last executing test programs: 28.822103571s ago: executing program 1 (id=1276): openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x80) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x1, 0xc8a3, 0x4, 0xf, 0x30000, 0xdb3}) syz_usb_connect(0x4, 0x0, 0x0, 0x0) epoll_create1(0x0) syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec28, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x20af, 0x6d82, 0x0, 0x0, 0x0) 25.468290045s ago: executing program 1 (id=1284): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20024894) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, 0x0, &(0x7f0000ffe000)) syz_open_procfs(0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=""/214, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000002440)={{0x0, 0xfffffffffffffff8, 0x5, 0x7, 0x6, 0x8000000000000000, 0x1, 0x3, 0x6, 0x5, 0x0, 0x5, 0x5, 0x4, 0x7}}) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) 20.691962064s ago: executing program 3 (id=1289): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fchownat(0xffffffffffffffff, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008f9000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r4, @ANYBLOB="0000000008000000b705000008000000850000005d00000095"], &(0x7f0000000300)='GPL\x00', 0x2, 0x100a, &(0x7f0000002500)=""/4106, 0x0, 0x5}, 0x94) 18.195613508s ago: executing program 3 (id=1291): r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfc, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000180), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x1e) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x83) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) read$dsp(r2, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e23, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}}, 0x4, 0x2, 0xe, 0x7588, 0x168, 0xfffffffc, 0x7}, &(0x7f0000000140)=0x9c) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vxcan0\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x7101}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 16.737810892s ago: executing program 3 (id=1292): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xfffff000) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x3}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0x2, 0x2, 0x1) syz_io_uring_setup(0x332e, &(0x7f0000000480)={0x0, 0xaeb7, 0x40, 0x3, 0x2d9}, 0x0, &(0x7f0000000400)) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, 0x0, 0x0) connect$unix(r2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00'}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00'}, 0x18) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) userfaultfd(0x80001) 16.575084284s ago: executing program 2 (id=1293): openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x80) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec28, 0x400, 0x1, 0x40000333}, 0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x20af, 0x6d82, 0x0, 0x0, 0x0) 16.046562786s ago: executing program 4 (id=1294): openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x80) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x1, 0xc8a3, 0x4, 0xf, 0x30000, 0xdb3}) syz_usb_connect(0x4, 0x0, 0x0, 0x0) epoll_create1(0x0) syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec28, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x20af, 0x6d82, 0x0, 0x0, 0x0) 13.72016815s ago: executing program 4 (id=1295): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000440)=ANY=[], 0x0, 0x39, 0x0, 0x1, 0x9}, 0x28) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1c0000, 0x1, &(0x7f0000000040)) userfaultfd(0x802) openat$rfkill(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0) epoll_create1(0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) syz_io_uring_setup(0x32b7, &(0x7f0000000180)={0x0, 0x7f1, 0x1, 0x4, 0x41}, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x2000fb) io_setup(0x4, &(0x7f00000014c0)) 13.64258636s ago: executing program 2 (id=1296): syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}]}}]}}]}}, 0x0) syz_emit_ethernet(0x76, &(0x7f00000004c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d3ffff", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x502, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @remote, [@hopopts={0x3a}], "a87f7292fee6ad36"}}}}}}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') getsockopt$inet6_mreq(r1, 0x29, 0x15, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000005fc0)={@remote, @empty, @empty, 0x7, 0x8000, 0x40, 0x400, 0x5, 0x18c0012}) 13.220192208s ago: executing program 1 (id=1297): setresuid(0xffffffffffffffff, 0xee01, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x3}}, 0x10) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x101d0) 11.950903448s ago: executing program 3 (id=1299): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, 0x0, 0x0) 11.760334615s ago: executing program 3 (id=1300): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) clock_adjtime(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_delroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xff}}, 0x1c}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x11, 0x0, 0x1}]}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffc01, 0x400}}, './file0\x00'}) ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f0000001540)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mremap(&(0x7f0000e2f000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f0000c53000/0x3000)=nil) 11.672595473s ago: executing program 0 (id=1301): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r3, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0) write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000003b40)=0x4000000) close(0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)) sendmsg$NFC_CMD_LLC_SET_PARAMS(r7, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x12) 11.566731907s ago: executing program 4 (id=1302): r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfc, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000180), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x1e) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x83) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) read$dsp(r2, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e23, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}}, 0x4, 0x2, 0xe, 0x7588, 0x168, 0xfffffffc, 0x7}, &(0x7f0000000140)=0x9c) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vxcan0\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x7101}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 10.768798138s ago: executing program 2 (id=1303): getpid() r0 = socket(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000810000000200000009"], 0x48) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5, r2, 0x0, 0x20}, 0x38) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0xef4, &(0x7f00000003c0)={0x0, 0x26c3, 0x1, 0x3, 0x0, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, 0x0) io_uring_enter(r5, 0x2ded, 0x4000, 0x10, 0x0, 0x0) ioprio_get$uid(0x3, 0x0) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r1, 0x0, 0xb) r8 = syz_open_dev$vim2m(&(0x7f0000000580), 0x4, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000100)=0x1) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x52ec3) bind$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) 9.69568997s ago: executing program 4 (id=1304): openat$binderfs(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r3, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0) write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000003b40)=0x4000000) close(0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)) sendmsg$NFC_CMD_LLC_SET_PARAMS(r7, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x12) 9.671833474s ago: executing program 1 (id=1305): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) clock_adjtime(0x0, &(0x7f0000000100)={0x2, 0x6a, 0x5, 0x8000000000000001, 0x48c, 0x5, 0xd, 0x424, 0x2, 0xffffffffffffffff, 0xf423f, 0xfffffffffffffff9, 0x7, 0x2, 0x1000000081, 0x5, 0x0, 0x5, 0x0, 0x9220000000000000, 0x3, 0x0, 0x80000001, 0x0, 0x5, 0x7}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_delroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xff}}, 0x1c}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x11, 0x0, 0x1}]}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xfffffc01, 0x400}}, './file0\x00'}) ioctl$KVM_GET_XSAVE(r6, 0x9000aea4, &(0x7f0000001540)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mremap(&(0x7f0000e2f000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f0000c53000/0x3000)=nil) 9.316469871s ago: executing program 0 (id=1306): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040), 0x10) r3 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f0000000040), 0x4) r4 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r4, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r4, 0x0, 0x0, 0x24008094) recvmsg(0xffffffffffffffff, 0x0, 0x10000) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7, 0x0, 0x8}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x7fffffffff, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0xfffffffffffffffc}, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="a80000000408050000000000000000000200000244000480080005400000004008000740000000070800014000000fff08000640000000070800014000000fff0800054000000002080008400000000208000640000000100900010073797a30000000000600024086dd000014000480080002400000003408000740000000051c0044800800014000000008080001400000008c080001400000000b0900010073797a31000000"], 0xa8}, 0x1, 0x0, 0x0, 0x10}, 0x4000081) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) timerfd_create(0x7, 0x80800) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'adq12b\x00', [0x4f27, 0x2, 0x10000, 0x4, 0xe, 0x0, 0x3, 0x7, 0xa, 0x1, 0x8001, 0x4, 0xff6b, 0x801, 0xfffffffe, 0xb4b, 0x0, 0xfffffffe, 0x3, 0x40000003, 0x89, 0xcaa7, 0x201ff, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x6, 0x65c, 0x0, 0xfffffff8]}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000007000000050000000100000f100000000700004820000000080e0000006f61303061"], &(0x7f0000005bc0)=""/255, 0x37, 0xff, 0x9, 0x1000}, 0x28) 8.521490416s ago: executing program 2 (id=1307): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) syz_emit_ethernet(0x46, &(0x7f0000000140)={@link_local, @random="dce65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x10, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}}}}}}}}, 0x0) recvmmsg(r1, &(0x7f0000000340), 0x4000000000000da, 0xda, 0x0) 7.267595367s ago: executing program 3 (id=1308): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20024894) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, 0x0, &(0x7f0000ffe000)) syz_open_procfs(0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=""/214, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000002440)={{0x0, 0xfffffffffffffff8, 0x5, 0x7, 0x6, 0x8000000000000000, 0x1, 0x3, 0x6, 0x5, 0x0, 0x5, 0x5, 0x4, 0x7}}) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) 6.465532604s ago: executing program 0 (id=1309): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 6.464770593s ago: executing program 2 (id=1310): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) r3 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r4 = syz_io_uring_setup(0x38a9, &(0x7f0000000540)={0x0, 0x0, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r3}) io_uring_enter(r4, 0x40044fd, 0xb780, 0x0, 0x0, 0xfffffe71) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) rt_sigsuspend(&(0x7f0000000400), 0x8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) sendmsg$nl_route(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c00000000000304000000000700000000000000", @ANYRESDEC=r4, @ANYBLOB="00000000033a01003c0012800b00010062726964676500002c00028005001700"], 0x5c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) r8 = openat$dsp(0xffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl(0xffffffffffffffff, 0x5, &(0x7f0000000800)="0f467e311e965f2cdf70fcaf152d6e85fe717bb8bdebed3e4a1cc2a73a2c294398aee4f581c66ea8a056bd64b428a63393b7eaa8fce8a634eda1777846e67a041895422e405ef300b03c0957fd7af15410b0aace0767efb5ea47ccee3a7b10ed17d3debf36c88ca3279ba406ad641f56fcc83dfb5a698ced45dcd82ba2df2e027f725bbafa3eccc84114d867a5459d2ea366dbcb828e0612f55f58ea2c0b61c2c25c177f6deb93109be80a9767c9d86840d0576a59c4c69196bae6fa1dfe81e45bdd3243cd5270b0a0237c44ebd0f4024f3599d20c65b272bca686d857cc2d5f3a00b9ece8c0915e2733c6dbba861d93d7097263859e7e85f774bb300849041e6dda93fa286ad90355bbc11d6d0903fec948bbf482f5e2d8f104f8a1118625a5c4f3550930af6e3274ed801a2bd2a9d66db0988757affd8530895090e3946f7108fe7fdbd0b32925cfafe980c97c8c7645bf6dc0389f3abc3903c505145f0b6ba3ee7881c770319123d7f8829afb25633ded1a501fdf24755e4be0a50033c14ff770dbbce30cb955a953696cf539404662292cc36dab8a88b2983abbc8d1bfe3c72a80970d7727a1dfc29a2d6280d3daaa36b019500fb01d07fc34cb1a18ed8925da7750686ed8d7157825b95781ad77b6f67240b2b1494c500c6242f7a5af4f681a7f25f12ff4398bb0605af5f0214825483753f4deccf230bf07d6678efe69f2dec3638e65cad64729a5ece4b70d1ab0c108771ddc7ca0c5f4c4c9f42ba225e3f6c9adc1253a269573d93ca145ed69821a6025c6053a2d84ce958bc6982fac4e079b610e36b2925768339026d974d38ec8e330ddcbf51db84ff1b9283edf9bbdc4f08b5797cc1a2d36b2da3282e409dc1ea7366db5ae7baee67e33aec33ebd1221e39b168e88c5cb1caf95cda6675407e219d8a58941a7f621cbb0536f3d59dca5576c2160ac3bc4bcf03835ba25d09471f887fffd2c12e8acb0d4a9736deaae89f5e7e2ddb3d8b9ab02e22f3a6eea5162d5d2baf55c1db4eda4c89886842ce912b06d7f7e798a602874078895d353b543e501b4f841e998e49b8d6556b2e3a53cc8a43f87ee67da3a566e9f3ff63e394a491c2854f660912d23c2eb669b68f8e304d6ca8e8d1dc34239af9ae92df25a7cc8d5127397f7cd1c4c3009cfa427693c0648e5576462604baa4f11e42b06b5c06a20008dbba90613983cd92af7e2ad21c20b9bb6cf4ad8796d5ec22b3ca9e478b872813970be1e25d8c3615828a9fd3227d8e6dbe722682e01aa055799ab6daba93a4a1414b84e1cac932a3d18705387bee98bceae1056e0a1942cdfe6831849658f0b5c1ce63e89c104974025c9bf0df2c0f8308e50e9e02e4ad0ced7abd8c8d915c7075211239a510315f08a665a2c1fb8de744b05711e5a9902d9cde75515d51d190a062c229be43cd847799a7d35daf379dc9a20ac3211fe0d39315c19555619b4f0a5f5640f0571878cc91c18b19ab28b002c0bd8b6e77b4498dd525e6b23b68713dadd2a258530544a38960dd9a1ba0406ad23a72e7641212a17c970a190fa26b2499421682111dd0f4d1de47924f985ca6303d2ab007df3e644a8a3b699e0e71756953f9d43618a6551209fad267a98bb600631f8627a084fc2aac35d57eddd21096cf1fdb9c7423404e7b3090cb870fca66c2082acd26c9e10a73836b79bb580ec665f4899cad30c7ba44709d5bd27d8764a1df164f4867c4a02e767445f75a7ab3c366813dc0e0f8be9ccbb64f0a44fcc1d2ed3301eaa7d4591497405c4421f1b42273dcead093f32a98cad82f67dc645cbe913d319f6fd180d0c76bddaf1a5ee82cd5c07ba717b23e0e60f3d38f668c95ea166f234abf5771b7fee8355a7e81ee0f97d7f7f02c8c5c7640fd9a335019e3b069e2c0dc6289deed9f2db56b246f0450843bbdc98d30dbc063946d082151a24ce78d6c051d44e87682d964d4e7b2bf431f66eece38f4e3d8ba78c646e75351ad7784cde4bb858ab9c688338ed2fb22d237d296b49ad762ce7caa63d4542846ab79b4dcbac6d3bbaa81e290d452ca5ad80b9bf85fc6481bec9fb41525184cbc5e0cca65cf510b65f1cff7c56f698969570f5b5c64dae2648340e3f2a3b5dca146b37121934a7bbf99575f6ae04b8081b3ada675a5cc2ed9819075e9093f0307222c9d2fa8defc24bf2f23c8e539aad8454ab176b5a1cc7d81bff36b60a7ff6d863fba7d8894826fca9c024043f4979edf9f26a0825365cd2489ea762c9f2ed8ffe53168159cfaf1bdc392cf2ad3c2dc1d6eadb04553fc31b24b4e655324c679c781942c916ca3027125c52fbc0270a7e34d4e95e4d1af1663803df214d7a8704ab1872b285c1e2ada8af5e137749535f3f5ca9a128844e65853e22883f9a535a5c9abf4a966077e7cd77c5cdef8fd6a5d2d8ac2bdaf98b1f33cd17afd8a93078588037b26b410c247463dc296aa81a0a62232e31c24730550c42791411569ec88ed36fbe150f59e9a58cfc1d4b45cabb1225ff554e398f6e02a22e67abab25299de6add3f96c6925cfd0a213107f578fbabc93a50708930a54c8af6466c9e5ca75b99f9ee7a41eae3f5f5fac5db6bc2d4077d8b5e71432f2b70db1c8540b67a8c1291014856ac8a5464d63e982e43415cccd0120c18b783cc85f30aab9f20717d4a904d2026d4ccf91e18ed7fa21cf34f980d4b34439aa1736509449638a86abe526089554c4357055bc5887096c5a80812b98747b4a8846bc81529414168459fe6c696fc9c67228586194d4ce30e05c9e1877581ea31d7d20144747e20ab3a51ea999fd002