last executing test programs: 21.155459715s ago: executing program 1 (id=1876): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x9, 0x2012, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) 19.095233517s ago: executing program 1 (id=1878): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000680001000000000000000000020000000000000008000500", @ANYRES32=r1], 0x20}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 17.969600607s ago: executing program 1 (id=1880): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x8004) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a30000000000900"], 0xbc}}, 0x0) sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000000)={0x7, 0x5404, 0x204, 0x4, 0x4, 0x1, 0x1, 0x80000001}, 0x20) 17.43287624s ago: executing program 3 (id=1881): r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newchain={0x2c, 0x64, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xe, 0x3}, {0x3, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000000800090008000000080004000200000060000180080009005600000007000600666f00000c0007002000000002000000080008000100000008000b00736970000600"], 0xc4}}, 0x4008800) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_script(r5, 0x0, 0x0) 17.406575703s ago: executing program 2 (id=1882): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201fb00fb030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0], 0x18, 0x200408cc}, 0xc090) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000280)=0xa, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20008080) bpf$MAP_CREATE(0xb00000000000000, 0x0, 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r4, 0x0, 0xd}, 0x18) bind$bt_hci(r3, 0x0, 0x0) syz_usb_disconnect(r0) 15.711157009s ago: executing program 1 (id=1883): r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newchain={0x2c, 0x64, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xe, 0x3}, {0x3, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x4008800) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_script(r5, 0x0, 0x0) 14.289603209s ago: executing program 2 (id=1884): r0 = syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x10}, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket(0x2b, 0x80801, 0x1) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000140)={'broute\x00', 0x0, 0x0, 0x0, [0x4, 0x401, 0x80000001, 0x2, 0x3, 0x100000001]}, &(0x7f0000000080)=0x78) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) kexec_load(0x0, 0x0, &(0x7f0000000000), 0x320000) r7 = socket$inet6(0xa, 0x80002, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x214, 0xf0, 0x11, 0x148, 0xf0, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@ip={@broadcast, @multicast2, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {}, {}, 0x67, 0x3, 0x2}, 0x0, 0xd0, 0xf0, 0x0, {}, [@common=@ttl={{0x24}, {0x0, 0x9}}, @common=@unspec=@limit={{0x3c}, {0x10001, 0x2, 0xa, 0x8, 0x5, 0x4}}]}, @unspec=@TRACE={0x20}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xffffffff, 'macvtap0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x270) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"}) 12.520835532s ago: executing program 0 (id=1886): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) syz_open_procfs(0x0, 0x0) syslog(0x4, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r3, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x34000}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000010700)=[{&(0x7f0000010140)="9b", 0x1}], 0x1, 0x0, 0x0, 0xdc05}}], 0x2, 0x0) 12.500270674s ago: executing program 3 (id=1887): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x9, &(0x7f0000000000), &(0x7f0000000080)=0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_tgsigqueueinfo(r1, r1, 0x8, &(0x7f0000000140)={0x24, 0x5, 0xfffffff9}) prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x0, &(0x7f00000001c0)) mknodat$null(0xffffffffffffff9c, &(0x7f0000002440)='./file0\x00', 0x8000, 0x103) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x200000, 0x0) setxattr$trusted_overlay_origin(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180), 0x2, 0x1) llistxattr(&(0x7f0000002300)='./file0\x00', 0x0, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0x1, 0x1}, 0x66) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x141220, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMRRU(r3, 0x4010744d, 0x0) r4 = syz_io_uring_setup(0x49a, &(0x7f0000000540)={0x0, 0x4663, 0x400, 0x10000006, 0x2cc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000280)={0x4, 0x1005}, 0x4) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r8, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r8, &(0x7f0000007fc0), 0x800001d, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r9, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000002000000", 0xfe60) 12.23599991s ago: executing program 1 (id=1888): syz_emit_ethernet(0x482, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0xce, 0x5, 0x31363553, 0x0, 0x5, [{0x7, 0x22}, {0xcbd, 0x10010000}, {0x10, 0x6}, {0x3ffffffe, 0x4}, {0x9, 0xd1}, {0x2, 0x800}, {0x0, 0x9}, {0x1, 0x7}], 0x6, 0x8, 0x6, 0x2}}) r0 = socket(0x15, 0x5, 0x0) connect$unix(r0, &(0x7f0000000080)=@abs={0xa}, 0x6e) prlimit64(0x0, 0x7, &(0x7f00000003c0)={0xe, 0x8b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() tkill(r1, 0x7) sched_setaffinity(r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) madvise(&(0x7f000059a000/0x2000)=nil, 0x2000, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x7c}}, 0x200008c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000280)='./file0\x00') rename(0x0, &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0xe, &(0x7f0000000440)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9f22bf8724e6d40d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0x1e, 0xffffffffffffffcc, &(0x7f0000000400)="5acc4172a306000041630000", 0x0, 0x4, 0x0, 0x0, 0xffffff66, 0x0, 0x0, 0x6, 0x0, 0x2}, 0x46) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41100}, 0x94) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000500)="75d83cb9e0f82f694b4adf96a67b839664d7f9b10dd9ceda5f97c638c4f3b1fe4e0d58388ab47044614e8f18af6a487158ac8cee3e7dfc87f2fd9798d3c1641faf2e04feea84c53c326cc2cf7118fae03c4be577f40354c4ce393e0a3c0565bedd27143e91b2f12fac92941ddabdd4b5b63efcaad819b1c3bf557f05e29459726b711b20d567548c00"/150, 0xffffffffffffff80) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x3) syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="53dff3a44139bbbbbbbbbbbb0800450000280066000090889078ac1e00fc22d9a7f2fc2150cbaf43016c93bd2b776baa4cb9c0010100"], 0x0) 12.164437577s ago: executing program 4 (id=1889): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000001c0), 0x12) 11.089051522s ago: executing program 4 (id=1890): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000680001000000000000000000020000000000000008000500", @ANYRES32=r1], 0x20}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 10.841633777s ago: executing program 4 (id=1891): r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) socket$phonet_pipe(0x23, 0x5, 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newchain={0x2c, 0x64, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xe, 0x3}, {0x3, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000"], 0xc4}}, 0x4008800) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_script(r5, 0x0, 0x0) 10.81413511s ago: executing program 0 (id=1892): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) r2 = openat$cachefiles(0xffffff9c, &(0x7f0000000400), 0x90200, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, 0x0, 0x9, 0x401, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2001c800}, 0x24000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x40800, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) chdir(&(0x7f0000000140)='./bus\x00') r5 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x600, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0) sendfile(r5, r5, &(0x7f0000000080), 0x7f03) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000000)={0x248f, 0x3, 0x5, 0x3ff}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x121}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0xa1}]}}}, @IFLA_ADDRESS={0xa, 0x1, @random="14fd06cfb0c1"}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 9.103934877s ago: executing program 0 (id=1893): ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000380)={0x81, 0x3}) unshare(0x68040200) socket$alg(0x26, 0x5, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x61c28}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01) sendmsg$tipc(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000005c0)="847c357695e81a49f3841e4eee78a54f249ff875616805625b3cfe947aa86084365fc47a221780592dcb32c795b9c41a39cec761c954ee3933caab311ee2be52d0de9028ae50ab5175df125fe95d6a519d8d458312214ecdad687dcd6497bdf6e79d5ac314b3ccfbd5a772bcc830cda946f062a2b979f84b6e76935ed48429ea390c7c1715f94fb6485ec01cce0182f829ffac220ce1349f4d37bbf11123a5654c645f20d22da353752eddc1cc25bdadc1102e1055a192", 0xb7}, {&(0x7f0000000680)="f82fd5ea2e1ded9cae6f7aa582dc4d6d1cfb486a579203cc1ea513b51e5d4dbfcc11136eb07674480c01990dcc8591a1880bd0cb209a3e945bb317949d2849e7ed3640125e4fdc41404227f59399788d46f8588726921a5422994e98cb3fe2966ace1e0911407a22b68b065524014cdb68049705b458e29fb982ddc6b6c47d84be4ff9cf24a291efdbf006d17c53e30dca5321a2ad0c71223d51f002141954d4879ce9e7c0f6b3efad6baca8e7a343", 0xaf}, {&(0x7f0000000240)}, {&(0x7f0000000740)="cb1631e77eae51e79c70ca79c5ff61c7e00124d909a181361d6e06188be5979663b7fef30a0146290825677ce64b49da9dcb8a56613c6c9632a82376d390aa36484f4cb368bf0b29d31c1fab3b6383580576174fb86ff58e98fded068b6d4e97a1b098de9ce90a64ef248419ff234392d7cd28f02f676c244206421554b5e8aa0906653cf8ca6813b678d41850125c0c8afd821607716911bdf9eee8b37e61d15a60cc6147d433f5f4f3", 0xaa}, {&(0x7f0000000800)="60a1be319d3edd24bf3a31db8f45a8f6746137272228e8b9ae545bcb2c18a49b22c28a9d952c9e760a075fdbd4e00c5d8bdc2c3628aa80593189a698d2390b4b089d732275158e36e596ac650fd4b20b43e042b82bdaa0bbf7c4e1704fde36f5412ee37160d0f502b77d184865c5", 0x6e}, {&(0x7f0000000880)="c90cf8ffe4e32cd980115fccbeb26901c4a9f64d156944a88e8bad1b47b54a94b3c7a70262484d49dac65a465cf071a8381cf2117f195caeaf6ecc8c9618f6aada16b6d9fb4039f17c71a6adf63cbcd4cb0eb36fb11bd7c6e9b786fc05b9b84d5aff83e8f0ce567ccccc441434e568c9e4c56bd62c22eab9db96230b196681c9cd553b5fe7b133f40e1881379f70c401eb7ecca2cb23f34aa1529b08a933e4bb206dd0440cee5399084732759c112e8815e943f7ed4883f843af0ee3c1b6cce509b0c1dea88bed534c48a202c973a6d61923248fafd1137486ab40e76a044b2e9e0842417f26cfb1074d376b64f9b4571e48464f318ff89d", 0xf8}, {&(0x7f0000000980)="4d1695fa73c6ec326b30f59893a759084f37410c9506936019a191f09dfbbd6250cfd3cbbed64c46e034d660f8983cf65ac32e598db764f9e73924ac6a3f078e0fe270532353043324f9fdc8ad954bde97065b175771ba18dbb304e1bb289adfacc681", 0x63}, {&(0x7f0000000a00)="2ec5b263bc1c1df0f2ddee79ec040127f8ca0e3f520bc312fe75688b077613ff2c15b88994e2f6e3aeb343b754ca0421d2cc52aea0202883a6156e3d2ade12988c2e6581680dfeae91761f21a857284df83bf8353c55c0bd4a4e758af0c716321ff0a834e513ec0bf927e2", 0x6b}, {&(0x7f0000000a80)="29f194ad43f4affc5664094190eb7df208a87384f1f0f7a646697a9e556ed865ecedcfa5801ea4e60ae2e3dc7c145b6d158f466a6f38ea3d4cf863a97cf2b2b7bcfe63825f09a600a0f3822de85b95cde9c23cbc0a9afbc37944938f9c5b1bdb6932f8c25b6f6bbbf7a4fd4bcb0cce7139cf6f90d387f41b714baf576d46d7b18106c4650319fbb546c6deb1a351b854e0646abafcbfdfdd61cd88679e5e3083e6fd617cdb1ca765aba89d0d24a3c380b7c9cefa2d578c9be68a6d45d158fdb0ae30f23e94d2e64291", 0xc9}], 0x9}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0xc, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x7fffffff, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x2070}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x1}, {0x10041, 0x8}], 0x14, 0x8, 0x2, 0x2, 0x5}}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000003c0)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016fef8a9cedaf6bec340dee49474360d34cb800", 0x0, 0x48) io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8) socket$kcm(0x10, 0x2, 0x4) 9.047169643s ago: executing program 4 (id=1894): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201fb00fb030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0], 0x18, 0x200408cc}, 0xc090) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000280)=0xa, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20008080) bpf$MAP_CREATE(0xb00000000000000, 0x0, 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r4, 0x0, 0xd}, 0x18) bind$bt_hci(r3, 0x0, 0x0) syz_usb_disconnect(r0) 8.839737653s ago: executing program 3 (id=1895): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32, @ANYBLOB="01000000000000001c0012000c00010062"], 0x3c}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) 7.941667801s ago: executing program 2 (id=1896): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x8004) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000000)={0x7, 0x5404, 0x204, 0x4, 0x4, 0x1, 0x1, 0x80000001}, 0x20) clock_settime(0x0, &(0x7f0000000040)={0x77359400}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x3}, @NHA_OIF={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004880}, 0x0) socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) read$hidraw(0xffffffffffffffff, &(0x7f0000002340)=""/147, 0x93) 7.741547281s ago: executing program 0 (id=1897): r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newchain={0x2c, 0x64, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xe, 0x3}, {0x3, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000000800090008000000080004000200000060000180080009005600000007000600666f00000c0007002000000002000000080008000100000008000b007369700006000100020000"], 0xc4}}, 0x4008800) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_script(r5, 0x0, 0x0) 7.186409785s ago: executing program 3 (id=1898): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000ffff00007b8af8ff00000000bfa200000000000007020000f81cbb704bb3db889f0fafdecdfeffffffb703000008000000b70400000200000085000000820000009500000000000000c82fffb6c935c0bfcd5e69bc2a0787233096a7147670a8097c4b469a5631363bc1c46b239a327b4417a533e269b00500999e6cdd18d46bcc5a2ad9e89d1644b3842c5b5390c6bb1a160ce05c86859de5604f7a7f222bb98bbbeb7b67da6abc01ab2227f6b9115be710e3673481353a899ad9dc59c5e1f55ced2fb8e03e4ae103ef036c5d3da736b516ed5aa0dc4b1ff44bc7d9805119e8cb4515c42f87ec4f80158a14a292cdcc39dcef067af5044cede396122a9b92406b129a5ddb8855ae2da91e4f2486696fa13fae064da506667e54fad5747f91d7883cc4c644d0fafaf2f2d60d75d1dadad8ef4ccbf8f8e310dcff90fc2b4ca9a16c9844c86a5d6ea1f98b13ce19530f"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="160000000000000004000000"], 0x50) getpgrp(0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r5, r4, 0x0, 0x3a) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) ioctl$SNAPSHOT_FREE_SWAP_PAGES(0xffffffffffffffff, 0x3309) r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r6, &(0x7f0000000540)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000500)=""/18, 0x12, 0x3, 0x3, 0x0, 0x0, 0xc04}}, 0x11c) write$UHID_DESTROY(r6, &(0x7f0000000040), 0x4) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000c0000000000005f006d25daffd4b68dc5921e3d308798597a6ab49af87006e2739d9281f5aa6d34a4e17ab4814608661924632ee8760aef6d0c255233ee7c7675fc34f1e587680cbbd50c82f9b68d2d5aa40561541b2101fc64698cad"], 0x0, 0x28}, 0x28) recvmmsg(r7, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) 4.963200053s ago: executing program 2 (id=1899): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x20040000) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0) close_range(r1, r0, 0x2) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r4 = openat$ipvs(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000340)='exthdr\x00', &(0x7f00000003c0)='./file0\x00', 0xffffffffffffff9c) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f00000000c0), 0x18) sendmmsg(r5, &(0x7f0000003e00), 0x0, 0x8084) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ab4000000060a010400000000000000000a0000017e000740b5df8a47b48e0652d66e5a50e57ee23e97e86da46f7442bcfe2cedb17d27a314a5b988029201daa1f68a3b6db2878344a1b4c7b2565d2a2d354de941d0170f2f2725c1c8fce2dea116ddcb4d09f8d4773367b11df0b7c3d3add7b514f94a5927662674b7bd52bea55a8c445e3f2d066f8886c97a3248c7f49ad4000014000480100001800b00010065787468647200000900020073797a3200000000140000001100010000000000000000000100000a6da9fb0251053bc5224f84f77f8fa513835e1a6a70200d7efd60199d56205517dbe1bbd6ac2ef033c026f90328bc11d7c686b28761933509f302a5d3d2f02430df684a291d603620556e04ae5ec5d9e33d364ce8"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r7, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r7, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1, 