)=[{0x0}, {0x0}], 0x2) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) r5 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$kcm(r1, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x8000) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000010c0)}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) 5m33.97976609s ago: executing program 34 (id=4662): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$kcm(0x29, 0x2, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0xffdfffff}, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000540)=[{0x0}, {0x0}], 0x2) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) r5 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$kcm(r1, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x8000) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000010c0)}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) 2m19.642995302s ago: executing program 3 (id=5203): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc1103000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = dup(0xffffffffffffffff) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0) 2m18.343718577s ago: executing program 3 (id=5210): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) 2m13.209143254s ago: executing program 3 (id=5223): setxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) unshare(0x22020600) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg$inet(r0, 0x0, 0x0, 0x24040890) 2m11.800647487s ago: executing program 3 (id=5226): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) close(0xffffffffffffffff) 2m10.352596837s ago: executing program 3 (id=5228): fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) 2m8.932826779s ago: executing program 3 (id=5232): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xe0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close(r0) 1m49.666713117s ago: executing program 35 (id=5232): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0xe0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close(r0) 30.717377736s ago: executing program 7 (id=5399): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 20.319307763s ago: executing program 1 (id=5404): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) 20.314310422s ago: executing program 7 (id=5405): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 17.068034538s ago: executing program 0 (id=5411): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_route(0x10, 0x3, 0x0) r0 = fsopen(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) unshare(0x22020400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x4) r7 = openat$cgroup_ro(r6, &(0x7f0000001100)='cpu.stat\x00', 0x5000000, 0x0) readv(r7, 0x0, 0x0) 16.761184339s ago: executing program 7 (id=5415): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 10.041716728s ago: executing program 0 (id=5417): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 9.960092558s ago: executing program 1 (id=5419): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) bind$inet6(r5, 0x0, 0x0) sendto$inet6(r5, 0x0, 0x0, 0xe0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close(r0) 9.923387017s ago: executing program 7 (id=5420): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 7.652618328s ago: executing program 1 (id=5423): syz_open_dev$video(0x0, 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 7.565804918s ago: executing program 0 (id=5424): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 6.940341529s ago: executing program 7 (id=5426): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_route(0x10, 0x3, 0x0) r0 = fsopen(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) unshare(0x22020400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x4) r7 = openat$cgroup_ro(r6, &(0x7f0000001100)='cpu.stat\x00', 0x5000000, 0x0) readv(r7, &(0x7f00000012c0), 0x0) 4.052769889s ago: executing program 0 (id=5431): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 2.680284346s ago: executing program 1 (id=5432): creat(0x0, 0x175) socket$kcm(0x2, 0x200000000000001, 0x0) syz_open_dev$loop(0x0, 0xf01c, 0x0) r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000280)={0x3, 0x2}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000000)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)="00000000f5ff", 0x6, 0xfffffffffffffffd) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000005c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x80000001, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 2.376019651s ago: executing program 5 (id=5436): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 2.363994361s ago: executing program 5 (id=5437): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_route(0x10, 0x3, 0x0) r0 = fsopen(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) unshare(0x22020400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x4) r7 = openat$cgroup_ro(r6, &(0x7f0000001100)='cpu.stat\x00', 0x5000000, 0x0) readv(r7, &(0x7f00000012c0), 0x0) 2.253058237s ago: executing program 0 (id=5438): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) 1.611978722s ago: executing program 5 (id=5439): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 1.436268838s ago: executing program 1 (id=5440): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) close(r0) 1.418857133s ago: executing program 7 (id=5441): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xe0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 1.004067935s ago: executing program 5 (id=5442): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_route(0x10, 0x3, 0x0) r0 = fsopen(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x22020400) r4 = fsmount(0xffffffffffffffff, 0x0, 0x4) openat$cgroup_ro(r4, &(0x7f0000001100)='cpu.stat\x00', 0x5000000, 0x0) 177.728223ms ago: executing program 1 (id=5443): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 160.476367ms ago: executing program 5 (id=5444): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 63.380332ms ago: executing program 0 (id=5445): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x2a, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') 0s ago: executing program 5 (id=5446): syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x58241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{0x0}], 0x1) syz_emit_ethernet(0x2a, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socket(0xa, 0x3, 0x87) sendto$packet(r3, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000000000)='y_', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r4, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') kernel console output (not intermixed with test programs): ytes leftover after parsing attributes in process `syz.3.1375'. [ 363.101898][ T9667] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 363.102197][ T9667] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 364.250716][ T9667] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 364.355258][ T9667] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 364.355359][ T9667] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 364.439499][ T9667] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 364.781173][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 364.951232][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 364.954967][ T9] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 364.954991][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 364.955010][ T9] usb 1-1: config 0 has no interface number 0 [ 364.955040][ T9] usb 1-1: config 0 interface 105 has no altsetting 0 [ 364.958308][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 364.958337][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.958356][ T9] usb 1-1: Product: syz [ 364.958370][ T9] usb 1-1: Manufacturer: syz [ 364.958384][ T9] usb 1-1: SerialNumber: syz [ 365.092593][ T9697] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 365.866629][ T5805] Bluetooth: hci4: command 0x0406 tx timeout [ 365.925680][ T9] usb 1-1: config 0 descriptor?? [ 365.940430][ T9] uvcvideo 1-1:0.105: Found Unit with invalid ID 0 [ 365.940523][ T9] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 365.940549][ T9] uvcvideo 1-1:0.105: No valid video chain found. [ 365.986623][ T9699] netlink: 'syz.3.1388': attribute type 27 has an invalid length. [ 365.986645][ T9699] netlink: 'syz.3.1388': attribute type 1 has an invalid length. [ 365.986750][ T9699] bridge0: port 1(bridge_slave_0) entered learning state [ 366.111887][ T9701] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.144002][ T31] usb 1-1: USB disconnect, device number 17 [ 366.435159][ T5805] Bluetooth: hci1: command 0x0c1a tx timeout [ 366.454890][ T9714] netlink: 'syz.5.1394': attribute type 1 has an invalid length. [ 366.628365][ T9720] mmap: syz.5.1397 (9720) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 366.965621][ T31] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 367.135849][ T31] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 367.135879][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.135898][ T31] usb 1-1: Product: syz [ 367.135911][ T31] usb 1-1: Manufacturer: syz [ 367.135925][ T31] usb 1-1: SerialNumber: syz [ 367.230598][ T9734] batadv0: entered promiscuous mode [ 367.241260][ T9734] macsec1: entered allmulticast mode [ 367.241281][ T9734] batadv0: entered allmulticast mode [ 367.282553][ T9734] batadv0: left allmulticast mode [ 367.282679][ T9734] batadv0: left promiscuous mode [ 367.871077][ T5804] Bluetooth: hci4: command 0x0406 tx timeout [ 367.909641][ T9754] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 368.021463][ T9753] netlink: 'syz.1.1413': attribute type 11 has an invalid length. [ 368.021485][ T9753] netlink: 149476 bytes leftover after parsing attributes in process `syz.1.1413'. [ 368.112431][ T31] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 368.112504][ T31] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 368.129784][ T31] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 368.264179][ T9751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.278054][ T31] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 368.409805][ T31] usb 1-1: USB disconnect, device number 18 [ 368.511399][ T5804] Bluetooth: hci1: command 0x0c1a tx timeout [ 368.592516][ T5932] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 368.778739][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.778786][ T5932] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 368.778809][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.795898][ T5932] usb 4-1: config 0 descriptor?? [ 369.890056][ T5932] lenovo 0003:17EF:6047.0012: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 370.093817][ T5932] lenovo 0003:17EF:6047.0012: Failed to switch middle button: -71 [ 370.151485][ T5804] Bluetooth: hci4: command 0x0406 tx timeout [ 370.185603][ T5932] lenovo 0003:17EF:6047.0012: Fn-lock setting failed: -71 [ 370.187044][ T5932] lenovo 0003:17EF:6047.0012: Sensitivity setting failed: -71 [ 370.238133][ T5932] usb 4-1: USB disconnect, device number 23 [ 370.353821][ T9784] fido_id[9784]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 370.592399][ T5804] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.101450][ T9812] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1441'. [ 371.374389][ T5798] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 371.742516][ T5798] usb 2-1: Using ep0 maxpacket: 8 [ 372.182996][ T5798] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 372.183064][ T5798] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 372.183086][ T5798] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 372.183109][ T5798] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 372.183132][ T5798] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 372.183174][ T5798] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 372.183197][ T5798] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.511294][ T5798] usb 2-1: GET_CAPABILITIES returned 0 [ 372.511339][ T5798] usbtmc 2-1:16.0: can't read capabilities [ 372.673471][ T5804] Bluetooth: hci1: command 0x0c1a tx timeout [ 372.774754][ T5798] usb 2-1: USB disconnect, device number 20 [ 374.420692][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.795458][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.044246][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.610170][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.768614][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.974029][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.075976][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.277844][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.498944][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.799478][ C1] vkms_vblank_simulate: vblank timer overrun [ 378.296899][ C1] vkms_vblank_simulate: vblank timer overrun [ 378.686402][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.686466][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.565582][T10040] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 381.677286][ C0] vkms_vblank_simulate: vblank timer overrun [ 381.715991][ C0] vkms_vblank_simulate: vblank timer overrun [ 382.252413][ C0] vkms_vblank_simulate: vblank timer overrun [ 383.086642][ C0] vkms_vblank_simulate: vblank timer overrun [ 383.958343][ C0] vkms_vblank_simulate: vblank timer overrun [ 384.815460][ C0] vkms_vblank_simulate: vblank timer overrun [ 384.981532][ C0] vkms_vblank_simulate: vblank timer overrun [ 385.665212][ C0] vkms_vblank_simulate: vblank timer overrun [ 386.099010][ C0] vkms_vblank_simulate: vblank timer overrun [ 386.548833][ C0] vkms_vblank_simulate: vblank timer overrun [ 386.951657][ C0] vkms_vblank_simulate: vblank timer overrun [ 387.099960][ C0] vkms_vblank_simulate: vblank timer overrun [ 387.824976][ C0] vkms_vblank_simulate: vblank timer overrun [ 387.890972][ T31] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 388.057146][ T31] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 388.057179][ T31] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 388.057205][ T31] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 388.060458][ T31] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 388.060488][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.060653][ T31] usb 7-1: Product: syz [ 388.060669][ T31] usb 7-1: Manufacturer: syz [ 388.060683][ T31] usb 7-1: SerialNumber: syz [ 388.096828][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.217390][ T31] usb 7-1: config 0 descriptor?? [ 388.220582][T10178] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 388.220762][T10178] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 388.226385][ T31] usb 7-1: ucan: probing device on interface #0 [ 388.330499][ C0] vkms_vblank_simulate: vblank timer overrun [ 389.070577][ T31] usb 7-1: ucan: device reported invalid device info [ 389.070600][ T31] usb 7-1: ucan: probe failed; try to update the device firmware [ 389.306334][T10202] batman_adv: batadv0: Adding interface: gretap2 [ 389.306352][T10202] batman_adv: batadv0: The MTU of interface gretap2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 389.306384][T10202] batman_adv: batadv0: Interface activated: gretap2 [ 391.419182][ T5932] usb 7-1: USB disconnect, device number 6 [ 392.444633][T10261] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1641'. [ 393.597761][T10302] io-wq is not configured for unbound workers [ 394.333080][ T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 394.490998][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 394.496357][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.496389][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.496428][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 394.496450][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.514842][ T10] usb 2-1: config 0 descriptor?? [ 394.523454][ T10] hub 2-1:0.0: USB hub found [ 394.738175][ T10] hub 2-1:0.0: 16 ports detected [ 394.739408][ T10] hub 2-1:0.0: insufficient power available to use all downstream ports [ 394.760979][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 394.906353][T10351] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1683'. [ 394.911010][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 394.920352][ T9] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 394.920429][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.920448][ T9] usb 7-1: Product: syz [ 394.920462][ T9] usb 7-1: Manufacturer: syz [ 394.920475][ T9] usb 7-1: SerialNumber: syz [ 394.944482][ T9] usb 7-1: config 0 descriptor?? [ 394.991469][ T9] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 395.131024][ T5885] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 395.230347][ T9] gspca_stk1135: reg_w 0x2 err -71 [ 395.231400][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231414][ T9] gspca_stk1135: Sensor write failed [ 395.231442][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231450][ T9] gspca_stk1135: Sensor write failed [ 395.231487][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231495][ T9] gspca_stk1135: Sensor read failed [ 395.231522][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231531][ T9] gspca_stk1135: Sensor read failed [ 395.231537][ T9] gspca_stk1135: Detected sensor type unknown (0x0) [ 395.231568][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231577][ T9] gspca_stk1135: Sensor read failed [ 395.231604][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231613][ T9] gspca_stk1135: Sensor read failed [ 395.231639][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231647][ T9] gspca_stk1135: Sensor write failed [ 395.231673][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 395.231682][ T9] gspca_stk1135: Sensor write failed [ 395.231770][ T9] stk1135 7-1:0.0: probe with driver stk1135 failed with error -71 [ 395.247525][ T9] usb 7-1: USB disconnect, device number 7 [ 395.275646][ T10] usb 2-1: USB disconnect, device number 21 [ 395.490046][ T5885] usb 4-1: config 1 has an invalid interface number: 7 but max is 0 [ 395.490073][ T5885] usb 4-1: config 1 has no interface number 0 [ 395.490117][ T5885] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 395.490142][ T5885] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 395.490166][ T5885] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.494807][ T5885] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 395.494834][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.494852][ T5885] usb 4-1: Product: syz [ 395.494865][ T5885] usb 4-1: Manufacturer: syz [ 395.494879][ T5885] usb 4-1: SerialNumber: syz [ 395.535413][T10347] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 395.760777][T10347] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 395.781245][ T5932] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 395.930928][ T5932] usb 1-1: Using ep0 maxpacket: 32 [ 395.933389][ T5932] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 395.933417][ T5932] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 395.933437][ T5932] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 395.933488][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 395.933509][ T5932] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 395.933533][ T5932] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 395.933574][ T5932] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 395.933596][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.044992][ T5932] usb 1-1: config 0 descriptor?? [ 396.060294][ T5885] sierra_net 4-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.3-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07 [ 396.285940][ T5932] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 396.375135][ T5885] sierra_net 4-1:1.7 wwan0: Submit SYNC failed -71 [ 396.375162][ T5885] sierra_net 4-1:1.7 wwan0: Send SYNC failed, status -71 [ 396.436151][ T5885] usb 4-1: USB disconnect, device number 24 [ 397.451991][ T5885] sierra_net 4-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.3-1, Sierra Wireless USB-to-WWAN Modem [ 397.968040][ C0] usblp0: nonzero read bulk status received: -71 [ 397.979571][ T10] usb 1-1: USB disconnect, device number 19 [ 398.175697][T10363] usblp0: removed [ 398.226416][ T5885] sierra_net 4-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19 [ 400.122515][ T5885] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 400.274936][ T5885] usb 7-1: Using ep0 maxpacket: 32 [ 400.277232][ T5885] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.277263][ T5885] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.277300][ T5885] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 400.277323][ T5885] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.334467][T10477] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 400.340792][ T5885] usb 7-1: config 0 descriptor?? [ 400.487030][T10480] syzkaller1: entered promiscuous mode [ 400.487054][T10480] syzkaller1: entered allmulticast mode [ 400.880394][ T5885] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 401.104964][ T9] usb 7-1: USB disconnect, device number 8 [ 401.204467][T10497] fido_id[10497]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 402.414882][T10512] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1754'. [ 403.535093][ T5167] udevd[5167]: worker [6446] terminated by signal 33 (Unknown signal 33) [ 403.535148][ T5167] udevd[5167]: worker [6446] failed while handling '/devices/virtual/block/loop5' [ 405.190968][ T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0) [ 405.884003][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 406.043538][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.043574][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.043595][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 406.043638][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 406.043660][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.119788][ T9] usb 4-1: config 0 descriptor?? [ 406.567719][ T9] plantronics 0003:047F:FFFF.0014: ignoring exceeding usage max [ 406.628998][ T9] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 406.643740][ T5798] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 406.790997][ T5798] usb 7-1: Using ep0 maxpacket: 16 [ 406.794561][ T5798] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 406.794619][ T5798] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 406.794647][ T5798] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 406.794667][ T5798] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 406.794689][ T5798] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 406.865035][ T5798] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 406.865064][ T5798] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 406.865084][ T5798] usb 7-1: Manufacturer: syz [ 406.906125][ T5798] usb 7-1: config 0 descriptor?? [ 407.261689][ T5798] rc_core: IR keymap rc-hauppauge not found [ 407.261712][ T5798] Registered IR keymap rc-empty [ 407.262557][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.293033][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.321529][ T5798] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 407.346502][ T5798] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input18 [ 407.376077][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.392349][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.411328][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.431155][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.451826][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.456341][T10671] (syz.1.1827,10671,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 407.471191][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.491065][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.511027][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.531063][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.564839][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 407.602357][ T5798] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 407.602383][ T5798] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 407.676618][ T5798] usb 7-1: USB disconnect, device number 9 [ 407.861614][ T10] usb 4-1: USB disconnect, device number 25 [ 409.107437][T10725] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1852'. [ 409.815991][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.624617][T10764] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 411.431091][ T10] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 411.583437][ T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 411.583469][ T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 411.583511][ T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 411.583532][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.829877][ T10] usb 7-1: usb_control_msg returned -32 [ 411.829920][ T10] usbtmc 7-1:16.0: can't read capabilities [ 412.239848][T10811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1890'. [ 412.260128][T10811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1890'. [ 412.601207][ T5932] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 412.763188][ T5932] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 412.763216][ T5932] usb 2-1: config 0 has no interface number 0 [ 412.766356][ T5932] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 412.766385][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.766406][ T5932] usb 2-1: Product: syz [ 412.766419][ T5932] usb 2-1: Manufacturer: syz [ 412.766433][ T5932] usb 2-1: SerialNumber: syz [ 412.825518][ T5932] usb 2-1: config 0 descriptor?? [ 412.830324][ T5932] usb-storage 2-1:0.20: USB Mass Storage device detected [ 412.833899][T10834] netlink: 14212 bytes leftover after parsing attributes in process `syz.0.1902'. [ 412.854063][ T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 412.889729][ T5932] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 413.003349][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.003384][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.003419][ T10] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 413.003441][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.008640][ T10] usb 4-1: config 0 descriptor?? [ 413.286386][T10813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.287033][T10813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.294308][ T9] usb 2-1: USB disconnect, device number 23 [ 413.561020][ T5798] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 413.657381][ T10] usb 4-1: language id specifier not provided by device, defaulting to English [ 413.710965][ T5798] usb 1-1: Using ep0 maxpacket: 32 [ 413.716188][ T5798] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 413.716216][ T5798] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 413.716236][ T5798] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 413.716256][ T5798] usb 1-1: config 1 has no interface number 0 [ 413.716366][ T5798] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 413.716392][ T5798] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 413.716494][ T5798] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 413.716516][ T5798] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.745360][ T5798] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 413.868271][ T10] uclogic 0003:256C:006D.0015: failed retrieving Huion firmware version: -71 [ 413.868332][ T10] uclogic 0003:256C:006D.0015: failed probing parameters: -71 [ 413.869593][ T10] uclogic 0003:256C:006D.0015: probe with driver uclogic failed with error -71 [ 413.916591][ T10] usb 4-1: USB disconnect, device number 26 [ 413.930509][T10873] sctp: [Deprecated]: syz.1.1919 (pid 10873) Use of struct sctp_assoc_value in delayed_ack socket option. [ 413.930509][T10873] Use struct sctp_sack_info instead [ 413.975093][ T5798] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 414.212021][ T5932] usb 7-1: USB disconnect, device number 10 [ 414.386887][ T10] usb 1-1: USB disconnect, device number 20 [ 414.391241][ T10] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 414.604532][T10897] netlink: 'syz.3.1931': attribute type 21 has an invalid length. [ 414.604632][T10897] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1931'. [ 414.604681][T10897] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1931'. [ 415.147330][T10914] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 415.681017][ T5798] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 415.838343][ T5798] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 415.838402][ T5798] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 415.838429][ T5798] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 415.838450][ T5798] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 415.840274][ T5798] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 415.840301][ T5798] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 415.840321][ T5798] usb 7-1: Manufacturer: syz [ 415.853498][ T5798] usb 7-1: config 0 descriptor?? [ 416.109979][T10946] Illegal XDP return value 4294967274 on prog (id 122) dev N/A, expect packet loss! [ 416.200980][ T5798] rc_core: IR keymap rc-hauppauge not found [ 416.201001][ T5798] Registered IR keymap rc-empty [ 416.201156][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.221098][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.242513][ T5798] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 416.245638][ T5798] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input20 [ 416.273139][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.292031][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.315392][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.333550][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.350995][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.405158][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.422831][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.441087][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.461131][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.481160][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.501178][ T5798] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 416.534757][ T5798] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 416.534780][ T5798] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 416.546255][ T5798] usb 7-1: USB disconnect, device number 11 [ 416.590989][ T5932] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 416.743568][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.743598][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.743630][ T5932] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 416.743649][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.792074][ T5932] usb 2-1: config 0 descriptor?? [ 416.813732][T10968] geneve2: entered promiscuous mode [ 416.813761][T10968] geneve2: entered allmulticast mode [ 417.234415][ T5932] pyra 0003:1E7D:2CF6.0016: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0 [ 417.480454][T11003] netlink: 'syz.3.1981': attribute type 1 has an invalid length. [ 417.480471][T11003] netlink: 'syz.3.1981': attribute type 1 has an invalid length. [ 417.480483][T11003] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1981'. [ 417.702136][ T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 417.849657][ T5932] pyra 0003:1E7D:2CF6.0016: couldn't init struct pyra_device [ 417.849714][ T5932] pyra 0003:1E7D:2CF6.0016: couldn't install mouse [ 417.851385][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 417.873643][ T5932] pyra 0003:1E7D:2CF6.0016: probe with driver pyra failed with error -71 [ 417.878664][ T5932] usb 2-1: USB disconnect, device number 24 [ 417.916528][ T9] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 417.916556][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.916574][ T9] usb 7-1: Product: syz [ 417.916588][ T9] usb 7-1: Manufacturer: syz [ 417.916601][ T9] usb 7-1: SerialNumber: syz [ 418.021657][ T9] usb 7-1: config 0 descriptor?? [ 418.233538][ T9] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 418.868979][T11055] gretap0: entered promiscuous mode [ 419.085516][ T9] gspca_sunplus: reg_w_riv err -71 [ 419.085623][ T9] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 419.139863][ T9] usb 7-1: USB disconnect, device number 12 [ 420.190977][ T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 420.358537][ T9] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 420.358568][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.358589][ T9] usb 7-1: Product: syz [ 420.358602][ T9] usb 7-1: Manufacturer: syz [ 420.358616][ T9] usb 7-1: SerialNumber: syz [ 420.396460][ T9] usb 7-1: config 0 descriptor?? [ 420.410989][ T9] ch341 7-1:0.0: ch341-uart converter detected [ 420.811094][ T5932] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 420.968101][ T5932] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 420.968130][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.968149][ T5932] usb 2-1: Product: syz [ 420.968163][ T5932] usb 2-1: Manufacturer: syz [ 420.968177][ T5932] usb 2-1: SerialNumber: syz [ 420.980519][ T5932] usb 2-1: config 0 descriptor?? [ 421.415238][ T9] usb 7-1: failed to send control message: -71 [ 421.415296][ T9] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 421.417098][ T5932] airspy 2-1:0.0: Board ID: 00 [ 421.417117][ T5932] airspy 2-1:0.0: Firmware version: [ 421.447348][ T9] usb 7-1: USB disconnect, device number 13 [ 421.449201][ T9] ch341 7-1:0.0: device disconnected [ 422.028409][ T5932] airspy 2-1:0.0: usb_control_msg() failed -71 request 12 [ 422.049578][ T5932] airspy 2-1:0.0: Registered as swradio24 [ 422.049600][ T5932] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 422.059077][ T5932] usb 2-1: USB disconnect, device number 25 [ 422.140269][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880534d1400: rx timeout, send abort [ 422.143597][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880534d1400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 422.256170][T11163] loop8: detected capacity change from 0 to 8 [ 422.290267][T11163] Dev loop8: unable to read RDB block 8 [ 422.290315][T11163] loop8: unable to read partition table [ 422.290535][T11163] loop8: partition table beyond EOD, truncated [ 422.290553][T11163] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 425.412191][T11211] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2074'. [ 425.652804][T11226] netlink: 14212 bytes leftover after parsing attributes in process `syz.6.2080'. [ 426.101732][T11252] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2092'. [ 426.277925][T11265] vxcan0: tx address claim with different name [ 426.662047][T11288] loop8: detected capacity change from 0 to 8 [ 426.664096][T11288] Dev loop8: unable to read RDB block 8 [ 426.664139][T11288] loop8: unable to read partition table [ 426.664356][T11288] loop8: partition table beyond EOD, truncated [ 426.664373][T11288] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 427.070986][ T10] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 427.223360][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 427.223418][ T10] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 427.223441][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.259121][ T10] usb 4-1: config 0 descriptor?? [ 427.391674][ T5913] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 427.544125][ T5913] usb 7-1: Using ep0 maxpacket: 16 [ 427.546687][ T5913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.546718][ T5913] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 427.546769][ T5913] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 427.546791][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.556549][ T5913] usb 7-1: config 0 descriptor?? [ 427.617050][T11317] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 427.697534][ T10] hid (null): report_id 0 is invalid [ 427.896706][ T10] usb 4-1: USB disconnect, device number 27 [ 428.282100][ T5922] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 428.454537][ T5922] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 428.454945][ T5922] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 428.454989][ T5922] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 428.455012][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.477482][T11326] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 428.503191][ T5922] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 428.586266][ T5913] usbhid 7-1:0.0: can't add hid device: -71 [ 428.586401][ T5913] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 428.683200][ T5913] usb 7-1: USB disconnect, device number 14 [ 428.938317][ T5922] usb 1-1: USB disconnect, device number 21 [ 429.740998][ T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 429.891985][ T10] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 429.893473][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.893528][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.893555][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.894938][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.894992][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.895018][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.899917][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.899971][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.899998][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.989160][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.989219][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.989244][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.991902][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.991967][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.991993][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.995855][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.995922][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.995947][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 429.997049][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 429.997098][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 429.997122][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 430.080961][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 430.081020][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 430.081046][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 430.126584][ T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 430.126614][ T10] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 430.126634][ T10] usb 1-1: Product: syz [ 430.126648][ T10] usb 1-1: Manufacturer: syz [ 430.126662][ T10] usb 1-1: SerialNumber: syz [ 430.163231][ T10] usb 1-1: config 0 descriptor?? [ 430.190552][ T10] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 430.392429][ T5991] usb 1-1: USB disconnect, device number 22 [ 430.396488][ T5991] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 430.551216][ T10] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 430.698826][T11429] netlink: 'syz.1.2175': attribute type 29 has an invalid length. [ 430.700336][T11429] netlink: 'syz.1.2175': attribute type 29 has an invalid length. [ 430.717167][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 430.730500][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 430.730528][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.730548][ T10] usb 4-1: Product: syz [ 430.730561][ T10] usb 4-1: Manufacturer: syz [ 430.730575][ T10] usb 4-1: SerialNumber: syz [ 430.741010][ T5922] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 430.756399][T11429] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2175'. [ 430.757187][T11429] unsupported nla_type 58 [ 430.789159][ T10] usb 4-1: config 0 descriptor?? [ 430.890936][ T5922] usb 7-1: Using ep0 maxpacket: 32 [ 430.895981][ T5922] usb 7-1: config 0 has an invalid interface number: 196 but max is 0 [ 430.896007][ T5922] usb 7-1: config 0 has no interface number 0 [ 430.896052][ T5922] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 430.896077][ T5922] usb 7-1: config 0 interface 196 has no altsetting 0 [ 430.937588][ T5922] usb 7-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 430.937616][ T5922] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.937634][ T5922] usb 7-1: Product: syz [ 430.937648][ T5922] usb 7-1: Manufacturer: syz [ 430.937662][ T5922] usb 7-1: SerialNumber: syz [ 430.954020][ T5922] usb 7-1: config 0 descriptor?? [ 430.955362][T11417] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 430.995206][ T10] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 431.215027][ T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 431.231238][ T10] usb 4-1: USB disconnect, device number 28 [ 431.731389][ T5922] ipheth 7-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 432.354668][ T5922] ipheth 7-1:0.196: Apple iPhone USB Ethernet device attached [ 432.382326][ T5922] usb 7-1: USB disconnect, device number 15 [ 432.547433][ T5922] ipheth 7-1:0.196: Apple iPhone USB Ethernet now disconnected [ 438.668782][T11556] loop2: detected capacity change from 0 to 7 [ 438.684873][T11556] loop2: [POWERTEC] p1 p2 p3 [ 438.685007][T11556] loop2: p1 start 3903812140 is beyond EOD, truncated [ 438.685027][T11556] loop2: p2 start 2341472602 is beyond EOD, truncated [ 438.685043][T11556] loop2: p3 start 1141968010 is beyond EOD, truncated [ 439.038309][T11578] netlink: 'syz.1.2238': attribute type 29 has an invalid length. [ 439.052000][T11578] netlink: 'syz.1.2238': attribute type 29 has an invalid length. [ 439.053013][T11578] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2238'. [ 439.149828][T11582] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2242'. [ 439.149849][T11582] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2242'. [ 439.701025][ T5798] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 439.858290][ T5798] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.863715][ T5798] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 439.863743][ T5798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.863762][ T5798] usb 4-1: Product: syz [ 439.863775][ T5798] usb 4-1: Manufacturer: syz [ 439.863788][ T5798] usb 4-1: SerialNumber: syz [ 440.125265][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.700093][T11653] input: syz0 as /devices/virtual/input/input21 [ 440.899523][ T5798] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 440.899561][ T5798] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 440.899580][ T5798] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 441.103759][ T5798] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 441.285345][ T5798] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 441.297172][ T5798] usb 4-1: USB disconnect, device number 29 [ 441.299324][ T5798] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 441.471253][ T5805] Bluetooth: hci1: command 0x0c1a tx timeout [ 442.800980][ T5798] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 442.955097][ T5798] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 442.955123][ T5798] usb 1-1: config 0 has no interface number 0 [ 442.955166][ T5798] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 442.955189][ T5798] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.963105][ T5798] usb 1-1: config 0 descriptor?? [ 442.966489][ T5798] cp210x 1-1:0.2: cp210x converter detected [ 443.371740][ T5798] cp210x 1-1:0.2: failed to get vendor val 0x000e size 3: -32 [ 443.576577][ T5798] cp210x 1-1:0.2: GPIO initialisation failed: -19 [ 443.580284][ T5798] usb 1-1: cp210x converter now attached to ttyUSB0 [ 443.631204][ T5805] Bluetooth: hci4: command 0x0406 tx timeout [ 443.636608][ T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 443.636631][ T9] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 443.797087][ T5798] usb 1-1: USB disconnect, device number 23 [ 443.829744][ T5798] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 443.830252][ T5798] cp210x 1-1:0.2: device disconnected [ 444.486136][T11791] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 445.414456][T11797] syz.6.2320 (11797) used greatest stack depth: 16560 bytes left [ 445.834634][T11832] binder: 11830:11832 ioctl c0306201 2000000000c0 returned -14 [ 446.951007][ T5913] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 447.108793][ T5913] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 447.108829][ T5913] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 447.108868][ T5913] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 447.108890][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.175651][T11862] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 447.191634][ T5913] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 447.510076][ T5913] usb 7-1: USB disconnect, device number 16 [ 447.878435][ T5804] Bluetooth: hci1: command 0x0c1a tx timeout [ 447.880987][ T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 447.881005][ T9] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 449.344047][ T5913] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 449.491799][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 449.493872][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 449.493901][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 449.493938][ T5913] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 449.493962][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.547660][ T5913] usb 2-1: config 0 descriptor?? [ 449.579079][ T5913] hub 2-1:0.0: USB hub found [ 449.772883][ T5913] hub 2-1:0.0: 1 port detected [ 450.427876][ T5991] hub 2-1:0.0: activate --> -90 [ 450.852655][ T5991] usb 2-1-port1: config error [ 450.882270][ T5991] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 450.882298][ T5991] usb 2-1-port1: connect-debounce failed [ 450.887348][ T5991] usb 2-1: USB disconnect, device number 26 [ 450.918607][ T5913] usb 2-1: Failed to suspend device, error -19 [ 451.561004][ T5991] usb 4-1: new low-speed USB device number 30 using dummy_hcd [ 451.621100][T11990] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2393'. [ 451.722844][ T5991] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 451.722873][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.750330][ T5991] usb 4-1: config 0 descriptor?? [ 451.854773][T11999] netlink: 'syz.0.2397': attribute type 1 has an invalid length. [ 451.854795][T11999] netlink: 'syz.0.2397': attribute type 2 has an invalid length. [ 451.854808][T11999] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2397'. [ 451.854888][T11999] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.091059][ T10] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 452.265921][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 452.265946][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 452.268749][ T10] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 452.268777][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 452.268797][ T10] usb 2-1: SerialNumber: syz [ 452.504456][ T10] usb 2-1: 0:2 : does not exist [ 452.538897][ T10] usb 2-1: USB disconnect, device number 27 [ 452.970625][T12033] kvm: apic: phys broadcast and lowest prio [ 452.977008][ T5991] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 452.977039][ T5991] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 452.977304][ T5991] asix 4-1:0.0: probe with driver asix failed with error -71 [ 453.023752][ T5991] usb 4-1: USB disconnect, device number 30 [ 453.414286][ C1] vkms_vblank_simulate: vblank timer overrun [ 