880f44dc91a652b039e626ec76c1a42ba7e98cc01c74a9f9fc2f182af0179e91bf2cdbd8f7b6744c484c146b73fb96c8c3b41b44cc9415fcfaf815760f0abc28af3388c2caf73935158a5e25d6baa387a2a33211123f498dc44385c611889b6bd67b00ad01ea6fdfd5f56c02b80ec4c0ded52bd7e899b0a27cb286453910d5ca20ec868adbcb5815c26a18328836dd77203e1ada4ddf6dab25756de9ec78e1084d66b2f05ed844466775cc2eb155eeec94568cfc8989957f1f93330a0585dfc6a3554d75a55d492dd777f9d4f2e2ecbb0977e0efc1e217af7fb59d498adf1432b656580e97400d142d75a44da71bfae8de196dc3eb6c72135cd5875e0e18d234ecb30da7310086fed88e7790707e618f18fb9f72deb68e0b208497be17af1dc246827472b153f94f2ff024e2b502afd3880780ce018ba02981fe05b0502d51ae37409b87a19b9d13675815a038bcba54eaa2605a4db871cc4c9b126190fd7ec459e9f96fd3b8d9db2e7a65b8a92dbd0e71374f384e530fc9bc5ed2930e995fca6f792deb99cd5e0d4e3dd4d64a8e046ec11106a96146761a685c48730fc7cda4198d2b150b8ee76314211127144cf97a48e2b33df6a544e2a31ec166289fd030c7885c72e75f550131e3aab08553f722f5ded628823a9e0fa8539a9ae64b3989356ddcb72e5a006ae0dc826d5b86e7dbc672ec4b1932ef3d85aab0448ac742dfb5c73786b16b1e8f06ac6d84a9426c7cd6501816fbd7393f6986e0e829d5bab4e61e4754fb4f4d43b338a751355f53c646b25a99abf2a55184cfe6fb89a1af07060d8d9a0b4e6eae2f4bdf9d25e20793861951e00c2fcc384db942af3018bf32642f7f02009078bba263878923452926add6aa05d48da2d60a369565d047cf6c3b5d1046eeb29f4805d0ba569e9552237e7acdfa8fbfca58f553a3d3e106b6a39259e3c190aa8b8b94c6821f3da34f60574b9e3d44550cabb699e722bfafb8dff5498fc51856751ad80f118964fd60af05f350451ca7f1c1b3c838d3c15b2e280f7c69a1e3ea406069b08612c1b3c269c740382a869bf535d05eb66ee63c8f254279733b136d8946a351c9619a79a3d73632c3c10046da2e1249a6630a89190fd223c5cd64350510b7536be3cb0680b43cc70e093712eecd094082222059821a2c9ec0e1d9a906c2c7390d8e17749a7d2073c179067d61cb83b6a9eda5f816e44683b082e0931e94c6c549c31da197d83df3a25db88eaba9404a219f3841177fa922596b69cdccd2c63f295a68702b4763bc1b11c29eec11361b911a73e03389641a026f961cc321b10af3dc909b6b914602a4218a1276c826a728231cac77a95a40ab71e62e202b162c5290506cbe3a073481ce1828203169ba922012b4b7c02833eefa026aa53fff889e7351d5b9ef491615daf869f4b8ccb23395ea9f67dbe6e26533b96dff1956f185dabbefa6c817f5b769d058402c5574b7f1f16aba7b6f82a5ab1055581c01bcfa3bc701ac0eeea84c58080234ad6441fe423ef48fc622197e2c63478ddf998bbddda91835489d08e9ea24b8d69c6d777d88555a44404457fa82d414fc7877e13b43201274fd446eaaac6a19c2782ba7ad6398d8668de675489dad05d25ed1e7ab66ee8c075e31f3bbf55e0f2f5192bd3aa30c07872144f1562660314d1b5d15a8c6fc8b83c9a2b5fa0e8f525510eaf3ba33f55fcdcfc0c504b4c1f2de293bbe304b7845c3157004567fff98f43a61bb8222d82fd8e987178b7080a7602602140130b574e8364af63e6eb9dcc39a83936c8f8a08794c392cd7b67573f5997f4ed161493a0fbf27852fb988b619b5b34e24458a64bfac11a7cacfc04563182b76fe2cef6219b06ebfc7b24302270bd43a90bb86e539bb8b484a20424862ae6dfa64c005f15e57065a33f4b8587d5e3e5fea941a384d77c200340d47ae0f89fe36e91801f9317a7308190ad9ae431eb21e5445dc491247111a3c0ee16f2a79db878b686a198c9344f48e7fb09bc2db9f5409cbb070a633fcf2e5959e64d1e68a903b42179684a795167a5ca3c20cc0c207035ecf037fca5d5348da91adf72bd624b6d7d59d280bb37322bd336d9c2e736d4d689c8fb57c47c96fb04dcc6bca698b05eaa303674ca5a2395e0f7cc8a641a32e8510f90e4c404d55c48b8cfe84a587700d1ae5a9cf4eed4e61d8ec4c1c409761ee1db0d359ffc2f715d7b8e12fd215de84b2389eb6d09375d2e7e076dcc2cd9710e1972241f44da9da2cf832269472bde28140d472c1a113329a47012f6091804f5f6ddd45397b9dfd62b771d45fc42aa683c100557d797a046587da64fea628ea82bc74910d28b3396021ba44dbac4a1b577847f0ef6d623401261c9ecbc9d9ba6cf9efbeacb310e1c73e7b6c575d31b2d3f5c9333ce6ed0a4e75014f6df828809c6bd6c90f9f994e71a04a74b20d4a33613400b438f80fa2f4642612c383985fa04c1b1e70fc10cfb305bc7e061ec43bf4a3ede77ff3bebdcf7d1dfe77a42e01f22a34bc3dfbc8998f5c8825cbea6a2b10a4b2a1023a5be516d09de9786fcb755ce8a57a9453921064b71587ca70e2da33e0d6535e5642f6aedbf342db5448b6a48b2225de6c04068a581688f0d3fe5c85c9cd7d3822bc63a6f092c5ca00f237fb0a8d1dafa96788b68fd0706e3202c9896f1cf4ca692526a37c6d25127409a50b336d120d48494a59d8a005dbecd3084cac7cd340c4eaf63b872d9e8f6c67d1008123d339399db48c63c47a992089dfbbcb40e608e0b7d94a449ca9bc41f14bfb217d9b3360e424a85dfeff7657102a89cde659c1289a72fcb4befc830653167c837b11ce64f6e1122ede019a5eec02693cdf50030f7bc15b75e15bd21fea74bc9ad7eaea55895d229153988eb2e6459876d1d9c2b8486c6b8c1d5a2ccf49393e806f0ff44b14fd830dfc740e3f37910284e458edb70") write$dsp(r8, &(0x7f0000000180)="27b6407e9ac147085035a5fc41a6d87d0a5fdcc9395388fbbc6191794eddc8d7f969c9a16eecb0b5acc1a95350d5467160a95be8bb234500f9865d30a173137fe7b24fc9bb0d8d94c996601860a9ba68b2b14cbbea5626e3602c7a4698861abb42f5999acccc3bd47753c779e8735301d0a2c48af6614cc083", 0x79) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r10 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r10, 0xc0184800, &(0x7f0000000100)={0x4, r9}) ioctl$DMA_BUF_IOCTL_SYNC(r11, 0x40086200, &(0x7f0000000080)=0x7) r12 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000380), &(0x7f00000003c0)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x3, 0x3, 0x8}) ioctl$KDDELIO(r12, 0x4b34, 0x3bf) 5.91069782s ago: executing program 0 (id=1311): syz_open_dev$tty1(0xc, 0x4, 0x1) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0) 3.794425823s ago: executing program 4 (id=1312): r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfc, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000180), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x1e) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x83) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc000) read$dsp(r2, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x7101}) socket$packet(0x11, 0x3, 0x300) r3 = socket$netlink(0x10, 0x3, 0x4) write(r3, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 2.703234099s ago: executing program 0 (id=1313): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x95) r0 = fsopen(&(0x7f0000000080)='securityfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r1, &(0x7f00000018c0)=ANY=[@ANYBLOB="20ff0300f10000000100000000000000000000000000000005010000f8ffffff3d0000000000d9085370e929719bbdff239cd183f7f71df61a60bfc5844f6630d08f3bd32fd92c5defead90f3bf164b78f87a04abb0c3b2cedceaee99003090c77f6426d0436b4733a77d7c1f414a29b2b19852d39c4d42e40968f3030c4250d07b46ead8569536898b9ac"], 0x10040) r2 = fsmount(r0, 0x0, 0xf) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCPKT(r2, 0x5420, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2f8dcc29250"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000001d80)={0x0, 0x0, {0x0, @struct}, {}, {0x0, @struct, 0x0}}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000008c0)={{}, 0x0, 0x2, @inherit={0x68, 0x0}, @devid=r6}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000019080)={r6, 0x80, 0x3ff, 0x1}) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000880)={r6, 0x6, 0x8}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) r8 = syz_io_uring_setup(0x49c, &(0x7f0000000400)={0x0, 0x7078, 0x0, 0x0, 0x284}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_FADVISE={0x18, 0x1, 0x0, @fd, 0x7, 0x0, 0x3c, 0x2, 0x1}) syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) io_uring_enter(r8, 0x3516, 0x0, 0x4, 0x0, 0x0) 2.263103322s ago: executing program 4 (id=1314): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_delete(0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) userfaultfd(0x802) epoll_create1(0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) syz_io_uring_setup(0x32b7, &(0x7f0000000180)={0x0, 0x7f1, 0x1, 0x4, 0x41}, 0x0, 0x0) sendfile(r2, r2, 0x0, 0x2000fb) io_setup(0x4, &(0x7f00000014c0)) 2.164267132s ago: executing program 1 (id=1315): r0 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfc, 0x10004400}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000001100)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000180), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x1e) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x83) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc000) read$dsp(r2, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e23, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}}, 0x4, 0x2, 0xe, 0x7588, 0x168, 0xfffffffc, 0x7}, &(0x7f0000000140)=0x9c) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vxcan0\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x7101}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 410.266636ms ago: executing program 2 (id=1316): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) r1 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000040), 0x4) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r2, 0x0, 0x0, 0x24008094) recvmsg(0xffffffffffffffff, 0x0, 0x10000) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x8}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x7fffffffff, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0xfffffffffffffffc}, 0x0, 0x0) 314.297461ms ago: executing program 0 (id=1317): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xfffff000) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x3}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0x2, 0x2, 0x1) syz_io_uring_setup(0x332e, &(0x7f0000000480)={0x0, 0xaeb7, 0x40, 0x3, 0x2d9}, 0x0, &(0x7f0000000400)) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, 0x0, 0x0) connect$unix(r2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00'}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00'}, 0x18) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) userfaultfd(0x80001) 0s ago: executing program 1 (id=1318): add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x2255, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x50, 0xffffffffffffffff, 0x80000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x23) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil}) syz_open_dev$audion(&(0x7f0000000100), 0x9, 0x612000) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x1) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. [ 81.611791][ T5787] cgroup: Unknown subsys name 'net' [ 81.842418][ T5787] cgroup: Unknown subsys name 'cpuset' [ 81.897962][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.814632][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.041834][ T9] cfg80211: failed to load regulatory.db [ 87.732176][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.748548][ T5118] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.762559][ T5118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.763685][ T5118] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.765272][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.769331][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.773726][ T5118] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.775208][ T5811] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.778135][ T5118] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.780147][ T5811] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.780740][ T5118] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.793137][ T5118] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.796656][ T5118] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.800191][ T5118] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.802558][ T5118] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.804122][ T5118] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.817115][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.823966][ T5811] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.848114][ T5118] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.851154][ T5118] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.852657][ T5118] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.858442][ T5118] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.875204][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.876567][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.879135][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.888703][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 88.951289][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 89.108763][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 89.224700][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 89.232584][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 89.688647][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.689828][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.690420][ T5809] bridge_slave_0: entered allmulticast mode [ 89.692207][ T5809] bridge_slave_0: entered promiscuous mode [ 89.809741][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.809882][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.810077][ T5809] bridge_slave_1: entered allmulticast mode [ 89.812361][ T5809] bridge_slave_1: entered promiscuous mode [ 89.838875][ T5806] Bluetooth: hci4: command tx timeout [ 89.839071][ T5118] Bluetooth: hci0: command tx timeout [ 89.918912][ T5118] Bluetooth: hci2: command tx timeout [ 89.918933][ T5806] Bluetooth: hci3: command tx timeout [ 89.928413][ T5806] Bluetooth: hci1: command tx timeout [ 89.947464][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.947614][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.947759][ T5800] bridge_slave_0: entered allmulticast mode [ 89.949352][ T5800] bridge_slave_0: entered promiscuous mode [ 90.099437][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.099580][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.100124][ T5800] bridge_slave_1: entered allmulticast mode [ 90.102251][ T5800] bridge_slave_1: entered promiscuous mode [ 90.338936][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.339037][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.339169][ T5810] bridge_slave_0: entered allmulticast mode [ 90.340724][ T5810] bridge_slave_0: entered promiscuous mode [ 90.412187][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.538966][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.539126][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.539305][ T5810] bridge_slave_1: entered allmulticast mode [ 90.541272][ T5810] bridge_slave_1: entered promiscuous mode [ 90.646169][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.646448][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.646587][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.646708][ T5805] bridge_slave_0: entered allmulticast mode [ 90.659424][ T5805] bridge_slave_0: entered promiscuous mode [ 90.662968][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.663095][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.663252][ T5799] bridge_slave_0: entered allmulticast mode [ 90.665699][ T5799] bridge_slave_0: entered promiscuous mode [ 90.801870][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.858587][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.858725][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.858854][ T5805] bridge_slave_1: entered allmulticast mode [ 90.860440][ T5805] bridge_slave_1: entered promiscuous mode [ 90.862307][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.862410][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.862699][ T5799] bridge_slave_1: entered allmulticast mode [ 90.864294][ T5799] bridge_slave_1: entered promiscuous mode [ 91.050967][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.311708][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.400047][ T5809] team0: Port device team_slave_0 added [ 91.561441][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.660400][ T5809] team0: Port device team_slave_1 added [ 91.663800][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.668953][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.760687][ T5800] team0: Port device team_slave_0 added [ 91.820576][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.823887][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.890761][ T5800] team0: Port device team_slave_1 added [ 91.917641][ T5806] Bluetooth: hci0: command tx timeout [ 91.917659][ T5118] Bluetooth: hci4: command tx timeout [ 91.997492][ T5806] Bluetooth: hci2: command tx timeout [ 91.997527][ T5811] Bluetooth: hci3: command tx timeout [ 91.997617][ T5118] Bluetooth: hci1: command tx