0x8000) 4.915653228s ago: executing program 4 (id=1900): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x4, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) socket$kcm(0x21, 0x2, 0xa) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x14d241, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000140)={0x43, 0x8000000, 0x0, 0x3}, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3) bind$bt_l2cap(r3, 0x0, 0x0) ioctl$BLKFINISHZONE(0xffffffffffffffff, 0x40101288, &(0x7f0000000080)={0x6, 0x9}) close_range(r1, 0xffffffffffffffff, 0x2) r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = epoll_create(0x1000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0xf6c447fee59241f0}) close(r5) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x7) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x120002) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r7, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x3}}) 4.858232254s ago: executing program 0 (id=1901): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000680001000000000000000000020000000000000008000500", @ANYRES32=r1], 0x20}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 2.865572449s ago: executing program 3 (id=1902): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000001c0), 0x12) 2.738238942s ago: executing program 0 (id=1903): socket$inet6_sctp(0xa, 0x801, 0x84) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xa0000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff) r7 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x1885, 0x80, 0x2}, &(0x7f0000000340)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$rds(0x15, 0x5, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="04020000170a01040000000000000000020000030900010073797a310000000008000740000000030800074000000000a4fe05400000000000000004c8010380b80003801400010076657468305f746f5f6272696467650014000100736974300000000000000000000000001400010073797a6b616c6c657230000000000000140001007465616d3000000000000000000000001400010076657468315f766c616e000000000000140001006c6f000000000000000000000000000014000100cec7ccb864765f736c6176655f3000001400010076657468305f746f5f62726964676500140001007465616d5f736c6176655f3000000000cc000380140001006e657464657673696d30000000000000140001006e657470636930000000000000000000140001006e657470636930000000000000000000140001007866726d30000000000000000000000014000100766574683000000000000000000000001400010070696d36726567310000000000000000140001006d616373656330000000000000000000140001006970365f7674693000000000000000001400010064766d72703000007468315f746f5f62726964676500080002400000008c180003801400010076657468305f746f5f7465616d0000000800014000000000080002400000083808000240fffffff80800024000000008"], 0x204}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004054) io_uring_enter(r7, 0xb516, 0xc2de, 0x8, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000701004085dda788161db40df7a0e1be0000000000000000e80000000e275b545cc063db98150248a7d8a962b13291d334e49c7bb095399c1c45de6bf4012f1833d47e41e2697a485abc243f22753b5079746e498a7c0031"]) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r3, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c5fe68bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8ba58502975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418}) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176) 2.736865002s ago: executing program 2 (id=1904): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) r2 = openat$cachefiles(0xffffff9c, &(0x7f0000000400), 0x90200, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, 0x0, 0x9, 0x401, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x2001c800}, 0x24000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x40800, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@printk={@lld, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xc, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) chdir(&(0x7f0000000140)='./bus\x00') r5 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x600, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0) sendfile(r5, r5, &(0x7f0000000080), 0x7f03) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000000)={0x248f, 0x3, 0x5, 0x3ff}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x121}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0xa1}]}}}, @IFLA_ADDRESS={0xa, 0x1, @random="14fd06cfb0c1"}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 2.736352112s ago: executing program 4 (id=1905): r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) socket$phonet_pipe(0x23, 0x5, 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newchain={0x2c, 0x64, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xe, 0x3}, {0x3, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x100}]}, 0x2c}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000011500002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000"], 0xc4}}, 0x4008800) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write$binfmt_script(r5, 0x0, 0x0) 1.745841469s ago: executing program 3 (id=1906): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00'}) syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') socket$nl_route(0x10, 0x3, 0x0) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x35c, 0x0) r1 = syz_io_uring_setup(0x6029, &(0x7f0000000640)={0x0, 0x312, 0x40, 0x2, 0x2aa}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000040)={0x5, 0x3, 0x8201, 0xe, 0xff, 0x3, 0x57, 0x9}, 0x20) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r4, 0xffffffffffffffff, 0x4, 0x0, @void}, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x10, 0x80002, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x7, 0x4, 0x10, @dev={0xfe, 0x80, '\x00', 0x24}, @private0, 0x1, 0x8, 0x5, 0x5}}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x16}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7fffffff}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4080) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x68, 0x0, r1, 0x0, &(0x7f00000003c0)="08bbbd16f7a19bb219c0848e2800235daff4af0e9eb5eb7e0125ca9556b0b1bcb2170a62ed7034728117c4af", 0x2c, 0x1}) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r9 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) 41.611717ms ago: executing program 1 (id=1907): r0 = syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket(0x2b, 0x80801, 0x1) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000140)={'broute\x00', 0x0, 0x0, 0x0, [0x4, 0x401, 0x80000001, 0x2, 0x3, 0x100000001]}, &(0x7f0000000080)=0x78) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) kexec_load(0x0, 0x0, &(0x7f0000000000), 0x320000) r7 = socket$inet6(0xa, 0x80002, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x214, 0xf0, 0x11, 0x148, 0xf0, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@ip={@broadcast, @multicast2, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {}, {}, 0x67, 0x3, 0x2}, 0x0, 0xd0, 0xf0, 0x0, {}, [@common=@ttl={{0x24}, {0x0, 0x9}}, @common=@unspec=@limit={{0x3c}, {0x10001, 0x2, 0xa, 0x8, 0x5, 0x4}}]}, @unspec=@TRACE={0x20}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xffffffff, 'macvtap0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x270) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"}) 0s ago: executing program 2 (id=1908): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32, @ANYBLOB="01000000000000001c0012000c00010062"], 0x3c}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) kernel console output (not intermixed with test programs): arsing attributes in process `syz.1.1165'. [ 621.352216][ T8727] sp0: Synchronizing with TNC [ 622.007137][ T8726] vivid-004: ================= START STATUS ================= [ 622.054750][ T8726] vivid-004: Radio HW Seek Mode: Bounded [ 622.075229][ T8726] vivid-004: Radio Programmable HW Seek: false [ 622.105162][ T8726] vivid-004: RDS Rx I/O Mode: Block I/O [ 622.174572][ T8726] vivid-004: Generate RBDS Instead of RDS: false [ 622.187251][ T8726] vivid-004: RDS Reception: true [ 622.242551][ T8726] vivid-004: RDS Program Type: 0 inactive [ 622.259485][ T8726] vivid-004: RDS PS Name: inactive [ 622.265128][ T8726] vivid-004: RDS Radio Text: inactive [ 622.281356][ T8726] vivid-004: RDS Traffic Announcement: false inactive [ 622.297958][ T8726] vivid-004: RDS Traffic Program: false inactive [ 622.315891][ T8726] vivid-004: RDS Music: false inactive [ 622.328652][ T8726] vivid-004: ================== END STATUS ================== [ 622.533179][ T8733] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 622.906161][ T8748] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1175'. [ 623.803663][ T8750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1170'. [ 624.259726][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.266286][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.689972][ T8750] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 624.804895][ T8750] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 624.939611][ T8767] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1179'. [ 625.888109][ T8771] sp0: Synchronizing with TNC [ 627.174621][ T8790] sp0: Synchronizing with TNC [ 628.672885][ T8792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 628.687464][ T8796] ubi: mtd0 is already attached to ubi31 [ 628.848286][ T8805] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1188'. [ 630.160149][ T8813] vivid-001: ================= START STATUS ================= [ 630.176855][ T8813] vivid-001: Radio HW Seek Mode: Bounded [ 630.210240][ T8813] vivid-001: Radio Programmable HW Seek: false [ 630.227033][ T8813] vivid-001: RDS Rx I/O Mode: Block I/O [ 630.232649][ T8813] vivid-001: Generate RBDS Instead of RDS: false [ 630.259563][ T8813] vivid-001: RDS Reception: true [ 630.269651][ T8813] vivid-001: RDS Program Type: 0 inactive [ 630.281515][ T8813] vivid-001: RDS PS Name: inactive [ 630.377957][ T8813] vivid-001: RDS Radio Text: inactive [ 630.396109][ T8813] vivid-001: RDS Traffic Announcement: false inactive [ 631.271635][ T8813] vivid-001: RDS Traffic Program: false inactive [ 631.287154][ T8813] vivid-001: RDS Music: false inactive [ 631.351740][ T8813] vivid-001: ================== END STATUS ================== [ 631.401192][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1192'. [ 632.292155][ T8831] Falling back ldisc for ptm0. [ 632.411257][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1195'. [ 633.763596][ T8846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 634.405143][ T8857] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1202'. [ 634.832015][ T8852] ubi: mtd0 is already attached to ubi31 [ 637.605711][ T8873] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1207'. [ 637.871550][ T8876] sp0: Synchronizing with TNC [ 642.587716][ T8900] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1216'. [ 644.130659][ T8905] sp0: Synchronizing with TNC [ 645.264422][ T8914] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1218'. [ 645.659089][ T8918] ubi: mtd0 is already attached to ubi31 [ 645.798080][ T8923] sp0: Synchronizing with TNC [ 649.894467][ T8934] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1223'. [ 649.960686][ T8934] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 649.980438][ T8934] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 650.029183][ T8940] tipc: Enabling of bearer rejected, failed to enable media [ 651.089603][ T8948] random: crng reseeded on system resumption [ 651.326551][ T8955] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1229'. [ 652.451987][ T8961] ubi: mtd0 is already attached to ubi31 [ 653.570078][ T8970] sp0: Synchronizing with TNC [ 654.733587][ T8976] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1233'. [ 655.103731][ T8974] Falling back ldisc for ptm1. [ 655.511023][ T8980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1236'. [ 655.595106][ T8982] ubi: mtd0 is already attached to ubi31 [ 657.359349][ T8986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1235'. [ 657.372235][ T8986] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 657.417906][ T8986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 659.081959][ T9002] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1242'. [ 659.429228][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1243'. [ 660.387052][ T9013] device team_slave_0 entered promiscuous mode [ 660.393314][ T9013] device team_slave_1 entered promiscuous mode [ 660.399662][ T9013] device macsec1 entered promiscuous mode [ 660.405372][ T9013] device team0 entered promiscuous mode [ 660.411873][ T9013] team0: Device macsec1 is already an upper device of the team interface [ 660.421393][ T9013] device team0 left promiscuous mode [ 660.427000][ T9013] device team_slave_0 left promiscuous mode [ 660.432938][ T9013] device team_slave_1 left promiscuous mode [ 660.672610][ T9017] sp0: Synchronizing with TNC [ 661.823680][ T9020] sp0: Synchronizing with TNC [ 662.403247][ T9025] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1249'. [ 663.689112][ T9029] ubi: mtd0 is already attached to ubi31 [ 665.320952][ T9042] tipc: Enabling of bearer rejected, failed to enable media [ 665.978122][ T9054] ubi: mtd0 is already attached to ubi31 [ 666.412550][ T9065] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1257'. [ 669.662436][ T9062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1258'. [ 669.787550][ T9075] sp0: Synchronizing with TNC [ 670.767215][ T9080] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1261'. [ 672.892601][ T9090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1263'. [ 672.918857][ T9090] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 672.942798][ T9090] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 673.453711][ T9099] ubi: mtd0 is already attached to ubi31 [ 675.326596][ T9104] ubi: mtd0 is already attached to ubi31 [ 675.366300][ T9108] tipc: Enabling of bearer rejected, failed to enable media [ 675.970666][ T9122] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1272'. [ 678.579420][ T9132] sp0: Synchronizing with TNC [ 679.688465][ T9127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1274'. [ 679.697714][ T9127] device lo entered promiscuous mode [ 679.703737][ T9127] device tunl0 entered promiscuous mode [ 679.710013][ T9127] device gre0 entered promiscuous mode [ 679.716536][ T9127] device gretap0 entered promiscuous mode [ 679.722807][ T9127] device erspan0 entered promiscuous mode [ 679.729048][ T9127] device ip_vti0 entered promiscuous mode [ 679.735588][ T9127] device ip6_vti0 entered promiscuous mode [ 679.742016][ T9127] device sit0 entered promiscuous mode [ 679.748106][ T9127] device ip6tnl0 entered promiscuous mode [ 679.754369][ T9127] device ip6gre0 entered promiscuous mode [ 679.760684][ T9127] device syz_tun entered promiscuous mode [ 679.767047][ T9127] device ip6gretap0 entered promiscuous mode [ 679.773537][ T9127] device bridge0 entered promiscuous mode [ 679.780798][ T9127] device vcan0 entered promiscuous mode [ 679.786451][ T9127] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 679.793857][ T9127] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 679.801242][ T9127] device bond0 entered promiscuous mode [ 679.806842][ T9127] device bond_slave_0 entered promiscuous mode [ 679.813157][ T9127] device bond_slave_1 entered promiscuous mode [ 679.820119][ T9127] device team0 entered promiscuous mode [ 679.825676][ T9127] device team_slave_0 entered promiscuous mode [ 679.831953][ T9127] device team_slave_1 entered promiscuous mode [ 679.838880][ T9127] device dummy0 entered promiscuous mode [ 679.844997][ T9127] device nlmon0 entered promiscuous mode [ 679.851588][ T9127] device caif0 entered promiscuous mode [ 679.857239][ T9127] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 680.045025][ T9137] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1276'. [ 684.201320][ T9162] Falling back ldisc for ptm0. [ 684.235619][ T9157] tipc: Enabling of bearer rejected, failed to enable media [ 684.422004][ T9172] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1286'. [ 685.698049][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.704398][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.155622][ T9184] ubi: mtd0 is already attached to ubi31 [ 687.584556][ T9192] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1292'. [ 689.222698][ T9201] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1293'. [ 691.157898][ T9205] ubi: mtd0 is already attached to ubi31 [ 691.293633][ T9210] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1299'. [ 692.792911][ T9214] tipc: Enabling of bearer