453.554370][T12057] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 453.562309][ C1] vkms_vblank_simulate: vblank timer overrun [ 454.099124][ C1] vkms_vblank_simulate: vblank timer overrun [ 454.529130][ C1] vkms_vblank_simulate: vblank timer overrun [ 455.238785][T12096] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2442'. [ 455.238807][T12096] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2442'. [ 455.238989][T12096] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2442'. [ 455.942287][T12122] all (unregistering): Released all slaves [ 455.990998][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 456.183208][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 456.183241][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 456.183263][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 456.183305][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 456.183326][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.188370][ T10] usb 4-1: config 0 descriptor?? [ 456.310965][ T5991] usb 7-1: new low-speed USB device number 17 using dummy_hcd [ 456.465165][ T5991] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 456.465202][ T5991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.483253][ T5991] usb 7-1: config 0 descriptor?? [ 456.632413][ T10] plantronics 0003:047F:FFFF.0018: unbalanced delimiter at end of report description [ 456.633390][ T10] plantronics 0003:047F:FFFF.0018: parse failed [ 456.633496][ T10] plantronics 0003:047F:FFFF.0018: probe with driver plantronics failed with error -22 [ 456.844550][ T10] usb 4-1: USB disconnect, device number 31 [ 456.936118][ T5991] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 456.936155][ T5991] asix 7-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 456.936653][ T5991] asix 7-1:0.0: probe with driver asix failed with error -71 [ 456.982047][ T5991] usb 7-1: USB disconnect, device number 17 [ 458.201028][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 458.361174][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 458.363529][ T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 458.363601][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 458.363623][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 458.363647][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 458.363670][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 458.363717][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 458.363740][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.491008][ T5913] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 458.653253][ T5913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.653285][ T5913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.653319][ T5913] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 458.653340][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.672079][ T5913] usb 7-1: config 0 descriptor?? [ 458.706150][ T9] usb 2-1: usb_control_msg returned -32 [ 458.706194][ T9] usbtmc 2-1:16.0: can't read capabilities [ 459.891383][ T5913] uclogic 0003:256C:006D.0019: failed retrieving string descriptor #100: -71 [ 459.891442][ T5913] uclogic 0003:256C:006D.0019: failed retrieving pen parameters: -71 [ 459.891459][ T5913] uclogic 0003:256C:006D.0019: failed probing pen v1 parameters: -71 [ 459.891507][ T5913] uclogic 0003:256C:006D.0019: failed probing parameters: -71 [ 459.891599][ T5913] uclogic 0003:256C:006D.0019: probe with driver uclogic failed with error -71 [ 459.912223][ T5913] usb 7-1: USB disconnect, device number 18 [ 460.306518][T12274] syz.3.2520 uses obsolete (PF_INET,SOCK_PACKET) [ 460.967402][ T9] usb 2-1: USB disconnect, device number 28 [ 461.650765][T12338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2546'. [ 461.730946][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 461.838243][T12354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2555'. [ 461.893283][ T9] usb 7-1: config 0 has no interfaces? [ 461.893321][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 461.893344][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.900181][ T9] usb 7-1: config 0 descriptor?? [ 462.152333][ T9] usb 7-1: USB disconnect, device number 19 [ 463.247485][T12429] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2588'. [ 463.270971][ T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 463.420962][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 463.423325][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 463.423371][ T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 463.423394][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.472894][ T10] usb 7-1: config 0 descriptor?? [ 463.694687][ T10] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 463.946653][T12417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 463.947064][T12417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 465.120725][T12509] sctp: [Deprecated]: syz.1.2628 (pid 12509) Use of int in max_burst socket option. [ 465.120725][T12509] Use struct sctp_assoc_value instead [ 466.060687][ T9] usb 7-1: USB disconnect, device number 20 [ 466.520950][ T5922] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 466.693704][ T5922] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 466.693733][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.703058][ T5922] usb 4-1: config 0 descriptor?? [ 466.735140][ T5922] cp210x 4-1:0.0: cp210x converter detected [ 467.191768][ T5922] usb 4-1: cp210x converter now attached to ttyUSB0 [ 467.295257][T12588] fuse: Bad value for 'fd' [ 467.360185][ T10] usb 4-1: USB disconnect, device number 32 [ 467.372464][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 467.491323][ T10] cp210x 4-1:0.0: device disconnected [ 469.913782][ T5991] kernel write not supported for file bpf-prog (pid: 5991 comm: kworker/1:7) [ 472.020360][T12767] input: syz0 as /devices/virtual/input/input22 [ 472.663957][ T37] audit: type=1326 audit(1760044150.928:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12761 comm="syz.6.2739" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84074deec9 code=0x0 [ 474.061146][T12828] netlink: 566 bytes leftover after parsing attributes in process `syz.1.2767'. [ 474.920788][T12877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2787'. [ 474.922920][T12877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2787'. [ 477.118401][T12983] netlink: 'syz.0.2835': attribute type 29 has an invalid length. [ 477.120379][T12983] netlink: 'syz.0.2835': attribute type 29 has an invalid length. [ 477.145459][T12983] netlink: 500 bytes leftover after parsing attributes in process `syz.0.2835'. [ 477.476306][T12991] netlink: 'syz.0.2837': attribute type 1 has an invalid length. [ 478.445718][T13018] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 480.068162][ T5885] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 480.250411][ T5885] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 480.250443][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.259263][ T5885] usb 4-1: config 0 descriptor?? [ 480.507483][ T5885] kaweth 4-1:0.0: Firmware present in device. [ 480.872125][T13078] 9pnet_fd: Insufficient options for proto=fd [ 480.946428][ T5885] kaweth 4-1:0.0: Statistics collection: 0 [ 480.946451][ T5885] kaweth 4-1:0.0: Multicast filter limit: 0 [ 480.946466][ T5885] kaweth 4-1:0.0: MTU: 0 [ 480.946482][ T5885] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 481.077152][T13084] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 482.038000][ T5885] kaweth 4-1:0.0: Error setting receive filter [ 482.038264][ T5885] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 482.051609][ T5885] usb 4-1: USB disconnect, device number 33 [ 482.248589][T13103] netlink: 'syz.1.2885': attribute type 4 has an invalid length. [ 482.311220][T13105] netlink: 'syz.1.2885': attribute type 4 has an invalid length. [ 482.474811][ T37] audit: type=1326 audit(1760044160.728:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.474861][ T37] audit: type=1326 audit(1760044160.728:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.474898][ T37] audit: type=1326 audit(1760044160.728:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.474938][ T37] audit: type=1326 audit(1760044160.728:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.474980][ T37] audit: type=1326 audit(1760044160.728:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.475020][ T37] audit: type=1326 audit(1760044160.728:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.475058][ T37] audit: type=1326 audit(1760044160.728:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.476609][ T37] audit: type=1326 audit(1760044160.728:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.476657][ T37] audit: type=1326 audit(1760044160.728:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 482.476697][ T37] audit: type=1326 audit(1760044160.728:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13110 comm="syz.0.2889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 483.016818][T13133] trusted_key: syz.0.2899 sent an empty control message without MSG_MORE. [ 483.529863][T13146] evm: overlay not supported [ 483.611020][ T5913] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 483.776764][ T5913] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 483.776793][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.776811][ T5913] usb 7-1: Product: syz [ 483.776824][ T5913] usb 7-1: Manufacturer: syz [ 483.776838][ T5913] usb 7-1: SerialNumber: syz [ 483.821976][ T5913] usb 7-1: config 0 descriptor?? [ 483.827264][ T5913] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 484.842858][T13201] overlayfs: failed to clone lowerpath [ 485.263129][ T5913] gspca_sunplus: reg_r err -71 [ 485.263222][ T5913] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 485.269224][ T5913] usb 7-1: USB disconnect, device number 21 [ 485.289955][T13212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2935'. [ 485.818300][T13244] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 488.848854][T13305] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2974'. [ 488.887086][T13305] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2974'. [ 489.062762][T13319] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2977'. [ 490.704948][T13367] input: syz0 as /devices/virtual/input/input23 [ 491.326471][T13400] netlink: 'syz.3.3013': attribute type 1 has an invalid length. [ 491.326491][T13400] netlink: 260 bytes leftover after parsing attributes in process `syz.3.3013'. [ 491.516380][ T37] audit: type=1326 audit(1760044169.768:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13403 comm="syz.3.3015" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c5a3aeec9 code=0x0 [ 492.535211][T13456] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3037'. [ 493.855178][ C0] vkms_vblank_simulate: vblank timer overrun [ 494.066763][T13531] 9pnet: p9_errstr2errno: server reported unknown error ÿÿÿ [ 495.195165][T13562] vxfs: unable to read disk superblock at 1 [ 495.353078][T13562] vxfs: unable to read disk superblock at 8 [ 495.353253][T13562] vxfs: can't find superblock. [ 495.922276][T13582] fuse: Bad value for 'fd' [ 496.072643][ C0] vkms_vblank_simulate: vblank timer overrun [ 496.149592][T13592] fuse: Bad value for 'fd' [ 497.361221][ T5991] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 497.511311][ T5991] usb 7-1: Using ep0 maxpacket: 32 [ 497.518258][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.518289][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.518334][ T5991] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 497.518357][ T5991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.567828][ T5991] usb 7-1: config 0 descriptor?? [ 498.013419][ T5991] savu 0003:1E7D:2D5A.001A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 498.264421][ T5913] usb 7-1: USB disconnect, device number 22 [ 499.430499][T13701] fuse: Bad value for 'fd' [ 499.451034][ T5991] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 499.601219][ T5991] usb 2-1: Using ep0 maxpacket: 16 [ 499.604591][ T5991] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 499.604622][ T5991] usb 2-1: config 0 interface 0 has no altsetting 0 [ 499.610600][ T5991] usb 2-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 499.610628][ T5991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.610647][ T5991] usb 2-1: Product: syz [ 499.610660][ T5991] usb 2-1: Manufacturer: syz [ 499.610673][ T5991] usb 2-1: SerialNumber: syz [ 499.908170][ T5991] usb 2-1: config 0 descriptor?? [ 500.798193][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 500.858585][ T5991] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input24 [ 500.937489][ T5991] imon:send_packet: packet tx failed (-71) [ 500.951199][ T5991] imon 2-1:0.0: panel buttons/knobs setup failed [ 501.071327][ T5991] rc_core: IR keymap rc-imon-pad not found [ 501.071348][ T5991] Registered IR keymap rc-empty [ 501.074448][ T5991] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 501.074468][ T5991] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 501.076223][ T5991] imon:send_packet: packet tx failed (-71) [ 501.119422][ T5991] imon 2-1:0.0: remote input dev register failed [ 501.119588][ T5991] imon 2-1:0.0: imon_init_intf0: rc device setup failed [ 501.256692][ T5991] imon 2-1:0.0: unable to initialize intf0, err 0 [ 501.256717][ T5991] imon:imon_probe: failed to initialize context! [ 501.256729][ T5991] imon 2-1:0.0: unable to register, err -19 [ 501.288292][ T5991] usb 2-1: USB disconnect, device number 29 [ 501.555451][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.600977][ T5991] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 501.750966][ T5991] usb 2-1: Using ep0 maxpacket: 16 [ 501.762225][ T5991] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 501.762258][ T5991] usb 2-1: config 0 interface 0 has no altsetting 0 [ 501.787520][ T5991] usb 2-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 501.787549][ T5991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.787566][ T5991] usb 2-1: Product: syz [ 501.787579][ T5991] usb 2-1: Manufacturer: syz [ 501.787591][ T5991] usb 2-1: SerialNumber: syz [ 501.824968][ T5991] usb 2-1: config 0 descriptor?? [ 501.911309][ T5913] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 502.072360][ T5991] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input26 [ 502.093004][ T5913] usb 7-1: Using ep0 maxpacket: 32 [ 502.113040][ T5913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.113072][ T5913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.113163][ T5913] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 502.113187][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.178302][ T5913] usb 7-1: config 0 descriptor?? [ 502.391275][ T5991] rc_core: IR keymap rc-imon-pad not found [ 502.391366][ T5991] Registered IR keymap rc-empty [ 502.391449][ T5991] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 502.391524][ T5991] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 502.472593][ T5991] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 502.497231][ T5991] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input27 [ 502.528286][ T5991] imon 2-1:0.0: iMON device (15c2:0041, intf0) on usb<2:30> initialized [ 502.677362][ T5913] savu 0003:1E7D:2D5A.001B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 502.717556][ C1] imon 2-1:0.0: imon imon_incoming_packet: invalid incoming packet size (len = 0, intf0) [ 502.916198][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 502.918665][ T9] usb 7-1: USB disconnect, device number 23 [ 502.919088][ T5991] usb 2-1: USB disconnect, device number 30 [ 505.282111][T13875] netlink: 'syz.0.3217': attribute type 5 has an invalid length. [ 506.390694][T13933] Cache volume key already in use (9p,(null),) [ 508.415502][T13985] kvm: emulating exchange as write [ 