timeout [ 92.140559][ T5810] team0: Port device team_slave_0 added [ 92.540012][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.540025][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.540042][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.710583][ T5810] team0: Port device team_slave_1 added [ 92.788915][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.788930][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.788947][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.791496][ T5805] team0: Port device team_slave_0 added [ 92.793559][ T5799] team0: Port device team_slave_0 added [ 92.906302][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.906321][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.906342][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.911436][ T5805] team0: Port device team_slave_1 added [ 92.914394][ T5799] team0: Port device team_slave_1 added [ 93.169264][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.169285][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.169302][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.170421][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.170432][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.170449][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.376689][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.376708][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.376725][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.530164][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.530180][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.530197][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.531516][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.531531][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.531557][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.684637][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.684653][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.684680][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.686357][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.686368][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.686384][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.712970][ T5809] hsr_slave_0: entered promiscuous mode [ 93.714546][ T5809] hsr_slave_1: entered promiscuous mode [ 93.987168][ T5800] hsr_slave_0: entered promiscuous mode [ 93.989275][ T5800] hsr_slave_1: entered promiscuous mode [ 93.990412][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 93.990519][ T5800] Cannot create hsr debugfs directory [ 93.997377][ T5118] Bluetooth: hci0: command tx timeout [ 93.997406][ T5118] Bluetooth: hci4: command tx timeout [ 94.077607][ T5806] Bluetooth: hci2: command tx timeout [ 94.077634][ T5811] Bluetooth: hci3: command tx timeout [ 94.077727][ T5118] Bluetooth: hci1: command tx timeout [ 94.300946][ T5810] hsr_slave_0: entered promiscuous mode [ 94.302490][ T5810] hsr_slave_1: entered promiscuous mode [ 94.303655][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 94.303680][ T5810] Cannot create hsr debugfs directory [ 94.474171][ T5805] hsr_slave_0: entered promiscuous mode [ 94.475070][ T5805] hsr_slave_1: entered promiscuous mode [ 94.475685][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 94.475702][ T5805] Cannot create hsr debugfs directory [ 94.488518][ T5799] hsr_slave_0: entered promiscuous mode [ 94.489901][ T5799] hsr_slave_1: entered promiscuous mode [ 94.490900][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 94.490923][ T5799] Cannot create hsr debugfs directory [ 96.078798][ T5809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.079729][ T5118] Bluetooth: hci4: command tx timeout [ 96.079761][ T5118] Bluetooth: hci0: command tx timeout [ 96.127550][ T5809] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.157760][ T5118] Bluetooth: hci3: command tx timeout [ 96.157766][ T5811] Bluetooth: hci2: command tx timeout [ 96.157822][ T5806] Bluetooth: hci1: command tx timeout [ 96.162528][ T5809] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.225468][ T5809] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.338659][ T5799] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.384601][ T5799] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.417599][ T5799] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.470347][ T5799] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.602410][ T5800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 96.652192][ T5800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.683815][ T5800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.740629][ T5800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.882336][ T5805] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.924872][ T5805] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.978161][ T5805] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.035930][ T5805] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.166483][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.180617][ T5810] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.224358][ T5810] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.275301][ T5810] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.320226][ T5810] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.417093][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.480306][ T4095] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.481043][ T4095] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.522825][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.545153][ T4095] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.545716][ T4095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.627188][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.667055][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.691667][ T1482] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.691846][ T1482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.730548][ T1482] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.730691][ T1482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.791075][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.811275][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.832536][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.832672][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.882211][ T4007] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.882469][ T4007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.946505][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.993919][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.006344][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.009047][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.074371][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.074559][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.180793][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.234764][ T4095] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.234898][ T4095] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.261698][ T1449] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.263908][ T1449] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.405099][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.633339][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.806137][ T5809] veth0_vlan: entered promiscuous mode [ 98.865037][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.884228][ T5799] veth0_vlan: entered promiscuous mode [ 98.891023][ T5809] veth1_vlan: entered promiscuous mode [ 98.940579][ T5799] veth1_vlan: entered promiscuous mode [ 98.969983][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.115659][ T5809] veth0_macvtap: entered promiscuous mode [ 99.149917][ T5799] veth0_macvtap: entered promiscuous mode [ 99.152737][ T5809] veth1_macvtap: entered promiscuous mode [ 99.194417][ T5799] veth1_macvtap: entered promiscuous mode [ 99.296760][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.340089][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.354509][ T5805] veth0_vlan: entered promiscuous mode [ 99.385081][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.396578][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.419426][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.430503][ T5805] veth1_vlan: entered promiscuous mode [ 99.452120][ T4095] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.472304][ T4095] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.478418][ T4095] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.487058][ T4095] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.491918][ T4095] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.508139][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.515343][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.521655][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.834892][ T5805] veth0_macvtap: entered promiscuous mode [ 99.846460][ T5810] veth0_vlan: entered promiscuous mode [ 99.934557][ T5805] veth1_macvtap: entered promiscuous mode [ 99.965708][ T5800] veth0_vlan: entered promiscuous mode [ 99.991695][ T1482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.991720][ T1482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.993316][ T5810] veth1_vlan: entered promiscuous mode [ 100.063103][ T5800] veth1_vlan: entered promiscuous mode [ 100.085219][ T1428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.085242][ T1428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.111942][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.151628][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.191184][ T1482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.191209][ T1482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.224046][ T1115] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.230847][ T1115] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.266852][ T1115] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.279592][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.279614][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.285404][ T1115] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.320405][ T5810] veth0_macvtap: entered promiscuous mode [ 100.384791][ T5810] veth1_macvtap: entered promiscuous mode [ 100.406195][ T5800] veth0_macvtap: entered promiscuous mode [ 100.501692][ T5800] veth1_macvtap: entered promiscuous mode [ 100.624545][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.707161][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.790362][ T4095] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.792770][ T4095] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.794699][ T4095] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.831620][ T4095] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.834515][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.869558][ T3578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.869581][ T3578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.900783][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.157307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.157758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.158455][ T5923] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.247278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.257350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.377030][ T5924] mmap: syz.0.1 (5924) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.485788][ T4007] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.506746][ T4007] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.524584][ T4007] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.631786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.642491][ T4007] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.643594][ T3578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.643613][ T3578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.727290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.053508][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.053531][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.399773][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.399799][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.537281][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.627282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.823020][ T5931] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 102.947302][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.947410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.964826][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.965020][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.439884][ T4095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.439908][ T4095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.224741][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 116.757419][ T5789] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 116.997514][ T5789] usb 4-1: Using ep0 maxpacket: 16 [ 117.020985][ T5789] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 117.021020][ T5789] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 117.021042][ T5789] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 117.021063][ T5789] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 117.021082][ T5789] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 117.021104][ T5789] usb 4-1: config 0 has no interface number 0 [ 117.021211][ T5789] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 117.021241][ T5789] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 117.021276][ T5789] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 117.021315][ T5789] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 117.021342][ T5789] usb 4-1: config 0 interface 125 has no altsetting 0 [ 117.237658][ T5789] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 117.237692][ T5789] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.237713][ T5789] usb 4-1: Product: syz [ 117.237728][ T5789] usb 4-1: Manufacturer: syz [ 117.237743][ T5789] usb 4-1: SerialNumber: syz [ 117.384151][ T5789] usb 4-1: config 0 descriptor?? [ 118.786682][ T9] usb 4-1: USB disconnect, device number 2 [ 123.064817][ T6023] input: syz0 as /devices/virtual/input/input5 [ 123.242182][ T6027] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.480960][ T6022] vivid-000: kernel_thread() failed [ 124.741531][ T6042] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.412019][ T6042] warning: `syz.4.26' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 125.704597][ T6015] syz.3.22 (6015) used greatest stack depth: 18232 bytes left [ 128.733033][ T6053] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 128.734793][ T6053] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 128.992890][ T6053] vhci_hcd vhci_hcd.0: Device attached [ 129.676334][ T5892] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 130.324900][ T6055] vhci_hcd: connection reset by peer [ 130.335063][ T172] vhci_hcd vhci_hcd.0: stop threads [ 130.336191][ T172] vhci_hcd vhci_hcd.0: release socket [ 130.353791][ T172] vhci_hcd vhci_hcd.0: disconnect device [ 130.575889][ T6060] input: syz0 as /devices/virtual/input/input6 [ 134.867445][ T5892] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 136.961619][ T6094] vivid-000: kernel_thread() failed [ 137.136797][ T6095] input: syz0 as /devices/virtual/input/input7 [ 137.949981][ T6106] input: syz0 as /devices/virtual/input/input8 [ 138.418370][ T6105] vivid-000: kernel_thread() failed [ 138.540502][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.540608][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.521406][ T6118] netlink: 'syz.0.41': attribute type 10 has an invalid length. [ 141.811815][ T6113] syz.3.39 (6113) used greatest stack depth: 16944 bytes left [ 141.910313][ T6115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.020491][ T6118] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 