last executing test programs: 2m13.946959726s ago: executing program 1 (id=3342): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}}) mount$fuse(0x0, &(0x7f0000000680)='./file0\x00', 0x0, 0x22ddcaf, 0x0) 2m13.4232618s ago: executing program 1 (id=3345): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020000feffff7f0000000000d96e6c8d5e85080045f00d"], 0x34}], 0x1}, 0x0) 2m13.285644081s ago: executing program 1 (id=3348): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x87}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@fd={0x807, 0x1, 0x4, 0x8, 0x6, {}, {0x2, 0x2, 0x9, 0x6, 0x9, 0xfd, 'hT=7'}, 0x0, 0x4, {}, 0x4}) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046}) 2m13.092452964s ago: executing program 1 (id=3350): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x41) r2 = open_tree(r1, &(0x7f0000000bc0)='./file0\x00', 0x800) move_mount(r2, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x220) 2m12.032412918s ago: executing program 1 (id=3357): close(0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$setregs(0x1a, r1, 0xc, &(0x7f0000000000)) 2m11.096276243s ago: executing program 1 (id=3361): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, 0x0, 0x0, 0x40012100, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410072786500"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd70000000007b280000000c000180080001", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="15000400000000000000010000001c0002800c00018008000100030000000c00018008000100000000000c00018008000100", @ANYRES32=r9, @ANYBLOB="0f5b83da1af41a33ecf3606063cacae27cd29a4651b6ee1b933f908ec06253500000000000010000967338b26b321ae0a5d3c02fefc81636b69efab335bd6c5ca5fa304f73658bd6a6ce7004548ff92706ab726a40bbce40b879ef2de7ba1906d8c466157f0aa947fedf77daa9c0a1038975dc5fea7ba321c932053ad65c8c3a682e72b437bb11b80d9c8fbe3b4067ce9dcdcf2e61fc0e7173deb26d3b81dd40006ca35be2c9599981d96ef6cf887d37320cab93b7d754f11072b0b8f1bbe23f4a126dcc488b20a47f6536"], 0x3c}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 2m10.348919752s ago: executing program 32 (id=3361): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, 0x0, 0x0, 0x40012100, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410072786500"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd70000000007b280000000c000180080001", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="15000400000000000000010000001c0002800c00018008000100030000000c00018008000100000000000c00018008000100", @ANYRES32=r9, @ANYBLOB="0f5b83da1af41a33ecf3606063cacae27cd29a4651b6ee1b933f908ec06253500000000000010000967338b26b321ae0a5d3c02fefc81636b69efab335bd6c5ca5fa304f73658bd6a6ce7004548ff92706ab726a40bbce40b879ef2de7ba1906d8c466157f0aa947fedf77daa9c0a1038975dc5fea7ba321c932053ad65c8c3a682e72b437bb11b80d9c8fbe3b4067ce9dcdcf2e61fc0e7173deb26d3b81dd40006ca35be2c9599981d96ef6cf887d37320cab93b7d754f11072b0b8f1bbe23f4a126dcc488b20a47f6536"], 0x3c}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 9.643801848s ago: executing program 4 (id=4096): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) socket$unix(0x1, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x280880, 0x0) userfaultfd(0x80001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x4, 0xfff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffb, 0x100000000}, 0x0, &(0x7f0000000100)={0x3ff, 0x8000000000000001, 0x8, 0x0, 0x4, 0x0, 0x8128}, 0x0, 0x0) 9.377484188s ago: executing program 4 (id=4098): syz_usb_connect(0x5, 0x255, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000670250404020014964680102030109024302010000000009042100021085d80009050402ff0300000007250180000500872266b8d895a718d2000000000000000000fe3c9ad0bc7dabdd92000000000070e9f36d"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0xd000, 0xeeef0000, 0xd, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x10000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0xffffffff, 0x0, 0x7, 0x3, 0x1, 0x7, 0x4, 0x8, 0x6, 0x2}, {0xffff1000, 0xf000, 0xe, 0x2, 0x1, 0x3, 0x10, 0x0, 0x1, 0x6, 0x4, 0x21}, {0x100002, 0xeeee8000, 0x9, 0x64, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x6}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x8, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0x5}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0xff, 0x3, 0x8, 0x5, 0xce}, {0xeeee8000, 0x7}, {0x6000, 0x1}, 0x6a, 0x0, 0xa000, 0x40, 0x7, 0x1000, 0x2000, [0x800005, 0x8003, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.204249876s ago: executing program 4 (id=4115): r0 = getpid() syz_pidfd_open(r0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) userfaultfd(0x801) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400"}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) unshare(0x22020400) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac, 0xfffffffffffffff9, 0x0, 0x0, 0x4}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 6.01043878s ago: executing program 4 (id=4117): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="000103000000ff"], 0x0, 0x0}) 4.823487128s ago: executing program 0 (id=4123): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x70bd2c, 0x0, {{@in=@empty, @in=@initdev={0xac, 0x1e, 0xff, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000003}}, [@tmpl={0x44, 0x5, [{{@in=@private=0xa010100, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x1, 0x3}]}]}, 0xfc}}, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 4.636673269s ago: executing program 0 (id=4125): ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000040)={0xffff7ffc, 0x100006, 0xd, 0x3ac6, 0x5, "10120dfe0ef7f02000935b141ce0393d3ef600"}) syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 4.437497145s ago: executing program 0 (id=4129): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000ac0)=@ccm_128={{0x304}, "5c000002010400", "ccaa54dbfef3216ec09b63757e98ed63", "cde21de0", "bcad0b2f6d5df9b2"}, 0x28) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, '\x00 \x00', "38967a2445914c2e5ab898a7f56a364a", "80020007", "bff5b80e1f6fd131"}, 0x28) 4.292645559s ago: executing program 5 (id=4130): bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xb, @dev={0xfe, 0x80, '\x00', 0x17}, 0x4}, 0x1c) 4.205819661s ago: executing program 0 (id=4131): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100006e40b740e1092151c14001020301090212000100"], 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040011) 4.08443536s ago: executing program 5 (id=4133): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 3.119428896s ago: executing program 5 (id=4136): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty=0x1f, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 2.92864237s ago: executing program 5 (id=4137): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r1, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd}]}}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000180), 0x10) io_setup(0x9, &(0x7f0000000240)=0x0) r5 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/power/hibernate_compression_threads', 0x400, 0x48) io_submit(r4, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x400000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000200)="0500000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f00000000000029ffffff000000", 0x38, 0x0, 0x0, 0x0, r5}]) 2.84392013s ago: executing program 4 (id=4138): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, 0x0, 0x0, 0x40012100, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410072786500140033006c6f0009b01a2c"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="15000400000000000000010000001c0002800c00018008000100030000000c00018008000100000000000c00018008000100", @ANYRES32=r8, @ANYBLOB="0f5b83da1af41a33ecf3606063cacae27cd29a4651b6ee1b933f908ec06253500000000000010000967338b26b321ae0a5d3c02fefc81636b69efab335bd6c5ca5fa304f73658bd6a6ce7004548ff92706ab726a40bbce40b879ef2de7ba1906d8c466157f0aa947fedf77daa9c0a1038975dc5fea7ba321c932053ad65c8c3a682e72b437bb11b80d9c8fbe3b4067ce9dcdcf2e61fc0e7173deb26d3b81dd40006ca35be2c9599981d96ef6cf887d37320cab93b7d754f11072b0b8f1bbe23f4a126dcc488b20a47f6536"], 0x3c}}, 0x0) r9 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 2.393150364s ago: executing program 5 (id=4139): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0) r1 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005ae4c41096050100f5050102030109021b0001000000000904d60001b5e14500090583"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000440)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="000a10"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, &(0x7f0000000200)={0xc, &(0x7f0000000040)={0x40, 0x30, 0x1e, {0x1e, 0x22, "50e68ae305298ef1ac6519cdc51a993b341e5b43b558d24a876b4133"}}, &(0x7f0000000100)={0x0, 0x3, 0x63, @string={0x63, 0x3, "bd4498da0ab9bdf4602d7f693be29a990af1b2897e85e8261a3b0e3cbbcb3405bf6e5cba84457830c7bb1b9e9f405a353628649ee82f15561943757ca5d750ce6c2102cc022ed9696b720a518d87205ae2a9f92a360fb37c312aa550f14df859e9"}}}, &(0x7f00000004c0)={0x24, &(0x7f0000000240)={0x0, 0x12, 0x57, "32613debfc55a718329f2b57c9128278b12b52dd40fcad9b967628964b95e3908084b0bf09b11108981d0ab719f50c9bcf977882dfa528ba51edd1834f0f7bf580e9fa3d714a4cdcdb44a9003e9525cdf9a3383fc940c0"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xb}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000340)={0x20, 0x81, 0x3, "47e695"}, &(0x7f0000000380)={0x20, 0x82, 0x2, "b43e"}, &(0x7f00000003c0)={0x20, 0x83, 0x2, "44f9"}, &(0x7f0000000400)={0x20, 0x84, 0x1, "88"}, &(0x7f0000000480)={0x20, 0x85, 0x3, "d72c0f"}}) r2 = syz_usb_connect(0x0, 0x202, &(0x7f0000000180)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000640)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20180400567e4136"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) 2.11631185s ago: executing program 2 (id=4141): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa0842, 0x0) r2 = syz_io_uring_setup(0x234, &(0x7f00000001c0)={0x0, 