508.637711][T13998] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 509.385269][T14038] netlink: 'syz.0.3274': attribute type 4 has an invalid length. [ 509.454558][T14043] netlink: 'syz.0.3274': attribute type 4 has an invalid length. [ 513.606420][T14132] netlink: 'syz.1.3310': attribute type 1 has an invalid length. [ 513.776872][T14132] 8021q: adding VLAN 0 to HW filter on device bond1 [ 513.869307][T14138] bond1: (slave veth0_to_hsr): making interface the new active one [ 514.009304][T14138] bond1: (slave veth0_to_hsr): Enslaving as an active interface with an up link [ 517.215069][T14240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3354'. [ 517.742505][T14228] lec:lec_vcc_attach: copy from user failed for 28 bytes [ 517.941167][T14267] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3364'. [ 522.450516][T14381] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 522.499771][T14381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 522.819558][T14394] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 523.151534][T14413] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3424'. [ 523.630624][T14438] pim6reg1: entered promiscuous mode [ 523.630647][T14438] pim6reg1: entered allmulticast mode [ 523.913502][ T37] audit: type=1800 audit(1760044202.143:39): pid=14454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.3444" name="file1" dev="overlay" ino=3072 res=0 errno=0 [ 524.901017][ T5922] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 525.051038][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 525.053741][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 525.053772][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 525.053797][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 525.053839][ T5922] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 525.053861][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.066248][ T5922] usb 4-1: config 0 descriptor?? [ 525.067408][T14498] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 525.074459][ T5922] hub 4-1:0.0: USB hub found [ 525.323645][ T5922] hub 4-1:0.0: 2 ports detected [ 526.642763][T14567] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 527.338701][T14565] netlink: 'syz.0.3493': attribute type 16 has an invalid length. [ 527.338724][T14565] netlink: 'syz.0.3493': attribute type 17 has an invalid length. [ 527.345705][ C0] vkms_vblank_simulate: vblank timer overrun [ 527.390791][T14568] bridge0: port 3(syz_tun) entered disabled state [ 527.395863][ T5913] usb 4-1: reset high-speed USB device number 34 using dummy_hcd [ 527.448929][T14568] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.480229][T14568] hsr0: left promiscuous mode [ 527.727070][T14565] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 527.915391][ C0] vkms_vblank_simulate: vblank timer overrun [ 528.190106][ T5913] hub 4-1:0.0: set hub depth failed [ 528.200808][ T5922] usb 4-1: USB disconnect, device number 34 [ 534.606400][T14713] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 535.374036][T14731] netlink: 'syz.5.3560': attribute type 1 has an invalid length. [ 535.407591][T14731] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 540.792703][T14828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 540.835384][T14828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 541.966234][T14828] ip6erspan0: left allmulticast mode [ 541.980290][T14882] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 542.098891][ T1181] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.099931][ T1181] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.099976][ T1181] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.100011][ T1181] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.169066][T14882] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 542.169098][T14882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.169118][T14882] usb 2-1: Product: syz [ 542.169132][T14882] usb 2-1: Manufacturer: syz [ 542.169146][T14882] usb 2-1: SerialNumber: syz [ 542.205867][T14882] usb 2-1: config 0 descriptor?? [ 542.487480][ T9] usb 2-1: USB disconnect, device number 31 [ 542.613997][ T37] audit: type=1804 audit(1760044220.803:40): pid=14937 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.3644" name="file0" dev="tmpfs" ino=3274 res=1 errno=0 [ 542.627333][T14937] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 542.627358][T14937] ref_ctr increment failed for inode: 0xcca offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888026e7e780 [ 543.511034][ T9] usb 2-1: new low-speed USB device number 32 using dummy_hcd [ 543.675198][ T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 543.675228][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.715742][ T9] usb 2-1: config 0 descriptor?? [ 544.629828][ C0] vkms_vblank_simulate: vblank timer overrun [ 545.766684][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 545.767032][ T9] asix 2-1:0.0: probe with driver asix failed with error -71 [ 545.783774][ T9] usb 2-1: USB disconnect, device number 32 [ 546.790947][ T31] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 546.940931][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 546.946138][ T31] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 546.946165][ T31] usb 2-1: config 0 has no interface number 0 [ 546.946225][ T31] usb 2-1: config 0 interface 12 has no altsetting 0 [ 546.978359][ T31] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 546.978390][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.978409][ T31] usb 2-1: Product: syz [ 546.978422][ T31] usb 2-1: Manufacturer: syz [ 546.978436][ T31] usb 2-1: SerialNumber: syz [ 547.034313][ T31] usb 2-1: config 0 descriptor?? [ 547.277419][ C0] vkms_vblank_simulate: vblank timer overrun [ 547.792749][ T9] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 548.007341][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 548.009624][ T9] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 548.009649][ T9] usb 7-1: config 0 has no interface number 0 [ 548.018265][ T9] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 548.018292][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.018311][ T9] usb 7-1: Product: syz [ 548.018324][ T9] usb 7-1: Manufacturer: syz [ 548.018338][ T9] usb 7-1: SerialNumber: syz [ 548.023607][ T9] usb 7-1: config 0 descriptor?? [ 548.046388][ T9] smsc95xx v2.0.0 [ 548.046407][ T9] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 548.046662][ T9] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -22 [ 549.162168][ T31] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 549.162276][ T31] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 549.162293][ T31] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 549.162376][ T31] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 549.206966][ T31] usb 2-1: USB disconnect, device number 33 [ 549.761173][ T37] audit: type=1326 audit(1760044228.013:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.768607][ T37] audit: type=1326 audit(1760044228.023:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.774440][ T37] audit: type=1326 audit(1760044228.033:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.775082][ T37] audit: type=1326 audit(1760044228.033:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.775347][ T37] audit: type=1326 audit(1760044228.033:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.776067][ T37] audit: type=1326 audit(1760044228.033:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.776482][ T37] audit: type=1326 audit(1760044228.033:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.776717][ T37] audit: type=1326 audit(1760044228.033:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.777408][ T37] audit: type=1326 audit(1760044228.033:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 549.777686][ T37] audit: type=1326 audit(1760044228.033:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15173 comm="syz.0.3753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9d520eec9 code=0x7ffc0000 [ 550.460425][T14880] usb 7-1: USB disconnect, device number 24 [ 552.735222][ T9] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 553.013773][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.027690][ T9] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 553.027720][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.027738][ T9] usb 4-1: Product: syz [ 553.027751][ T9] usb 4-1: Manufacturer: syz [ 553.027763][ T9] usb 4-1: SerialNumber: syz [ 553.038594][ T9] usb 4-1: config 0 descriptor?? [ 553.268078][ T9] usb 4-1: bad CDC descriptors [ 553.274031][ T9] usb 4-1: unsupported MDLM descriptors [ 553.290280][ T9] usb 4-1: USB disconnect, device number 35 [ 556.447079][T15295] GUP no longer grows the stack in syz.0.3802 (15295): 200000005000-20000000a000 (200000001000) [ 556.447135][T15295] CPU: 0 UID: 0 PID: 15295 Comm: syz.0.3802 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 556.447160][T15295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 556.447182][T15295] Call Trace: [ 556.447194][T15295] [ 556.447203][T15295] dump_stack_lvl+0x189/0x250 [ 556.447248][T15295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 556.447274][T15295] ? __pfx__printk+0x10/0x10 [ 556.447295][T15295] ? find_vma+0xe7/0x160 [ 556.447338][T15295] __get_user_pages+0x22f0/0x2860 [ 556.447365][T15295] ? __gup_longterm_locked+0xc63/0x1660 [ 556.447410][T15295] ? __pfx_down_read_killable+0x10/0x10 [ 556.447452][T15295] __gup_longterm_locked+0xde4/0x1660 [ 556.447486][T15295] ? try_grab_folio_fast+0x1bf/0x6a0 [ 556.447520][T15295] ? gup_fast_fallback+0x1af5/0x2230 [ 556.447552][T15295] gup_fast_fallback+0x1cd4/0x2230 [ 556.447573][T15295] ? __page_table_check_zero+0xba/0x530 [ 556.447634][T15295] ? __pfx_gup_fast_fallback+0x10/0x10 [ 556.447670][T15295] ? is_valid_gup_args+0x11f/0x200 [ 556.447698][T15295] ? get_user_pages_fast+0x4d/0xb0 [ 556.447726][T15295] __iov_iter_get_pages_alloc+0x39f/0xb40 [ 556.447759][T15295] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 556.447797][T15295] iov_iter_get_pages2+0x5e/0xa0 [ 556.447827][T15295] sk_msg_zerocopy_from_iter+0x1f6/0x830 [ 556.447858][T15295] ? __pfx_tcp_leave_memory_pressure+0x10/0x10 [ 556.447889][T15295] ? alloc_pages_noprof+0xe4/0x1e0 [ 556.447917][T15295] ? __pfx_sk_msg_zerocopy_from_iter+0x10/0x10 [ 556.447975][T15295] tls_sw_sendmsg+0x989/0x23d0 [ 556.448036][T15295] ? __pfx_tls_sw_sendmsg+0x10/0x10 [ 556.448064][T15295] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 556.448085][T15295] ? sock_rps_record_flow+0x19/0x410 [ 556.448117][T15295] ? inet_send_prepare+0x57/0x270 [ 556.448149][T15295] ? inet6_sendmsg+0x101/0x120 [ 556.448176][T15295] __sock_sendmsg+0xe5/0x270 [ 556.448208][T15295] sock_write_iter+0x27f/0x370 [ 556.448244][T15295] ? __pfx_sock_write_iter+0x10/0x10 [ 556.448283][T15295] ? __lock_acquire+0xab9/0xd20 [ 556.448323][T15295] do_iter_readv_writev+0x635/0x8d0 [ 556.448356][T15295] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 556.448380][T15295] ? futex_private_hash_put+0x4b/0x280 [ 556.448406][T15295] ? futex_private_hash_put+0x4b/0x280 [ 556.448431][T15295] ? rw_verify_area+0x25b/0x4e0 [ 556.448458][T15295] vfs_writev+0x323/0x970 [ 556.448492][T15295] ? __lock_acquire+0xab9/0xd20 [ 556.448520][T15295] ? __pfx_vfs_writev+0x10/0x10 [ 556.448565][T15295] ? __fget_files+0x2a/0x420 [ 556.448597][T15295] ? __fget_files+0x3a6/0x420 [ 556.448619][T15295] ? __fget_files+0x2a/0x420 [ 556.448654][T15295] do_writev+0x153/0x2d0 [ 556.448684][T15295] ? __pfx_do_writev+0x10/0x10 [ 556.448713][T15295] ? do_syscall_64+0xbe/0xfa0 [ 556.448739][T15295] do_syscall_64+0xfa/0xfa0 [ 556.448760][T15295] ? lockdep_hardirqs_on+0x9c/0x150 [ 556.448782][T15295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.448802][T15295] ? clear_bhb_loop+0x60/0xb0 [ 556.448826][T15295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.448846][T15295] RIP: 0033:0x7ff9d520eec9 [ 556.448871][T15295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.448889][T15295] RSP: 002b:00007ff9d3476038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 556.448911][T15295] RAX: ffffffffffffffda RBX: 00007ff9d5465fa0 RCX: 00007ff9d520eec9 [ 556.448927][T15295] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 556.448941][T15295] RBP: 00007ff9d5291f91 R08: 0000000000000000 R09: 0000000000000000 [ 556.448954][T15295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.448966][T15295] R13: 00007ff9d5466038 R14: 00007ff9d5465fa0 R15: 00007ffc269036e8 [ 556.449002][T15295] [ 557.583420][T14880] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 558.419559][T14880] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 558.419591][T14880] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.419611][T14880] usb 7-1: Product: syz [ 558.419625][T14880] usb 7-1: Manufacturer: syz [ 558.419639][T14880] usb 7-1: SerialNumber: syz [ 558.705049][T15331] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 560.980038][T14880] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000044. ret = -EPROTO [ 560.980667][T14880] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 560.981475][T14880] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 560.981514][T14880] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 560.981949][T14880] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 561.112080][T14880] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 561.117439][T14880] usb 7-1: USB disconnect, device number 25 [ 561.701006][T14880] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 561.853429][T14880] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 561.853470][T14880] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 561.853507][T14880] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 561.853529][T14880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.941253][T15370] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 562.671669][T14880] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 562.819331][T14880] usb 2-1: USB disconnect, device number 34 [ 562.996265][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.908245][T15433] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3855'. [ 570.494382][T15544] program syz.6.3899 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 573.247435][ C0] vkms_vblank_simulate: vblank timer overrun [ 573.391486][T15573] netlink: 'syz.6.3912': attribute type 3 has an invalid length. [ 573.392369][T15573] netlink: 'syz.6.3912': attribute type 3 has an invalid length. [ 573.611786][T15574] kvm: requested 81295 ns i8254 timer period limited to 200000 ns [ 573.613895][T15574] kvm: requested 136609 ns i8254 timer period limited to 200000 ns [ 573.630397][T15574] kvm: requested 157562 ns i8254 timer period limited to 200000 ns [ 573.630738][T15574] kvm: requested 16761 ns i8254 timer period limited to 200000 ns [ 574.290048][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.971285][T14882] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 574.981730][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.121423][T14882] usb 4-1: Using ep0 maxpacket: 16 [ 575.124266][T14882] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 575.124290][T14882] usb 4-1: config 0 has no interfaces? [ 575.125865][T14882] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 575.125912][T14882] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 575.125932][T14882] usb 4-1: Manufacturer: syz [ 575.192016][T14882] usb 4-1: config 0 descriptor?? [ 575.279464][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.443693][ C0] vkms_vblank_simulate: vblank timer overrun [ 576.061269][ C0] vkms_vblank_simulate: vblank timer overrun [ 576.207559][T14882] usb 4-1: USB disconnect, device number 36 [ 576.728217][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.080853][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.637513][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.963641][ C0] vkms_vblank_simulate: vblank timer overrun [ 579.335823][T15741] team0: Failed to send options change via netlink (err -105) [ 579.335848][T15741] team0: Port device vlan2 added [ 582.900115][T15818] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 583.618302][T15851] random: crng reseeded on system resumption [ 587.920192][T15906] 9pnet_fd: p9_fd_create_tcp (15906): problem connecting socket to 127.0.0.1 [ 589.802612][T15946] netlink: 64 bytes leftover after parsing attributes in process `syz.6.4061'. [ 590.140657][T15961] syzkaller0: entered promiscuous mode [ 590.140684][T15961] syzkaller0: entered allmulticast mode [ 590.341003][T14882] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 590.492827][T14882] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 590.492862][T14882] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 590.492900][T14882] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 590.492924][T14882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.545142][T15957] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 590.556384][T14882] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 591.006607][ T9] usb 4-1: USB disconnect, device number 37 [ 595.047426][ C0] vkms_vblank_simulate: vblank timer overrun [ 595.954649][ C0] vkms_vblank_simulate: vblank timer overrun [ 596.087717][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.066767][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.080992][ T37] kauditd_printk_skb: 18 callbacks suppressed [ 597.081010][ T37] audit: type=1326 audit(1760044275.243:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16059 comm="syz.6.4108" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84074deec9 code=0x0 [ 597.538127][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.765248][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.083886][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.591556][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.710488][ C0] vkms_vblank_simulate: vblank timer overrun [ 604.472080][T16137] binder: 16135:16137 ioctl 4040942c 200000000300 returned -22 [ 606.462625][T16186] IPVS: Unknown mcast interface: vcan0 [ 608.748066][ T31] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 608.983586][ T31] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 608.983615][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.983634][ T31] usb 7-1: Product: syz [ 608.983647][ T31] usb 7-1: Manufacturer: syz [ 608.983661][ T31] usb 7-1: SerialNumber: syz [ 610.332101][T16250] cgroup: Unknown subsys name 'cpuset' [ 611.072480][ T31] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 611.073346][ T31] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE [ 612.066585][ T31] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000400. ret = -EPROTO [ 612.067044][ T31] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 612.100460][ T31] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 612.443791][ T31] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 612.467148][ T31] usb 7-1: USB disconnect, device number 26 [ 614.123176][T16290] Set syz0 is full, maxelem 0 reached [ 617.347592][T16325] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 618.991077][T16372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4222'. [ 619.142911][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.519155][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.925404][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.131285][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.286679][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.748493][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.045739][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.174508][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.048940][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.143724][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.908568][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 626.142965][T16504] overlayfs: failed to clone lowerpath [ 633.476675][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.902879][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.297879][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.484735][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.617564][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.872644][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.664330][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.796596][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.270032][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.727658][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.021153][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.163577][T16631] netlink: 165 bytes leftover after parsing attributes in process `syz.1.4311'. [ 649.104674][T16721] tipc: Enabled bearer , priority 0 [ 649.124197][T16721] syzkaller0: entered promiscuous mode [ 649.124214][T16721] syzkaller0: entered allmulticast mode [ 649.161103][T14882] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 649.305721][T16721] tipc: Resetting bearer [ 649.323977][T14882] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 649.323993][T14882] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 649.324944][T14882] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 649.324958][T14882] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 649.324968][T14882] usb 7-1: SerialNumber: syz [ 649.407269][T16714] overlayfs: failed to clone upperpath [ 649.422506][T16720] tipc: Resetting bearer [ 649.587500][T14882] usb 7-1: 0:2 : does not exist [ 649.633566][T14882] usb 7-1: USB disconnect, device number 27 [ 649.781768][T16720] tipc: Disabling bearer [ 651.401460][T16756] xt_socket: unknown flags 0xd0 [ 651.678931][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.830411][T16763] trusted_key: encrypted_key: insufficient parameters specified [ 652.080332][ C1] vkms_vblank_simulate: vblank timer overrun [ 652.333687][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.100926][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.144278][T16775] binder_alloc: 16771: binder_alloc_buf, no vma [ 653.176623][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.297536][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.842231][ C1] vkms_vblank_simulate: vblank timer overrun [ 654.237342][ C1] vkms_vblank_simulate: vblank timer overrun [ 654.237565][ T31] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 654.414413][ T31] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 654.414473][ T31] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 654.414497][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.452613][ T31] usb 7-1: config 0 descriptor?? [ 654.469515][ T31] pwc: Askey VC010 type 2 USB webcam detected. [ 654.581918][ C1] vkms_vblank_simulate: vblank timer overrun [ 655.327582][ T31] pwc: send_video_command error -71 [ 655.327600][ T31] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 655.327772][ T31] Philips webcam 7-1:0.0: probe with driver Philips webcam failed with error -71 [ 655.342704][ T31] usb 7-1: USB disconnect, device number 28 [ 656.831040][ T31] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 657.143561][ T31] usb 7-1: device descriptor read/all, error -71 [ 659.124995][ T31] Process accounting resumed [ 659.636844][T16833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4379'. [ 659.636860][T16833] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4379'. [ 659.861237][ T31] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 659.933192][T16857] dummy0: entered promiscuous mode [ 659.933321][T16857] vlan2: entered promiscuous mode [ 660.033797][ T31] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 660.033857][ T31] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 660.033879][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.071960][ T31] usb 4-1: config 0 descriptor?? [ 660.087345][ T31] pwc: Askey VC010 type 2 USB webcam detected. [ 660.283381][ T31] pwc: send_video_command error -71 [ 660.283399][ T31] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 660.283515][ T31] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 660.315323][ T31] usb 4-1: USB disconnect, device number 38 [ 660.781389][ T5922] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 660.932562][ T5922] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 660.932596][ T5922] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 660.932609][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.935601][ T5922] usb 4-1: config 0 descriptor?? [ 660.938602][ T5922] pwc: Askey VC010 type 2 USB webcam detected. [ 661.345955][ T5922] pwc: recv_control_msg error -32 req 02 val 2b00 [ 661.350506][ T5922] pwc: recv_control_msg error -32 req 02 val 2700 [ 661.352488][ T5922] pwc: recv_control_msg error -32 req 02 val 2c00 [ 661.353180][ T5922] pwc: recv_control_msg error -32 req 04 val 1000 [ 661.353996][ T5922] pwc: recv_control_msg error -32 req 04 val 1300 [ 661.354656][ T5922] pwc: recv_control_msg error -32 req 04 val 1400 [ 661.381237][ T5922] pwc: recv_control_msg error -32 req 02 val 2000 [ 661.396633][ T5922] pwc: recv_control_msg error -32 req 02 val 2100 [ 661.398483][ T5922] pwc: recv_control_msg error -32 req 04 val 1500 [ 661.401251][ T5922] pwc: recv_control_msg error -32 req 02 val 2500 [ 661.402066][ T5922] pwc: recv_control_msg error -32 req 02 val 2400 [ 661.426703][ T5922] pwc: recv_control_msg error -32 req 02 val 2600 [ 661.732557][ T5922] pwc: recv_control_msg error -71 req 02 val 2800 [ 661.748190][ T5922] pwc: recv_control_msg error -71 req 04 val 1100 [ 661.749019][ T5922] pwc: recv_control_msg error -71 req 04 val 1200 [ 662.706439][ T5922] pwc: Registered as video103. [ 662.709750][ T5922] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input28 [ 663.577431][ T5922] usb 4-1: USB disconnect, device number 39 [ 669.611198][T16945] tipc: Enabling of bearer rejected, failed to enable media [ 669.900038][T16949] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4421'. [ 670.655120][T16960] netlink: 184 bytes leftover after parsing attributes in process `syz.3.4423'. [ 670.662489][T16960] xt_socket: unknown flags 0xd0 [ 671.627808][T16962] ntfs3(nullb0): Primary boot signature is not NTFS. [ 671.671583][T16962] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 673.217445][ C0] vkms_vblank_simulate: vblank timer overrun [ 673.268832][ C0] vkms_vblank_simulate: vblank timer overrun [ 674.219604][ C0] vkms_vblank_simulate: vblank timer overrun [ 674.232403][ T37] audit: type=1326 audit(1760044353.489:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16990 comm="syz.1.4434" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f102851eec9 code=0x0 [ 674.542016][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.022294][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.457305][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.628933][ C0] vkms_vblank_simulate: vblank timer overrun [ 676.184098][ C0] vkms_vblank_simulate: vblank timer overrun [ 676.271856][ C0] vkms_vblank_simulate: vblank timer overrun [ 676.333281][ C0] vkms_vblank_simulate: vblank timer overrun [ 676.395778][ C0] vkms_vblank_simulate: vblank timer overrun [ 680.168753][T17040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4450'. [ 681.723469][T17069] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 686.293771][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 702.165244][ C0] vkms_vblank_simulate: vblank timer overrun [ 702.798635][ C0] vkms_vblank_simulate: vblank timer overrun [ 703.556339][ C0] vkms_vblank_simulate: vblank timer overrun [ 703.863512][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.901963][T17226] binfmt_misc: register: failed to install interpreter file ./file0 [ 704.966955][ C0] vkms_vblank_simulate: vblank timer overrun [ 705.391045][ C0] vkms_vblank_simulate: vblank timer overrun [ 706.390937][ T5991] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 706.456150][ C0] vkms_vblank_simulate: vblank timer overrun [ 706.553470][ T5991] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 706.553509][ T5991] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 706.553521][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.556573][ T5991] usb 4-1: config 0 descriptor?? [ 706.602703][ T5991] pwc: Askey VC010 type 2 USB webcam detected. [ 706.806325][ C0] vkms_vblank_simulate: vblank timer overrun [ 707.128157][ T5991] pwc: recv_control_msg error -32 req 02 val 2b00 [ 707.176481][ T5991] pwc: recv_control_msg error -32 req 02 val 2700 [ 707.214064][ T5991] pwc: recv_control_msg error -32 req 02 val 2c00 [ 707.644799][ C0] vkms_vblank_simulate: vblank timer overrun [ 707.798233][ T5991] pwc: recv_control_msg error -32 req 04 val 1300 [ 707.801416][ T5991] pwc: recv_control_msg error -32 req 04 val 1400 [ 707.802750][ T5991] pwc: recv_control_msg error -32 req 02 val 2000 [ 707.803893][ T5991] pwc: recv_control_msg error -32 req 02 val 2100 [ 707.804790][ T5991] pwc: recv_control_msg error -32 req 04 val 1500 [ 707.805602][ T5991] pwc: recv_control_msg error -32 req 02 val 2500 [ 707.806431][ T5991] pwc: recv_control_msg error -32 req 02 val 2400 [ 707.807223][ T5991] pwc: recv_control_msg error -32 req 02 val 2600 [ 707.808053][ T5991] pwc: recv_control_msg error -32 req 02 val 2900 [ 707.808855][ T5991] pwc: recv_control_msg error -32 req 02 val 2800 [ 707.809868][ T5991] pwc: recv_control_msg error -32 req 04 val 1100 [ 707.814472][ T5991] pwc: Registered as video103. [ 707.817312][ T5991] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input29 [ 708.015025][ T31] usb 4-1: USB disconnect, device number 40 [ 708.980201][ C0] vkms_vblank_simulate: vblank timer overrun [ 709.242478][ C0] vkms_vblank_simulate: vblank timer overrun [ 712.364855][T17292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4532'. [ 712.364885][T17292] bond0: option lp_interval: invalid value (0) [ 712.364902][T17292] bond0: option lp_interval: allowed values 1 - 2147483647 [ 712.969826][T17304] fuse: root generation should be zero [ 718.448387][T17342] netlink: 'syz.0.4543': attribute type 1 has an invalid length. [ 721.667521][T17366] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 721.667521][T17366] program syz.3.4554 not setting count and/or reply_len properly [ 729.869427][T17415] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(12) [ 729.869455][T17415] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 729.959398][T17421] vhci_hcd vhci_hcd.0: pdev(6) rhport(2) sockfd(15) [ 729.959425][T17421] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 729.959619][T17421] vhci_hcd vhci_hcd.0: Device attached [ 729.960011][T17415] vhci_hcd vhci_hcd.0: Device attached [ 729.994713][T17426] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 730.098653][T17426] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 730.099925][T17426] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 730.121902][T17426] vhci_hcd vhci_hcd.0: pdev(6) rhport(6) sockfd(26) [ 730.121928][T17426] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 730.121978][T17426] vhci_hcd vhci_hcd.0: Device attached [ 730.167266][T17414] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9) [ 730.167291][T17414] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 730.168108][T17414] vhci_hcd vhci_hcd.0: Device attached [ 730.170800][T17421] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 730.234363][T17415] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(30) [ 730.234380][T17415] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 730.259297][T17415] vhci_hcd vhci_hcd.0: Device attached [ 730.287092][T17427] vhci_hcd: connection closed [ 730.300550][T17422] vhci_hcd: connection