144.072343][ T6149] No control pipe specified [ 148.332712][ T6169] netlink: 'syz.4.54': attribute type 10 has an invalid length. [ 148.723229][ T6181] input: syz0 as /devices/virtual/input/input11 [ 149.627378][ T6168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.356980][ T6169] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 156.220656][ T6223] input: syz0 as /devices/virtual/input/input12 [ 156.658790][ T6221] vivid-000: kernel_thread() failed [ 158.448345][ T6245] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 162.892512][ T6269] input: syz0 as /devices/virtual/input/input13 [ 163.192368][ T6268] vivid-000: kernel_thread() failed [ 174.376762][ T6326] binder: 6318:6326 ioctl 8008662c 200000000240 returned -22 [ 174.963107][ T6328] netlink: 28 bytes leftover after parsing attributes in process `syz.2.89'. [ 174.972627][ T6339] capability: warning: `syz.1.93' uses 32-bit capabilities (legacy support in use) [ 175.559318][ T6337] can0: slcan on ttyS3. [ 175.837927][ T6326] can0 (unregistered): slcan off ttyS3. [ 177.763912][ T6366] binder: 6361:6366 ioctl 8008662c 200000000240 returned -22 [ 178.337626][ T6366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.99'. [ 180.929816][ T6386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.104'. [ 181.438889][ T6389] Zero length message leads to an empty skb [ 181.448287][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 186.775657][ T6437] netlink: 'syz.3.117': attribute type 10 has an invalid length. [ 187.561404][ T6448] binder: 6445:6448 ioctl 8008662c 200000000240 returned -22 [ 187.599250][ T6433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.113298][ T6437] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 188.854099][ T6460] input: syz0 as /devices/virtual/input/input19 [ 189.277062][ T6459] vivid-000: kernel_thread() failed [ 199.832862][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.832944][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 210.458622][ T6573] can0: slcan on ttyS3. [ 212.006191][ T5802] Bluetooth: hci4: command 0x0406 tx timeout [ 212.006239][ T5802] Bluetooth: hci1: command 0x0406 tx timeout [ 212.007114][ T5802] Bluetooth: hci3: command 0x0406 tx timeout [ 212.007147][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 213.570584][ T6569] can0 (unregistered): slcan off ttyS3. [ 216.943685][ T6582] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 217.353137][ T6595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.158'. [ 217.497339][ T6582] usb 4-1: Using ep0 maxpacket: 16 [ 217.584457][ T6582] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 217.584489][ T6582] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 217.584511][ T6582] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 217.584533][ T6582] usb 4-1: config 0 has no interface number 1 [ 217.584603][ T6582] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 217.584633][ T6582] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 217.584656][ T6582] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 217.584694][ T6582] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 217.584732][ T6582] usb 4-1: config 0 interface 125 has no altsetting 0 [ 217.598216][ T6582] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 217.598250][ T6582] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.598271][ T6582] usb 4-1: Product: syz [ 217.598286][ T6582] usb 4-1: Manufacturer: syz [ 217.598301][ T6582] usb 4-1: SerialNumber: syz [ 217.746172][ T6582] usb 4-1: config 0 descriptor?? [ 217.902573][ T6596] syz.0.155 (6596) used greatest stack depth: 16288 bytes left [ 219.217577][ T6307] usb 4-1: USB disconnect, device number 3 [ 219.706667][ T6623] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 221.246785][ T6637] netlink: 'syz.2.171': attribute type 10 has an invalid length. [ 221.645623][ T6638] netlink: 'syz.3.172': attribute type 10 has an invalid length. [ 221.945240][ T6637] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 221.951146][ T6633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.000427][ T6635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.945696][ T948] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 223.117344][ T948] usb 2-1: Using ep0 maxpacket: 32 [ 223.126362][ T948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 223.135953][ T948] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 223.135991][ T948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.136011][ T948] usb 2-1: Product: syz [ 223.136025][ T948] usb 2-1: Manufacturer: syz [ 223.136038][ T948] usb 2-1: SerialNumber: syz [ 223.221484][ T948] usb 2-1: config 0 descriptor?? [ 223.247944][ T948] gs_usb 2-1:0.0: Required endpoints not found [ 223.638246][ T6582] usb 2-1: USB disconnect, device number 3 [ 226.601513][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 239.529431][ T805] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 239.689815][ T6742] binder: 6740:6742 ioctl 8008662c 200000000240 returned -22 [ 239.807350][ T805] usb 4-1: Using ep0 maxpacket: 32 [ 239.940987][ T805] usb 4-1: config 0 interface 0 has no altsetting 0 [ 239.951204][ T805] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 239.951237][ T805] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.951258][ T805] usb 4-1: Product: syz [ 239.951275][ T805] usb 4-1: Manufacturer: syz [ 239.951290][ T805] usb 4-1: SerialNumber: syz [ 240.114629][ T6745] netlink: 28 bytes leftover after parsing attributes in process `syz.4.203'. [ 241.145210][ T805] usb 4-1: config 0 descriptor?? [ 241.181385][ T805] gs_usb 4-1:0.0: Required endpoints not found [ 242.014781][ T6167] usb 4-1: USB disconnect, device number 4 [ 244.588083][ T6764] binder: 6758:6764 ioctl 8008662c 200000000240 returned -22 [ 245.497510][ T6768] netlink: 28 bytes leftover after parsing attributes in process `syz.2.208'. [ 246.041035][ T6772] binder: 6769:6772 ioctl 8008662c 200000000240 returned -22 [ 246.190759][ T6773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.209'. [ 261.729342][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.732182][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.197291][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 275.890324][ T6970] netlink: 'syz.4.257': attribute type 10 has an invalid length. [ 276.433921][ T6961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.589000][ T7016] binder: 7014:7016 ioctl 8008662c 200000000240 returned -22 [ 285.111707][ T7017] netlink: 28 bytes leftover after parsing attributes in process `syz.3.271'. [ 285.710334][ T7027] netlink: 'syz.0.272': attribute type 10 has an invalid length. [ 286.026321][ T7022] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.265891][ T7047] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 294.824612][ T7079] binder: 7077:7079 ioctl 8008662c 200000000240 returned -22 [ 295.458986][ T7081] netlink: 28 bytes leftover after parsing attributes in process `syz.3.286'. [ 297.063904][ T7101] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 297.078142][ T6841] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 297.227850][ T6841] usb 3-1: Using ep0 maxpacket: 16 [ 297.239356][ T6841] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 297.239390][ T6841] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 297.239412][ T6841] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 297.239432][ T6841] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 297.239451][ T6841] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 297.239472][ T6841] usb 3-1: config 0 has no interface number 0 [ 297.239526][ T6841] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 297.239555][ T6841] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 297.239579][ T6841] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 297.313071][ T6841] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 297.313115][ T6841] usb 3-1: config 0 interface 125 has no altsetting 2 [ 297.800430][ T6841] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 297.800466][ T6841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.800527][ T6841] usb 3-1: Product: syz [ 297.800543][ T6841] usb 3-1: Manufacturer: syz [ 297.800559][ T6841] usb 3-1: SerialNumber: syz [ 297.848289][ T6841] usb 3-1: config 0 descriptor?? [ 298.366874][ T6841] usb 3-1: selecting invalid altsetting 2 [ 299.075858][ T7112] netlink: 'syz.3.294': attribute type 10 has an invalid length. [ 299.076456][ T7111] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.541288][ T7121] binder: 7118:7121 ioctl 8008662c 200000000240 returned -22 [ 299.603047][ T6307] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 300.268576][ T6307] usb 1-1: Using ep0 maxpacket: 16 [ 300.399940][ T6307] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 300.399973][ T6307] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 300.399994][ T6307] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 300.400016][ T6307] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 300.400036][ T6307] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 300.400058][ T6307] usb 1-1: config 0 has no interface number 0 [ 300.400118][ T6307] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 300.400148][ T6307] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 300.400173][ T6307] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 300.400212][ T6307] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 300.400251][ T6307] usb 1-1: config 0 interface 125 has no altsetting 0 [ 300.400270][ T6307] usb 1-1: config 0 interface 125 has no altsetting 2 [ 300.415922][ T6307] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 300.415954][ T6307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.415966][ T6307] usb 1-1: Product: syz [ 300.415974][ T6307] usb 1-1: Manufacturer: syz [ 300.415982][ T6307] usb 1-1: SerialNumber: syz [ 300.419394][ T6307] usb 1-1: config 0 descriptor?? [ 300.617378][ T6307] usb 1-1: selecting invalid altsetting 2 [ 300.620689][ T6000] usb 3-1: USB disconnect, device number 2 [ 301.961638][ T6307] get_1284_register timeout [ 302.064466][ C1] usb 1-1: async_complete: urb error -104 [ 302.104269][ T6307] uss720 1-1:0.125: probe with driver uss720 failed with error -5 [ 303.801352][ T5950] usb 1-1: USB disconnect, device number 2 [ 308.867880][ T7160] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 310.237544][ T6841] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 310.407431][ T6841] usb 5-1: Using ep0 maxpacket: 32 [ 310.410521][ T6841] usb 5-1: config 0 interface 0 has no altsetting 0 [ 310.419789][ T6841] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 310.419820][ T6841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.419840][ T6841] usb 5-1: Product: syz [ 310.419855][ T6841] usb 5-1: Manufacturer: syz [ 310.419869][ T6841] usb 5-1: SerialNumber: syz [ 310.429474][ T6841] usb 5-1: config 0 descriptor?? [ 310.469873][ T6841] gs_usb 5-1:0.0: Required endpoints not found [ 310.754315][ T6841] usb 5-1: USB disconnect, device number 2 [ 311.007715][ T7185] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 311.007746][ T7185] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 311.010597][ T7185] vhci_hcd vhci_hcd.0: Device attached [ 311.280113][ T6841] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 311.374782][ T7186] vhci_hcd: connection reset by peer [ 311.378022][ T5951] vhci_hcd vhci_hcd.1: stop threads [ 311.378049][ T5951] vhci_hcd vhci_hcd.1: release socket [ 311.378361][ T5951] vhci_hcd vhci_hcd.1: disconnect device [ 311.725520][ T7192] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 314.725023][ T7207] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 315.193610][ T43] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 315.577590][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 315.657372][ T43] usb 5-1: config 0 interface 0 has no altsetting 0 [ 315.669935][ T43] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 315.669969][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.669992][ T43] usb 5-1: Product: syz [ 315.670007][ T43] usb 5-1: Manufacturer: syz [ 315.670022][ T43] usb 5-1: SerialNumber: syz [ 315.683096][ T43] usb 5-1: config 0 descriptor?? [ 315.690570][ T43] gs_usb 5-1:0.0: Required endpoints not found [ 315.962707][ T7219] netlink: 'syz.0.324': attribute type 10 has an invalid length. [ 316.705638][ T6841] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 316.782751][ T7215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.979445][ T6897] usb 5-1: USB disconnect, device number 3 [ 318.460626][ T7241] binder: 7238:7241 ioctl 8008662c 200000000240 returned -22 [ 319.469094][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'. [ 320.352123][ T7261] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 321.671295][ T7270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.890063][ T7270] netlink: 'syz.3.338': attribute type 10 has an invalid length. [ 322.588219][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.588291][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.922548][ T7289] binder: 7287:7289 ioctl 8008662c 200000000240 returned -22 [ 325.004710][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.346'. [ 325.184877][ T7299] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 331.397808][ T7335] binder: 7329:7335 ioctl 8008662c 200000000240 returned -22 [ 331.550620][ T7336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'. [ 332.216645][ T7346] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 333.857001][ T7359] binder: 7352:7359 ioctl 8008662c 200000000240 returned -22 [ 334.118389][ T7359] netlink: 28 bytes leftover after parsing attributes in process `syz.4.368'. [ 336.368179][ T7377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 337.659254][ T7394] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 340.482461][ T7412] binder: 7408:7412 ioctl 8008662c 200000000240 returned -22 [ 340.590192][ T7414] netlink: 28 bytes leftover after parsing attributes in process `syz.3.383'. [ 342.776061][ T7421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.386'. [ 343.462412][ T7436] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 347.607065][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'. [ 358.505884][ T7503] netlink: 'syz.0.411': attribute type 1 has an invalid length. [ 358.792344][ T7512] netlink: 4 bytes leftover after parsing attributes in process `syz.4.416'. [ 358.943804][ T7517] fuse: Bad value for 'fd' [ 374.620357][ T7614] binder: 7612:7614 ioctl 8008662c 200000000240 returned -22 [ 374.751234][ T7616] netlink: 28 bytes leftover after parsing attributes in process `syz.4.442'. [ 377.763172][ T7636] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 378.704272][ T7639] fuse: Bad value for 'fd' [ 384.001459][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.001540][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.387603][ T7681] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 385.478801][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.460'. [ 385.564879][ T7686] binder: 7683:7686 ioctl 8008662c 200000000240 returned -22 [ 389.333027][ T5874] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 390.085359][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 390.435473][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0 [ 390.518195][ T5874] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 390.518229][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.518250][ T5874] usb 3-1: Product: syz [ 390.518266][ T5874] usb 3-1: Manufacturer: syz [ 390.518281][ T5874] usb 3-1: SerialNumber: syz [ 390.525497][ T5874] usb 3-1: config 0 descriptor?? [ 390.551107][ T5874] gs_usb 3-1:0.0: Required endpoints not found [ 392.907687][ T7725] binder: 7721:7725 ioctl 8008662c 200000000240 returned -22 [ 392.981089][ T5874] usb 3-1: USB disconnect, device number 3 [ 393.095046][ T7725] netlink: 28 bytes leftover