0x2804, 0x10100, 0x0, 0x362}, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r1, 0x80000000003, 0x0, 0x0, 0x6c62ba9b35f8b9d1}) io_uring_enter(r2, 0x7898, 0x0, 0x8, 0x0, 0x0) 1.967003776s ago: executing program 3 (id=4142): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000400), 0x106}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000780), 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240), 0x111, 0x6}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000400), 0x106}}, 0x20) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fd1c291b3091ec1a06000000975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 1.800541313s ago: executing program 2 (id=4143): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000300)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r3, &(0x7f0000000300)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14) syz_emit_ethernet(0x42, &(0x7f0000000340)={@local, @local, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0xb, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @remote}}}}, 0x0) 1.776974839s ago: executing program 3 (id=4144): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x7ff, 0x1, 0xfffffffc, 0x7, 0x25, 0xb9, 0x5}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x2, 0xa}}, 0x20) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0x7) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x806, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 1.559727194s ago: executing program 3 (id=4145): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fremovexattr(r0, &(0x7f0000000000)=@known='user.incfs.id\x00') r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x8, 0x0, 0x5, 0x2, 0x0, 0x9, 0x5, 0x1, 0xfd, 0x52, 0x0, 0x4, 0x0, 0x3}, 0xe) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$kcm(0x10, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) 1.248967977s ago: executing program 4 (id=4146): r0 = userfaultfd(0x80001) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x11}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc020aa08, &(0x7f0000000100)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) 1.205297116s ago: executing program 2 (id=4147): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000000)) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) r4 = syz_io_uring_setup(0x88b, &(0x7f0000000140)={0x0, 0x3f84, 0x10, 0x4, 0x6fd}, &(0x7f0000000000)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x4047f6, 0x0, 0x4, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.098280112s ago: executing program 0 (id=4148): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) syz_io_uring_setup(0xefe, &(0x7f0000000140)={0x0, 0xcc19, 0x10806}, &(0x7f0000000000), &(0x7f0000000380)) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000007, 0x11, r2, 0xfffff000) close_range(r1, 0xffffffffffffffff, 0x0) 830.169177ms ago: executing program 2 (id=4149): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0xe0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0xac}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}]}}]}, 0x44}}, 0x40440c0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="d6a365dd00ca"}, 0x14) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 485.6638ms ago: executing program 2 (id=4150): syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) socket(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 416.313191ms ago: executing program 3 (id=4151): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e21, @multicast1}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000000)=r1) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) socket(0x10, 0x3, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000380)="f1", 0x1, 0x200400c5, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 231.922443ms ago: executing program 3 (id=4152): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 139.648788ms ago: executing program 0 (id=4153): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, 0x0, 0x0, 0x40012100, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410072786500140033006c6f0009b01a2c"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd70000000007b28", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="15000400000000000000010000001c0002800c00018008000100030000000c00018008000100000000000c00018008000100", @ANYRES32=r9, @ANYBLOB="0f5b83da1af41a33ecf3606063cacae27cd29a4651b6ee1b933f908ec06253500000000000010000967338b26b321ae0a5d3c02fefc81636b69efab335bd6c5ca5fa304f73658bd6a6ce7004548ff92706ab726a40bbce40b879ef2de7ba1906d8c466157f0aa947fedf77daa9c0a1038975dc5fea7ba321c932053ad65c8c3a682e72b437bb11b80d9c8fbe3b4067ce9dcdcf2e61fc0e7173deb26d3b81dd40006ca35be2c9599981d96ef6cf887d37320cab93b7d754f11072b0b8f1bbe23f4a126dcc488b20a47f6536"], 0x3c}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 91.099333ms ago: executing program 5 (id=4154): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) unshare(0x8000000) shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000540)={0x2, @win={{0x2, 0x1, 0x80000000, 0xcb81}, 0x1, 0x9, 0x0, 0x7f, 0x0, 0x6}}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) memfd_create(0x0, 0x3) socket$tipc(0x1e, 0x5, 0x0) 58.876669ms ago: executing program 2 (id=4155): socket$pppl2tp(0x18, 0x1, 0x1) r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) writev(r0, &(0x7f0000005740), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8001) r3 = getpgid(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x1c) sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015) syz_usb_connect(0x5, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b"], 0x0) 0s ago: executing program 3 (id=4156): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f0000000300)={&(0x7f00000000c0)=@phonet={0x23, 0x0, 0x0, 0x45}, 0x80, 0x0}, 0x20000080) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r2, 0x0, 0x0, 0x40012100, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410072786500140033006c6f0009b01a2c"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="15000400000000000000010000001c0002800c00018008000100030000000c00018008000100000000000c00018008000100", @ANYRES32=r8, @ANYBLOB="0f5b83da1af41a33ecf3606063cacae27cd29a4651b6ee1b933f908ec06253500000000000010000967338b26b321ae0a5d3c02fefc81636b69efab335bd6c5ca5fa304f73658bd6a6ce7004548ff92706ab726a40bbce40b879ef2de7ba1906d8c466157f0aa947fedf77daa9c0a1038975dc5fea7ba321c932053ad65c8c3a682e72b437bb11b80d9c8fbe3b4067ce9dcdcf2e61fc0e7173deb26d3b81dd40006ca35be2c9599981d96ef6cf887d37320cab93b7d754f11072b0b8f1bbe23f4a126dcc488b20a47f6536"], 0x3c}}, 0x0) r9 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): TV Hybrid Stick Solo' in warm state. [ 1012.853232][ T6788] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1012.909775][ T6788] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 1012.922906][ T6788] usb 2-1: media controller created [ 1012.983651][ T6788] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1013.265217][T16744] binder: BINDER_SET_CONTEXT_MGR already set [ 1013.271270][T16744] binder: 16735:16744 ioctl 4018620d 80000040 returned -16 [ 1013.388587][ T6788] DVB: Unable to find symbol dib7000p_attach() [ 1013.405260][ T6788] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 1013.445099][T16744] syz.0.3034 (16744): drop_caches: 2 [ 1013.775607][ T6788] rc_core: IR keymap rc-dib0700-rc5 not found [ 1013.781734][ T6788] Registered IR keymap rc-empty [ 1013.893347][T16755] syz.3.3039 (16755): drop_caches: 2 [ 1013.908417][ T6788] dvb-usb: could not initialize remote control. [ 1013.931368][ T6788] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 1013.986525][ T6788] usb 2-1: USB disconnect, device number 82 [ 1014.339480][ T6788] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 1014.869225][T16767] trusted_key: syz.0.3043 sent an empty control message without MSG_MORE. [ 1015.195127][T16775] binder: BINDER_SET_CONTEXT_MGR already set [ 1015.201204][T16775] binder: 16769:16775 ioctl 4018620d 80000040 returned -16 [ 1015.278064][T16777] binder: 16769:16777 ioctl c0306201 0 returned -14 [ 1015.292286][T16775] syz.1.3044 (16775): drop_caches: 2 [ 1015.525293][T16781] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3046'. [ 1015.638487][ T6788] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1015.794223][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 1015.794244][ T30] audit: type=1326 audit(1765555384.601:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1015.844278][ T6788] usb 1-1: Using ep0 maxpacket: 32 [ 1015.853735][ T6788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1015.944067][ T6788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1015.945463][ T30] audit: type=1326 audit(1765555384.601:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.008669][ T6788] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1016.022373][ T6788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.169232][ T6788] usb 1-1: config 0 descriptor?? [ 1016.249274][ T30] audit: type=1326 audit(1765555384.761:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.403991][ T30] audit: type=1326 audit(1765555384.761:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.583954][ T30] audit: type=1326 audit(1765555384.761:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.636529][ T6788] savu 0003:1E7D:2D5A.0042: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 1016.683964][ T30] audit: type=1326 audit(1765555384.761:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.750281][ T30] audit: type=1326 audit(1765555384.791:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.820668][ T30] audit: type=1326 audit(1765555384.801:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.881708][ T30] audit: type=1326 audit(1765555384.801:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.910455][ T30] audit: type=1326 