closed [ 730.307790][T17417] vhci_hcd: connection closed [ 730.325526][T17416] vhci_hcd: connection closed [ 730.355165][T16453] vhci_hcd: stop threads [ 730.356316][T16453] vhci_hcd: release socket [ 730.376565][T16453] vhci_hcd: disconnect device [ 730.387416][T16453] vhci_hcd: stop threads [ 730.387429][T16453] vhci_hcd: release socket [ 730.387683][T16453] vhci_hcd: disconnect device [ 730.388636][T16453] vhci_hcd: stop threads [ 730.388645][T16453] vhci_hcd: release socket [ 730.388778][T16453] vhci_hcd: disconnect device [ 730.419770][T16453] vhci_hcd: stop threads [ 730.419788][T16453] vhci_hcd: release socket [ 730.420016][T16453] vhci_hcd: disconnect device [ 730.481210][T14880] vhci_hcd: vhci_device speed not set [ 730.941751][T17430] vhci_hcd: connection closed [ 730.988294][ T6299] vhci_hcd: stop threads [ 730.988314][ T6299] vhci_hcd: release socket [ 730.988384][ T6299] vhci_hcd: disconnect device [ 734.533231][ C0] vkms_vblank_simulate: vblank timer overrun [ 734.538376][ T5846] usb usb46-port1: attempt power cycle [ 735.471033][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.849670][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.873149][ T5846] usb usb46-port1: unable to enumerate USB device [ 737.093140][ C0] vkms_vblank_simulate: vblank timer overrun [ 737.211236][ C0] vkms_vblank_simulate: vblank timer overrun [ 737.244378][ C0] vkms_vblank_simulate: vblank timer overrun [ 739.610974][T17501] vivid-003: kernel_thread() failed [ 744.856910][ C0] vkms_vblank_simulate: vblank timer overrun [ 744.909767][ C0] vkms_vblank_simulate: vblank timer overrun [ 745.607438][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.326705][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.361392][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.728672][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.135556][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.155075][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.207952][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.314908][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.521909][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.708428][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.714129][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 749.823691][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.122316][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.231091][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.350948][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.502062][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.581044][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.641117][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.679652][ C0] vkms_vblank_simulate: vblank timer overrun [ 759.188098][T17648] befs: (nullb0): invalid magic header [ 763.399429][T17688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4652'. [ 764.134116][T17690] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4650'. [ 765.153623][T17695] overlayfs: failed to clone upperpath [ 765.568971][T17707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4657'. [ 766.765187][T17701] nbd3: detected capacity change from 0 to 63 [ 766.801026][T17703] block nbd3: NBD_DISCONNECT [ 766.818098][T17703] block nbd3: Disconnected due to user request. [ 766.917393][T17703] block nbd3: shutting down sockets [ 767.811239][ T5846] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 767.961603][ T5846] usb 4-1: Using ep0 maxpacket: 32 [ 767.964154][ T5846] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.964182][ T5846] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 767.964194][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.968735][ T5846] usb 4-1: config 0 descriptor?? [ 768.310245][T17723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 768.311100][T17723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.053790][T17734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 769.054200][T17734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.278090][T17723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 769.311450][T17723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.318067][ T5846] koneplus 0003:1E7D:2D51.001C: unknown main item tag 0x0 [ 769.318109][ T5846] koneplus 0003:1E7D:2D51.001C: unknown main item tag 0x0 [ 769.318138][ T5846] koneplus 0003:1E7D:2D51.001C: unknown main item tag 0x0 [ 769.318165][ T5846] koneplus 0003:1E7D:2D51.001C: unknown main item tag 0x0 [ 769.318191][ T5846] koneplus 0003:1E7D:2D51.001C: unknown main item tag 0x0 [ 769.331685][ T5846] koneplus 0003:1E7D:2D51.001C: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.3-1/input0 [ 770.331792][ T5846] koneplus 0003:1E7D:2D51.001C: couldn't init struct koneplus_device [ 770.331848][ T5846] koneplus 0003:1E7D:2D51.001C: couldn't install mouse [ 770.334775][ T5846] koneplus 0003:1E7D:2D51.001C: probe with driver koneplus failed with error -71 [ 770.362759][ T5846] usb 4-1: USB disconnect, device number 41 [ 772.332824][T17727] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4666'. [ 773.045548][T17762] 9pnet_fd: Insufficient options for proto=fd [ 787.093877][ T5805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 787.103851][ T5805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 787.113872][ T5805] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 787.117817][ T5805] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 787.118633][ T5805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 787.153584][ T5804] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 787.153829][ T5804] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 787.154048][ T5804] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 787.156139][ T5804] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 787.159317][ T5804] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 789.231025][ T5804] Bluetooth: hci5: command tx timeout [ 789.235803][T17824] tipc: Can't bind to reserved service type 0 [ 789.813727][T17832] overlayfs: overlapping lowerdir path [ 790.197096][T17833] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 791.245474][T17803] chnl_net:caif_netlink_parms(): no params data found [ 791.311023][ T5804] Bluetooth: hci5: command tx timeout [ 793.770287][ T5804] Bluetooth: hci5: command tx timeout [ 794.957302][ C0] vkms_vblank_simulate: vblank timer overrun [ 795.171142][ C0] vkms_vblank_simulate: vblank timer overrun [ 795.300306][ C0] vkms_vblank_simulate: vblank timer overrun [ 795.446114][ C0] vkms_vblank_simulate: vblank timer overrun [ 795.647028][T17872] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4709'. [ 795.792608][ T5804] Bluetooth: hci5: command tx timeout [ 795.915757][T17883] input: syz1 as /devices/virtual/input/input30 [ 795.998353][T17883] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 796.015515][ T5991] IPVS: starting estimator thread 0... [ 796.101087][T17888] IPVS: using max 14 ests per chain, 33600 per kthread [ 796.129583][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.332690][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.373392][ T5991] IPVS: starting estimator thread 0... [ 796.590856][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.591288][T17897] IPVS: using max 14 ests per chain, 33600 per kthread [ 797.572647][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.675367][T17803] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.675455][T17803] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.675621][T17803] bridge_slave_0: entered allmulticast mode [ 797.677111][T17803] bridge_slave_0: entered promiscuous mode [ 797.826036][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.869715][T17803] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.869788][T17803] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.869953][T17803] bridge_slave_1: entered allmulticast mode [ 797.872499][T17803] bridge_slave_1: entered promiscuous mode [ 797.983671][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.536841][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.800681][ C0] vkms_vblank_simulate: vblank timer overrun [ 799.188517][ C0] vkms_vblank_simulate: vblank timer overrun [ 800.337692][T17803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 800.502669][T17803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 801.679285][T17942] overlayfs: overlapping lowerdir path [ 801.989508][T17943] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 804.965365][T17803] team0: Port device team_slave_0 added [ 804.983884][T17803] team0: Port device team_slave_1 added [ 805.371716][T17963] IPv6: Can't replace route, no match found [ 807.214313][T17803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 807.214330][T17803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 807.214361][T17803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 807.218009][T17803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 807.218022][T17803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 807.218047][T17803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 807.326403][T17995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4749'. [ 809.102453][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.172886][T17803] hsr_slave_0: entered promiscuous mode [ 809.174279][T17803] hsr_slave_1: entered promiscuous mode [ 809.192801][T17803] debugfs: 'hsr0' already exists in 'hsr' [ 809.192828][T17803] Cannot create hsr debugfs directory [ 811.543199][ C1] vkms_vblank_simulate: vblank timer overrun [ 812.042984][ C1] vkms_vblank_simulate: vblank timer overrun [ 812.875275][ C1] vkms_vblank_simulate: vblank timer overrun [ 813.966678][T17803] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 813.993062][ C1] vkms_vblank_simulate: vblank timer overrun [ 814.184371][T17803] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 814.282941][T17803] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 814.413366][T17803] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 814.875176][T17803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.977490][T17803] 8021q: adding VLAN 0 to HW filter on device team0 [ 815.038899][ T6299] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.041310][ T6299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 815.648656][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.654184][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 816.372373][T18095] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 816.416927][T18095] syz_tun: left allmulticast mode [ 816.416955][T18095] syz_tun: left promiscuous mode [ 816.417204][T18095] bridge0: port 3(syz_tun) entered disabled state [ 816.542639][ C1] vkms_vblank_simulate: vblank timer overrun [ 817.914178][T18106] netlink: 'syz.0.4784': attribute type 10 has an invalid length. [ 818.023922][T18107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4784'. [ 818.100278][T18095] bridge_slave_0: left allmulticast mode [ 818.100307][T18095] bridge_slave_0: left promiscuous mode [ 818.100562][T18095] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.450703][T18095] bridge_slave_1: left allmulticast mode [ 818.450733][T18095] bridge_slave_1: left promiscuous mode [ 818.451030][T18095] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.801468][T18122] 9pnet_fd: Insufficient options for proto=fd [ 819.706327][T18095] bond0: (slave bond_slave_0): Releasing backup interface [ 819.936570][T18095] bond0: (slave bond_slave_1): Releasing backup interface [ 820.576997][T18095] team0: Port device team_slave_0 removed [ 820.606844][T18095] team0: Port device team_slave_1 removed [ 820.607826][T18095] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 820.607851][T18095] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 820.644679][T18095] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 820.644708][T18095] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 820.689062][T18095] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 820.973421][T18106] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 821.528597][T18106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 821.913382][T18106] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 821.929372][T18107] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 821.929418][T18107] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 821.929438][T18107] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 821.933107][ T37] audit: type=1800 audit(1760044501.179:71): pid=18107 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.4784" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 822.301804][T17803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 824.016249][T18199] new mount options do not match the existing superblock, will be ignored [ 825.157310][T17803] veth0_vlan: entered promiscuous mode [ 825.174644][T17803] veth1_vlan: entered promiscuous mode [ 825.220671][T17803] veth0_macvtap: entered promiscuous mode [ 825.239541][T17803] veth1_macvtap: entered promiscuous mode [ 825.272146][T17803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 825.295540][T17803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 825.366547][T16454] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.366782][T16454] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.366835][T16454] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.366868][T16454] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.469867][T18213] new mount options do not match the existing superblock, will be ignored [ 826.911008][ T3620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.911030][ T3620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 827.077064][ T8686] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 827.077083][ T8686] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 839.019172][ T5804] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 839.019437][ T5804] Bluetooth: hci5: Injecting HCI hardware error event [ 839.023996][ T5804] Bluetooth: hci5: hardware error 0x00 [ 844.031305][ T5804] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 852.003803][ C1] vkms_vblank_simulate: vblank timer overrun [ 852.357600][ C1] vkms_vblank_simulate: vblank timer overrun [ 852.873112][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.005382][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.105589][ C1] vkms_vblank_simulate: vblank timer overrun [ 857.039623][ C1] vkms_vblank_simulate: vblank timer overrun [ 858.495537][ C1] vkms_vblank_simulate: vblank timer overrun [ 859.019771][ C1] vkms_vblank_simulate: vblank timer overrun [ 859.588492][ C1] vkms_vblank_simulate: vblank timer overrun [ 859.651274][ C1] vkms_vblank_simulate: vblank timer overrun [ 862.177376][ C0] vkms_vblank_simulate: vblank timer overrun [ 864.770488][ C0] vkms_vblank_simulate: vblank timer overrun [ 865.222892][ C0] vkms_vblank_simulate: vblank timer overrun [ 865.307243][ C0] vkms_vblank_simulate: vblank timer overrun [ 866.025150][ C0] vkms_vblank_simulate: vblank timer overrun [ 866.724996][ C0] vkms_vblank_simulate: vblank timer overrun [ 866.889668][ C0] vkms_vblank_simulate: vblank timer overrun [ 868.602168][ C0] vkms_vblank_simulate: vblank timer overrun [ 869.028095][ C0] vkms_vblank_simulate: vblank timer overrun [ 869.648586][ C0] vkms_vblank_simulate: vblank timer overrun [ 869.717713][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.352084][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.667630][ C0] vkms_vblank_simulate: vblank timer overrun [ 870.942123][T16459] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.222555][T18608] new mount options do not match the existing superblock, will be ignored [ 878.759815][T18644] new mount options do not match the existing superblock, will be ignored [ 878.761120][T18644] option changes via remount are deprecated (pid=18639 comm=syz.3.4963) [ 879.164344][T16459] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.211165][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.200636][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.258021][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.386144][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.746438][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.909321][T18669] new mount options do not match the existing superblock, will be ignored [ 881.936774][T18669] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 881.952371][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.758610][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.939409][T16459] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.299220][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.817893][T18680] exFAT-fs (loop3): unable to read boot sector [ 883.817938][T18680] exFAT-fs (loop3): failed to read boot sector [ 883.817972][T18680] exFAT-fs (loop3): failed to recognize exfat type [ 884.041146][ C0] vkms_vblank_simulate: vblank timer overrun [ 884.218715][ C0] vkms_vblank_simulate: vblank timer overrun [ 884.559446][T16459] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 884.604108][ C0] vkms_vblank_simulate: vblank timer overrun [ 887.559182][T18705] new mount options do not match the existing superblock, will be ignored [ 887.560414][T18705] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 890.672009][T18727] new mount options do not match the existing superblock, will be ignored [ 890.696820][T18727] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 892.388816][T16459] bridge_slave_1: left allmulticast mode [ 892.388851][T16459] bridge_slave_1: left promiscuous mode [ 892.389123][T16459] bridge0: port 2(bridge_slave_1) entered disabled state [ 892.463635][T18735] input: syz1 as /devices/virtual/input/input31 [ 892.478357][T16459] bridge_slave_0: left allmulticast mode [ 892.478375][T16459] bridge_slave_0: left promiscuous mode [ 892.479028][T16459] bridge0: port 1(bridge_slave_0) entered disabled state [ 923.368316][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.132765][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.299541][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.608336][ C0] vkms_vblank_simulate: vblank timer overrun [ 924.767890][ C0] vkms_vblank_simulate: vblank timer overrun [ 925.169165][ C0] vkms_vblank_simulate: vblank timer overrun [ 925.277113][ C0] vkms_vblank_simulate: vblank timer overrun [ 925.580070][T16459] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 926.067817][T16459] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 926.373664][ C0] vkms_vblank_simulate: vblank timer overrun [ 926.393927][T16459] bond0 (unregistering): Released all slaves [ 928.019271][ C0] vkms_vblank_simulate: vblank timer overrun [ 928.053939][ C0] vkms_vblank_simulate: vblank timer overrun [ 932.617193][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 972.471128][T16459] hsr_slave_0: left promiscuous mode [ 975.214070][T16459] hsr_slave_1: left promiscuous mode [ 975.215001][T16459] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 975.215024][T16459] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 975.798410][T16459] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 975.798428][T16459] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 978.309380][T16459] veth1_macvtap: left promiscuous mode [ 978.309483][T16459] veth0_macvtap: left promiscuous mode [ 978.309739][T16459] veth1_vlan: left promiscuous mode [ 978.309940][T16459] veth0_vlan: left promiscuous mode [ 986.288150][T16459] team0 (unregistering): Port device vlan2 removed [ 993.084372][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1014.014694][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1014.068106][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1014.081198][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1014.083505][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1014.088527][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1016.230113][ T5804] Bluetooth: hci1: command tx timeout [ 1018.281068][ T5804] Bluetooth: hci1: command tx timeout [ 1020.361035][ T5804] Bluetooth: hci1: command tx timeout [ 1022.441582][ T5804] Bluetooth: hci1: command tx timeout [ 1057.806519][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1062.193792][T16459] team0 (unregistering): Port device team_slave_1 removed [ 1064.114538][T16459] team0 (unregistering): Port device team_slave_0 removed [ 1072.990106][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1073.024229][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1073.027674][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1073.045284][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1073.046099][ T5805] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1075.190773][ T5804] Bluetooth: hci3: command tx timeout [ 1077.236028][ T5804] Bluetooth: hci3: command tx timeout [ 1079.322887][ T5804] Bluetooth: hci3: command tx timeout [ 1081.419057][ T5804] Bluetooth: hci3: command tx timeout [ 1115.868858][T20002] dns_resolver: Unsupported server list version (0) [ 1116.370334][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1123.631171][ T38] INFO: task kworker/u8:16:6299 blocked for more than 144 seconds. [ 1123.631189][ T38] Not tainted syzkaller #0 [ 1123.631194][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1123.631200][ T38] task:kworker/u8:16 state:D stack:12664 pid:6299 tgid:6299 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1123.631227][ T38] Workqueue: events_unbound linkwatch_event [ 1123.631246][ T38] Call Trace: [ 1123.631252][ T38] [ 1123.631261][ T38] __schedule+0x16f3/0x4c20 [ 1123.631281][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1123.631300][ T38] ? __pfx___schedule+0x10/0x10 [ 1123.631323][ T38] rt_mutex_schedule+0x77/0xf0 [ 1123.631338][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1123.631359][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 1123.631374][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 1123.631388][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 1123.631402][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1123.631421][ T38] ? linkwatch_event+0xe/0x60 [ 1123.631436][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 1123.631450][ T38] ? linkwatch_event+0xe/0x60 [ 1123.631460][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1123.631472][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1123.631482][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 1123.631494][ T38] linkwatch_event+0xe/0x60 [ 1123.631505][ T38] process_scheduled_works+0xade/0x17b0 [ 1123.631531][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 1123.631552][ T38] worker_thread+0x8a0/0xda0 [ 1123.631565][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1123.631581][ T38] ? __kthread_parkme+0x7b/0x200 [ 1123.631598][ T38] kthread+0x711/0x8a0 [ 1123.631613][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1123.631624][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.631635][ T38] ? rt_spin_unlock+0x150/0x200 [ 1123.631651][ T38] ? rt_spin_unlock+0x161/0x200 [ 1123.631662][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.631676][ T38] ret_from_fork+0x4b9/0x870 [ 1123.631688][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1123.631704][ T38] ? __switch_to_asm+0x39/0x70 [ 1123.631715][ T38] ? __switch_to_asm+0x33/0x70 [ 1123.631726][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.631744][ T38] ret_from_fork_asm+0x1a/0x30 [ 1123.631835][ T38] [ 1123.631877][ T38] [ 1123.631877][ T38] Showing all locks held in the system: [ 1123.631887][ T38] 1 lock held by khungtaskd/38: [ 1123.631893][ T38] #0: ffffffff8d7aa500 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1123.631940][ T38] 2 locks held by getty/5561: [ 1123.631945][ T38] #0: ffff88823bf2a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1123.631972][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 1123.631995][ T38] 4 locks held by syz-executor/5813: [ 1123.632003][ T38] 3 locks held by kworker/0:5/5846: [ 1123.632008][ T38] #0: ffff88813fe19138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1123.632031][ T38] #1: ffffc90004f7fba0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1123.632054][ T38] #2: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 1123.632086][ T38] 3 locks held by kworker/u8:16/6299: [ 1123.632092][ T38] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1123.632118][ T38] #1: ffffc90006107ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1123.632141][ T38] #2: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1123.632163][ T38] 5 locks held by syz-executor/6624: [ 1123.632169][ T38] #0: ffffffff8d8650b0 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x131/0x4b0 [ 1123.632192][ T38] #1: ffff8880356d3050 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x126/0x1ae0 [ 1123.632217][ T38] #2: ffff88803b3fc750 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x20f/0x1ae0 [ 1123.632242][ T38] #3: ffffffff8d8ca2e8 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 1123.632265][ T38] #4: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: put_cpu_partial+0x9d/0x210 [ 1123.632293][ T38] 4 locks held by kworker/u8:17/8686: [ 1123.632300][ T38] 3 locks held by kworker/1:9/14882: [ 1123.632306][ T38] 6 locks held by kworker/u8:14/16452: [ 1123.632311][ T38] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1123.632336][ T38] #1: ffffc90010177ba0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1123.632359][ T38] #2: ffff88803d624300 (&devlink->lock_key#7){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 1123.632389][ T38] #3: ffff88805db15520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 1123.632415][ T38] #4: ffffffff8d7aa500 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1c1/0x3e0 [ 1123.632439][ T38] #5: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: ___slab_alloc+0x2ad/0x13f0 [ 1123.632462][ T38] 3 locks held by kworker/u8:19/16454: [ 1123.632467][ T38] #0: ffff88814d0d8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1123.632490][ T38] #1: ffffc90010137ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1123.632515][ T38] #2: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1123.632540][ T38] 6 locks held by kworker/u8:21/16456: [ 1123.632546][ T38] 4 locks held by kworker/u8:22/16459: [ 1123.632552][ T38] 2 locks held by kworker/0:2H/17600: [ 1123.632558][ T38] 1 lock held by syz.3.4734/17980: [ 1123.632563][ T38] #0: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 1123.632590][ T38] 1 lock held by syz-executor/19508: [ 1123.632595][ T38] #0: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1123.632621][ T38] 1 lock held by syz-executor/19798: [ 1123.632626][ T38] #0: ffffffff8ea776b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1123.632650][ T38] 1 lock held by syz.7.5441/20014: [ 1123.632655][ T38] 1 lock held by syz.1.5443/20021: [ 1123.632660][ T38] #0: ffff88805d096a78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 1123.632688][ T38] [ 1123.632691][ T38] ============================================= [ 1123.632691][ T38] [ 1123.632696][ T38] NMI backtrace for cpu 0 [ 1123.632705][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1123.632716][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1123.632722][ T38] Call Trace: [ 1123.632726][ T38] [ 1123.632730][ T38] dump_stack_lvl+0x189/0x250 [ 1123.632743][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1123.632754][ T38] ? __pfx__printk+0x10/0x10 [ 1123.632776][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 1123.632791][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1123.632805][ T38] ? __pfx__printk+0x10/0x10 [ 1123.632818][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1123.632830][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1123.632844][ T38] watchdog+0xf60/0xfa0 [ 1123.632860][ T38] ? watchdog+0x1e2/0xfa0 [ 1123.632875][ T38] kthread+0x711/0x8a0 [ 1123.632898][ T38] ? __pfx_watchdog+0x10/0x10 [ 1123.632910][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.632921][ T38] ? rt_spin_unlock+0x150/0x200 [ 1123.632936][ T38] ? rt_spin_unlock+0x161/0x200 [ 1123.632948][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.632961][ T38] ret_from_fork+0x4b9/0x870 [ 1123.632973][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1123.632987][ T38] ? __switch_to_asm+0x39/0x70 [ 1123.632998][ T38] ? __switch_to_asm+0x33/0x70 [ 1123.633012][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.633026][ T38] ret_from_fork_asm+0x1a/0x30 [ 1123.633045][ T38] [ 1123.633065][ T38] Sending NMI from CPU 0 to CPUs 1: [ 1123.633117][ C1] NMI backtrace for cpu 1 [ 1123.633133][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1123.633159][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1123.633168][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 1123.633198][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 c6 22 00 f3 0f 1e fa fb f4 88 c1 03 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 1123.633211][ C1] RSP: 0018:ffffc900001d7de0 EFLAGS: 000002c6 [ 1123.633224][ C1] RAX: 8b916388808b3500 RBX: ffffffff8194dd17 RCX: 8b916388808b3500 [ 1123.633236][ C1] RDX: 0000000000000001 RSI: ffffffff8ce644a1 RDI: ffffffff8b3f4b60 [ 1123.633246][ C1] RBP: ffffc900001d7f10 R08: ffff8880b89334db R09: 1ffff1101712669b [ 1123.633257][ C1] R10: dffffc0000000000 R11: ffffed101712669c R12: ffffffff8ef76570 [ 1123.633268][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110037d7b40 [ 1123.633279][ C1] FS: 0000000000000000(0000) GS:ffff888126ccb000(0000) knlGS:0000000000000000 [ 1123.633291][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1123.633301][ C1] CR2: 0000001b2f112ff8 CR3: 000000003d72e000 CR4: 00000000003526f0 [ 1123.633321][ C1] Call Trace: [ 1123.633408][ C1] [ 1123.633423][ C1] default_idle+0x13/0x20 [ 1123.633510][ C1] default_idle_call+0x73/0xb0 [ 1123.633529][ C1] do_idle+0x1e7/0x510 [ 1123.633548][ C1] ? __pfx_do_idle+0x10/0x10 [ 1123.633573][ C1] cpu_startup_entry+0x44/0x60 [ 1123.633589][ C1] start_secondary+0x101/0x110 [ 1123.633607][ C1] common_startup_64+0x13e/0x147 [ 1123.633638][ C1] [ 1123.634197][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 1123.634208][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1123.634220][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1123.634226][ T38] Call Trace: [ 1123.634232][ T38] [ 1123.634237][ T38] dump_stack_lvl+0x99/0x250 [ 1123.634251][ T38] ? __asan_memcpy+0x40/0x70 [ 1123.634262][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1123.634273][ T38] ? __pfx__printk+0x10/0x10 [ 1123.634290][ T38] vpanic+0x237/0x6d0 [ 1123.634300][ T38] ? __pfx_vpanic+0x10/0x10 [ 1123.634309][ T38] ? preempt_schedule_common+0x83/0xd0 [ 1123.634323][ T38] panic+0xb9/0xc0 [ 1123.634338][ T38] ? __pfx_panic+0x10/0x10 [ 1123.634348][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 1123.634365][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 1123.634380][ T38] watchdog+0xf9f/0xfa0 [ 1123.634396][ T38] ? watchdog+0x1e2/0xfa0 [ 1123.634411][ T38] kthread+0x711/0x8a0 [ 1123.634425][ T38] ? __pfx_watchdog+0x10/0x10 [ 1123.634437][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.634448][ T38] ? rt_spin_unlock+0x150/0x200 [ 1123.634463][ T38] ? rt_spin_unlock+0x161/0x200 [ 1123.634475][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.634489][ T38] ret_from_fork+0x4b9/0x870 [ 1123.634501][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1123.634515][ T38] ? __switch_to_asm+0x39/0x70 [ 1123.634526][ T38] ? __switch_to_asm+0x33/0x70 [ 1123.634537][ T38] ? __pfx_kthread+0x10/0x10 [ 1123.634550][ T38] ret_from_fork_asm+0x1a/0x30 [ 1123.634569][ T38] [ 1123.634923][ T38] Kernel Offset: disabled