after parsing attributes in process `syz.0.472'. [ 394.782112][ T7736] binder: 7734:7736 ioctl 8008662c 200000000240 returned -22 [ 394.843110][ T6056] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 395.136952][ T6056] usb 2-1: Using ep0 maxpacket: 32 [ 395.448009][ T6056] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.647286][ T6056] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 395.647308][ T6056] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.647321][ T6056] usb 2-1: Product: syz [ 395.647330][ T6056] usb 2-1: Manufacturer: syz [ 395.647338][ T6056] usb 2-1: SerialNumber: syz [ 395.651433][ T6056] usb 2-1: config 0 descriptor?? [ 395.683115][ T6056] gs_usb 2-1:0.0: Required endpoints not found [ 396.886888][ T7124] usb 2-1: USB disconnect, device number 4 [ 399.722833][ T6582] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 400.073034][ T6582] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 400.073058][ T6582] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 400.073084][ T6582] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 400.073099][ T6582] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.686216][ T6582] usb 5-1: usb_control_msg returned -32 [ 400.686251][ T6582] usbtmc 5-1:16.0: can't read capabilities [ 401.445599][ T6582] usb 5-1: USB disconnect, device number 4 [ 402.364518][ T7795] binder: 7791:7795 ioctl 8008662c 200000000240 returned -22 [ 404.738578][ T7819] binder: 7817:7819 ioctl 8008662c 200000000240 returned -22 [ 405.099471][ T7819] netlink: 28 bytes leftover after parsing attributes in process `syz.0.492'. [ 408.867855][ T7854] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 409.999945][ T7858] binder: 7856:7858 ioctl 8008662c 200000000240 returned -22 [ 410.938260][ T7862] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 413.759398][ T7872] netlink: 'syz.2.504': attribute type 10 has an invalid length. [ 414.151197][ T7870] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.084956][ T7908] netlink: 'syz.1.512': attribute type 10 has an invalid length. [ 420.635509][ T7904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.939236][ T7908] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 426.410764][ T7948] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 429.570879][ T7971] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 432.283139][ T6167] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 433.549401][ T6167] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 433.549473][ T6167] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 433.549519][ T6167] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 433.549545][ T6167] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.824463][ T6167] usb 1-1: usb_control_msg returned -32 [ 433.824517][ T6167] usbtmc 1-1:16.0: can't read capabilities [ 435.636807][ T6000] usb 1-1: USB disconnect, device number 3 [ 439.877229][ T6841] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 440.030255][ T6841] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 440.030292][ T6841] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 440.030336][ T6841] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 440.030366][ T6841] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.256724][ T6841] usb 3-1: usb_control_msg returned -32 [ 440.256778][ T6841] usbtmc 3-1:16.0: can't read capabilities [ 442.151628][ T6000] usb 3-1: USB disconnect, device number 4 [ 443.849348][ T8067] can0: slcan on ttyS3. [ 444.277327][ T8066] can0 (unregistered): slcan off ttyS3. [ 444.395021][ T8076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.561'. [ 445.834940][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.835010][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.988651][ T6082] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 453.177172][ T6082] usb 1-1: Using ep0 maxpacket: 32 [ 453.181210][ T6082] usb 1-1: config 0 interface 0 has no altsetting 0 [ 453.187031][ T6082] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 453.197282][ T6082] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.197309][ T6082] usb 1-1: Product: syz [ 453.197322][ T6082] usb 1-1: Manufacturer: syz [ 453.197335][ T6082] usb 1-1: SerialNumber: syz [ 453.211307][ T6082] usb 1-1: config 0 descriptor?? [ 453.214693][ T6082] gs_usb 1-1:0.0: Required endpoints not found [ 453.316251][ T8122] netlink: 'syz.3.573': attribute type 10 has an invalid length. [ 453.448995][ T6000] usb 1-1: USB disconnect, device number 4 [ 454.133386][ T8120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 454.451294][ T6082] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 454.637267][ T6082] usb 2-1: Using ep0 maxpacket: 32 [ 454.640126][ T6082] usb 2-1: config 0 interface 0 has no altsetting 0 [ 454.642388][ T6082] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 454.642408][ T6082] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.642420][ T6082] usb 2-1: Product: syz [ 454.642429][ T6082] usb 2-1: Manufacturer: syz [ 454.642437][ T6082] usb 2-1: SerialNumber: syz [ 454.645796][ T6082] usb 2-1: config 0 descriptor?? [ 454.750296][ T6082] gs_usb 2-1:0.0: Required endpoints not found [ 457.074214][ T5933] usb 2-1: USB disconnect, device number 5 [ 457.728625][ T8159] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 462.377276][ T5950] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 462.642967][ T5950] usb 3-1: Using ep0 maxpacket: 16 [ 462.729130][ T5950] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 462.729176][ T5950] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 462.729246][ T5950] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 462.729267][ T5950] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 462.729321][ T5950] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 462.729379][ T5950] usb 3-1: config 0 has no interface number 0 [ 462.729536][ T5950] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 462.729601][ T5950] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 462.729673][ T5950] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 462.729716][ T5950] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 462.729745][ T5950] usb 3-1: config 0 interface 125 has no altsetting 0 [ 462.729801][ T5950] usb 3-1: config 0 interface 125 has no altsetting 2 [ 462.838316][ T5950] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 462.838349][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.838369][ T5950] usb 3-1: Product: syz [ 462.838384][ T5950] usb 3-1: Manufacturer: syz [ 462.838399][ T5950] usb 3-1: SerialNumber: syz [ 462.851789][ T5950] usb 3-1: config 0 descriptor?? [ 463.033386][ T5950] usb 3-1: selecting invalid altsetting 2 [ 464.145317][ T5950] get_1284_register timeout [ 464.145360][ T5950] uss720 3-1:0.125: probe with driver uss720 failed with error -5 [ 464.145493][ C1] usb 3-1: async_complete: urb error -104 [ 465.786180][ T5950] usb 3-1: USB disconnect, device number 5 [ 480.873634][ T8299] binder: 8289:8299 ioctl 8008662c 200000000240 returned -22 [ 481.650198][ T8303] debugfs: 'ttyS3' already exists in 'caif_serial' [ 481.745722][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.621'. [ 483.357743][ T7124] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 483.358219][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 483.669866][ T7124] usb 4-1: device descriptor read/64, error -32 [ 483.927634][ T7124] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 484.166226][ T7124] usb 4-1: Using ep0 maxpacket: 32 [ 484.805642][ T7124] usb 4-1: config 0 interface 0 has no altsetting 0 [ 484.954564][ T7124] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 484.954630][ T7124] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.954688][ T7124] usb 4-1: Product: syz [ 484.954744][ T7124] usb 4-1: Manufacturer: syz [ 484.954760][ T7124] usb 4-1: SerialNumber: syz [ 485.164877][ T7124] usb 4-1: config 0 descriptor?? [ 485.170588][ T7124] gs_usb 4-1:0.0: Required endpoints not found [ 487.802349][ T5887] usb 4-1: USB disconnect, device number 6 [ 493.695980][ T8402] syz.3.645 (8402) used greatest stack depth: 16072 bytes left [ 501.207644][ T8451] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 501.367289][ T8451] usb 1-1: Using ep0 maxpacket: 16 [ 501.383197][ T8451] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 501.383219][ T8451] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 501.383232][ T8451] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 501.383317][ T8451] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 501.383329][ T8451] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 501.383342][ T8451] usb 1-1: config 0 has no interface number 0 [ 501.383379][ T8451] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 501.383396][ T8451] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 501.383409][ T8451] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 501.383431][ T8451] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 501.383449][ T8451] usb 1-1: config 0 interface 125 has no altsetting 0 [ 501.383459][ T8451] usb 1-1: config 0 interface 125 has no altsetting 2 [ 501.386299][ T8451] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 501.386327][ T8451] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.386340][ T8451] usb 1-1: Product: syz [ 501.386348][ T8451] usb 1-1: Manufacturer: syz [ 501.386356][ T8451] usb 1-1: SerialNumber: syz [ 501.541391][ T8451] usb 1-1: config 0 descriptor?? [ 501.569309][ T8451] usb 1-1: selecting invalid altsetting 2 [ 502.427498][ C1] usb 1-1: async_complete: urb error -32 [ 502.430812][ T8451] get_1284_register: usb error -32 [ 502.431411][ T8451] uss720 1-1:0.125: probe with driver uss720 failed with error -32 [ 505.228342][ T8451] usb 1-1: USB disconnect, device number 5 [ 506.884547][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.884623][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.273866][ T8499] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 508.602914][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.602962][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.602989][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603014][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603037][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603062][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603096][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603166][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603192][ T8451] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 508.603216][ T8451] hid-generic 00A0:0006:0003.0001: unbalanced collection at end of report description [ 508.622835][ T8451] hid-generic 00A0:0006:0003.0001: probe with driver hid-generic failed with error -22 [ 509.288396][ T8515] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 512.542187][ T8548] binder: 8543:8548 ioctl 8008662c 200000000240 returned -22 [ 512.814316][ T8555] netlink: 28 bytes leftover after parsing attributes in process `syz.4.683'. [ 512.930865][ T8551] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 516.143069][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143110][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143135][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143160][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143193][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143216][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143240][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143304][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143328][ T5969] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 516.143351][ T5969] hid-generic 00A0:0006:0003.0002: unbalanced collection at end of report description [ 516.144119][ T5969] hid-generic 00A0:0006:0003.0002: probe with driver hid-generic failed with error -22 [ 521.181735][ T5969] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 521.337186][ T5969] usb 2-1: Using ep0 maxpacket: 16 [ 521.339984][ T5969] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 521.340013][ T5969] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 521.340034][ T5969] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 521.340055][ T5969] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 521.340074][ T5969] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 521.340095][ T5969] usb 2-1: config 0 has no interface number 0 [ 521.340143][ T5969] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 521.347274][ T5969] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 521.347306][ T5969] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 521.347348][ T5969] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 521.347378][ T5969] usb 2-1: config 0 interface 125 has no altsetting 0 [ 521.347397][ T5969] usb 2-1: config 0 interface 125 has no altsetting 2 [ 521.354287][ T5969] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 521.354307][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.354320][ T5969] usb 2-1: Product: syz [ 521.354329][ T5969] usb 2-1: Manufacturer: syz [ 521.354337][ T5969] usb 2-1: SerialNumber: syz [ 521.383150][ T5969] usb 2-1: config 0 descriptor?? [ 521.404330][ T5969] usb 2-1: selecting invalid altsetting 2 [ 522.637269][ T5969] get_1284_register timeout [ 522.639847][ C0] usb 2-1: async_complete: urb error -104 [ 522.639996][ T5969] uss720 2-1:0.125: probe with driver uss720 failed with error -5 [ 525.237737][ T948] usb 2-1: USB disconnect, device number 6 [ 527.240060][ T8639] binder: 8636:8639 ioctl 8008662c 200000000240 returned -22 [ 527.500493][ T8639] netlink: 28 bytes leftover after parsing attributes in process `syz.4.704'. [ 530.824272][ T8663] binder: 8660:8663 ioctl 8008662c 200000000240 returned -22 [ 531.522673][ T8663] debugfs: 'ttyS3' already exists in 'caif_serial' [ 531.579245][ T8666] netlink: 28 bytes leftover after parsing attributes in process `syz.4.710'. [ 532.501522][ T8672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.711'. [ 541.777219][ T8674] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 541.931096][ T8674] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 541.931119][ T8674] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 541.931147][ T8674] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 541.931161][ T8674] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.254801][ T8674] usb 1-1: usb_control_msg returned -32 [ 542.254859][ T8674] usbtmc 1-1:16.0: can't read capabilities [ 543.362527][ T8762] netlink: 'syz.4.732': attribute type 1 has an invalid length. [ 544.742971][ T5888] usb 1-1: USB disconnect, device number 6 [ 544.862319][ T8783] netlink: 'syz.4.735': attribute type 10 has an invalid length. [ 544.862734][ T8782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 546.228381][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 546.397118][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 546.698787][ T9] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 546.698809][ T9] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 546.698822][ T9] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 546.698833][ T9] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 546.698845][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 546.698857][ T9] usb 5-1: config 0 has no interface number 0 [ 546.698889][ T9] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 546.698905][ T9] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 546.698919][ T9] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 546.698941][ T9] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 546.698957][ T9] usb 5-1: config 0 interface 125 has no altsetting 0 [ 546.698968][ T9] usb 5-1: config 0 interface 125 has no altsetting 2 [ 546.763168][ T9] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 546.763190][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.763203][ T9] usb 5-1: Product: syz [ 546.763211][ T9] usb 5-1: Manufacturer: syz [ 546.763220][ T9] usb 5-1: SerialNumber: syz [ 546.776497][ T9] usb 5-1: config 0 descriptor?? [ 547.093542][ T9] usb 5-1: selecting invalid altsetting 2 [ 549.516282][ T9] get_1284_register timeout [ 549.518332][ C0] usb 5-1: async_complete: urb error -104 [ 549.522650][ C0] usb 5-1: async_complete: urb error -104 [ 549.522712][ C0] usb 5-1: async_complete: urb error -104 [ 549.522773][ C0] usb 5-1: async_complete: urb error -104 [ 549.522950][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 549.533565][ T9] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 549.921924][ T948] usb 5-1: USB disconnect, device number 5 [ 552.975050][ T68] kworker/u8:4 (68) used greatest stack depth: 15096 bytes left [ 561.637638][ T8871] netlink: 28 bytes leftover after parsing attributes in process `syz.0.755'. [ 563.778165][ T8896] netlink: 'syz.1.762': attribute type 10 has an invalid length. [ 563.913976][ T8894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 568.388091][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.388168][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 571.879980][ T8943] binder: 8937:8943 ioctl 8008662c 200000000240 returned -22 [ 572.556917][ T8943] netlink: 28 bytes leftover after parsing attributes in process `syz.4.774'. [ 579.819109][ T8995] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 581.232854][ T5952] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 581.477146][ T5952] usb 5-1: Using ep0 maxpacket: 32 [ 581.481380][ T5952] usb 5-1: config 0 interface 0 has no altsetting 0 [ 581.484090][ T5952] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 581.484111][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.484123][ T5952] usb 5-1: Product: syz [ 581.484132][ T5952] usb 5-1: Manufacturer: syz [ 581.484140][ T5952] usb 5-1: SerialNumber: syz [ 581.540200][ T5952] usb 5-1: config 0 descriptor?? [ 581.583328][ T5952] gs_usb 5-1:0.0: Required endpoints not found [ 581.589237][ T7146] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 581.747209][ T7146] usb 1-1: Using ep0 maxpacket: 32 [ 581.764993][ T7146] usb 1-1: config 0 interface 0 has no altsetting 0 [ 581.767924][ T7146] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 581.767954][ T7146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.767973][ T7146] usb 1-1: Product: syz [ 581.767986][ T7146] usb 1-1: Manufacturer: syz [ 581.768000][ T7146] usb 1-1: SerialNumber: syz [ 581.840959][ T7146] usb 1-1: config 0 descriptor?? [ 581.849946][ T7146] gs_usb 1-1:0.0: Required endpoints not found [ 582.590474][ T5952] usb 5-1: USB disconnect, device number 6 [ 584.659392][ T5888] usb 1-1: USB disconnect, device number 7 [ 590.667140][ T5874] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 590.867713][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 590.891135][ T5874] usb 4-1: config 0 interface 0 has no altsetting 0 [ 590.893877][ T5874] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 590.893907][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.893927][ T5874] usb 4-1: Product: syz [ 590.893940][ T5874] usb 4-1: Manufacturer: syz [ 590.893951][ T5874] usb 4-1: SerialNumber: syz [ 590.952631][ T5874] usb 4-1: config 0 descriptor?? [ 591.012733][ T5874] gs_usb 4-1:0.0: Required endpoints not found [ 591.601248][ T5952] usb 4-1: USB disconnect, device number 7 [ 592.806274][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 594.877483][ T9073] Bluetooth: hci5: command 0x1003 tx timeout [ 594.880878][ T61] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 600.341566][ T9118] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 600.627336][ T5952] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 601.837125][ T5952] usb 2-1: Using ep0 maxpacket: 32 [ 601.842935][ T5952] usb 2-1: config 0 interface 0 has no altsetting 0 [ 601.846367][ T5952] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 601.846396][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.846417][ T5952] usb 2-1: Product: syz [ 601.846433][ T5952] usb 2-1: Manufacturer: syz [ 601.846449][ T5952] usb 2-1: SerialNumber: syz [ 601.910291][ T5952] usb 2-1: config 0 descriptor?? [ 601.941639][ T5952] gs_usb 2-1:0.0: Required endpoints not found [ 603.015340][ T5888] usb 2-1: USB disconnect, device number 7 [ 603.090177][ T9135] binder: 9133:9135 ioctl 8008662c 200000000240 returned -22 [ 603.300096][ T9137] netlink: 28 bytes leftover after parsing attributes in process `syz.2.822'. [ 609.501343][ T9164] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 611.323498][ T9174] netlink: 'syz.4.833': attribute type 1 has an invalid length. [ 611.692959][ T31] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 611.917214][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 612.168168][ T31] usb 1-1: config 0 interface 0 has no altsetting 0 [ 612.263113][ T31] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 612.263150][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.263171][ T31] usb 1-1: Product: syz [ 612.263186][ T31] usb 1-1: Manufacturer: syz [ 612.263201][ T31] usb 1-1: SerialNumber: syz [ 612.343053][ T31] usb 1-1: config 0 descriptor?? [ 612.371954][ T31] gs_usb 1-1:0.0: Required endpoints not found [ 613.287985][ T5952] usb 1-1: USB disconnect, device number 8 [ 616.073711][ T9211] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 621.930182][ T31] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 622.370190][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 622.377579][ T31] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 622.377612][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 622.377634][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 622.377654][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 622.377673][ T31] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 622.377685][ T31] usb 4-1: config 0 has no interface number 0 [ 622.377715][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 622.377732][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 622.377745][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 622.377767][ T31] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 622.377783][ T31] usb 4-1: config 0 interface 125 has no altsetting 0 [ 622.377794][ T31] usb 4-1: config 0 interface 125 has no altsetting 2 [ 622.380535][ T31] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 622.380565][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.380585][ T31] usb 4-1: Product: syz [ 622.380596][ T31] usb 4-1: Manufacturer: syz [ 622.380605][ T31] usb 4-1: SerialNumber: syz [ 622.387550][ T31] usb 4-1: config 0 descriptor?? [ 622.458329][ T31] usb 4-1: selecting invalid altsetting 2 [ 623.491547][ T9247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.851'. [ 626.213011][ T8451] usb 4-1: USB disconnect, device number 8 [ 626.454290][ T9260] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 629.766584][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.766667][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.990033][ T9285] netlink: 'syz.2.860': attribute type 1 has an invalid length. [ 633.656137][ T9300] binder: 9294:9300 ioctl 8008662c 200000000240 returned -22 [ 633.695917][ T9301] binder: 9295:9301 ioctl 8008662c 200000000240 returned -22 [ 633.863768][ T9300] netlink: 28 bytes leftover after parsing attributes in process `syz.1.863'. [ 634.374636][ T9306] netlink: 28 bytes leftover after parsing attributes in process `syz.0.864'. [ 637.836027][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836053][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836068][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836083][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836098][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836112][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836127][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836141][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836156][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.836170][ T5952] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 637.980307][ T5952] hid-generic 00A0:0006:0003.0003: hidraw0: HID v0.05 Device [syz1] on syz0 [ 638.100507][ T9328] netlink: 'syz.2.869': attribute type 10 has an invalid length. [ 638.295125][ T9332] fido_id[9332]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 638.964843][ T9324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 641.924471][ T9354] netlink: 'syz.1.876': attribute type 10 has an invalid length. [ 642.672177][ T9360] netlink: 'syz.3.877': attribute type 10 has an invalid length. [ 642.720978][ T9352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 643.150050][ T9356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.036491][ T9373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'. [ 645.707351][ T6056] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 645.857160][ T6056] usb 3-1: Using ep0 maxpacket: 16 [ 645.862329][ T6056] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 645.862356][ T6056] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 645.862368][ T6056] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 645.862380][ T6056] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 645.862391][ T6056] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 645.862403][ T6056] usb 3-1: config 0 has no interface number 0 [ 645.862442][ T6056] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 645.862459][ T6056] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 645.862521][ T6056] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 645.862544][ T6056] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 645.862562][ T6056] usb 3-1: config 0 interface 125 has no altsetting 0 [ 645.862572][ T6056] usb 3-1: config 0 interface 125 has no altsetting 2 [ 645.865294][ T6056] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 645.865313][ T6056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.865325][ T6056] usb 3-1: Product: syz [ 645.865334][ T6056] usb 3-1: Manufacturer: syz [ 645.865349][ T6056] usb 3-1: SerialNumber: syz [ 646.034954][ T6056] usb 3-1: config 0 descriptor?? [ 646.049267][ T6056] usb 3-1: selecting invalid altsetting 2 [ 648.747259][ T6056] usb 3-1: USB disconnect, device number 6 [ 649.914950][ T9408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.893'. [ 651.430455][ T9418] input: syz0 as /devices/virtual/input/input52 [ 651.467136][ T5952] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 651.620265][ T5952] usb 2-1: Using ep0 maxpacket: 16 [ 651.625109][ T5952] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 651.625139][ T5952] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 651.625157][ T5952] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 651.625174][ T5952] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 651.625191][ T5952] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 651.625210][ T5952] usb 2-1: config 0 has no interface number 0 [ 651.625256][ T5952] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 651.625286][ T5952] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 651.625310][ T5952] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 651.625350][ T5952] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 651.625390][ T5952] usb 2-1: config 0 interface 125 has no altsetting 0 [ 651.625409][ T5952] usb 2-1: config 0 interface 125 has no altsetting 2 [ 651.791827][ T5952] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 651.791862][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.791886][ T5952] usb 2-1: Product: syz [ 651.791902][ T5952] usb 2-1: Manufacturer: syz [ 651.791917][ T5952] usb 2-1: SerialNumber: syz [ 652.792609][ T5952] usb 2-1: config 0 descriptor?? [ 652.933860][ T5952] usb 2-1: selecting invalid altsetting 2 [ 653.255119][ C0] usb 2-1: async_complete: urb error -71 [ 653.255238][ C0] usb 2-1: async_complete: urb error -71 [ 653.255336][ C0] usb 2-1: async_complete: urb error -71 [ 653.255463][ C0] usb 2-1: async_complete: urb error -71 [ 653.256679][ T5952] get_1284_register: usb error -71 [ 653.256821][ T5952] uss720 2-1:0.125: probe with driver uss720 failed with error -71 [ 653.319494][ T5952] usb 2-1: USB disconnect, device number 8 [ 655.838747][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'. [ 657.568327][ T6167] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 657.809269][ T6167] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 657.809300][ T6167] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 657.809327][ T6167] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 657.809341][ T6167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.087372][ T6167] usb 2-1: usb_control_msg returned -32 [ 658.087418][ T6167] usbtmc 2-1:16.0: can't read capabilities [ 660.418742][ T5950] usb 2-1: USB disconnect, device number 9 [ 664.728656][ T9495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.917'. [ 666.485377][ T9511] netlink: 'syz.1.921': attribute type 1 has an invalid length. [ 667.359535][ T9515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.923'. [ 667.574595][ T9519] netlink: 'syz.3.925': attribute type 10 has an invalid length. [ 667.575002][ T9518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 667.740962][ T9524] binder: 9520:9524 ioctl 8008662c 200000000240 returned -22 [ 667.857925][ T9526] netlink: 28 bytes leftover after parsing attributes in process `syz.0.927'. [ 668.936760][ T9532] netlink: 8 bytes leftover after parsing attributes in process `syz.4.929'. [ 675.841810][ T9564] binder: 9562:9564 ioctl 8008662c 200000000240 returned -22 [ 676.129337][ T9564] debugfs: 'ttyS3' already exists in 'caif_serial' [ 676.178764][ T9566] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'. [ 678.528840][ T9585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.941'. [ 684.439877][ T9621] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 686.106906][ T2141] kworker/u8:13 (2141) used greatest stack depth: 13752 bytes left [ 689.872897][ T9640] binder: 9629:9640 ioctl 8008662c 200000000240 returned -22 [ 690.098034][ T9643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.952'. [ 691.235405][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.236266][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.843453][ T9695] binder: 9688:9695 ioctl 8008662c 200000000240 returned -22 [ 695.209416][ T9698] debugfs: 'ttyS3' already exists in 'caif_serial' [ 695.315275][ T9695] netlink: 28 bytes leftover after parsing attributes in process `syz.4.964'. [ 703.382562][ T9734] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 704.835198][ T9752] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 705.760827][ T9497] hid_parser_main: 4 callbacks suppressed [ 705.760853][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760883][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760905][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760919][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760941][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760956][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760971][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.760985][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.761000][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.761014][ T9497] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 705.874475][ T9497] hid-generic 00A0:0006:0003.0004: hidraw0: HID v0.05 Device [syz1] on syz0 [ 706.081783][ T9761] fido_id[9761]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 707.818554][ T9785] netlink: 'syz.4.980': attribute type 1 has an invalid length. [ 720.922420][ T5874] hid_parser_main: 5 callbacks suppressed [ 