rejected, failed to enable media [ 693.789962][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1297'. [ 694.363115][ T9231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1301'. [ 694.651599][ T9235] ubi: mtd0 is already attached to ubi31 [ 694.852156][ T9245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 694.983484][ T9245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 695.008363][ T9245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 695.447188][ T9258] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1309'. [ 696.482049][ T9264] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1310'. [ 698.046582][ T9268] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1311'. [ 700.733882][ T9274] ubi: mtd0 is already attached to ubi31 [ 700.801317][ T9276] tipc: Enabling of bearer rejected, failed to enable media [ 701.248863][ T9291] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1318'. [ 701.356545][ T9292] ubi: mtd0 is already attached to ubi31 [ 702.004381][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1319'. [ 702.771670][ T9312] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1323'. [ 702.986538][ T9316] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1324'. [ 705.833406][ T9327] tipc: Enabling of bearer rejected, failed to enable media [ 705.843329][ T9325] ubi: mtd0 is already attached to ubi31 [ 705.884979][ T9330] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 705.925981][ T9332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1330'. [ 705.975091][ T9330] qnx6: wrong signature (magic) in superblock #1. [ 706.056763][ T9330] qnx6: unable to read the first superblock [ 707.203316][ T9352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1334'. [ 707.285662][ T9353] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1333'. [ 708.128103][ T9360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1336'. [ 708.564760][ T9363] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1337'. [ 709.641560][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1338'. [ 709.657539][ T9367] device lo entered promiscuous mode [ 709.670294][ T9367] device tunl0 entered promiscuous mode [ 709.679899][ T9367] device gre0 entered promiscuous mode [ 709.690024][ T9367] device gretap0 entered promiscuous mode [ 709.700102][ T9367] device erspan0 entered promiscuous mode [ 709.710384][ T9367] device ip_vti0 entered promiscuous mode [ 709.723144][ T9367] device ip6_vti0 entered promiscuous mode [ 709.740221][ T9367] device sit0 entered promiscuous mode [ 709.749824][ T9367] device ip6tnl0 entered promiscuous mode [ 709.762492][ T9367] device ip6gre0 entered promiscuous mode [ 709.784433][ T9367] device syz_tun entered promiscuous mode [ 709.794251][ T9367] device ip6gretap0 entered promiscuous mode [ 709.804298][ T9367] device bridge0 entered promiscuous mode [ 709.814184][ T9367] device vcan0 entered promiscuous mode [ 709.822264][ T9367] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 709.833684][ T9367] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 709.842661][ T9367] device bond0 entered promiscuous mode [ 709.849082][ T9367] device bond_slave_0 entered promiscuous mode [ 709.856216][ T9367] device bond_slave_1 entered promiscuous mode [ 709.871188][ T9367] device team0 entered promiscuous mode [ 709.885486][ T9367] device team_slave_0 entered promiscuous mode [ 709.917802][ T9367] device team_slave_1 entered promiscuous mode [ 709.940498][ T9367] device dummy0 entered promiscuous mode [ 709.949952][ T9367] device nlmon0 entered promiscuous mode [ 709.961036][ T9367] device caif0 entered promiscuous mode [ 709.967648][ T9367] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 711.683295][ T9369] ubi: mtd0 is already attached to ubi31 [ 711.925807][ T9377] ubi: mtd0 is already attached to ubi31 [ 712.065646][ T9382] tipc: Enabling of bearer rejected, failed to enable media [ 712.441554][ T9397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1345'. [ 712.453444][ T9398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1347'. [ 714.194418][ T9409] device bridge5 entered promiscuous mode [ 716.387305][ T9421] ubi: mtd0 is already attached to ubi31 [ 716.771886][ T9431] ubi: mtd0 is already attached to ubi31 [ 717.181933][ T9436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1358'. [ 719.768845][ T9452] tipc: Enabling of bearer rejected, failed to enable media [ 721.680310][ T9463] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1364'. [ 721.695127][ T9463] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 721.732546][ T9463] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 722.044161][ T9478] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1367'. [ 722.745541][ T9486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1370'. [ 723.097480][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1369'. [ 724.976030][ T9494] ubi: mtd0 is already attached to ubi31 [ 727.281532][ T9509] vivid-002: ================= START STATUS ================= [ 727.296765][ T9509] vivid-002: Radio HW Seek Mode: Bounded [ 727.310338][ T9509] vivid-002: Radio Programmable HW Seek: false [ 727.320367][ T9513] tipc: Enabling of bearer rejected, failed to enable media [ 727.337574][ T9509] vivid-002: RDS Rx I/O Mode: Block I/O [ 727.366916][ T9509] vivid-002: Generate RBDS Instead of RDS: false [ 727.533883][ T9521] sp0: Synchronizing with TNC [ 728.251268][ T9509] vivid-002: RDS Reception: true [ 728.263090][ T9509] vivid-002: RDS Program Type: 0 inactive [ 728.276782][ T9509] vivid-002: RDS PS Name: inactive [ 728.378760][ T9509] vivid-002: RDS Radio Text: inactive [ 728.384378][ T9509] vivid-002: RDS Traffic Announcement: false inactive [ 728.394840][ T9509] vivid-002: RDS Traffic Program: false inactive [ 728.402461][ T9509] vivid-002: RDS Music: false inactive [ 728.414441][ T9509] vivid-002: ================== END STATUS ================== [ 728.740694][ T9530] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1381'. [ 730.330018][ T9533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1382'. [ 730.479624][ T9536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1383'. [ 730.816796][ T4591] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 731.026868][ T4591] usb 2-1: Using ep0 maxpacket: 32 [ 731.034382][ T4591] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 731.043321][ T9543] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 731.078308][ T4591] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 731.098580][ T9543] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 731.100969][ T4591] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 731.128108][ T4591] usb 2-1: Product: syz [ 731.227959][ T4591] usb 2-1: Manufacturer: syz [ 731.233582][ T4591] usb 2-1: SerialNumber: syz [ 731.244001][ T4591] usb 2-1: config 0 descriptor?? [ 731.251467][ T9538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 731.798866][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1387'. [ 731.809775][ T9552] device lo left promiscuous mode [ 731.819874][ T9552] device tunl0 left promiscuous mode [ 731.830631][ T9552] device gre0 left promiscuous mode [ 731.951359][ T9552] device gretap0 left promiscuous mode [ 731.966461][ T9552] device erspan0 left promiscuous mode [ 732.027545][ T9552] device ip_vti0 left promiscuous mode [ 732.052979][ T9552] device ip6_vti0 left promiscuous mode [ 732.101862][ T9552] device sit0 left promiscuous mode [ 732.122747][ T9552] device ip6tnl0 left promiscuous mode [ 732.139572][ T9552] device ip6gre0 left promiscuous mode [ 733.151947][ T9552] device syz_tun left promiscuous mode [ 733.200736][ T9552] device ip6gretap0 left promiscuous mode [ 733.212966][ T9552] device bridge0 left promiscuous mode [ 733.229693][ T9552] device vcan0 left promiscuous mode [ 733.246415][ T9552] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 733.265271][ T9552] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 733.315466][ T9552] device bond0 left promiscuous mode [ 733.333446][ T9552] device bond_slave_0 left promiscuous mode [ 734.135231][ T9565] Falling back ldisc for ptm0. [ 734.150574][ T9552] device bond_slave_1 left promiscuous mode [ 734.168127][ T9552] device team0 left promiscuous mode [ 734.173477][ T9552] device team_slave_0 left promiscuous mode [ 734.185305][ T9552] device team_slave_1 left promiscuous mode [ 734.195766][ T9552] device dummy0 left promiscuous mode [ 734.206167][ T9552] device nlmon0 left promiscuous mode [ 734.408076][ T9552] device caif0 left promiscuous mode [ 734.481287][ T9552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 734.710639][ T9567] tipc: Enabling of bearer rejected, failed to enable media [ 734.816083][ T9580] ubi: mtd0 is already attached to ubi31 [ 735.037655][ T9212] usb 2-1: USB disconnect, device number 15 [ 735.293979][ T9579] vivid-002: ================= START STATUS ================= [ 735.304082][ T9579] vivid-002: Radio HW Seek Mode: Bounded [ 735.516793][ T9589] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1394'. [ 736.190773][ T9579] vivid-002: Radio Programmable HW Seek: false [ 736.197401][ T9579] vivid-002: RDS Rx I/O Mode: Block I/O [ 736.207487][ T9579] vivid-002: Generate RBDS Instead of RDS: false [ 736.213993][ T9579] vivid-002: RDS Reception: true [ 736.317081][ T9579] vivid-002: RDS Program Type: 0 inactive [ 736.402676][ T9594] device team_slave_0 entered promiscuous mode [ 736.408960][ T9594] device team_slave_1 entered promiscuous mode [ 736.415386][ T9594] device macsec1 entered promiscuous mode [ 736.421309][ T9594] device team0 entered promiscuous mode [ 736.431328][ T9594] team0: Device macsec1 is already an upper device of the team interface [ 737.120836][ T9579] vivid-002: RDS PS Name: inactive [ 737.127528][ T9579] vivid-002: RDS Radio Text: inactive [ 737.134371][ T9579] vivid-002: RDS Traffic Announcement: false inactive [ 737.141997][ T9579] vivid-002: RDS Traffic Program: false inactive [ 737.149977][ T9579] vivid-002: RDS Music: false inactive [ 737.157020][ T9579] vivid-002: ================== END STATUS ================== [ 737.813334][ T9594] device team0 left promiscuous mode [ 738.038493][ T9594] device team_slave_0 left promiscuous mode [ 738.044464][ T9594] device team_slave_1 left promiscuous mode [ 738.756669][ T4591] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 738.956782][ T4591] usb 5-1: Using ep0 maxpacket: 8 [ 739.203404][ T4591] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 739.213972][ T4591] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 739.223136][ T4591] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 739.234463][ T4591] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 739.246020][ T4591] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 739.255638][ T4591] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.308210][ T4591] hub 5-1:1.0: bad descriptor, ignoring hub [ 739.345119][ T4591] hub: probe of 5-1:1.0 failed with error -5 [ 739.376026][ T4591] cdc_wdm 5-1:1.0: skipping garbage [ 739.381772][ T4591] cdc_wdm 5-1:1.0: skipping garbage [ 739.389166][ T4591] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 739.395768][ T4591] cdc_wdm 5-1:1.0: Unknown control protocol [ 740.082410][ T9633] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1406'. [ 740.236684][ T4591] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 741.727039][ T4591] usb 3-1: Using ep0 maxpacket: 32 [ 741.740233][ T4591] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 742.025118][ T1169] usb 5-1: USB disconnect, device number 13 [ 742.031241][ T9608] cdc_wdm 5-1:1.0: Error autopm - -16 [ 742.039522][ T4591] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 742.069285][ T4591] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 742.078049][ T9624] cdc_wdm 5-1:1.0: Error autopm - -16 [ 742.107560][ T4591] usb 3-1: Product: syz [ 742.111956][ T4591] usb 3-1: Manufacturer: syz [ 742.132883][ T4591] usb 3-1: SerialNumber: syz [ 742.233111][ T9637] random: crng reseeded on system resumption [ 744.286176][ T4591] usb 3-1: config 0 descriptor?? [ 744.363373][ T9645] ubi: mtd0 is already attached to ubi31 [ 744.556806][ T4591] usb 3-1: can't set config #0, error -71 [ 744.589591][ T4591] usb 3-1: USB disconnect, device number 12 [ 744.691814][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1409'. [ 744.733505][ T9646] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 744.757397][ T9646] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 744.919516][ T9651] device team_slave_0 entered promiscuous mode [ 744.925729][ T9651] device team_slave_1 entered promiscuous mode [ 744.932209][ T9651] device macsec1 entered promiscuous mode [ 744.938150][ T9651] device team0 entered promiscuous mode [ 744.947819][ T9651] team0: Device macsec1 is already an upper device of the team interface [ 745.214102][ T9651] device team0 left promiscuous mode [ 745.221099][ T9651] device team_slave_0 left promiscuous mode [ 745.227165][ T9651] device team_slave_1 left promiscuous mode [ 746.115652][ T9656] vivid-003: ================= START STATUS ================= [ 746.124823][ T9656] vivid-003: Radio HW Seek Mode: Bounded [ 746.133728][ T9656] vivid-003: Radio Programmable HW Seek: false [ 746.140787][ T9656] vivid-003: RDS Rx I/O Mode: Block I/O [ 746.152423][ T9656] vivid-003: Generate RBDS Instead of RDS: false [ 746.263343][ T9656] vivid-003: RDS Reception: true [ 746.292356][ T9656] vivid-003: RDS Program Type: 0 inactive [ 746.302985][ T9656] vivid-003: RDS PS Name: inactive [ 746.316980][ T9656] vivid-003: RDS Radio Text: inactive [ 746.337571][ T9656] vivid-003: RDS Traffic Announcement: false inactive [ 746.350467][ T9656] vivid-003: RDS Traffic Program: false inactive [ 746.357789][ T9656] vivid-003: RDS Music: false inactive [ 746.377757][ T9656] vivid-003: ================== END STATUS ================== [ 746.671633][ T4281] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 747.138948][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.161078][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.867125][ T9647] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 748.056663][ T9683] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1421'. [ 748.067217][ T9647] usb 4-1: Using ep0 maxpacket: 32 [ 749.546802][ T9647] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 749.617416][ T9647] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 749.641919][ T9647] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 749.746514][ T9687] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1422'. [ 751.176645][ T9647] usb 4-1: Product: syz [ 751.180858][ T9647] usb 4-1: Manufacturer: syz [ 751.185465][ T9647] usb 4-1: SerialNumber: syz [ 751.200683][ T9647] usb 4-1: config 0 descriptor?? [ 751.210901][ T9647] usb 4-1: can't set config #0, error -71 [ 751.218245][ T9647] usb 4-1: USB disconnect, device number 6 [ 751.406615][ T9689] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 751.799343][ T9701] ubi: mtd0 is already attached to ubi31 [ 752.065062][ T9702] ubi: mtd0 is already attached to ubi31 [ 753.037373][ T9703] overlayfs: failed to look up (tracing) for ino (-66) [ 753.235639][ T9712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1429'. [ 755.619253][ T9734] device bridge3 entered promiscuous mode [ 756.552992][ T9733] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1435'. [ 756.843689][ T9744] random: crng reseeded on system resumption [ 758.035589][ T9761] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1444'. [ 760.817839][ T9785] sp0: Synchronizing with TNC [ 761.920186][ T9792] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1451'. [ 763.346798][ T9793] random: crng reseeded on system resumption [ 764.053379][ T9802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1454'. [ 766.146034][ T9813] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 766.164083][ T9813] qnx6: wrong signature (magic) in superblock #1. [ 766.171301][ T9813] qnx6: unable to read the first superblock [ 766.429081][ T9818] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1459'. [ 766.596332][ T9823] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1460'. [ 767.892577][ T9835] sp0: Synchronizing with TNC [ 768.837025][ T9838] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1464'. [ 769.844686][ T9843] sp0: Synchronizing with TNC [ 770.152494][ T9853] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1471'. [ 771.780240][ T9857] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1467'. [ 773.884062][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1473'. [ 773.975791][ T27] kauditd_printk_skb: 61 callbacks suppressed [ 773.975806][ T27] audit: type=1326 audit(2000000007.870:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 774.346685][ T1169] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 774.428033][ T9878] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1477'. [ 774.546727][ T1169] usb 2-1: Using ep0 maxpacket: 32 [ 775.844978][ T27] audit: type=1326 audit(2000000008.150:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 775.867738][ T27] audit: type=1326 audit(2000000009.740:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 775.868561][ T1169] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 775.890351][ T27] audit: type=1326 audit(2000000009.740:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 775.936969][ T27] audit: type=1326 audit(2000000009.740:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 775.959248][ C0] vkms_vblank_simulate: vblank timer overrun [ 775.969883][ T1169] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 775.979768][ T1169] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 775.988697][ T27] audit: type=1326 audit(2000000000.050:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 776.021204][ T1169] usb 2-1: Product: syz [ 776.033892][ T1169] usb 2-1: Manufacturer: syz [ 776.041486][ T1169] usb 2-1: SerialNumber: syz [ 776.053038][ T27] audit: type=1326 audit(2000000000.050:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 776.075247][ C0] vkms_vblank_simulate: vblank timer overrun [ 776.086354][ T27] audit: type=1326 audit(2000000000.050:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 776.097813][ T1169] usb 2-1: config 0 descriptor?? [ 776.109389][ T27] audit: type=1326 audit(2000000000.080:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 776.137699][ T9871] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 776.210814][ T27] audit: type=1326 audit(2000000000.080:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.0.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 776.959322][ T1169] usb 2-1: USB disconnect, device number 16 [ 776.980974][ T9898] sp0: Synchronizing with TNC [ 777.281115][ T9899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1480'. [ 777.315514][ T9899] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 777.338858][ T9899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 777.430230][ T9906] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1484'. [ 778.551438][ T9908] device bridge4 entered promiscuous mode [ 779.981487][ T9923] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 779.999431][ T9923] qnx6: wrong signature (magic) in superblock #1. [ 780.025397][ T9923] qnx6: unable to read the first superblock [ 780.995896][ T9935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1491'. [ 781.559111][ T27] kauditd_printk_skb: 71 callbacks suppressed [ 781.559127][ T27] audit: type=1326 audit(2000000000.260:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.618237][ T27] audit: type=1326 audit(2000000000.260:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.640567][ C1] vkms_vblank_simulate: vblank timer overrun [ 781.654991][ T27] audit: type=1326 audit(2000000000.260:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.677241][ C1] vkms_vblank_simulate: vblank timer overrun [ 781.693961][ T27] audit: type=1326 audit(2000000000.290:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.719705][ T27] audit: type=1326 audit(2000000000.290:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.741962][ C1] vkms_vblank_simulate: vblank timer overrun [ 781.761874][ T27] audit: type=1326 audit(2000000000.300:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.794740][ T27] audit: type=1326 audit(2000000000.300:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.872522][ T27] audit: type=1326 audit(2000000000.300:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.894789][ C1] vkms_vblank_simulate: vblank timer overrun [ 781.914090][ T27] audit: type=1326 audit(2000000000.300:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 781.954279][ T9945] sp0: Synchronizing with TNC [ 782.023609][ T27] audit: type=1326 audit(2000000000.720:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9936 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 782.288534][ T9952] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1497'. [ 782.566644][ T4269] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 783.936865][ T4269] usb 1-1: Using ep0 maxpacket: 32 [ 783.945964][ T4269] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 784.022997][ T4269] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 784.071910][ T4269] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 784.080462][ T9957] ubi: mtd0 is already attached to ubi31 [ 784.098169][ T4269] usb 1-1: Product: syz [ 784.120090][ T4269] usb 1-1: Manufacturer: syz [ 784.177258][ T4269] usb 1-1: SerialNumber: syz [ 784.201323][ T4269] usb 1-1: config 0 descriptor?? [ 784.235838][ T9951] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 784.672082][ T9967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1498'. [ 784.751534][ T9968] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1501'. [ 786.212805][ T4770] usb 1-1: USB disconnect, device number 29 [ 787.746320][ T9983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1506'. [ 788.309600][ T9992] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 788.335562][ T9992] qnx6: wrong signature (magic) in superblock #1. [ 788.352935][ T9992] qnx6: unable to read the first superblock [ 788.366023][ T9993] sp0: Synchronizing with TNC [ 788.607340][T10000] device bridge5 entered promiscuous mode [ 789.636738][ T4591] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 789.725914][T10008] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1513'. [ 791.312868][T10011] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1514'. [ 791.322181][ T4591] usb 1-1: Using ep0 maxpacket: 8 [ 792.024040][ T4591] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 792.077791][ T4591] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 792.135685][ T4591] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 792.282441][T10015] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1515'. [ 793.757563][ T4591] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 793.799942][ T4591] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 793.850634][ T4591] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.674664][ T4591] usb 1-1: can't set config #1, error -71 [ 794.700177][ T4591] usb 1-1: USB disconnect, device number 30 [ 794.919321][T10024] random: crng reseeded on system resumption [ 795.087211][ T4591] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 795.446809][ T4591] usb 1-1: Using ep0 maxpacket: 32 [ 795.460861][ T4591] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 796.480463][ T4591] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 796.633052][ T4591] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 796.863736][ T4591] usb 1-1: Product: syz [ 796.896113][ T4591] usb 1-1: Manufacturer: syz [ 796.999536][ T4591] usb 1-1: SerialNumber: syz [ 797.819819][ T4591] usb 1-1: config 0 descriptor?? [ 797.840038][ T4591] usb 1-1: can't set config #0, error -71 [ 797.876897][T10033] sp0: Synchronizing with TNC [ 797.881913][ T4591] usb 1-1: USB disconnect, device number 31 [ 798.239598][T10044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1523'. [ 798.316774][ T4591] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 798.648491][T10048] tipc: Enabling of bearer rejected, failed to enable media [ 798.720528][ T4591] usb 1-1: Using ep0 maxpacket: 32 [ 798.728741][ T4591] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 798.775935][ T4591] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 798.805786][ T4591] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 798.861916][ T4591] usb 1-1: Product: syz [ 798.874039][T10057] vivid-004: ================= START STATUS ================= [ 798.882749][T10057] vivid-004: Radio HW Seek Mode: Bounded [ 798.890446][ T4591] usb 1-1: Manufacturer: syz [ 798.890490][T10057] vivid-004: Radio Programmable HW Seek: [ 798.895206][ T4591] usb 1-1: SerialNumber: syz [ 798.895256][T10057] false [ 798.909341][T10057] vivid-004: RDS Rx I/O Mode: Block I/O [ 798.915265][T10057] vivid-004: Generate RBDS Instead of RDS: false [ 798.922834][T10057] vivid-004: RDS Reception: true [ 798.943815][ T4591] usb 1-1: config 0 descriptor?? [ 798.951844][T10029] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 798.978806][T10057] vivid-004: RDS Program Type: 0 inactive [ 799.009994][T10057] vivid-004: RDS PS Name: inactive [ 799.154159][T10057] vivid-004: RDS Radio Text: inactive [ 799.171395][T10057] vivid-004: RDS Traffic Announcement: false inactive [ 799.182776][T10057] vivid-004: RDS Traffic Program: false inactive [ 799.193529][T10057] vivid-004: RDS Music: false inactive [ 799.206013][T10057] vivid-004: ================== END STATUS ================== [ 799.459449][T10066] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 799.514241][T10066] qnx6: wrong signature (magic) in superblock #1. [ 799.523298][T10066] qnx6: unable to read the first superblock [ 799.764236][T10072] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1530'. [ 802.066721][ T5803] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 802.191613][ T125] usb 1-1: USB disconnect, device number 32 [ 802.257641][ T5803] usb 2-1: Using ep0 maxpacket: 32 [ 802.288764][ T5803] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 802.344803][ T5803] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 802.380370][ T5803] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 803.196639][ T5803] usb 2-1: Product: syz [ 803.200856][ T5803] usb 2-1: Manufacturer: syz [ 803.205457][ T5803] usb 2-1: SerialNumber: syz [ 803.221445][ T5803] usb 2-1: config 0 descriptor?? [ 803.227105][T10076] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 803.572990][ T4770] usb 2-1: USB disconnect, device number 17 [ 805.450763][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 805.450778][ T27] audit: type=1326 audit(2000000007.120:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 805.492348][T10102] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1538'. [ 805.590633][ T27] audit: type=1326 audit(2000000007.120:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.518204][T10109] tipc: Enabling of bearer rejected, already enabled [ 806.562165][ T27] audit: type=1326 audit(2000000007.120:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.678031][ T27] audit: type=1326 audit(2000000007.120:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.705251][ T27] audit: type=1326 audit(2000000007.120:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.812410][ T27] audit: type=1326 audit(2000000007.140:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.924177][ T27] audit: type=1326 audit(2000000007.140:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 806.975756][ T4281] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 806.983372][ T27] audit: type=1326 audit(2000000007.140:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 807.014509][ T27] audit: type=1326 audit(2000000007.140:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 807.037722][ T27] audit: type=1326 audit(2000000007.140:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10101 comm="syz.2.1538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 807.325612][T10124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1544'. [ 807.696799][ T4281] Bluetooth: hci4: command 0x0405 tx timeout [ 808.578725][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.585820][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.683968][T10133] vivid-002: ================= START STATUS ================= [ 808.692955][T10133] vivid-002: Radio HW Seek Mode: Bounded [ 808.699806][T10133] vivid-002: Radio Programmable HW Seek: false [ 808.987826][ T125] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 809.176699][ T125] usb 1-1: Using ep0 maxpacket: 32 [ 809.216668][ T5803] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 810.678473][T10133] vivid-002: RDS Rx I/O Mode: Block I/O [ 810.685339][T10133] vivid-002: Generate RBDS Instead of RDS: false [ 810.692190][T10133] vivid-002: RDS Reception: true [ 810.697977][T10133] vivid-002: RDS Program Type: 0 inactive [ 810.698104][ T125] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 810.698628][T10133] [ 810.716887][T10133] vivid-002: RDS PS Name: inactive [ 810.722228][T10133] vivid-002: RDS Radio Text: inactive [ 810.730355][T10133] vivid-002: RDS Traffic Announcement: false inactive [ 810.738511][T10133] vivid-002: RDS Traffic Program: false inactive [ 810.745090][T10133] vivid-002: RDS Music: false inactive [ 810.753077][T10133] vivid-002: ================== END STATUS ================== [ 810.842269][ T125] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 810.856706][ T5803] usb 3-1: Using ep0 maxpacket: 8 [ 810.887847][ T125] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 810.903627][ T125] usb 1-1: Product: syz [ 810.903665][ T5803] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 810.908417][ T125] usb 1-1: Manufacturer: syz [ 810.923553][ T125] usb 1-1: SerialNumber: syz [ 810.946660][ T5803] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 810.961983][ T125] usb 1-1: config 0 descriptor?? [ 810.977094][ T5803] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 810.977314][T10135] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 811.036784][ T5803] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 811.106734][ T5803] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 811.135675][ T5803] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.163262][ T5803] hub 3-1:1.0: bad descriptor, ignoring hub [ 812.078470][ T5803] hub: probe of 3-1:1.0 failed with error -5 [ 812.087322][ T5803] cdc_wdm 3-1:1.0: skipping garbage [ 812.092561][ T5803] cdc_wdm 3-1:1.0: skipping garbage [ 812.102273][ T5803] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 812.108536][ T5803] cdc_wdm 3-1:1.0: Unknown control protocol [ 812.150294][ T5803] usb 3-1: USB disconnect, device number 13 [ 812.195561][T10153] tipc: Enabling of bearer rejected, failed to enable media [ 812.364223][ T4591] usb 1-1: USB disconnect, device number 33 [ 813.789837][T10174] device team_slave_0 entered promiscuous mode [ 813.796074][T10174] device team_slave_1 entered promiscuous mode [ 813.802808][T10174] device macsec1 entered promiscuous mode [ 813.808675][T10174] device team0 entered promiscuous mode [ 813.818119][T10174] team0: Device macsec1 is already an upper device of the team interface [ 814.187275][T10174] device team0 left promiscuous mode [ 814.192970][T10174] device team_slave_0 left promiscuous mode [ 814.198995][T10174] device team_slave_1 left promiscuous mode [ 814.304823][ T27] kauditd_printk_skb: 44 callbacks suppressed [ 814.304838][ T27] audit: type=1326 audit(2000000007.680:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.066713][ T27] audit: type=1326 audit(2000000007.710:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.089639][ T27] audit: type=1326 audit(2000000007.710:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.118053][ T27] audit: type=1326 audit(2000000007.710:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.144279][ T27] audit: type=1326 audit(2000000007.710:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.422714][ T27] audit: type=1326 audit(2000000007.710:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 815.532676][ T27] audit: type=1326 audit(2000000008.630:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 816.416650][ T27] audit: type=1326 audit(2000000008.630:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10177 comm="syz.0.1557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 816.757220][T10199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1561'. [ 817.850955][T10199] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 818.200168][T10199] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 819.880794][ T4591] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 819.899819][ T4770] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 820.082358][T10218] vivid-002: ================= START STATUS ================= [ 820.096624][ T4591] usb 2-1: Using ep0 maxpacket: 32 [ 820.103155][ T4591] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 820.122877][T10218] vivid-002: Radio HW Seek Mode: Bounded [ 820.136673][ T4770] usb 5-1: Using ep0 maxpacket: 8 [ 820.143135][ T4770] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 820.166325][ T4770] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 820.187390][ T4770] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 820.229994][ T4591] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 820.241326][ T4591] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 820.258668][ T4591] usb 2-1: Product: syz [ 820.261957][ T4770] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 820.265270][ T4591] usb 2-1: Manufacturer: syz [ 820.304831][T10218] vivid-002: Radio Programmable HW Seek: false [ 820.312842][ T4591] usb 2-1: SerialNumber: syz [ 820.313213][T10221] tipc: Enabling of bearer rejected, failed to enable media [ 820.329558][ T4770] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 820.337290][ T4591] usb 2-1: config 0 descriptor?? [ 820.349650][ T4770] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.349693][T10218] vivid-002: RDS Rx I/O Mode: [ 820.367726][T10210] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 820.371463][ T4770] hub 5-1:1.0: bad descriptor, ignoring hub [ 820.389411][ T4770] hub: probe of 5-1:1.0 failed with error -5 [ 820.395774][ T4770] cdc_wdm 5-1:1.0: skipping garbage [ 820.402304][T10218] Block I/O [ 820.410363][ T4770] cdc_wdm 5-1:1.0: skipping garbage [ 820.415718][T10218] vivid-002: Generate RBDS Instead of RDS: false [ 820.434406][ T4770] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 820.460086][T10218] vivid-002: RDS Reception: [ 820.466666][ T4770] cdc_wdm 5-1:1.0: Unknown control protocol [ 820.480370][T10218] true [ 820.484348][T10218] vivid-002: RDS Program Type: 0 inactive [ 820.510233][T10218] vivid-002: RDS PS Name: inactive [ 820.544053][T10218] vivid-002: RDS Radio Text: inactive [ 820.598731][T10218] vivid-002: RDS Traffic Announcement: false inactive [ 820.620080][T10218] vivid-002: RDS Traffic Program: false inactive [ 820.712783][ T5803] usb 2-1: USB disconnect, device number 18 [ 820.754581][T10218] vivid-002: RDS Music: false inactive [ 820.763419][T10218] vivid-002: ================== END STATUS ================== [ 821.017015][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1571'. [ 821.025889][T10236] device lo entered promiscuous mode [ 821.031981][T10236] device tunl0 entered promiscuous mode [ 821.038034][T10236] device gre0 entered promiscuous mode [ 821.043999][T10236] device gretap0 entered promiscuous mode [ 821.050202][T10236] device erspan0 entered promiscuous mode [ 821.056472][T10236] device ip_vti0 entered promiscuous mode [ 821.062796][T10236] device ip6_vti0 entered promiscuous mode [ 821.069120][T10236] device sit0 entered promiscuous mode [ 821.075061][T10236] device ip6tnl0 entered promiscuous mode [ 821.081340][T10236] device ip6gre0 entered promiscuous mode [ 821.087551][T10236] device syz_tun entered promiscuous mode [ 821.093718][T10236] device ip6gretap0 entered promiscuous mode [ 821.100194][T10236] device bridge0 entered promiscuous mode [ 821.106375][T10236] device vcan0 entered promiscuous mode [ 821.112076][T10236] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 821.119535][T10236] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 821.126973][T10236] device bond0 entered promiscuous mode [ 821.132534][T10236] device bond_slave_0 entered promiscuous mode [ 821.138776][T10236] device bond_slave_1 entered promiscuous mode [ 821.145636][T10236] device team0 entered promiscuous mode [ 821.151284][T10236] device team_slave_0 entered promiscuous mode [ 821.157571][T10236] device team_slave_1 entered promiscuous mode [ 821.164437][T10236] device dummy0 entered promiscuous mode [ 821.170650][T10236] device nlmon0 entered promiscuous mode [ 821.177243][T10236] device caif0 entered promiscuous mode [ 821.182809][T10236] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 825.788650][T10266] sp0: Synchronizing with TNC [ 826.132142][T10274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1579'. [ 826.162394][T10274] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 826.178500][T10274] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 826.900538][T10278] 9pnet_virtio: no channels available for device syz [ 827.333236][T10280] tipc: Enabling of bearer rejected, already enabled [ 827.593742][ T27] audit: type=1326 audit(2000000001.320:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 827.651693][ T27] audit: type=1326 audit(2000000001.320:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 827.674071][ C1] vkms_vblank_simulate: vblank timer overrun [ 827.696519][ T27] audit: type=1326 audit(2000000001.320:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 827.722307][ C1] vkms_vblank_simulate: vblank timer overrun [ 827.876977][ T27] audit: type=1326 audit(2000000001.350:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 827.913057][T10214] cdc_wdm 5-1:1.0: Error autopm - -16 [ 827.913271][ T4770] usb 5-1: USB disconnect, device number 14 [ 827.919088][ T27] audit: type=1326 audit(2000000001.350:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 827.967294][T10210] cdc_wdm 5-1:1.0: Error autopm - -16 [ 829.165625][ T27] audit: type=1326 audit(2000000001.350:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 829.188353][ T27] audit: type=1326 audit(2000000002.130:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 829.216510][ T27] audit: type=1326 audit(2000000002.130:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10283 comm="syz.0.1584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 829.307575][T10292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 829.370762][T10292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 829.423726][T10300] 9pnet_virtio: no channels available for device syz [ 829.723697][T10309] random: crng reseeded on system resumption [ 830.445055][T10314] tipc: Enabling of bearer rejected, failed to enable media [ 831.236718][ T4770] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 832.436717][ T4770] usb 4-1: Using ep0 maxpacket: 32 [ 832.444468][ T4770] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 832.483939][ T4770] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 832.513628][ T4770] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 832.593392][ T4770] usb 4-1: Product: syz [ 832.633904][ T4770] usb 4-1: Manufacturer: syz [ 832.663733][ T4770] usb 4-1: SerialNumber: syz [ 832.693293][ T4770] usb 4-1: config 0 descriptor?? [ 832.703595][ T27] audit: type=1326 audit(2000000002.280:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 832.730887][T10330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 832.749432][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1598'. [ 832.813060][T10341] device lo left promiscuous mode [ 832.840395][ T27] audit: type=1326 audit(2000000002.290:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 832.933088][T10341] device tunl0 left promiscuous mode [ 832.991671][T10341] device gre0 left promiscuous mode [ 833.123658][T10341] device gretap0 left promiscuous mode [ 833.167697][ T27] audit: type=1326 audit(2000000002.310:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 833.220019][T10341] device erspan0 left promiscuous mode [ 833.263056][T10341] device ip_vti0 left promiscuous mode [ 833.275336][T10341] device ip6_vti0 left promiscuous mode [ 833.286417][T10341] device sit0 left promiscuous mode [ 833.301431][T10341] device ip6tnl0 left promiscuous mode [ 833.312381][T10341] device ip6gre0 left promiscuous mode [ 833.322361][T10341] device syz_tun left promiscuous mode [ 833.332682][T10341] device ip6gretap0 left promiscuous mode [ 833.343833][T10341] device bridge0 left promiscuous mode [ 833.361166][T10341] device vcan0 left promiscuous mode [ 833.368929][T10341] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 833.379471][T10341] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 833.388236][T10341] device bond0 left promiscuous mode [ 833.393617][T10341] device bond_slave_0 left promiscuous mode [ 833.401341][T10341] device bond_slave_1 left promiscuous mode [ 833.413453][T10341] device team0 left promiscuous mode [ 833.418981][T10341] device team_slave_0 left promiscuous mode [ 833.425753][T10341] device team_slave_1 left promiscuous mode [ 833.440928][T10341] device dummy0 left promiscuous mode [ 833.449722][T10341] device nlmon0 left promiscuous mode [ 833.463322][T10341] device caif0 left promiscuous mode [ 833.468887][T10341] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 834.007600][ T4347] usb 4-1: USB disconnect, device number 7 [ 834.230164][ T27] audit: type=1326 audit(2000000002.310:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 834.411930][ T27] audit: type=1326 audit(2000000002.310:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.103807][ T27] audit: type=1326 audit(2000000002.310:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.126109][ C1] vkms_vblank_simulate: vblank timer overrun [ 835.195797][ T27] audit: type=1326 audit(2000000002.310:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.236789][ T27] audit: type=1326 audit(2000000002.310:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.416635][ T27] audit: type=1326 audit(2000000002.340:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.490967][ T27] audit: type=1326 audit(2000000003.990:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10348 comm="syz.1.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 835.492108][T10372] tipc: Enabling of bearer rejected, failed to enable media [ 838.097732][T10389] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1612'. [ 839.336044][ T4281] Bluetooth: hci4: unexpected event for opcode 0x080d [ 839.455631][T10389] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 839.474922][T10389] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 839.490243][T10389] bond0 (unregistering): Released all slaves [ 841.270835][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'. [ 841.282915][T10422] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1616'. [ 841.437163][ T5803] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 841.654012][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 841.654054][ T27] audit: type=1326 audit(2000000006.090:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 841.756488][ T5803] usb 2-1: Using ep0 maxpacket: 32 [ 841.773354][ T5803] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 841.812234][ T27] audit: type=1326 audit(2000000006.210:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 841.844227][ T5803] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 841.846198][ T27] audit: type=1326 audit(2000000006.220:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 841.955740][T10429] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1621'. [ 842.704652][ T5803] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 842.712962][ T5803] usb 2-1: Product: syz [ 842.717253][ T5803] usb 2-1: Manufacturer: syz [ 842.721860][ T5803] usb 2-1: SerialNumber: syz [ 842.733265][ T5803] usb 2-1: config 0 descriptor?? [ 842.738895][T10418] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 842.739174][ T27] audit: type=1326 audit(2000000006.220:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 842.785506][ T27] audit: type=1326 audit(2000000006.220:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 842.815993][ T27] audit: type=1326 audit(2000000006.220:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 842.850033][ T27] audit: type=1326 audit(2000000006.220:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 843.290986][ T27] audit: type=1326 audit(2000000007.740:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 843.378123][ T4281] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 843.397581][ T4281] Bluetooth: hci4: Injecting HCI hardware error event [ 843.405794][ T4270] Bluetooth: hci4: hardware error 0x00 [ 843.425238][ T4333] usb 2-1: USB disconnect, device number 19 [ 843.501150][ T27] audit: type=1326 audit(2000000007.740:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 843.606958][T10442] device team_slave_0 entered promiscuous mode [ 843.613241][T10442] device team_slave_1 entered promiscuous mode [ 843.619749][T10442] device macsec1 entered promiscuous mode [ 843.625532][T10442] device team0 entered promiscuous mode [ 843.635600][T10442] team0: Device macsec1 is already an upper device of the team interface [ 844.342215][T10442] device team0 left promiscuous mode [ 844.715393][T10442] device team_slave_0 left promiscuous mode [ 844.721432][T10442] device team_slave_1 left promiscuous mode [ 846.189777][T10460] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1627'. [ 846.429436][T10465] tipc: Enabling of bearer rejected, failed to enable media [ 846.736705][ T4270] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 847.615937][T10484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1632'. [ 847.625938][T10484] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1632'. [ 848.195291][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1634'. [ 848.223570][T10483] device lo entered promiscuous mode [ 848.294025][T10483] device tunl0 entered promiscuous mode [ 848.328908][T10483] device gre0 entered promiscuous mode [ 849.134156][T10483] device gretap0 entered promiscuous mode [ 849.172244][T10483] device erspan0 entered promiscuous mode [ 849.187745][T10483] device ip_vti0 entered promiscuous mode [ 849.193971][T10483] device ip6_vti0 entered promiscuous mode [ 849.362971][T10483] device sit0 entered promiscuous mode [ 849.375047][T10483] device ip6tnl0 entered promiscuous mode [ 849.391940][T10483] device ip6gre0 entered promiscuous mode [ 849.399932][T10483] device ip6gretap0 entered promiscuous mode [ 849.411822][T10483] device bridge0 entered promiscuous mode [ 849.420473][T10483] device vcan0 entered promiscuous mode [ 849.441838][T10483] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 849.533776][T10483] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 849.557892][T10483] device bond0 entered promiscuous mode [ 849.563738][T10483] device bond_slave_0 entered promiscuous mode [ 849.584305][T10483] device bond_slave_1 entered promiscuous mode [ 849.598021][T10483] device team0 entered promiscuous mode [ 849.718879][T10483] device team_slave_0 entered promiscuous mode [ 849.734406][T10483] device team_slave_1 entered promiscuous mode [ 849.745621][T10483] device dummy0 entered promiscuous mode [ 849.763831][T10483] device nlmon0 entered promiscuous mode [ 849.789593][T10483] device caif0 entered promiscuous mode [ 849.800050][T10483] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 849.828146][T10491] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1635'. [ 849.886856][ T4770] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 850.177164][ T4770] usb 2-1: Using ep0 maxpacket: 8 [ 850.205167][ T4770] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 850.287973][ T4770] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 850.385000][T10511] device macsec1 entered promiscuous mode [ 850.394413][T10511] team0: Device macsec1 is already an upper device of the team interface [ 850.554487][ T4770] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 851.255599][ T4770] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 851.625767][ T4770] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 852.115937][ T4770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.381671][T10501] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 852.388218][T10501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 852.420662][T10503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 853.973122][T10501] vhci_hcd vhci_hcd.0: Device attached [ 854.217077][T10503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 854.300439][T10522] vhci_hcd: connection closed [ 854.301837][ T4468] vhci_hcd: stop threads [ 854.329253][ T4770] usb 2-1: usb_control_msg returned -71 [ 854.334855][ T4770] usbtmc 2-1:16.0: can't read capabilities [ 854.350562][ T4468] vhci_hcd: release socket [ 855.306693][ T4468] vhci_hcd: disconnect device [ 855.323225][ T4770] usb 2-1: USB disconnect, device number 20 [ 856.970082][T10555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1647'. [ 856.979902][T10555] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1647'. [ 857.054024][T10557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1650'. [ 857.585061][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1649'. [ 857.604658][T10558] device lo left promiscuous mode [ 857.798236][T10558] device tunl0 left promiscuous mode [ 