720.922438][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922457][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922472][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922487][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922501][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922516][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922531][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922545][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922560][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.922574][ T5874] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 720.929913][ T5874] hid-generic 00A0:0006:0003.0005: hidraw0: HID v0.05 Device [syz1] on syz0 [ 721.368674][ T9861] fido_id[9861]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 723.730264][ T9877] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 724.547239][ T9880] input: syz0 as /devices/virtual/input/input56 [ 725.147213][ T8451] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 725.327089][ T8451] usb 5-1: Using ep0 maxpacket: 32 [ 725.330067][ T8451] usb 5-1: config 0 interface 0 has no altsetting 0 [ 725.345693][ T8451] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 725.345728][ T8451] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.345749][ T8451] usb 5-1: Product: syz [ 725.345764][ T8451] usb 5-1: Manufacturer: syz [ 725.345779][ T8451] usb 5-1: SerialNumber: syz [ 725.358530][ T8451] usb 5-1: config 0 descriptor?? [ 725.402155][ T8451] gs_usb 5-1:0.0: Required endpoints not found [ 728.260252][ T8451] usb 5-1: USB disconnect, device number 7 [ 729.489383][ T8451] hid_parser_main: 4 callbacks suppressed [ 729.489408][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489436][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489460][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489484][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489509][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489535][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489559][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489584][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489609][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.489633][ T8451] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 729.518736][ T8451] hid-generic 00A0:0006:0003.0006: hidraw0: HID v0.05 Device [syz1] on syz0 [ 732.900237][ T9925] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 735.002294][ T9942] binder: 9936:9942 ioctl 8008662c 200000000240 returned -22 [ 735.858048][ T9951] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1020'. [ 737.955817][ T9959] input: syz0 as /devices/virtual/input/input58 [ 742.929588][ T9982] netlink: 'syz.3.1029': attribute type 10 has an invalid length. [ 744.239277][ T9991] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 744.542689][ T9980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 745.180851][ T9994] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 746.749479][T10006] input: syz0 as /devices/virtual/input/input60 [ 750.274661][T10040] input: syz0 as /devices/virtual/input/input61 [ 752.874841][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.874917][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.585999][T10047] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 755.415372][T10058] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 758.372382][T10065] input: syz0 as /devices/virtual/input/input62 [ 758.597300][T10078] binder: 10075:10078 ioctl 8008662c 200000000240 returned -22 [ 758.979850][T10082] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1056'. [ 760.050354][T10085] binder: 10083:10085 ioctl 8008662c 200000000240 returned -22 [ 766.058272][T10102] binder: 10098:10102 ioctl 8008662c 200000000240 returned -22 [ 766.203177][T10105] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1062'. [ 766.625586][T10107] input: syz0 as /devices/virtual/input/input63 [ 775.644793][T10162] input: syz0 as /devices/virtual/input/input64 [ 776.653387][T10181] binder: 10178:10181 ioctl 8008662c 200000000240 returned -22 [ 777.084802][T10184] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1079'. [ 781.284671][T10205] binder: 10202:10205 ioctl 8008662c 200000000240 returned -22 [ 781.433435][T10208] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1086'. [ 782.782968][T10214] input: syz0 as /devices/virtual/input/input65 [ 783.131043][T10222] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1090'. [ 783.645526][T10227] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 787.552913][T10235] netlink: 'syz.0.1094': attribute type 10 has an invalid length. [ 788.338545][T10233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 790.800301][T10254] binder: 10252:10254 ioctl 8008662c 200000000240 returned -22 [ 792.231070][T10263] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 792.370392][T10267] input: syz0 as /devices/virtual/input/input68 [ 795.681743][T10278] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 796.600574][T10290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1110'. [ 797.336392][T10298] binder: 10293:10298 ioctl 8008662c 200000000240 returned -22 [ 797.692182][T10302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1112'. [ 800.581824][T10316] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 800.598412][T10313] netlink: 'syz.2.1115': attribute type 10 has an invalid length. [ 801.310181][T10331] input: syz0 as /devices/virtual/input/input70 [ 802.488978][T10311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 803.106630][ T5950] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 803.392374][ T5950] usb 5-1: Using ep0 maxpacket: 32 [ 803.677766][ T5950] usb 5-1: config 0 interface 0 has no altsetting 0 [ 803.697098][ T5950] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 803.697118][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.697131][ T5950] usb 5-1: Product: syz [ 803.697139][ T5950] usb 5-1: Manufacturer: syz [ 803.697148][ T5950] usb 5-1: SerialNumber: syz [ 803.701122][ T5950] usb 5-1: config 0 descriptor?? [ 803.763227][ T5950] gs_usb 5-1:0.0: Required endpoints not found [ 807.445157][T10367] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 809.149907][T10370] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 810.507625][T10377] input: syz0 as /devices/virtual/input/input71 [ 811.344136][T10388] binder: 10383:10388 ioctl 8008662c 200000000240 returned -22 [ 812.610230][T10394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1132'. [ 813.192909][T10153] usb 5-1: USB disconnect, device number 8 [ 813.699645][T10406] binder: 10402:10406 ioctl 8008662c 200000000240 returned -22 [ 814.042558][T10412] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1137'. [ 814.106370][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.106456][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.285991][T10417] netlink: 'syz.0.1140': attribute type 10 has an invalid length. [ 815.567051][T10153] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 815.737053][T10153] usb 2-1: Using ep0 maxpacket: 32 [ 815.740158][T10153] usb 2-1: config 0 interface 0 has no altsetting 0 [ 815.744802][T10153] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 815.744825][T10153] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 815.744837][T10153] usb 2-1: Product: syz [ 815.744845][T10153] usb 2-1: Manufacturer: syz [ 815.744854][T10153] usb 2-1: SerialNumber: syz [ 815.798278][T10153] usb 2-1: config 0 descriptor?? [ 815.818940][T10153] gs_usb 2-1:0.0: Required endpoints not found [ 816.130995][T10413] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 816.967499][ T5888] usb 2-1: USB disconnect, device number 10 [ 817.445187][T10428] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 819.277103][T10434] input: syz0 as /devices/virtual/input/input73 [ 824.455383][T10465] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 824.678684][T10466] binder: 10462:10466 ioctl 8008662c 200000000240 returned -22 [ 825.467960][T10470] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1153'. [ 825.665294][T10473] binder: 10468:10473 ioctl 8008662c 200000000240 returned -22 [ 825.838374][T10476] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1155'. [ 826.685194][T10477] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 829.096772][T10491] input: syz0 as /devices/virtual/input/input74 [ 832.918268][T10525] input: syz0 as /devices/virtual/input/input75 [ 833.754820][T10533] input: syz0 as /devices/virtual/input/input76 [ 836.405975][T10543] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 838.978796][T10551] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 840.146852][ T5789] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 840.307048][ T5789] usb 1-1: Using ep0 maxpacket: 16 [ 840.309346][ T5789] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 840.309377][ T5789] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 840.309398][ T5789] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 840.309418][ T5789] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 840.309437][ T5789] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 840.309458][ T5789] usb 1-1: config 0 has no interface number 0 [ 840.309508][ T5789] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 840.309536][ T5789] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 840.309560][ T5789] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 840.309599][ T5789] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 840.309626][ T5789] usb 1-1: config 0 interface 125 has no altsetting 0 [ 840.309646][ T5789] usb 1-1: config 0 interface 125 has no altsetting 2 [ 840.312641][ T5789] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 840.312671][ T5789] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 840.312692][ T5789] usb 1-1: Product: syz [ 840.312706][ T5789] usb 1-1: Manufacturer: syz [ 840.312721][ T5789] usb 1-1: SerialNumber: syz [ 840.321022][ T5789] usb 1-1: config 0 descriptor?? [ 840.442972][ T5789] usb 1-1: selecting invalid altsetting 2 [ 846.931059][T10588] input: syz0 as /devices/virtual/input/input77 [ 846.990277][T10587] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 849.554222][T10601] binder: 10596:10601 ioctl 8008662c 200000000240 returned -22 [ 849.618306][T10600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1187'. [ 849.786562][T10605] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1188'. [ 852.962643][ T8674] usb 1-1: USB disconnect, device number 9 [ 854.576760][T10638] input: syz0 as /devices/virtual/input/input78 [ 854.751792][T10643] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 856.308117][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1200'. [ 856.567237][ T8809] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 856.730621][ T8809] usb 1-1: Using ep0 maxpacket: 32 [ 856.738442][ T8809] usb 1-1: config 0 interface 0 has no altsetting 0 [ 856.744902][ T8809] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 856.744931][ T8809] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 856.744950][ T8809] usb 1-1: Product: syz [ 856.744963][ T8809] usb 1-1: Manufacturer: syz [ 856.744977][ T8809] usb 1-1: SerialNumber: syz [ 856.753868][ T8809] usb 1-1: config 0 descriptor?? [ 856.763077][ T8809] gs_usb 1-1:0.0: Required endpoints not found [ 857.643156][ T5969] usb 1-1: USB disconnect, device number 10 [ 859.599012][T10670] input: syz0 as /devices/virtual/input/input79 [ 865.218781][T10684] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 865.529167][T10688] input: syz0 as /devices/virtual/input/input80 [ 867.636050][T10697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1212'. [ 868.088320][T10704] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 869.816832][T10709] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 870.682160][T10715] netlink: 'syz.1.1217': attribute type 10 has an invalid length. [ 870.987913][T10723] binder: 10722:10723 ioctl 8008662c 200000000240 returned -22 [ 871.079457][T10710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 871.097941][T10720] netlink: 'syz.0.1218': attribute type 10 has an invalid length. [ 871.173636][T10723] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1220'. [ 872.454544][T10717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 872.753420][T10738] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 873.952453][T10743] input: syz0 as /devices/virtual/input/input83 [ 875.101681][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1225'. [ 875.527210][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.527291][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 878.467094][ T5874] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 878.616987][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 878.619439][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0 [ 878.622606][ T5874] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 878.622695][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 878.622718][ T5874] usb 3-1: Product: syz [ 878.622733][ T5874] usb 3-1: Manufacturer: syz [ 878.622748][ T5874] usb 3-1: SerialNumber: syz [ 878.761769][ T5874] usb 3-1: config 0 descriptor?? [ 878.812772][ T5874] gs_usb 3-1:0.0: Required endpoints not found [ 881.063083][ T5952] usb 3-1: USB disconnect, device number 7 [ 881.493047][T10789] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 882.232626][T10791] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1238'. [ 882.569437][T10801] input: syz0 as /devices/virtual/input/input84 [ 882.731520][T10803] input: syz0 as /devices/virtual/input/input85 [ 883.115422][T10802] vivid-000: kernel_thread() failed [ 883.707780][T10816] netlink: 'syz.3.1242': attribute type 10 has an invalid length. [ 884.137053][ T5789] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 884.187133][ T5874] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 884.347149][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 884.350117][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0 [ 884.353193][ T5874] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 884.353222][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.353243][ T5874] usb 3-1: Product: syz [ 884.353259][ T5874] usb 3-1: Manufacturer: syz [ 884.353274][ T5874] usb 3-1: SerialNumber: syz [ 884.396988][ T5789] usb 5-1: Using ep0 maxpacket: 32 [ 884.415057][ T5789] usb 5-1: config 0 interface 0 has no altsetting 0 [ 884.542194][ T5874] usb 3-1: config 0 descriptor?? [ 884.559191][ T5874] gs_usb 3-1:0.0: Required endpoints not found [ 884.614296][ T5789] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 884.614330][ T5789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.614351][ T5789] usb 5-1: Product: syz [ 884.614366][ T5789] usb 5-1: Manufacturer: syz [ 884.614464][ T5789] usb 5-1: SerialNumber: syz [ 884.939102][ T5789] usb 5-1: config 0 descriptor?? [ 884.949775][ T5789] gs_usb 5-1:0.0: Required endpoints not found [ 885.234984][T10811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 885.331487][ T5933] usb 5-1: USB disconnect, device number 9 [ 886.461639][T10841] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 894.653082][ T5950] usb 3-1: USB disconnect, device number 8 [ 896.191588][T10889] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 896.197123][ T5950] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 896.367075][ T5950] usb 3-1: Using ep0 maxpacket: 32 [ 896.384866][ T5950] usb 3-1: config 0 interface 0 has no altsetting 0 [ 896.427463][ T5950] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 896.427498][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.427518][ T5950] usb 3-1: Product: syz [ 896.427533][ T5950] usb 3-1: Manufacturer: syz [ 896.427547][ T5950] usb 3-1: SerialNumber: syz [ 896.623993][ T5950] usb 3-1: config 0 descriptor?? [ 896.640921][ T5950] gs_usb 3-1:0.0: Required endpoints not found [ 897.683368][ T805] usb 3-1: USB disconnect, device number 9 [ 897.911981][T10901] binder: 10898:10901 ioctl 8008662c 200000000240 returned -22 [ 898.043330][T10903] debugfs: 'ttyS3' already exists in 'caif_serial' [ 