858.050141][T10558] device gre0 left promiscuous mode [ 858.115745][T10558] device gretap0 left promiscuous mode [ 858.207749][T10558] device erspan0 left promiscuous mode [ 858.245645][T10558] device ip_vti0 left promiscuous mode [ 858.288377][T10558] device ip6_vti0 left promiscuous mode [ 858.364166][T10579] ubi: mtd0 is already attached to ubi31 [ 858.526678][T10558] device sit0 left promiscuous mode [ 858.722853][ T27] audit: type=1326 audit(2000000001.170:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 858.777992][T10558] device ip6tnl0 left promiscuous mode [ 860.396753][ T27] audit: type=1326 audit(2000000001.170:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 860.419106][ C1] vkms_vblank_simulate: vblank timer overrun [ 860.834131][T10558] device ip6gre0 left promiscuous mode [ 860.866314][T10558] device syz_tun left promiscuous mode [ 860.880720][T10558] device ip6gretap0 left promiscuous mode [ 860.890419][T10558] device bridge0 left promiscuous mode [ 860.900232][T10558] device vcan0 left promiscuous mode [ 860.906486][T10558] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 860.971279][T10558] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 860.989367][ T27] audit: type=1326 audit(2000000001.180:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 860.998723][T10558] device bond0 left promiscuous mode [ 861.030248][T10558] device bond_slave_0 left promiscuous mode [ 861.071377][T10558] device bond_slave_1 left promiscuous mode [ 861.105546][T10558] device team0 left promiscuous mode [ 861.119212][ T27] audit: type=1326 audit(2000000001.180:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 861.152326][T10558] device team_slave_0 left promiscuous mode [ 861.159439][T10558] device team_slave_1 left promiscuous mode [ 861.212951][T10558] device dummy0 left promiscuous mode [ 861.252812][T10558] device nlmon0 left promiscuous mode [ 861.258468][ T27] audit: type=1326 audit(2000000001.180:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 861.289492][T10558] device caif0 left promiscuous mode [ 861.305856][T10558] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 861.351595][ T27] audit: type=1326 audit(2000000001.180:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 861.486489][ T27] audit: type=1326 audit(2000000003.090:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 861.516370][ T4591] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 861.679576][T10602] device bridge7 entered promiscuous mode [ 861.706953][ T4591] usb 3-1: Using ep0 maxpacket: 16 [ 862.432651][ T4591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 862.441037][ T27] audit: type=1326 audit(2000000003.090:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10581 comm="syz.4.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff14c58efc9 code=0x7ffc0000 [ 862.508501][ T4591] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 862.559373][ T4591] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 862.586584][ T4591] usb 3-1: Product: syz [ 862.599398][ T4591] usb 3-1: Manufacturer: syz [ 862.606792][ T4591] usb 3-1: SerialNumber: syz [ 862.655612][ T4591] usb 3-1: config 0 descriptor?? [ 862.694452][ T4591] hub 3-1:0.0: bad descriptor, ignoring hub [ 862.704322][ T4591] hub: probe of 3-1:0.0 failed with error -5 [ 862.740422][ T4591] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 862.742106][T10605] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1657'. [ 863.304127][T10615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1661'. [ 863.598577][T10621] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1663'. [ 863.734276][ T22] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 864.487236][ T9647] usb 3-1: USB disconnect, device number 14 [ 864.546654][ T22] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 864.566432][T10629] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1665'. [ 865.376697][ T1169] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 866.136746][ T1169] usb 4-1: Using ep0 maxpacket: 32 [ 866.150182][ T1169] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 866.213229][ T1169] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 866.242317][ T1169] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 866.260718][ T1169] usb 4-1: Product: syz [ 866.265129][ T1169] usb 4-1: Manufacturer: syz [ 866.272247][ T1169] usb 4-1: SerialNumber: syz [ 866.295049][ T22] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 866.302438][ T1169] usb 4-1: config 0 descriptor?? [ 866.304298][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.314483][T10625] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 866.319458][ T22] usb 2-1: config 0 descriptor?? [ 866.463137][ T22] usbhid 2-1:0.0: can't add hid device: -71 [ 866.469520][ T22] usbhid: probe of 2-1:0.0 failed with error -71 [ 866.478905][ T22] usb 2-1: USB disconnect, device number 21 [ 866.543885][T10638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1670'. [ 868.510258][ T1169] usb 4-1: USB disconnect, device number 8 [ 868.586039][T10657] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1674'. [ 868.634897][T10651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1671'. [ 868.739660][T10661] ubi: mtd0 is already attached to ubi31 [ 868.754130][T10651] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 869.056115][T10651] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 869.182906][T10654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1672'. [ 869.220601][T10654] device lo entered promiscuous mode [ 869.289657][T10654] device tunl0 entered promiscuous mode [ 869.360884][T10654] device gre0 entered promiscuous mode [ 869.393469][T10654] device gretap0 entered promiscuous mode [ 869.406016][T10654] device erspan0 entered promiscuous mode [ 869.419903][T10654] device ip_vti0 entered promiscuous mode [ 869.435405][T10654] device ip6_vti0 entered promiscuous mode [ 869.452509][T10654] device sit0 entered promiscuous mode [ 869.473285][T10654] device ip6tnl0 entered promiscuous mode [ 869.490334][T10654] device ip6gre0 entered promiscuous mode [ 869.502528][T10654] device syz_tun entered promiscuous mode [ 869.518850][T10654] device ip6gretap0 entered promiscuous mode [ 869.530553][T10654] device bridge0 entered promiscuous mode [ 869.541844][T10654] device vcan0 entered promiscuous mode [ 869.552045][T10654] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 869.562384][T10654] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 869.571832][T10654] device bond0 entered promiscuous mode [ 869.579542][T10654] device bond_slave_0 entered promiscuous mode [ 869.593208][T10654] device bond_slave_1 entered promiscuous mode [ 869.612482][T10654] device team0 entered promiscuous mode [ 869.618660][T10654] device team_slave_0 entered promiscuous mode [ 869.625847][T10654] device team_slave_1 entered promiscuous mode [ 869.643600][T10654] device dummy0 entered promiscuous mode [ 869.653929][T10654] device nlmon0 entered promiscuous mode [ 869.672827][T10654] device caif0 entered promiscuous mode [ 869.680705][T10654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 869.709587][T10668] Falling back ldisc for ptm0. [ 870.018251][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.028463][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.347815][T10681] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1679'. [ 871.980867][ T4270] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 872.013209][T10688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 872.107353][T10694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 872.231722][T10688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 873.432635][T10703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1686'. [ 873.554602][T10703] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 874.485077][T10703] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 874.618335][T10717] overlayfs: failed to resolve './file0': -2 [ 874.870709][T10715] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1690'. [ 874.949871][T10717] device bridge6 entered promiscuous mode [ 875.613185][T10727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1691'. [ 876.498974][T10732] Falling back ldisc for ptm0. [ 876.597343][T10727] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 876.682048][T10737] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 876.773295][T10737] qnx6: wrong signature (magic) in superblock #1. [ 876.782846][T10727] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 876.832649][T10737] qnx6: unable to read the first superblock [ 877.344382][T10734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1692'. [ 877.430146][T10734] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 877.492853][T10734] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 877.869742][T10749] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1697'. [ 878.099804][ T4270] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 879.095210][T10762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 879.167450][T10763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 879.198869][T10762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 879.416774][T10769] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1702'. [ 881.379044][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 881.471997][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 881.934056][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.042601][T10782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1708'. [ 882.067823][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.080566][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.088846][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.097174][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.206373][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1706'. [ 882.215603][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.223522][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.231350][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.293186][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.304763][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.312936][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.320692][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.329126][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.336796][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.344193][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.353195][ T9647] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 882.385135][ T9647] hid-generic 0003:0003:0000.0001: hidraw0: USB HID v0.00 Device [syz1] on syz1 [ 882.531659][T10793] sp0: Synchronizing with TNC [ 882.573425][T10792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1707'. [ 882.605068][T10792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 882.633268][T10792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 882.801238][T10794] fido_id[10794]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 882.844942][ T4270] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 883.106811][ T1169] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 883.306598][ T4333] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 883.326572][ T1169] usb 5-1: Using ep0 maxpacket: 32 [ 884.027066][ T1169] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 884.049687][ T1169] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 884.066604][ T1169] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 884.074837][ T1169] usb 5-1: Product: syz [ 884.079129][ T1169] usb 5-1: Manufacturer: syz [ 884.083742][ T1169] usb 5-1: SerialNumber: syz [ 884.106124][ T1169] usb 5-1: config 0 descriptor?? [ 884.111686][T10801] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 884.181432][T10813] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1715'. [ 884.226598][ T4333] usb 1-1: Using ep0 maxpacket: 8 [ 884.233348][ T4333] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 884.301359][ T4333] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 884.316601][ T4333] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 885.247039][ T4333] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 885.273846][ T4333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.690348][ T4333] hub 1-1:1.0: bad descriptor, ignoring hub [ 885.716866][ T4333] hub: probe of 1-1:1.0 failed with error -5 [ 885.727422][ T4333] cdc_wdm 1-1:1.0: skipping garbage [ 885.736735][ T4333] cdc_wdm 1-1:1.0: skipping garbage [ 885.756791][ T4333] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 886.070101][ T9647] usb 1-1: USB disconnect, device number 34 [ 886.130613][T10813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 886.150535][T10813] device bond_slave_0 left promiscuous mode [ 886.179171][T10813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 886.201933][T10813] device bond_slave_1 left promiscuous mode [ 886.226115][T10813] bond0 (unregistering): Released all slaves [ 886.277511][T10819] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1716'. [ 886.621930][T10832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1719'. [ 886.633899][T10832] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1719'. [ 887.058141][ T9647] usb 5-1: USB disconnect, device number 15 [ 887.121958][ T27] audit: type=1326 audit(2000000004.810:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 887.236490][ T27] audit: type=1326 audit(2000000004.850:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 887.237416][T10841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1721'. [ 887.318858][T10846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1723'. [ 887.334621][ T27] audit: type=1326 audit(2000000004.850:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 888.590951][T10845] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1718'. [ 888.624521][ T27] audit: type=1326 audit(2000000004.850:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 888.647320][ T27] audit: type=1326 audit(2000000004.850:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 888.670319][ T27] audit: type=1326 audit(2000000004.850:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 888.672821][T10847] 9pnet_virtio: no channels available for device syz [ 888.701071][ T27] audit: type=1326 audit(2000000004.850:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 889.456600][ T4270] Bluetooth: hci3: command 0x0405 tx timeout [ 889.879877][ T27] audit: type=1326 audit(2000000004.850:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 890.372713][ T27] audit: type=1326 audit(2000000004.850:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 890.485478][ T27] audit: type=1326 audit(2000000004.850:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10834 comm="syz.1.1718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f276198efc9 code=0x7ffc0000 [ 891.003345][T10868] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1728'. [ 891.924027][T10878] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1729'. [ 892.796746][ T4770] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 892.983943][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1734'. [ 893.006640][ T4770] usb 1-1: Using ep0 maxpacket: 32 [ 893.013992][ T4770] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 893.167689][T10885] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1733'. [ 893.177266][T10885] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1733'. [ 893.444399][ T4770] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 893.464103][ T4770] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 893.473462][ T4770] usb 1-1: Product: syz [ 893.476637][ T4591] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 893.478195][ T4770] usb 1-1: Manufacturer: syz [ 893.490316][ T4770] usb 1-1: SerialNumber: syz [ 893.514818][ T4770] usb 1-1: config 0 descriptor?? [ 893.535549][T10880] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 893.716603][ T4591] usb 2-1: Using ep0 maxpacket: 32 [ 894.437671][ T4591] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 894.449982][ T4591] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 894.467280][ T4591] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 894.476762][ T4591] usb 2-1: Product: syz [ 894.481321][ T4591] usb 2-1: Manufacturer: syz [ 894.485939][ T4591] usb 2-1: SerialNumber: syz [ 894.492681][ T4591] usb 2-1: config 0 descriptor?? [ 894.498478][T10887] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 894.508500][ T4591] chaoskey 2-1:0.0: Unable to register with hwrng [ 894.624301][T10895] device bridge9 entered promiscuous mode [ 898.776839][ T4591] usb 1-1: USB disconnect, device number 35 [ 899.020124][ T4270] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 899.854477][T10915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1740'. [ 899.877922][T10915] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 899.905314][T10915] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 899.956825][ T4591] usb 2-1: USB disconnect, device number 22 [ 901.117935][T10926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 901.188760][T10928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 901.236122][T10926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 901.353003][T10932] random: crng reseeded on system resumption [ 902.378638][T10936] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1748'. [ 903.260454][T10939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1749'. [ 903.270113][T10939] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1749'. [ 903.919211][ T27] kauditd_printk_skb: 32 callbacks suppressed [ 903.919226][ T27] audit: type=1326 audit(2000000010.880:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 904.006759][ T27] audit: type=1326 audit(2000000010.910:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 904.032681][ T27] audit: type=1326 audit(2000000010.910:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 904.065396][ T27] audit: type=1326 audit(2000000010.910:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 904.096783][ T9647] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 904.105065][ T27] audit: type=1326 audit(2000000010.910:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 904.326669][ T9647] usb 1-1: Using ep0 maxpacket: 32 [ 904.406586][ T4591] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 905.519573][ T9647] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 905.532014][ T9647] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 905.543442][ T9647] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 905.552843][ T9647] usb 1-1: Product: syz [ 905.557287][ T9647] usb 1-1: Manufacturer: syz [ 905.562011][ T9647] usb 1-1: SerialNumber: syz [ 905.583000][T10950] sp0: Synchronizing with TNC [ 905.594218][ T9647] usb 1-1: config 0 descriptor?? [ 905.612421][T10944] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 905.634010][ T27] audit: type=1326 audit(2000000010.910:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 905.656393][ C1] vkms_vblank_simulate: vblank timer overrun [ 905.706927][ T4591] usb 2-1: Using ep0 maxpacket: 32 [ 905.726051][ T4591] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 905.758503][ T4591] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 905.775407][ T4591] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 905.786063][ T4591] usb 2-1: Product: syz [ 905.790373][ T4591] usb 2-1: Manufacturer: syz [ 905.795164][ T4591] usb 2-1: SerialNumber: syz [ 905.802265][ T4591] usb 2-1: config 0 descriptor?? [ 905.950677][T10955] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 905.985056][ T4591] chaoskey 2-1:0.0: Unable to register with hwrng [ 906.573275][ T27] audit: type=1326 audit(2000000013.530:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 907.527981][ T27] audit: type=1326 audit(2000000013.560:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10941 comm="syz.2.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a63f8efc9 code=0x7ffc0000 [ 907.684596][ T9647] usb 2-1: USB disconnect, device number 23 [ 908.767038][ T9647] usb 1-1: USB disconnect, device number 36 [ 910.362116][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1759'. [ 912.480927][T10997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1763'. [ 912.490594][T10997] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1763'. [ 913.246577][ T1169] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 914.174653][ T1169] usb 3-1: Using ep0 maxpacket: 32 [ 914.926355][ T1169] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 914.955697][ T1169] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 914.966611][ T1169] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 914.975488][ T1169] usb 3-1: Product: syz [ 914.980152][ T1169] usb 3-1: Manufacturer: syz [ 914.986899][ T1169] usb 3-1: SerialNumber: syz [ 915.000952][ T1169] usb 3-1: config 0 descriptor?? [ 915.006814][T11002] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 915.068852][T11003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1764'. [ 915.104039][T11003] device lo left promiscuous mode [ 915.134539][T11003] device tunl0 left promiscuous mode [ 915.146260][T11003] device gre0 left promiscuous mode [ 915.200505][T11003] device gretap0 left promiscuous mode [ 915.214184][T11003] device erspan0 left promiscuous mode [ 915.254307][T11003] device ip_vti0 left promiscuous mode [ 915.271724][T11003] device ip6_vti0 left promiscuous mode [ 915.307892][T11003] device sit0 left promiscuous mode [ 915.336320][ T27] audit: type=1326 audit(2000000022.290:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.382644][ T4591] usb 3-1: USB disconnect, device number 15 [ 915.407299][ T27] audit: type=1326 audit(2000000022.330:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.456338][T11003] device ip6tnl0 left promiscuous mode [ 915.472741][ T27] audit: type=1326 audit(2000000022.330:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.555102][T11003] device ip6gre0 left promiscuous mode [ 915.573953][ T27] audit: type=1326 audit(2000000022.330:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.648706][T11003] device syz_tun left promiscuous mode [ 915.668593][ T27] audit: type=1326 audit(2000000022.330:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.702134][T11003] device ip6gretap0 left promiscuous mode [ 915.712199][ T27] audit: type=1326 audit(2000000022.330:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 915.761070][T11003] device bridge0 left promiscuous mode [ 915.772121][T11003] device vcan0 left promiscuous mode [ 915.818595][T11003] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 916.837875][T11003] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 916.878742][T11003] device bond0 left promiscuous mode [ 916.897677][T11003] device bond_slave_0 left promiscuous mode [ 916.906681][T11003] device bond_slave_1 left promiscuous mode [ 916.915056][T11003] device team0 left promiscuous mode [ 916.921268][T11003] device team_slave_0 left promiscuous mode [ 916.931768][T11003] device team_slave_1 left promiscuous mode [ 916.939628][T11003] device dummy0 left promiscuous mode [ 916.945946][T11003] device nlmon0 left promiscuous mode [ 916.953070][T11003] device caif0 left promiscuous mode [ 916.961699][T11003] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 916.978660][ T27] audit: type=1326 audit(2000000023.940:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.0.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 920.135356][ T4270] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 922.107622][T11058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1780'. [ 922.124315][T11058] device lo left promiscuous mode [ 922.133044][T11058] device tunl0 left promiscuous mode [ 922.141648][T11058] device gre0 left promiscuous mode [ 922.151416][T11058] device gretap0 left promiscuous mode [ 922.159768][T11058] device erspan0 left promiscuous mode [ 922.168151][T11058] device ip_vti0 left promiscuous mode [ 922.176319][T11058] device ip6_vti0 left promiscuous mode [ 923.853093][T11058] device sit0 left promiscuous mode [ 924.203661][T11058] device ip6tnl0 left promiscuous mode [ 924.496235][T11058] device ip6gre0 left promiscuous mode [ 924.506359][T11058] device ip6gretap0 left promiscuous mode [ 924.514617][T11058] device bridge0 left promiscuous mode [ 924.557307][T11058] device vcan0 left promiscuous mode [ 924.575721][T11058] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 924.583712][T11058] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 924.592806][T11058] device team0 left promiscuous mode [ 924.616278][T11058] device team_slave_0 left promiscuous mode [ 924.640146][T11058] device team_slave_1 left promiscuous mode [ 924.709909][T11058] device dummy0 left promiscuous mode [ 924.716243][T11058] device nlmon0 left promiscuous mode [ 924.742953][T11058] device caif0 left promiscuous mode [ 924.749591][T11058] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 924.832862][T11073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1783'. [ 924.883570][T11073] device lo entered promiscuous mode [ 924.944586][T11073] device tunl0 entered promiscuous mode [ 924.995905][T11073] device gre0 entered promiscuous mode [ 925.018428][T11073] device gretap0 entered promiscuous mode [ 925.030249][T11073] device erspan0 entered promiscuous mode [ 925.042092][T11073] device ip_vti0 entered promiscuous mode [ 925.054199][T11073] device ip6_vti0 entered promiscuous mode [ 925.067655][T11073] device sit0 entered promiscuous mode [ 925.088154][T11073] device ip6tnl0 entered promiscuous mode [ 925.098045][T11073] device ip6gre0 entered promiscuous mode [ 925.107520][T11073] device syz_tun entered promiscuous mode [ 925.116202][T11073] device ip6gretap0 entered promiscuous mode [ 925.125172][T11073] device bridge0 entered promiscuous mode [ 925.134382][T11073] device vcan0 entered promiscuous mode [ 925.142408][T11073] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 925.151909][T11073] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 925.182570][T11073] device bond0 entered promiscuous mode [ 925.198451][T11073] device bond_slave_0 entered promiscuous mode [ 925.207667][T11073] device bond_slave_1 entered promiscuous mode [ 925.214862][T11073] device team0 entered promiscuous mode [ 925.224226][T11073] device team_slave_0 entered promiscuous mode [ 925.235704][T11073] device team_slave_1 entered promiscuous mode [ 925.246363][T11073] device dummy0 entered promiscuous mode [ 925.256221][T11073] device nlmon0 entered promiscuous mode [ 925.306273][T11073] device caif0 entered promiscuous mode [ 925.319247][T11073] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 925.416618][ T14] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 925.571784][T11082] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1786'. [ 925.636800][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 925.643555][ T14] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 925.716772][ T14] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 925.766435][ T14] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 925.775053][ T14] usb 1-1: Product: syz [ 926.045575][ T14] usb 1-1: Manufacturer: syz [ 926.142894][ T14] usb 1-1: SerialNumber: syz [ 926.250931][ T14] usb 1-1: config 0 descriptor?? [ 926.256457][T11077] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 927.308877][ T14] usb 1-1: USB disconnect, device number 37 [ 928.465290][T11106] 9pnet_virtio: no channels available for device syz [ 928.489870][T11105] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1792'. [ 929.559334][T11112] sp0: Synchronizing with TNC [ 931.458693][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.486636][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.800320][T11120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1796'. [ 932.063455][T11127] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1798'. [ 932.202993][T11041] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 932.416637][T11041] usb 5-1: device descriptor read/64, error -71 [ 932.459405][T11132] random: crng reseeded on system resumption [ 934.105687][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1799'. [ 934.145323][T11134] device lo entered promiscuous mode [ 934.205046][T11134] device tunl0 entered promiscuous mode [ 934.293268][T11041] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 934.309036][T11134] device gre0 entered promiscuous mode [ 934.335802][T11134] device gretap0 entered promiscuous mode [ 934.345481][T11134] device erspan0 entered promiscuous mode [ 934.421609][T11134] device ip_vti0 entered promiscuous mode [ 934.793067][T11134] device ip6_vti0 entered promiscuous mode [ 934.811929][T11134] device sit0 entered promiscuous mode [ 934.825008][T11134] device ip6tnl0 entered promiscuous mode [ 934.836761][T11041] usb 5-1: device descriptor read/64, error -71 [ 934.847815][T11134] device ip6gre0 entered promiscuous mode [ 934.858151][T11134] device syz_tun entered promiscuous mode [ 934.868472][T11134] device ip6gretap0 entered promiscuous mode [ 934.884919][T11134] device bridge0 entered promiscuous mode [ 934.903434][T11134] device vcan0 entered promiscuous mode [ 934.953112][T11134] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 934.996737][T11041] usb usb5-port1: attempt power cycle [ 935.003211][T11134] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 935.030597][T11134] device bond0 entered promiscuous mode [ 935.036241][T11134] device bond_slave_0 entered promiscuous mode [ 935.044012][T11134] device bond_slave_1 entered promiscuous mode [ 935.073677][T11134] device team0 entered promiscuous mode [ 935.079724][T11134] device team_slave_0 entered promiscuous mode [ 935.090006][T11134] device team_slave_1 entered promiscuous mode [ 935.109704][T11134] device dummy0 entered promiscuous mode [ 935.118922][T11134] device nlmon0 entered promiscuous mode [ 935.132700][T11134] device caif0 entered promiscuous mode [ 935.140552][T11134] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 935.242108][T11141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 935.309449][T11141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 935.846557][ T125] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 936.143076][T11147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 936.212240][T11149] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1806'. [ 936.306578][ T125] usb 3-1: Using ep0 maxpacket: 32 [ 937.127945][ T125] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 937.148407][ T125] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 937.158482][ T125] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 937.167152][ T125] usb 3-1: Product: syz [ 937.171456][ T125] usb 3-1: Manufacturer: syz [ 937.176074][ T125] usb 3-1: SerialNumber: syz [ 937.197341][ T125] usb 3-1: config 0 descriptor?? [ 937.204343][T11143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 937.559863][T11041] usb 3-1: USB disconnect, device number 16 [ 938.421176][T11165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1810'. [ 939.742222][T11166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1808'. [ 939.838948][T11178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1814'. [ 939.849547][T11178] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1814'. [ 939.929469][T11166] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 939.958087][T11179] ubi: mtd0 is already attached to ubi31 [ 940.819105][T11166] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 946.735643][T11218] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1823'. [ 947.381339][T11220] overlayfs: failed to resolve './file0': -2 [ 947.799990][T11221] device bridge10 entered promiscuous mode [ 947.997020][T11226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1826'. [ 948.007950][T11226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1826'. [ 949.924877][T11235] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1829'. [ 952.845706][T11260] ubi: mtd0 is already attached to ubi31 [ 952.924722][T11255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1832'. [ 952.970724][T11255] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 953.036270][T11255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 954.109572][T11249] ubi: mtd0 is already attached to ubi31 [ 954.493468][T11269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1836'. [ 955.626960][ T4270] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 956.055059][T11277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1838'. [ 956.152634][T11277] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 956.177736][T11277] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 956.617596][T11281] overlayfs: failed to resolve './file1': -2 [ 957.460325][T11284] overlayfs: failed to resolve './file1': -2 [ 957.539962][T11285] device bridge10 entered promiscuous mode [ 958.266847][T11281] device bridge5 entered promiscuous mode [ 959.343645][T11290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1841'. [ 959.811361][T11295] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1843'. [ 