898.122803][T10901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1266'. [ 899.687235][ T9497] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 900.251371][ T9497] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 900.251439][ T9497] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 900.251561][ T9497] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 900.251649][ T9497] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 900.910098][ T9497] usb 5-1: usb_control_msg returned -32 [ 900.910155][ T9497] usbtmc 5-1:16.0: can't read capabilities [ 901.067513][ T7124] usb 5-1: USB disconnect, device number 10 [ 903.083359][T10932] binder: 10929:10932 ioctl 8008662c 200000000240 returned -22 [ 903.185263][T10932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1272'. [ 904.362661][T10955] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 905.407056][ T5969] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 905.647150][ T5969] usb 3-1: Using ep0 maxpacket: 32 [ 905.679495][ T5969] usb 3-1: config 0 interface 0 has no altsetting 0 [ 905.683844][ T5969] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 905.683877][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.683900][ T5969] usb 3-1: Product: syz [ 905.683915][ T5969] usb 3-1: Manufacturer: syz [ 905.683931][ T5969] usb 3-1: SerialNumber: syz [ 905.736655][ T5969] usb 3-1: config 0 descriptor?? [ 905.762668][ T5969] gs_usb 3-1:0.0: Required endpoints not found [ 906.742118][ T5952] usb 3-1: USB disconnect, device number 10 [ 908.727444][T11001] fuse: Bad value for 'fd' [ 914.092155][T11026] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 919.087133][ T5888] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 919.237080][ T5888] usb 3-1: Using ep0 maxpacket: 32 [ 919.240543][ T5888] usb 3-1: config 0 interface 0 has no altsetting 0 [ 919.244324][ T5888] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 919.244345][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 919.244357][ T5888] usb 3-1: Product: syz [ 919.244366][ T5888] usb 3-1: Manufacturer: syz [ 919.244713][ T5888] usb 3-1: SerialNumber: syz [ 919.259900][ T5888] usb 3-1: config 0 descriptor?? [ 919.266620][ T5888] gs_usb 3-1:0.0: Required endpoints not found [ 919.285948][T11051] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 920.289222][ T10] usb 3-1: USB disconnect, device number 11 [ 922.363202][T11069] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 926.018491][T11093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1309'. [ 933.322951][T11126] ================================================================== [ 933.322972][T11126] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 [ 933.323015][T11126] Read of size 1 at addr ffff8880352b7200 by task syz.1.1318/11126 [ 933.323036][T11126] [ 933.323049][T11126] CPU: 0 UID: 0 PID: 11126 Comm: syz.1.1318 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 933.323076][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 933.323089][T11126] Call Trace: [ 933.323096][T11126] [ 933.323102][T11126] dump_stack_lvl+0xe8/0x150 [ 933.323121][T11126] print_report+0xca/0x240 [ 933.323137][T11126] ? rt_spin_lock+0x88/0x3e0 [ 933.323152][T11126] kasan_report+0x118/0x150 [ 933.323173][T11126] ? rt_spin_lock+0x88/0x3e0 [ 933.323191][T11126] ? __wake_up_common_lock+0x2f/0x1e0 [ 933.323207][T11126] __kasan_check_byte+0x2a/0x40 [ 933.323226][T11126] lock_acquire+0x84/0x340 [ 933.323242][T11126] ? rt_mutex_slowunlock+0x668/0x8a0 [ 933.323257][T11126] ? reacquire_held_locks+0x104/0x190 [ 933.323279][T11126] rt_spin_lock+0x88/0x3e0 [ 933.323295][T11126] ? __wake_up_common_lock+0x2f/0x1e0 [ 933.323311][T11126] ? __pfx_rt_spin_lock+0x10/0x10 [ 933.323326][T11126] ? rt_spin_unlock+0x161/0x200 [ 933.323343][T11126] ? __wake_up_common_lock+0x18a/0x1e0 [ 933.323359][T11126] __wake_up_common_lock+0x2f/0x1e0 [ 933.323375][T11126] ? snd_pcm_post_stop+0x14a/0x1e0 [ 933.323463][T11126] ? __pfx_snd_pcm_post_stop+0x10/0x10 [ 933.323474][T11126] snd_pcm_action+0x1f4/0x240 [ 933.323508][T11126] loopback_trigger+0xb82/0x1b60 [ 933.323535][T11126] ? rcu_is_watching+0x15/0xb0 [ 933.323550][T11126] snd_pcm_do_start+0xb7/0x180 [ 933.323570][T11126] snd_pcm_action+0xe7/0x240 [ 933.323586][T11126] __snd_pcm_lib_xfer+0x1762/0x1d00 [ 933.323615][T11126] ? __pfx_interleaved_copy+0x10/0x10 [ 933.323628][T11126] ? __pfx_default_write_copy+0x10/0x10 [ 933.323642][T11126] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 933.323655][T11126] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 933.323667][T11126] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 933.323683][T11126] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 933.323700][T11126] ? snd_pcm_oss_write3+0x1a2/0x350 [ 933.323748][T11126] snd_pcm_oss_write3+0x1bc/0x350 [ 933.323769][T11126] snd_pcm_plug_write_transfer+0x2cb/0x4c0 [ 933.323790][T11126] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10 [ 933.323805][T11126] ? snd_pcm_plug_client_channels_buf+0x490/0x640 [ 933.323828][T11126] snd_pcm_oss_write+0xa31/0xf20 [ 933.323851][T11126] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 933.323871][T11126] ? rw_verify_area+0x25b/0x4e0 [ 933.323887][T11126] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 933.323906][T11126] vfs_write+0x287/0xb40 [ 933.323925][T11126] ? __pfx_vfs_write+0x10/0x10 [ 933.323942][T11126] ? __fget_files+0x2a/0x420 [ 933.323960][T11126] ? __fget_files+0x2a/0x420 [ 933.323980][T11126] ? __fget_files+0x3a6/0x420 [ 933.324000][T11126] ? __fget_files+0x2a/0x420 [ 933.324027][T11126] ksys_write+0x14b/0x260 [ 933.324058][T11126] ? __pfx_ksys_write+0x10/0x10 [ 933.324091][T11126] do_syscall_64+0xec/0xf80 [ 933.324105][T11126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.324117][T11126] ? trace_irq_disable+0x37/0x100 [ 933.324131][T11126] ? clear_bhb_loop+0x60/0xb0 [ 933.324144][T11126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.324156][T11126] RIP: 0033:0x7f1fc839f749 [ 933.324169][T11126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 933.324181][T11126] RSP: 002b:00007f1fc65c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 933.324196][T11126] RAX: ffffffffffffffda RBX: 00007f1fc85f6180 RCX: 00007f1fc839f749 [ 933.324206][T11126] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008 [ 933.324215][T11126] RBP: 00007f1fc8423f91 R08: 0000000000000000 R09: 0000000000000000 [ 933.324223][T11126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.324231][T11126] R13: 00007f1fc85f6218 R14: 00007f1fc85f6180 R15: 00007fff721ae018 [ 933.324245][T11126] [ 933.324250][T11126] [ 933.324253][T11126] Allocated by task 11124: [ 933.324259][T11126] kasan_save_track+0x3e/0x80 [ 933.324276][T11126] __kasan_kmalloc+0x93/0xb0 [ 933.324292][T11126] __kmalloc_cache_noprof+0x1fb/0x6d0 [ 933.324308][T11126] snd_pcm_attach_substream+0x5b7/0xb30 [ 933.324321][T11126] snd_pcm_open_substream+0xb6/0x2410 [ 933.324336][T11126] snd_pcm_oss_open+0xf2a/0x1bd0 [ 933.324345][T11126] chrdev_open+0x4cf/0x5e0 [ 933.324355][T11126] do_dentry_open+0x7d0/0x1270 [ 933.324366][T11126] vfs_open+0x3b/0x350 [ 933.324376][T11126] path_openat+0x342a/0x3df0 [ 933.324390][T11126] do_filp_open+0x1fa/0x410 [ 933.324405][T11126] do_sys_openat2+0x121/0x200 [ 933.324416][T11126] __x64_sys_openat+0x138/0x170 [ 933.324429][T11126] do_syscall_64+0xec/0xf80 [ 933.324439][T11126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.324450][T11126] [ 933.324460][T11126] Freed by task 11124: [ 933.324465][T11126] kasan_save_track+0x3e/0x80 [ 933.324481][T11126] kasan_save_free_info+0x46/0x50 [ 933.324494][T11126] __kasan_slab_free+0x5c/0x80 [ 933.324509][T11126] kfree+0x1bd/0x900 [ 933.324526][T11126] snd_pcm_detach_substream+0x1e1/0x290 [ 933.324539][T11126] snd_pcm_oss_release+0x184/0x250 [ 933.324548][T11126] __fput+0x45b/0xa80 [ 933.324560][T11126] task_work_run+0x1d4/0x260 [ 933.324577][T11126] exit_to_user_mode_loop+0xef/0x4e0 [ 933.324592][T11126] do_syscall_64+0x2b7/0xf80 [ 933.324602][T11126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.324613][T11126] [ 933.324616][T11126] The buggy address belongs to the object at ffff8880352b7000 [ 933.324616][T11126] which belongs to the cache kmalloc-2k of size 2048 [ 933.324626][T11126] The buggy address is located 512 bytes inside of [ 933.324626][T11126] freed 2048-byte region [ffff8880352b7000, ffff8880352b7800) [ 933.324639][T11126] [ 933.324642][T11126] The buggy address belongs to the physical page: [ 933.324649][T11126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x352b0 [ 933.324662][T11126] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 933.324672][T11126] flags: 0x80000000000040(head|node=0|zone=1) [ 933.324683][T11126] page_type: f5(slab) [ 933.324695][T11126] raw: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 933.324707][T11126] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 933.324718][T11126] head: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 933.324728][T11126] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 933.324738][T11126] head: 0080000000000003 ffffea0000d4ac01 00000000ffffffff 00000000ffffffff [ 933.324748][T11126] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 933.324754][T11126] page dumped because: kasan: bad access detected [ 933.324760][T11126] page_owner tracks the page as allocated [ 933.324765][T11126] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5805, tgid 5805 (syz-executor), ts 89825930051, free_ts 89825657593 [ 933.324791][T11126] post_alloc_hook+0x234/0x290 [ 933.324810][T11126] get_page_from_freelist+0x28c0/0x2960 [ 933.324821][T11126] __alloc_frozen_pages_noprof+0x181/0x370 [ 933.324833][T11126] alloc_pages_mpol+0xd1/0x380 [ 933.324843][T11126] allocate_slab+0x86/0x3b0 [ 933.324857][T11126] ___slab_alloc+0xb10/0x13e0 [ 933.324868][T11126] __slab_alloc+0xc6/0x1f0 [ 933.324878][T11126] __kmalloc_cache_noprof+0x101/0x6d0 [ 933.324894][T11126] rtnl_newlink+0xfb/0x1c90 [ 933.324946][T11126] rtnetlink_rcv_msg+0x7cf/0xb70 [ 933.324963][T11126] netlink_rcv_skb+0x208/0x470 [ 933.324986][T11126] netlink_unicast+0x846/0xa10 [ 933.325006][T11126] netlink_sendmsg+0x805/0xb30 [ 933.325031][T11126] __sock_sendmsg+0x21c/0x270 [ 933.325095][T11126] __sys_sendto+0x3c7/0x520 [ 933.325106][T11126] __x64_sys_sendto+0xde/0x100 [ 933.325119][T11126] page last free pid 5805 tgid 5805 stack trace: [ 933.325126][T11126] __free_frozen_pages+0xfe1/0x1170 [ 933.325144][T11126] __put_partials+0x149/0x170 [ 933.325155][T11126] __slab_free+0x2af/0x330 [ 933.325167][T11126] qlist_free_all+0x97/0x100 [ 933.325182][T11126] kasan_quarantine_reduce+0x148/0x160 [ 933.325197][T11126] __kasan_slab_alloc+0x22/0x80 [ 933.325213][T11126] kmem_cache_alloc_node_noprof+0x23c/0x6f0 [ 933.325247][T11126] __alloc_skb+0x1dc/0x3a0 [ 933.325286][T11126] netlink_ack+0x146/0xa50 [ 933.325299][T11126] netlink_rcv_skb+0x28c/0x470 [ 933.325313][T11126] netlink_unicast+0x846/0xa10 [ 933.325325][T11126] netlink_sendmsg+0x805/0xb30 [ 933.325340][T11126] __sock_sendmsg+0x21c/0x270 [ 933.325356][T11126] __sys_sendto+0x3c7/0x520 [ 933.325368][T11126] __x64_sys_sendto+0xde/0x100 [ 933.325380][T11126] do_syscall_64+0xec/0xf80 [ 933.325391][T11126] [ 933.325394][T11126] Memory state around the buggy address: [ 933.325400][T11126] ffff8880352b7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 933.325409][T11126] ffff8880352b7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 933.325417][T11126] >ffff8880352b7200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 933.325423][T11126] ^ [ 933.325429][T11126] ffff8880352b7280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 933.325437][T11126] ffff8880352b7300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 933.325444][T11126] ================================================================== [ 933.325466][T11126] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 933.325477][T11126] CPU: 0 UID: 0 PID: 11126 Comm: syz.1.1318 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 933.325493][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 933.325501][T11126] Call Trace: [ 933.325507][T11126] [ 933.325512][T11126] vpanic+0x1e0/0x670 [ 933.325531][T11126] panic+0xb9/0xc0 [ 933.325548][T11126] ? __pfx_panic+0x10/0x10 [ 933.325565][T11126] ? preempt_schedule_thunk+0x16/0x30 [ 933.325580][T11126] ? preempt_schedule_thunk+0x16/0x30 [ 933.325593][T11126] ? rt_spin_lock+0x88/0x3e0 [ 933.325609][T11126] check_panic_on_warn+0x89/0xb0 [ 933.325629][T11126] ? rt_spin_lock+0x88/0x3e0 [ 933.325644][T11126] end_report+0x6f/0x140 [ 933.325662][T11126] kasan_report+0x129/0x150 [ 933.325681][T11126] ? rt_spin_lock+0x88/0x3e0 [ 933.325698][T11126] ? __wake_up_common_lock+0x2f/0x1e0 [ 933.325715][T11126] __kasan_check_byte+0x2a/0x40 [ 933.325734][T11126] lock_acquire+0x84/0x340 [ 933.325750][T11126] ? rt_mutex_slowunlock+0x668/0x8a0 [ 933.325765][T11126] ? reacquire_held_locks+0x104/0x190 [ 933.325786][T11126] rt_spin_lock+0x88/0x3e0 [ 933.325801][T11126] ? __wake_up_common_lock+0x2f/0x1e0 [ 933.325817][T11126] ? __pfx_rt_spin_lock+0x10/0x10 [ 933.325832][T11126] ? rt_spin_unlock+0x161/0x200 [ 933.325848][T11126] ? __wake_up_common_lock+0x18a/0x1e0 [ 933.325864][T11126] __wake_up_common_lock+0x2f/0x1e0 [ 933.325879][T11126] ? snd_pcm_post_stop+0x14a/0x1e0 [ 933.325891][T11126] ? __pfx_snd_pcm_post_stop+0x10/0x10 [ 933.325902][T11126] snd_pcm_action+0x1f4/0x240 [ 933.325919][T11126] loopback_trigger+0xb82/0x1b60 [ 933.325932][T11126] ? rcu_is_watching+0x15/0xb0 [ 933.325946][T11126] snd_pcm_do_start+0xb7/0x180 [ 933.325975][T11126] snd_pcm_action+0xe7/0x240 [ 933.326003][T11126] __snd_pcm_lib_xfer+0x1762/0x1d00 [ 933.326031][T11126] ? __pfx_interleaved_copy+0x10/0x10 [ 933.326055][T11126] ? __pfx_default_write_copy+0x10/0x10 [ 933.326081][T11126] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 933.326102][T11126] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 933.326114][T11126] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 933.326129][T11126] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 933.326147][T11126] ? snd_pcm_oss_write3+0x1a2/0x350 [ 933.326167][T11126] snd_pcm_oss_write3+0x1bc/0x350 [ 933.326188][T11126] snd_pcm_plug_write_transfer+0x2cb/0x4c0 [ 933.326205][T11126] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10 [ 933.326219][T11126] ? snd_pcm_plug_client_channels_buf+0x490/0x640 [ 933.326236][T11126] snd_pcm_oss_write+0xa31/0xf20 [ 933.326258][T11126] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 933.326279][T11126] ? rw_verify_area+0x25b/0x4e0 [ 933.326295][T11126] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 933.326314][T11126] vfs_write+0x287/0xb40 [ 933.326332][T11126] ? __pfx_vfs_write+0x10/0x10 [ 933.326349][T11126] ? __fget_files+0x2a/0x420 [ 933.326362][T11126] ? __fget_files+0x2a/0x420 [ 933.326374][T11126] ? __fget_files+0x3a6/0x420 [ 933.326386][T11126] ? __fget_files+0x2a/0x420 [ 933.326401][T11126] ksys_write+0x14b/0x260 [ 933.326418][T11126] ? __pfx_ksys_write+0x10/0x10 [ 933.326438][T11126] do_syscall_64+0xec/0xf80 [ 933.326449][T11126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.326469][T11126] ? trace_irq_disable+0x37/0x100 [ 933.326482][T11126] ? clear_bhb_loop+0x60/0xb0 [ 933.326496][T11126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.326507][T11126] RIP: 0033:0x7f1fc839f749 [ 933.326519][T11126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 933.326530][T11126] RSP: 002b:00007f1fc65c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 933.326544][T11126] RAX: ffffffffffffffda RBX: 00007f1fc85f6180 RCX: 00007f1fc839f749 [ 933.326553][T11126] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008 [ 933.326562][T11126] RBP: 00007f1fc8423f91 R08: 0000000000000000 R09: 0000000000000000 [ 933.326570][T11126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.326577][T11126] R13: 00007f1fc85f6218 R14: 00007f1fc85f6180 R15: 00007fff721ae018 [ 933.326591][T11126] [ 933.327071][T11126] Kernel Offset: disabled