962.780268][T11318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 962.895005][T11312] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1848'. [ 963.095477][T11318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 963.147775][T11318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 963.383559][T11330] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1852'. [ 963.519169][T11330] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 963.632071][T11330] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 963.721655][T11334] overlayfs: failed to resolve './file1': -2 [ 964.399741][T11337] device bridge6 entered promiscuous mode [ 965.557127][T11348] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1857'. [ 968.407088][T11353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1858'. [ 968.415962][T11353] device lo left promiscuous mode [ 968.421717][T11353] device tunl0 left promiscuous mode [ 968.427649][T11353] device gre0 left promiscuous mode [ 968.433480][T11353] device gretap0 left promiscuous mode [ 968.439450][T11353] device erspan0 left promiscuous mode [ 968.445375][T11353] device ip_vti0 left promiscuous mode [ 968.451356][T11353] device ip6_vti0 left promiscuous mode [ 968.457462][T11353] device sit0 left promiscuous mode [ 968.463187][T11353] device ip6tnl0 left promiscuous mode [ 968.469159][T11353] device ip6gre0 left promiscuous mode [ 968.475038][T11353] device syz_tun left promiscuous mode [ 968.481044][T11353] device ip6gretap0 left promiscuous mode [ 968.487492][T11353] device bridge0 left promiscuous mode [ 968.493421][T11353] device vcan0 left promiscuous mode [ 968.498914][T11353] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 968.506247][T11353] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 968.513596][T11353] device bond0 left promiscuous mode [ 968.518926][T11353] device bond_slave_0 left promiscuous mode [ 968.524870][T11353] device bond_slave_1 left promiscuous mode [ 968.531528][T11353] device team0 left promiscuous mode [ 968.536844][T11353] device team_slave_0 left promiscuous mode [ 968.542790][T11353] device team_slave_1 left promiscuous mode [ 968.549557][T11353] device dummy0 left promiscuous mode [ 968.555441][T11353] device nlmon0 left promiscuous mode [ 968.577849][T11353] device caif0 left promiscuous mode [ 968.583155][T11353] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 969.705322][T11369] 9pnet_virtio: no channels available for device syz [ 969.943870][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1863'. [ 970.736709][T11379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 970.812006][T11379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 970.828054][T11379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 971.110582][T11387] device bridge7 entered promiscuous mode [ 971.226332][T11391] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1868'. [ 972.180999][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 972.896938][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 972.904569][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 973.022174][T11401] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1870'. [ 974.711103][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.720367][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.732047][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.744928][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.859505][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.879789][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.892212][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.912312][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.926178][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.941347][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 974.956111][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 975.828359][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 975.858274][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 975.870744][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 975.884391][ T4591] hid-generic 0003:0003:0000.0002: unknown main item tag 0x0 [ 975.963944][ T4591] hid-generic 0003:0003:0000.0002: hidraw0: USB HID v0.00 Device [syz1] on syz1 [ 978.023639][T11413] fido_id[11413]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 978.332237][T11423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1874'. [ 978.380216][T11423] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 978.402089][T11423] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 978.551564][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1877'. [ 979.414216][T11432] device bridge11 entered promiscuous mode [ 979.523417][T11436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1880'. [ 980.114595][T11441] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1881'. [ 980.276548][ T4591] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 981.706546][ T4591] usb 3-1: Using ep0 maxpacket: 32 [ 983.135701][ T4591] usb 3-1: device descriptor read/all, error -71 [ 983.378685][T11450] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1885'. [ 985.152035][T11461] ubi: mtd0 is already attached to ubi31 [ 986.117578][T11462] 9pnet_virtio: no channels available for device syz [ 986.666591][T11477] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1891'. [ 988.136294][T11480] device bridge11 entered promiscuous mode [ 988.572157][ T27] audit: type=1326 audit(2000000036.570:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 988.636538][T11041] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 988.730679][T11487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1895'. [ 988.781233][ T27] audit: type=1326 audit(2000000036.570:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 988.843965][T11041] usb 5-1: Using ep0 maxpacket: 32 [ 988.882739][ T27] audit: type=1326 audit(2000000036.600:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 988.914006][T11041] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 989.064916][ T27] audit: type=1326 audit(2000000036.600:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.088966][T11041] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 989.186717][T11041] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 989.195060][T11041] usb 5-1: Product: syz [ 989.199684][T11041] usb 5-1: Manufacturer: syz [ 989.204420][T11041] usb 5-1: SerialNumber: syz [ 989.219589][T11041] usb 5-1: config 0 descriptor?? [ 989.234549][T11482] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 989.286800][ T27] audit: type=1326 audit(2000000036.600:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.310561][ T27] audit: type=1326 audit(2000000036.600:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.333466][ T27] audit: type=1326 audit(2000000036.600:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.356339][ T27] audit: type=1326 audit(2000000036.600:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.454027][ T27] audit: type=1326 audit(2000000036.610:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 989.613555][T11491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1896'. [ 990.095166][ T5803] usb 5-1: USB disconnect, device number 19 [ 990.109128][ T27] audit: type=1326 audit(2000000037.390:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11483 comm="syz.0.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe68c38efc9 code=0x7ffc0000 [ 990.322542][T11498] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1897'. [ 992.396240][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 992.463058][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 992.497417][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 992.898307][ T1272] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.904653][ T1272] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.029372][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.037259][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.044779][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.054453][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.063998][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.072342][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.080835][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.089165][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.097424][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.105095][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.116107][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.124801][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.133432][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.174884][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.211282][ T5803] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 994.329068][ T5803] hid-generic 0003:0003:0000.0003: hidraw0: USB HID v0.00 Device [syz1] on syz1 [ 994.361413][T11511] Falling back ldisc for ptm0. [ 994.677118][T11514] fido_id[11514]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 995.791706][T11528] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1905'. [ 997.223980][T11523] device bridge9 entered promiscuous mode [ 998.019128][ T28] INFO: task kworker/0:7:4613 blocked for more than 143 seconds. [ 998.030372][ T28] Not tainted syzkaller #0 [ 998.222047][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 998.338835][ T28] task:kworker/0:7 state:D stack:23776 pid:4613 ppid:2 flags:0x00004000 [ 998.366094][ T28] Workqueue: usb_hub_wq hub_event [ 998.476607][ T28] Call Trace: [ 998.482278][ T28] [ 998.491537][ T28] __schedule+0x10ec/0x40b0 [ 998.496211][ T28] ? __sched_text_start+0x8/0x8 [ 998.502733][ T28] ? __mutex_trylock_common+0x80/0x250 [ 998.512607][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 998.519373][ T28] schedule+0xb9/0x180 [ 998.523567][ T28] schedule_preempt_disabled+0xf/0x20 [ 998.533386][ T28] __mutex_lock+0x555/0xaf0 [ 998.545241][ T28] ? __mutex_lock+0x3a5/0xaf0 [ 998.555708][ T28] ? hub_event+0x21ee/0x54e0 [ 998.565464][ T28] ? mutex_lock_nested+0x10/0x10 [ 998.575657][ T28] ? hub_ext_port_status+0x4b0/0x6d0 [ 998.583829][ T28] hub_event+0x21ee/0x54e0 [ 998.598102][ T28] ? hub_post_resume+0x120/0x120 [ 998.610030][ T28] ? read_lock_is_recursive+0x10/0x10 [ 998.620617][ T28] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 998.630042][T11539] ubi: mtd0 is already attached to ubi31 [ 998.636005][ T28] ? _raw_spin_unlock+0x40/0x40 [ 998.643012][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 998.651772][ T28] ? process_one_work+0x7a1/0x1160 [ 998.659353][ T28] process_one_work+0x898/0x1160 [ 998.670430][ T28] ? worker_detach_from_pool+0x240/0x240 [ 998.680026][ T28] ? _raw_spin_lock_irq+0xab/0xe0 [ 998.691623][ T28] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 998.701704][ T28] ? kthread_data+0x4b/0xc0 [ 998.711903][ T28] worker_thread+0xaa2/0x1250 [ 998.720090][ T28] ? __kthread_parkme+0x162/0x1c0 [ 998.730072][ T28] kthread+0x29d/0x330 [ 998.737559][ T28] ? worker_clr_flags+0x1a0/0x1a0 [ 998.745158][ T28] ? kthread_blkcg+0xd0/0xd0 [ 998.757576][ T28] ret_from_fork+0x1f/0x30 [ 998.769721][ T28] [ 998.776215][ T28] [ 998.776215][ T28] Showing all locks held in the system: [ 998.829844][ T28] 1 lock held by rcu_tasks_kthre/12: [ 998.865039][ T28] #0: ffffffff8cb2b630 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 998.908923][T11542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1908'. [ 998.920606][ T28] 1 lock held by rcu_tasks_trace/13: [ 998.926013][ T28] #0: ffffffff8cb2be50 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 999.823096][ T28] 1 lock held by khungtaskd/28: [ 999.828306][ T28] #0: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 999.838789][ T28] 3 locks held by kworker/u4:2/34: [ 999.845022][ T28] #0: ffff888017616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.861000][ T28] #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.881594][ T28] #2: ffffffff8cb30840 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x48/0x600 [ 999.894431][ T28] 2 locks held by kworker/u4:3/46: [ 999.899942][ T28] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.911690][ T28] #1: ffffc90000b77d00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.926676][ T28] 2 locks held by getty/4029: [ 999.931401][ T28] #0: ffff88814d229098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 999.941604][ T28] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x41b/0x1380 [ 999.956608][ T28] 5 locks held by kworker/u4:7/4366: [ 999.962179][ T28] 5 locks held by kworker/0:7/4613: [ 999.967660][ T28] #0: ffff88801c29e538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.979746][ T28] #1: ffffc90004f6fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 999.991786][ T28] #2: ffff888145f9d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1a7/0x54e0 [ 1000.004617][ T28] #3: ffff888145fb04f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x21bd/0x54e0 [ 1000.014789][ T28] #4: ffff888145fd3368 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x21ee/0x54e0 [ 1000.024711][ T28] 5 locks held by kworker/0:8/4682: [ 1000.030180][ T28] #0: ffff88801c29e538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 1000.041152][ T28] #1: ffffc9000520fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 1000.053027][ T28] #2: ffff888146373190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1a7/0x54e0 [ 1000.065992][ T28] #3: ffff8881463764f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x21bd/0x54e0 [ 1000.078066][ T28] #4: ffff888145fd3368 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x21ee/0x54e0 [ 1000.092612][ T28] 2 locks held by kworker/0:9/4770: [ 1000.098189][ T28] #0: ffff888017472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 1000.108832][ T28] #1: ffffc900050dfd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 1000.122612][ T28] 1 lock held by syz.0.1903/11518: [ 1000.128511][ T28] #0: ffffffff8cb30978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x455/0x830 [ 1000.149472][ T28] 1 lock held by syz.1.1907/11538: [ 1000.158283][ T28] [ 1000.160711][ T28] ============================================= [ 1000.160711][ T28] [ 1000.172594][ T28] NMI backtrace for cpu 1 [ 1000.176950][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 1000.184158][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1000.194220][ T28] Call Trace: [ 1000.197500][ T28] [ 1000.200441][ T28] dump_stack_lvl+0x168/0x22e [ 1000.205109][ T28] ? irq_work_queue+0xb8/0x140 [ 1000.209862][ T28] ? show_regs_print_info+0x12/0x12 [ 1000.215046][ T28] ? load_image+0x3b0/0x3b0 [ 1000.219563][ T28] ? vprintk_emit+0x571/0x680 [ 1000.224227][ T28] ? printk_sprint+0x460/0x460 [ 1000.228982][ T28] nmi_cpu_backtrace+0x3f4/0x470 [ 1000.233907][ T28] ? nmi_trigger_cpumask_backtrace+0x450/0x450 [ 1000.240045][ T28] ? _printk+0xcc/0x110 [ 1000.244188][ T28] ? load_image+0x3b0/0x3b0 [ 1000.248679][ T28] ? load_image+0x3b0/0x3b0 [ 1000.253168][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1000.259216][ T28] nmi_trigger_cpumask_backtrace+0x1d4/0x450 [ 1000.265193][ T28] watchdog+0xeee/0xf30 [ 1000.269336][ T28] ? watchdog+0x1ed/0xf30 [ 1000.273646][ T28] kthread+0x29d/0x330 [ 1000.277701][ T28] ? hungtask_pm_notify+0x40/0x40 [ 1000.282709][ T28] ? kthread_blkcg+0xd0/0xd0 [ 1000.287286][ T28] ret_from_fork+0x1f/0x30 [ 1000.291693][ T28] [ 1000.295020][ T28] Sending NMI from CPU 1 to CPUs 0: [ 1000.300285][ C0] NMI backtrace for cpu 0 skipped: idling at default_idle+0xb/0x10 [ 1000.317144][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 1000.324001][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 1000.331186][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1000.341235][ T28] Call Trace: [ 1000.344501][ T28] [ 1000.347427][ T28] dump_stack_lvl+0x168/0x22e [ 1000.352117][ T28] ? memcpy+0x3c/0x60 [ 1000.356085][ T28] ? show_regs_print_info+0x12/0x12 [ 1000.361264][ T28] ? load_image+0x3b0/0x3b0 [ 1000.365759][ T28] panic+0x2c9/0x710 [ 1000.369640][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 1000.375254][ T28] ? bpf_jit_dump+0xd0/0xd0 [ 1000.379746][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x450 [ 1000.385969][ T28] ? nmi_trigger_cpumask_backtrace+0x360/0x450 [ 1000.392103][ T28] watchdog+0xf2d/0xf30 [ 1000.396245][ T28] ? watchdog+0x1ed/0xf30 [ 1000.400579][ T28] kthread+0x29d/0x330 [ 1000.404637][ T28] ? hungtask_pm_notify+0x40/0x40 [ 1000.409643][ T28] ? kthread_blkcg+0xd0/0xd0 [ 1000.414236][ T28] ret_from_fork+0x1f/0x30 [ 1000.418658][ T28] [ 1000.421941][ T28] Kernel Offset: disabled [ 1000.426256][ T28] Rebooting in 86400 seconds..