audit(1765555384.801:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.2.3049" exe="/root/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1016.934546][ T129] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1016.945434][ T5911] usb 1-1: USB disconnect, device number 78 [ 1017.114299][ T129] usb 3-1: Using ep0 maxpacket: 32 [ 1017.122451][ T129] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1017.133723][ T129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.146743][ T129] usb 3-1: config 0 descriptor?? [ 1017.204454][ T5900] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1017.354353][ T5900] usb 4-1: Using ep0 maxpacket: 8 [ 1017.361722][ T129] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1017.368836][ T5900] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1017.378523][ T5900] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1017.389667][ T129] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1017.399190][ T5900] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1017.409978][ T129] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1017.410416][ T6788] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1017.417677][ T129] usb 3-1: media controller created [ 1017.430402][ T5900] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1017.450531][ T129] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1017.459060][ T5900] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1017.483962][ T5900] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1017.493097][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.571220][ T129] az6027: usb out operation failed. (-71) [ 1017.577803][ T129] az6027: usb out operation failed. (-71) [ 1017.583596][ T129] stb0899_attach: Driver disabled by Kconfig [ 1017.597783][ T6788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1017.608758][ T129] az6027: no front-end attached [ 1017.608758][ T129] [ 1017.609186][ T129] az6027: usb out operation failed. (-71) [ 1017.616453][ T6788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1017.622791][ T129] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1017.633264][ T6788] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1017.654234][ T6788] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1017.665455][ T6788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.680255][ T129] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input79 [ 1017.680537][ T6788] usb 2-1: config 0 descriptor?? [ 1017.719109][ T129] dvb-usb: schedule remote query interval to 400 msecs. [ 1017.733871][ T129] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1017.752551][ T5900] usb 4-1: GET_CAPABILITIES returned 0 [ 1017.773034][ T5900] usbtmc 4-1:16.0: can't read capabilities [ 1017.779725][ T129] usb 3-1: USB disconnect, device number 81 [ 1017.884266][ T129] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1017.893575][T16816] netlink: 304 bytes leftover after parsing attributes in process `syz.0.3063'. [ 1018.028885][ T6787] usb 4-1: USB disconnect, device number 72 [ 1018.036222][T16797] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 1018.175217][ T6788] plantronics 0003:047F:FFFF.0043: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1018.211840][T16826] binder: BINDER_SET_CONTEXT_MGR already set [ 1018.218304][T16826] binder: 16821:16826 ioctl 4018620d 80000040 returned -16 [ 1018.227304][T16826] binder: 16821:16826 ioctl c0306201 0 returned -14 [ 1018.249914][T16826] syz.0.3065 (16826): drop_caches: 2 [ 1018.573981][ T129] usb 2-1: USB disconnect, device number 83 [ 1018.708303][T16829] syz.4.3066 (16829): drop_caches: 2 [ 1019.437378][T16844] binder: 16839:16844 ioctl c0306201 0 returned -14 [ 1019.451228][T16844] binder: BINDER_SET_CONTEXT_MGR already set [ 1019.457767][T16844] binder: 16839:16844 ioctl 4018620d 80000040 returned -16 [ 1019.599524][T16844] syz.1.3071 (16844): drop_caches: 2 [ 1019.626773][ T5900] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1019.781777][T16851] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3072'. [ 1019.993998][ T5900] usb 3-1: Using ep0 maxpacket: 8 [ 1020.015059][ T5900] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1020.033161][ T5900] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1020.088731][ T5900] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1020.217922][ T5900] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1020.267712][ T5900] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1020.293536][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.681936][ T5900] usb 3-1: GET_CAPABILITIES returned 0 [ 1020.697216][ T5900] usbtmc 3-1:16.0: can't read capabilities [ 1020.886392][ T6788] usb 3-1: USB disconnect, device number 82 [ 1021.447270][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1021.447285][ T30] audit: type=1326 audit(1765555390.241:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000 [ 1021.538552][ T30] audit: type=1326 audit(1765555390.241:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7ffc0000 [ 1021.555906][T16882] binder: 16879:16882 ioctl c0306201 0 returned -14 [ 1021.578838][T16882] syz.0.3085 (16882): drop_caches: 2 [ 1021.604220][ T6788] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1021.604664][ T30] audit: type=1326 audit(1765555390.281:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000 [ 1021.704223][ T30] audit: type=1326 audit(1765555390.291:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7ffc0000 [ 1021.739857][ T30] audit: type=1326 audit(1765555390.291:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7ffc0000 [ 1021.762913][ T30] audit: type=1326 audit(1765555390.291:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000 [ 1021.783945][ T6788] usb 2-1: Using ep0 maxpacket: 8 [ 1021.795508][ T30] audit: type=1326 audit(1765555390.291:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000 [ 1021.801104][ T6788] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1021.905681][T16891] binder: 16885:16891 ioctl c0306201 0 returned -14 [ 1022.004354][T16892] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3087'. [ 1022.141408][ T30] audit: type=1326 audit(1765555390.291:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7ffc0000 [ 1022.215986][T16891] syz.3.3088 (16891): drop_caches: 2 [ 1022.331451][ T30] audit: type=1326 audit(1765555390.291:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7ffc0000 [ 1022.356260][ T6788] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1022.356343][ T30] audit: type=1326 audit(1765555390.291:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16875 comm="syz.3.3083" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000 [ 1022.418697][ T6788] usb 2-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3 [ 1022.434259][ T6788] usb 2-1: Product: syz [ 1022.447860][ T6788] usb 2-1: Manufacturer: syz [ 1022.461276][ T6788] usb 2-1: SerialNumber: syz [ 1022.488145][ T6788] usb 2-1: config 0 descriptor?? [ 1022.517935][ T6788] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1023.325192][ T6788] gspca_zc3xx: reg_w_i err -71 [ 1023.432637][T16900] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3090'. [ 1023.924550][ T6788] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1023.991406][T16904] syz.2.3091 (16904): drop_caches: 2 [ 1024.021322][ T6788] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 1024.121525][ T6788] usb 2-1: USB disconnect, device number 84 [ 1025.562224][ T129] usb 3-1: new full-speed USB device number 83 using dummy_hcd [ 1025.735672][ T129] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1025.746274][ T129] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1025.766402][ T129] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1025.793949][ T129] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1025.813706][ T129] usb 3-1: Product: syz [ 1025.818908][ T129] usb 3-1: Manufacturer: syz [ 1025.827839][ T129] usb 3-1: SerialNumber: syz [ 1025.901687][T16938] lo: entered allmulticast mode [ 1025.930050][T16938] dvmrp8: entered allmulticast mode [ 1025.946320][T16937] lo: left allmulticast mode [ 1026.027279][ T6788] hid-generic 0000:0000:0000.0044: unknown main item tag 0x0 [ 1026.051294][ T6788] hid-generic 0000:0000:0000.0044: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1026.062254][ T129] usb 3-1: 0:2 : does not exist [ 1026.095305][ T129] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1026.152072][ T129] usb 3-1: USB disconnect, device number 83 [ 1026.235566][T13776] udevd[13776]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1026.265145][ T5900] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1026.425038][ T5900] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 1026.440606][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.450944][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.462697][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.471427][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.482960][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.494581][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.502756][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.512170][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.529552][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.540626][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.552076][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.564150][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.572387][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.582017][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.608658][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.620528][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.630012][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.644232][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.652508][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.661562][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.676742][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.685401][ T5900] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1026.694873][ T5900] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.747590][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1026.776430][ T5900] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1026.794673][ T5900] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1026.814231][ T5900] usb 1-1: Product: syz [ 1026.818481][ T5900] usb 1-1: Manufacturer: syz [ 1026.854275][ T5900] usb 1-1: SerialNumber: syz [ 1026.865279][ T5900] usb 1-1: config 0 descriptor?? [ 1026.915557][ T5900] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 1026.965369][T16966] syzkaller1: entered promiscuous mode [ 1026.973682][T16966] syzkaller1: entered allmulticast mode [ 1027.059795][T16971] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3117'. [ 1027.070505][T16971] hsr_slave_0: left promiscuous mode [ 1027.079236][T16971] hsr_slave_1: left promiscuous mode [ 1027.111771][T16972] binder: BINDER_SET_CONTEXT_MGR already set [ 1027.118273][T16972] binder: 16967:16972 ioctl 4018620d 80000040 returned -16 [ 1027.139410][T16972] syz.2.3116 (16972): drop_caches: 2 [ 1027.202578][ T5900] usb 1-1: USB disconnect, device number 79 [ 1027.215506][ T5900] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 1027.261120][T16974] loop9: detected capacity change from 0 to 7 [ 1027.272844][T13776] Dev loop9: unable to read RDB block 7 [ 1027.284270][T13776] loop9: unable to read partition table [ 1027.334520][T13776] loop9: partition table beyond EOD, truncated [ 1027.344048][T16974] Dev loop9: unable to read RDB block 7 [ 1027.353557][T16974] loop9: unable to read partition table [ 1027.367972][T16974] loop9: partition table beyond EOD, truncated [ 1027.387785][T16974] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1027.422451][T16977] netlink: 'syz.3.3119': attribute type 1 has an invalid length. [ 1027.431635][T16977] netlink: 'syz.3.3119': attribute type 2 has an invalid length. [ 1028.064581][T16993] input: syz0 as /devices/virtual/input/input80 [ 1028.081253][T16993] input: failed to attach handler leds to device input80, error: -6 [ 1029.004285][ T5900] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 1029.104047][ T129] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1029.154909][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 1029.172908][ T5900] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1029.193179][ T5900] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1029.210415][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1029.337317][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1029.349911][ T129] usb 3-1: Using ep0 maxpacket: 16 [ 1029.355736][ T5900] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1029.549824][ T129] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 1029.571796][ T5900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1029.589944][ T129] usb 3-1: config 0 has no interface number 0 [ 1029.617792][ T129] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1029.633001][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.662526][ T129] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1029.673043][ T129] usb 3-1: config 0 interface 41 has no altsetting 0 [ 1029.686411][T17027] syz.1.3138 (17027): drop_caches: 2 [ 1029.710855][ T129] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 1029.720417][ T129] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.767087][ T129] usb 3-1: Product: syz [ 1029.778117][ T129] usb 3-1: Manufacturer: syz [ 1029.784429][ T129] usb 3-1: SerialNumber: syz [ 1029.800006][ T129] usb 3-1: config 0 descriptor?? [ 1029.812520][T17029] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3139'. [ 1029.840354][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1029.848843][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1029.911923][ T5900] usb 1-1: usb_control_msg returned -32 [ 1029.918633][ T5900] usbtmc 1-1:16.0: can't read capabilities [ 1030.155007][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1030.162529][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1030.441703][T17034] usbtmc 1-1:16.0: INITIATE_CLEAR returned 0 [ 1030.593920][ T129] Error reading MAC address [ 1030.605649][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1030.613247][T17014] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1030.655528][ T6787] usb 1-1: USB disconnect, device number 80 [ 1030.824779][ T129] sr9700 3-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 1030.847901][ T129] usb 3-1: USB disconnect, device number 84 [ 1030.925650][T17046] binder: BINDER_SET_CONTEXT_MGR already set [ 1030.931885][T17046] binder: 17043:17046 ioctl 4018620d 80000040 returned -16 [ 1030.949168][T17046] syz.1.3144 (17046): drop_caches: 2 [ 1032.017753][T17061] input: syz1 as /devices/virtual/input/input81 [ 1032.467336][T17072] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 68 [ 1032.829531][T17080] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3158'. [ 1032.969034][T17085] binder: BINDER_SET_CONTEXT_MGR already set [ 1032.975198][T17085] binder: 17078:17085 ioctl 4018620d 80000040 returned -16 [ 1032.993551][T17085] syz.4.3160 (17085): drop_caches: 2 [ 1033.406624][ T6787] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1033.578276][ T6787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1033.606173][ T6787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1033.633958][ T6787] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1033.719019][ T6787] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1033.729497][ T6787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.746217][ T6787] usb 4-1: config 0 descriptor?? [ 1034.083428][T17111] netlink: 304 bytes leftover after parsing attributes in process `syz.1.3172'. [ 1034.094271][ T6788] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1034.181395][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.197024][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.223877][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.234398][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.270687][T17116] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.277181][T17116] binder: 17112:17116 ioctl 4018620d 80000040 returned -16 [ 1034.299224][T17116] syz.0.3173 (17116): drop_caches: 2 [ 1034.313975][ T6788] usb 3-1: Using ep0 maxpacket: 16 [ 1034.323512][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.336391][ T6788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1034.353012][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.361186][ T6788] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1034.375533][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.382963][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.391694][ T6788] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1034.411507][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.419152][ T6788] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.434328][ T6787] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 1034.447595][ T6788] usb 3-1: config 0 descriptor?? [ 1034.488053][ T6787] plantronics 0003:047F:FFFF.0045: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1034.520398][ T6787] usb 4-1: USB disconnect, device number 73 [ 1034.584824][ T1217] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1034.746057][ T1217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1034.768547][T17120] fido_id[17120]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1034.785655][ T1217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1034.797882][ T1217] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1034.871045][ T1217] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1034.891503][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.996838][ T1217] usb 2-1: config 0 descriptor?? [ 1035.248781][ T6788] usbhid 3-1:0.0: can't add hid device: -71 [ 1035.261363][ T6788] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1035.278345][ T6788] usb 3-1: USB disconnect, device number 85 [ 1035.519704][ T1217] plantronics 0003:047F:FFFF.0046: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1036.708200][T17154] syz.4.3184 (17154): drop_caches: 2 [ 1036.754131][ T5900] usb 4-1: new low-speed USB device number 74 using dummy_hcd [ 1036.787051][T17156] binder: BINDER_SET_CONTEXT_MGR already set [ 1036.793143][T17156] binder: 17151:17156 ioctl 4018620d 80000040 returned -16 [ 1036.805003][T17156] syz.2.3185 (17156): drop_caches: 2 [ 1037.060474][ T5900] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1037.075528][ T5900] usb 4-1: config 0 has no interface number 0 [ 1037.084538][ T5900] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1037.198211][ T5900] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 1037.503966][ T5900] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1037.513188][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.560800][ T5900] usb 4-1: config 0 descriptor?? [ 1037.567073][T17146] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1037.578284][ T5900] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 1037.666220][ T129] usb 2-1: USB disconnect, device number 85 [ 1037.824242][ T5900] usb 4-1: USB disconnect, device number 74 [ 1038.384506][ T5900] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1038.634322][ T5900] usb 1-1: Using ep0 maxpacket: 32 [ 1038.649208][ T5900] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 1038.660821][ T5900] usb 1-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1038.847427][ T5900] usb 1-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1038.886098][ T5900] usb 1-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 1038.909097][ T5900] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 1038.924284][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.953320][ T5900] usb 1-1: Product: syz [ 1038.957805][ T5900] usb 1-1: Manufacturer: syz [ 1038.962687][ T5900] usb 1-1: SerialNumber: syz [ 1038.986155][ C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 1039.035216][ T5900] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/input/input82 [ 1039.097683][T17190] syz.3.3199 (17190): drop_caches: 2 [ 1039.166679][ T129] usb 2-1: new full-speed USB device number 86 using dummy_hcd [ 1039.354706][ T5900] imon 1-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 1039.363077][ T5900] (id 0x00) [ 1039.385926][ T129] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1039.397204][ T129] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1039.415669][ T129] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1039.437469][ T129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1039.459403][ T129] usb 2-1: Product: syz [ 1039.466515][ T129] usb 2-1: Manufacturer: syz [ 1039.476901][ T129] usb 2-1: SerialNumber: syz [ 1039.554414][ T5900] rc_core: IR keymap rc-imon-pad not found [ 1039.560471][ T5900] Registered IR keymap rc-empty [ 1039.566153][ T5900] imon 1-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 1039.587049][ T5900] imon 1-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 1039.627406][ T5900] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc0 [ 1039.681383][ T5900] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc0/input83 [ 1039.729813][ T129] usb 2-1: 0:2 : does not exist [ 1039.742125][ T5900] imon 1-1:155.0: iMON device (15c2:ffdc, intf0) on usb<1:81> initialized [ 1039.796911][ T129] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1039.830567][ T5900] usb 1-1: USB disconnect, device number 81 [ 1039.922997][ T129] usb 2-1: USB disconnect, device number 86 [ 1039.969031][T17200] binder: BINDER_SET_CONTEXT_MGR already set [ 1039.975441][T17200] binder: 17197:17200 ioctl 4018620d 80000040 returned -16 [ 1039.997013][T17200] syz.2.3202 (17200): drop_caches: 2 [ 1040.221864][T13776] udevd[13776]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1040.995277][ T1217] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1041.047562][T17214] binder: 17210:17214 ioctl 4018620d 0 returned -22 [ 1041.071999][T17214] syz.4.3207 (17214): drop_caches: 2 [ 1041.226001][ T1217] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1041.238684][ T1217] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1041.360226][ T1217] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1041.383640][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1041.444884][T17206] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1041.469958][ T1217] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1041.693561][ T5900] usb 2-1: USB disconnect, device number 87 [ 1042.087491][T17229] lo: entered allmulticast mode [ 1042.100498][T17229] lo: entered promiscuous mode [ 1042.155901][T17228] lo: left promiscuous mode [ 1042.160662][T17228] lo: left allmulticast mode [ 1043.086958][T17247] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3219'. [ 1043.157092][T17245] syz.2.3217 (17245): drop_caches: 2 [ 1043.491590][T17252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3221'. [ 1044.717676][T17279] syz.2.3238 (17279): drop_caches: 2 [ 1044.894289][ T1217] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1045.012324][T17291] netlink: 'syz.0.3235': attribute type 12 has an invalid length. [ 1045.021523][T17291] netlink: 'syz.0.3235': attribute type 29 has an invalid length. [ 1045.030199][T17291] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3235'. [ 1045.044230][ T1217] usb 2-1: Using ep0 maxpacket: 16 [ 1045.051589][ T1217] usb 2-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 1045.061619][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1045.084509][ T1217] usb 2-1: config 0 descriptor?? [ 1045.089974][T17291] netlink: 'syz.0.3235': attribute type 2 has an invalid length. [ 1045.425998][T17295] netlink: 'syz.0.3237': attribute type 11 has an invalid length. [ 1046.231109][T17319] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.237397][T17319] binder: 17314:17319 ioctl 4018620d 80000040 returned -16 [ 1046.247692][T17319] binder: 17314:17319 ioctl c0306201 0 returned -14 [ 1046.266830][T17319] syz.0.3247 (17319): drop_caches: 2 [ 1046.395122][ T1217] pegasus 2-1:0.0: can't reset MAC [ 1046.415642][ T1217] pegasus 2-1:0.0: probe with driver pegasus failed with error -5 [ 1046.433486][ T1217] usb 2-1: USB disconnect, device number 88 [ 1047.051477][T17326] kvm: user requested TSC rate below hardware speed [ 1047.411344][ T1217] hid_parser_main: 5 callbacks suppressed [ 1047.411361][ T1217] hid-generic 0000:0000:0000.0047: unknown main item tag 0x0 [ 1047.455695][ T1217] hid-generic 0000:0000:0000.0047: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1047.501568][T17342] binder: BINDER_SET_CONTEXT_MGR already set [ 1047.507808][T17342] binder: 17335:17342 ioctl 4018620d 80000040 returned -16 [ 1047.539654][T17342] syz.4.3254 (17342): drop_caches: 2 [ 1048.523937][ T1217] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1048.684745][ T1217] usb 4-1: Using ep0 maxpacket: 32 [ 1048.691927][ T1217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1048.712895][ T1217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1048.726120][ T1217] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1048.746416][ T1217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.757321][ T1217] usb 4-1: config 0 descriptor?? [ 1048.931653][T17371] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1048.945233][T17371] netlink: 'syz.2.3265': attribute type 4 has an invalid length. [ 1049.222802][ T1217] savu 0003:1E7D:2D5A.0048: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 1049.479125][ T5900] usb 4-1: USB disconnect, device number 75 [ 1050.714034][T17440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3285'. [ 1051.945718][T17460] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3294'. [ 1051.959957][T17467] input: syz1 as /devices/virtual/input/input84 [ 1053.853988][ T129] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1054.006008][ T129] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1054.024266][ T129] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1054.036380][ T129] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1054.050875][ T129] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1054.070296][ T129] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1054.099484][ T129] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1054.114355][ T129] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1054.122407][ T129] usb 2-1: Product: syz [ 1054.141929][ T129] usb 2-1: Manufacturer: syz [ 1054.217167][ T129] cdc_wdm 2-1:1.0: skipping garbage [ 1054.230443][ T129] cdc_wdm 2-1:1.0: skipping garbage [ 1054.275104][T17515] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3318'. [ 1054.307537][ T129] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1054.320433][ T129] cdc_wdm 2-1:1.0: Unknown control protocol [ 1054.424766][T17499] cdc_wdm 2-1:1.0: Error submitting int urb - -90 [ 1054.432796][T17499] cdc_wdm 2-1:1.0: Error submitting int urb - -90 [ 1054.441085][ T1217] usb 2-1: USB disconnect, device number 89 [ 1054.955399][T17528] sg_write: process 2039 (syz.4.3322) changed security contexts after opening file descriptor, this is not allowed. [ 1055.713659][T17551] binder: BINDER_SET_CONTEXT_MGR already set [ 1055.719973][T17551] binder: 17544:17551 ioctl 4018620d 80000040 returned -16 [ 1055.974773][T17551] syz.2.3329 (17551): drop_caches: 2 [ 1056.755271][T17569] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.761433][T17569] binder: 17560:17569 ioctl 4018620d 80000040 returned -16 [ 1056.780470][T17569] syz.3.3334 (17569): drop_caches: 2 [ 1057.039364][T17571] bridge0: port 3(macsec1) entered blocking state [ 1057.062207][T17571] bridge0: port 3(macsec1) entered disabled state [ 1057.125813][T17571] macsec1: entered allmulticast mode [ 1057.162295][T17571] geneve1: entered allmulticast mode [ 1057.229800][T17571] macsec1: entered promiscuous mode [ 1057.263377][T17571] geneve1: entered promiscuous mode [ 1057.471238][T17578] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3339'. [ 1057.539586][T17579] netlink: 'syz.2.3340': attribute type 4 has an invalid length. [ 1058.110003][T17587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3343'. [ 1058.916285][T17613] binder: BINDER_SET_CONTEXT_MGR already set [ 1058.922399][T17613] binder: 17607:17613 ioctl 4018620d 80000040 returned -16 [ 1058.966437][T17613] syz.0.3351 (17613): drop_caches: 2 [ 1059.598967][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.605698][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.701954][T17625] syz.3.3356 (17625): drop_caches: 2 [ 1059.901671][ T6788] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0 [ 1059.963103][ T6788] hid-generic 0000:0000:0000.0049: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1060.282536][T13148] team0: Port device syz_tun removed [ 1060.627848][T17633] syz.4.3359 (17633): drop_caches: 2 [ 1061.598506][ T6002] bridge_slave_1: left allmulticast mode [ 1061.617230][ T6002] bridge_slave_1: left promiscuous mode [ 1061.633692][ T6002] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.656844][ T6002] bridge_slave_0: left allmulticast mode [ 1061.663520][ T6002] bridge_slave_0: left promiscuous mode [ 1061.674757][ T6002] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.718335][ T6002] veth9: left allmulticast mode [ 1061.730985][ T6002] veth9: left promiscuous mode [ 1061.742568][ T6002] bridge3: port 2(veth9) entered disabled state [ 1061.886342][ T6002] veth7: left allmulticast mode [ 1061.904679][T17651] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3366'. [ 1061.916922][ T6002] veth7: left promiscuous mode [ 1061.933427][ T6002] bridge3: port 1(veth7) entered disabled state [ 1062.076660][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1062.088272][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1062.096576][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1062.107049][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1062.115116][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1063.375242][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 1063.375263][ T30] audit: type=1326 audit(1765555432.171:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17680 comm="syz.0.3371" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f64539 code=0x0 [ 1063.619077][ T6002] bond1 (unregistering): Released all slaves [ 1063.718645][T17679] syz.4.3370 (17679): drop_caches: 2 [ 1063.750000][ T6002] bond0 (unregistering): Released all slaves [ 1063.778154][ T6002] bond2 (unregistering): Released all slaves [ 1063.904718][ T6002] tipc: Disabling bearer [ 1063.984201][ T6002] tipc: Left network mode [ 1064.154243][ T5832] Bluetooth: hci0: command tx timeout [ 1064.360291][T17692] netlink: 'syz.0.3374': attribute type 12 has an invalid length. [ 1064.389126][T17692] netlink: 'syz.0.3374': attribute type 29 has an invalid length. [ 1064.419481][T17692] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3374'. [ 1064.457600][T17692] netlink: 'syz.0.3374': attribute type 2 has an invalid length. [ 1064.495642][T17692] netlink: 23 bytes leftover after parsing attributes in process `syz.0.3374'. [ 1065.041115][ T6002] hsr_slave_0: left promiscuous mode [ 1065.069230][ T6002] hsr_slave_1: left promiscuous mode [ 1065.087316][ T6002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1065.097880][T17722] input: syz1 as /devices/virtual/input/input85 [ 1065.237539][T13776] udevd[13776]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory [ 1065.349088][T17731] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3380'. [ 1065.409857][T17730] syz.4.3382 (17730): drop_caches: 2 [ 1066.244065][ T5832] Bluetooth: hci0: command tx timeout [ 1066.661453][ T6002] team0 (unregistering): Port device team_slave_1 removed [ 1066.732403][ T6002] team0 (unregistering): Port device team_slave_0 removed [ 1066.951995][T17754] syz.4.3390 (17754): drop_caches: 2 [ 1067.282526][ T6002] team0 (unregistering): Port device dummy0 removed [ 1067.696892][T17753] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3391'. [ 1067.764555][T17654] chnl_net:caif_netlink_parms(): no params data found [ 1068.073855][ T6788] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 1068.199282][T17654] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.218275][T17654] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.234118][T17654] bridge_slave_0: entered allmulticast mode [ 1068.246730][T17654] bridge_slave_0: entered promiscuous mode [ 1068.257738][ T6788] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 1068.267367][T17654] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.281712][T17654] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.285994][ T6788] usb 3-1: config 4 has no interface number 0 [ 1068.290262][T17654] bridge_slave_1: entered allmulticast mode [ 1068.303052][T17654] bridge_slave_1: entered promiscuous mode [ 1068.313879][ T5832] Bluetooth: hci0: command tx timeout [ 1068.326791][ T6788] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 1068.356736][ T6788] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1068.398146][ T6788] usb 3-1: Product: syz [ 1068.405542][T17654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1068.415024][ T6788] usb 3-1: Manufacturer: syz [ 1068.430242][ T6788] usb 3-1: SerialNumber: syz [ 1068.432644][T17654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1068.436907][ T6002] IPVS: stop unused estimator thread 0... [ 1068.470734][ T6788] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input86 [ 1068.663458][T17654] team0: Port device team_slave_0 added [ 1068.699925][ T5185] bcm5974 3-1:4.28: could not read from device [ 1068.700917][T17654] team0: Port device team_slave_1 added [ 1068.744655][ T6788] usb 3-1: USB disconnect, device number 86 [ 1068.754540][ T5185] bcm5974 3-1:4.28: could not read from device [ 1068.871059][T14203] udevd[14203]: Error opening device "/dev/input/event4": No such file or directory [ 1068.916578][T14203] udevd[14203]: Unable to EVIOCGABS device "/dev/input/event4" [ 1068.940931][T14203] udevd[14203]: Unable to EVIOCGABS device "/dev/input/event4" [ 1068.974770][T14203] udevd[14203]: Unable to EVIOCGABS device "/dev/input/event4" [ 1069.002526][T17654] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1069.003168][T14203] udevd[14203]: Unable to EVIOCGABS device "/dev/input/event4" [ 1069.030738][T17654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1069.073084][T17654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1069.097450][T17654] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1069.104955][T17654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1069.137106][T17654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1069.311931][T17802] binder: BINDER_SET_CONTEXT_MGR already set [ 1069.318116][T17802] binder: 17796:17802 ioctl 4018620d 80000040 returned -16 [ 1069.358326][T17802] syz.4.3403 (17802): drop_caches: 2 [ 1069.509846][T17654] hsr_slave_0: entered promiscuous mode [ 1069.530834][T17654] hsr_slave_1: entered promiscuous mode [ 1069.582554][T17654] debugfs: 'hsr0' already exists in 'hsr' [ 1069.598843][T17654] Cannot create hsr debugfs directory [ 1069.921158][ T5911] usb 1-1: new full-speed USB device number 82 using dummy_hcd [ 1070.124430][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1070.174970][T17821] binder: BINDER_SET_CONTEXT_MGR already set [ 1070.181056][T17821] binder: 17815:17821 ioctl 4018620d 80000040 returned -16 [ 1070.273836][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1070.353886][ T5911] usb 1-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1070.432451][ T5832] Bluetooth: hci0: command tx timeout [ 1070.485076][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1070.518748][ T5911] usb 1-1: config 0 descriptor?? [ 1070.530816][T17812] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1070.785163][ T5911] usbhid 1-1:0.0: can't add hid device: -71 [ 1070.834084][ T5911] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1070.866997][ T5911] usb 1-1: USB disconnect, device number 82 [ 1070.881386][T17654] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1071.084102][T17654] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1071.123630][T17654] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1071.179049][T17654] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1071.314007][ T5911] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1071.474229][ T5911] usb 1-1: Using ep0 maxpacket: 32 [ 1071.514893][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1071.554010][ T5911] usb 1-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1071.574859][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1071.663739][ T5911] usb 1-1: config 0 descriptor?? [ 1071.706359][T17654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1071.850513][T17654] 8021q: adding VLAN 0 to HW filter on device team0 [ 1071.901158][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.908529][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.950791][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.958125][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1072.142060][ T5911] hid-multitouch 0003:0EEF:72C4.004A: reserved main item tag 0xd [ 1072.250387][T17856] syz.3.3412 (17856): drop_caches: 2 [ 1072.279501][ T5911] hid-multitouch 0003:0EEF:72C4.004A: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.0-1/input0 [ 1072.299679][T17654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1072.314681][ T6788] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1072.386272][ T6787] usb 1-1: USB disconnect, device number 83 [ 1072.462216][T17654] veth0_vlan: entered promiscuous mode [ 1072.484351][ T6788] usb 3-1: Using ep0 maxpacket: 32 [ 1072.496849][ T6788] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1072.500086][T17654] veth1_vlan: entered promiscuous mode [ 1072.526997][ T6788] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1072.553212][T17858] fido_id[17858]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 1072.581064][ T6788] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1072.596610][ T6788] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1072.622121][ T6788] usb 3-1: Product: syz [ 1072.636706][ T6788] usb 3-1: Manufacturer: syz [ 1072.658663][ T6788] usb 3-1: SerialNumber: syz [ 1072.672785][T17654] veth0_macvtap: entered promiscuous mode [ 1072.683084][ T6788] usb 3-1: config 0 descriptor?? [ 1072.724666][T17654] veth1_macvtap: entered promiscuous mode [ 1072.779130][T17654] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1072.800811][T17654] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1072.898592][ T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.917659][ T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.935874][ T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.981093][ T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1073.135842][ T6788] usb 3-1: USB disconnect, device number 87 [ 1073.209967][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1073.244472][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.342282][ T6002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1073.369069][ T6002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.873192][T17879] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3362'. [ 1074.644138][ T5900] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 1074.794318][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 1074.802078][ T5900] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1074.814987][ T5900] usb 3-1: config 0 has no interface number 0 [ 1074.826944][T17908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3425'. [ 1074.836110][ T1217] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1074.855541][ T5900] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1074.863975][T17908] netlink: 'syz.4.3425': attribute type 14 has an invalid length. [ 1074.891064][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.915670][ T5900] usb 3-1: Product: syz [ 1074.924274][T17908] vxlan0: entered promiscuous mode [ 1074.928094][ T5900] usb 3-1: Manufacturer: syz [ 1074.944858][ T5900] usb 3-1: SerialNumber: syz [ 1074.962545][ T6002] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1074.984145][ T6002] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1074.995121][ T5900] usb 3-1: config 0 descriptor?? [ 1074.996238][ T1217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1075.028991][ T6002] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1075.044025][ T1217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1075.045358][ T5900] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1075.064523][ T6002] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1075.080721][ T1217] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1075.098952][ T1217] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1075.119697][ T1217] usb 1-1: Manufacturer: syz [ 1075.140350][ T1217] usb 1-1: config 0 descriptor?? [ 1075.229297][ T5900] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1075.308105][ T5900] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1075.318898][T17912] binder: BINDER_SET_CONTEXT_MGR already set [ 1075.325084][T17912] binder: 17909:17912 ioctl 4018620d 80000040 returned -16 [ 1075.350166][T17912] syz.5.3427 (17912): drop_caches: 2 [ 1075.826516][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1075.827544][ T6788] usb 3-1: USB disconnect, device number 88 [ 1075.857513][ T6788] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1075.891984][ T6788] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1075.922840][ T6788] quatech2 3-1:0.51: device disconnected [ 1076.006493][ T1217] uclogic 0003:256C:006D.004B: interface is invalid, ignoring [ 1076.240645][ T6788] usb 1-1: USB disconnect, device number 84 [ 1077.284276][ T129] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1077.404022][ T1217] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1077.435209][ T129] usb 1-1: Using ep0 maxpacket: 8 [ 1077.442454][ T129] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1077.451078][ T129] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1077.461758][ T129] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1077.505922][ T129] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1077.540541][ T129] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1077.576210][ T1217] usb 6-1: config 4 has an invalid interface number: 28 but max is 0 [ 1077.584938][ T1217] usb 6-1: config 4 has no interface number 0 [ 1077.591602][ T129] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1077.618513][ T1217] usb 6-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 1077.628937][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1077.628965][ T129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.657784][ T1217] usb 6-1: Product: syz [ 1077.664457][ T1217] usb 6-1: Manufacturer: syz [ 1077.670355][ T1217] usb 6-1: SerialNumber: syz [ 1077.693268][ T1217] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:4.28/input/input87 [ 1077.852526][ T129] usb 1-1: usb_control_msg returned -32 [ 1077.858796][ T129] usbtmc 1-1:16.0: can't read capabilities [ 1077.904487][ T5185] bcm5974 6-1:4.28: could not read from device [ 1077.924331][ T1217] bcm5974 6-1:4.28: could not read from device [ 1077.950665][ T5185] bcm5974 6-1:4.28: could not read from device [ 1077.969928][ T5185] bcm5974 6-1:4.28: could not read from device [ 1078.028924][ T1217] input: failed to attach handler mousedev to device input87, error: -5 [ 1078.048245][ T1217] usb 6-1: USB disconnect, device number 2 [ 1078.052608][ T5185] bcm5974 6-1:4.28: could not read from device [ 1078.523889][ T30] audit: type=1326 audit(1765555447.321:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17952 comm="syz.3.3443" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc1539 code=0x0 [ 1078.636304][T17955] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 1078.784587][T17119] usb 1-1: USB disconnect, device number 85 [ 1078.863970][ T1217] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1079.023850][ T1217] usb 6-1: Using ep0 maxpacket: 8 [ 1079.032064][ T1217] usb 6-1: config 0 has an invalid interface number: 186 but max is 0 [ 1079.041148][ T1217] usb 6-1: config 0 has no interface number 0 [ 1079.047836][ T1217] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1079.060087][ T1217] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 1079.077667][ T1217] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1079.103857][ T1217] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1079.120492][ T1217] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 1079.131183][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.140318][ T1217] usb 6-1: Product: syz [ 1079.144646][ T1217] usb 6-1: Manufacturer: syz [ 1079.149542][ T1217] usb 6-1: SerialNumber: syz [ 1079.162033][ T1217] usb 6-1: config 0 descriptor?? [ 1079.371650][T17969] binder: BINDER_SET_CONTEXT_MGR already set [ 1079.377799][T17969] binder: 17966:17969 ioctl 4018620d 80000040 returned -16 [ 1079.387945][T17969] binder: 17966:17969 ioctl c0306201 0 returned -14 [ 1079.416745][T17969] syz.2.3447 (17969): drop_caches: 2 [ 1079.463158][ T1217] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 1079.657760][ T1217] usb 6-1: USB disconnect, device number 3 [ 1080.006314][T17119] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1080.237221][T17119] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1080.248720][T17119] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1080.345760][T17119] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1080.377525][T17119] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1080.421774][T17119] usb 4-1: config 0 descriptor?? [ 1080.962399][T17119] hid-steam 0003:28DE:1142.004C: unknown main item tag 0x0 [ 1081.001817][T17119] hid-steam 0003:28DE:1142.004C: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 1081.094200][T17119] hid-steam 0003:28DE:1142.004C: Steam wireless receiver connected [ 1081.139201][T17119] hid-steam 0003:28DE:1142.004C: No HID_FEATURE_REPORT submitted - nothing to read [ 1081.172523][T17119] hid-steam 0003:28DE:1142.004D: unknown main item tag 0x0 [ 1081.195922][T17119] hid-steam 0003:28DE:1142.004D: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 1081.403888][ T5900] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1081.574123][ T5900] usb 6-1: Using ep0 maxpacket: 8 [ 1081.679502][T18015] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3462'. [ 1081.703906][ T5900] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1081.718242][ T5900] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1081.729461][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.760219][ T129] usb 4-1: USB disconnect, device number 76 [ 1081.828319][ T5900] usb 6-1: config 0 descriptor?? [ 1081.851613][ T129] hid-steam 0003:28DE:1142.004C: Steam wireless receiver disconnected [ 1081.866564][ T5900] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1082.131235][T18017] ======================================================= [ 1082.131235][T18017] WARNING: The mand mount option has been deprecated and [ 1082.131235][T18017] and is ignored by this kernel. Remove the mand [ 1082.131235][T18017] option from the mount to silence this warning. [ 1082.131235][T18017] ======================================================= [ 1082.973608][T18036] binder: 18029:18036 ioctl c0306201 0 returned -14 [ 1083.196139][T18036] syz.2.3467 (18036): drop_caches: 2 [ 1083.204703][ T5900] gspca_vc032x: reg_w err -71 [ 1083.209534][ T5900] vc032x 6-1:0.0: probe with driver vc032x failed with error -71 [ 1083.239525][ T5900] usb 6-1: USB disconnect, device number 4 [ 1083.625666][T18045] binder: 18039:18045 ioctl c0306201 0 returned -14 [ 1083.646772][T18045] syz.3.3469 (18045): drop_caches: 2 [ 1084.306923][T17119] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1084.524158][T17119] usb 6-1: Using ep0 maxpacket: 8 [ 1084.574742][T17119] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1084.593839][T17119] usb 6-1: config 0 has no interfaces? [ 1084.617501][T17119] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1084.657049][T17119] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1084.694170][T17119] usb 6-1: Product: syz [ 1084.698395][T17119] usb 6-1: Manufacturer: syz [ 1084.703003][T17119] usb 6-1: SerialNumber: syz [ 1084.759547][T17119] usb 6-1: config 0 descriptor?? [ 1085.034904][ T5900] usb 6-1: USB disconnect, device number 5 [ 1085.267960][T18068] input: syz1 as /devices/virtual/input/input88 [ 1085.397786][T18073] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3472'. [ 1086.033927][ T5911] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1086.243916][ T5911] usb 6-1: Using ep0 maxpacket: 16 [ 1086.250977][ T5911] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1086.260972][ T5911] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 1086.280659][ T5911] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1086.319339][ T5911] usb 6-1: config 1 interface 0 has no altsetting 0 [ 1086.337119][ T5911] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1086.359937][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1086.383938][ T5911] usb 6-1: Product: syz [ 1086.388174][ T5911] usb 6-1: Manufacturer: syz [ 1086.392811][ T5911] usb 6-1: SerialNumber: syz [ 1086.668794][ T5911] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 1086.864581][ T5911] usb 1-1: new low-speed USB device number 86 using dummy_hcd [ 1086.928314][ T5900] usb 6-1: USB disconnect, device number 6 [ 1086.978978][T18084] usblp0: removed [ 1087.038800][ T5911] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1087.055030][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1087.066454][ T5911] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1087.079183][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1087.092289][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1087.110554][ T5911] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1087.126461][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1087.150076][ T5911] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1087.183974][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1087.206434][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1087.238257][ T5911] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1087.254129][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1087.274985][ T5911] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1087.304857][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1087.318635][ T5911] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1087.337441][ T5911] usb 1-1: string descriptor 0 read error: -22 [ 1087.344781][ T5911] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1087.354145][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1087.378774][ T5911] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1087.776588][ T6788] usb 1-1: USB disconnect, device number 86 [ 1087.776801][T18147] usb 1-1: Couldn't submit interrupt_out_urb -19 [ 1089.025589][T18175] binder: BINDER_SET_CONTEXT_MGR already set [ 1089.045732][T18175] binder: 18170:18175 ioctl 4018620d 80000040 returned -16 [ 1089.213936][ T1217] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1089.364336][ T1217] usb 4-1: Using ep0 maxpacket: 32 [ 1089.375408][ T1217] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1089.395295][ T1217] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1089.405086][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1089.413477][ T1217] usb 4-1: Product: syz [ 1089.423853][ T1217] usb 4-1: Manufacturer: syz [ 1089.432370][ T1217] usb 4-1: SerialNumber: syz [ 1089.456639][ T1217] usb 4-1: config 0 descriptor?? [ 1089.472636][T18181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3502'. [ 1089.475609][T18173] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1089.505684][T18181] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3502'. [ 1089.536863][T18181] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3502'. [ 1089.568161][T18181] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3502'. [ 1091.274196][ T5900] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 1091.436022][ T5900] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 64 [ 1091.453858][ T5900] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1091.467593][ T5900] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1091.478725][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.497553][ T6788] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 1091.684386][ T6788] usb 1-1: Using ep0 maxpacket: 32 [ 1091.692864][ T6788] usb 1-1: config 0 has no interfaces? [ 1091.698913][ T6788] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1091.707834][ T5900] usb 6-1: usb_control_msg returned -71 [ 1091.710507][ T6788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.721656][ T5900] usbtmc 6-1:16.0: can't read capabilities [ 1091.740273][ T5900] usb 6-1: USB disconnect, device number 7 [ 1091.764368][ T6788] usb 1-1: config 0 descriptor?? [ 1091.855259][T18227] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3520'. [ 1091.947580][ T6788] usb 4-1: USB disconnect, device number 77 [ 1092.008292][ T5900] usb 1-1: USB disconnect, device number 87 [ 1092.291102][T18241] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3526'. [ 1092.589186][T18249] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.3530'. [ 1093.143914][ T5900] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 1093.293876][ T5900] usb 3-1: Using ep0 maxpacket: 8 [ 1093.303239][ T5900] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 1093.312561][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.320913][ T5900] usb 3-1: Product: syz [ 1093.321216][ T1217] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1093.325276][ T5900] usb 3-1: Manufacturer: syz [ 1093.325297][ T5900] usb 3-1: SerialNumber: syz [ 1093.348453][ T5900] usb 3-1: config 0 descriptor?? [ 1093.356618][ T5900] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1093.503884][ T1217] usb 6-1: Using ep0 maxpacket: 32 [ 1093.511338][ T1217] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1093.523604][ T1217] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1093.537313][ T1217] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1093.546780][ T1217] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.558176][ T1217] usb 6-1: config 0 descriptor?? [ 1093.572696][ T1217] hub 6-1:0.0: USB hub found [ 1093.779091][ T1217] hub 6-1:0.0: 1 port detected [ 1094.584633][ T5900] gspca_sonixj: reg_w1 err -71 [ 1094.634043][ T5900] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 1094.654226][ T5900] usb 3-1: USB disconnect, device number 89 [ 1095.035342][ T1217] hub 6-1:0.0: hub_hub_status failed (err = -32) [ 1095.042856][ T1217] hub 6-1:0.0: config failed, can't get hub status (err -32) [ 1095.056259][ T1217] usbhid 6-1:0.0: can't add hid device: -32 [ 1095.062491][ T1217] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 1095.095259][ T1217] usb 6-1: USB disconnect, device number 8 [ 1095.105100][T18299] binder: BINDER_SET_CONTEXT_MGR already set [ 1095.111162][T18299] binder: 18296:18299 ioctl 4018620d 80000040 returned -16 [ 1095.244357][T18302] kvm: user requested TSC rate below hardware speed [ 1095.255821][T18302] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1096.294335][T18320] binder: BINDER_SET_CONTEXT_MGR already set [ 1096.300676][T18320] binder: 18317:18320 ioctl 4018620d 80000040 returned -16 [ 1097.034379][T18328] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3560'. [ 1098.832000][T18364] loop2: detected capacity change from 0 to 7 [ 1098.865315][T18364] loop2: [ 1098.868339][T18364] loop2: partition table partially beyond EOD, truncated [ 1099.888750][T18395] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3586'. [ 1100.059419][T18405] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3587'. [ 1100.164129][ T5911] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 1100.179860][ T6788] IPVS: starting estimator thread 0... [ 1100.293876][T18406] IPVS: using max 37 ests per chain, 88800 per kthread [ 1100.333838][ T5911] usb 1-1: Using ep0 maxpacket: 32 [ 1100.346630][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1100.366959][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1100.393087][ T5911] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1100.422613][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1100.455281][ T5911] usb 1-1: config 0 descriptor?? [ 1100.625756][ T61] IPVS: stop unused estimator thread 0... [ 1100.825163][T18408] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3589'. [ 1100.851124][T18408] netlink: 108 bytes leftover after parsing attributes in process `syz.5.3589'. [ 1100.893931][T18408] netlink: 108 bytes leftover after parsing attributes in process `syz.5.3589'. [ 1100.978869][ T5911] ft260 0003:0403:6030.004E: unknown main item tag 0x7 [ 1101.177041][ T5911] ft260 0003:0403:6030.004E: chip code: 6424 8183 [ 1101.395321][T18419] binder: BINDER_SET_CONTEXT_MGR already set [ 1101.401431][T18419] binder: 18414:18419 ioctl 4018620d 80000040 returned -16 [ 1101.419782][ T5911] ft260 0003:0403:6030.004E: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0 [ 1101.620226][ T5911] ft260 0003:0403:6030.004E: failed to retrieve status: -32, no wakeup [ 1101.842189][ T5911] ft260 0003:0403:6030.004E: failed to reset I2C controller: -71 [ 1101.897623][ T5911] usb 1-1: USB disconnect, device number 88 [ 1102.900558][T18448] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3605'. [ 1103.776382][T18458] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 1103.795588][T18457] loop2: detected capacity change from 0 to 3 [ 1103.804927][T13776] ldm_validate_privheads(): Disk read failed. [ 1103.815270][T18455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1103.827823][T13776] Dev loop2: unable to read RDB block 3 [ 1103.836706][T13776] loop2: unable to read partition table [ 1103.843284][T13776] loop2: partition table beyond EOD, truncated [ 1103.850958][T18457] ldm_validate_privheads(): Disk read failed. [ 1103.866304][T18457] Dev loop2: unable to read RDB block 3 [ 1103.872158][T18457] loop2: unable to read partition table [ 1103.879269][T18457] loop2: partition table beyond EOD, truncated [ 1103.890452][T18457] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1104.558722][ T1217] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1104.728908][ T1217] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1104.738654][ T1217] usb 6-1: config 81 has an invalid interface number: 93 but max is 0 [ 1104.748049][ T1217] usb 6-1: config 81 has no interface number 0 [ 1104.754538][ T1217] usb 6-1: config 81 interface 93 has no altsetting 0 [ 1104.767108][ T1217] usb 6-1: New USB device found, idVendor=05ac, idProduct=024a, bcdDevice=dd.a4 [ 1104.776730][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1104.785239][ T1217] usb 6-1: Product: syz [ 1104.789697][ T1217] usb 6-1: Manufacturer: syz [ 1104.795150][ T1217] usb 6-1: SerialNumber: syz [ 1105.085656][T18508] loop2: detected capacity change from 0 to 7 [ 1105.094884][T14203] Dev loop2: unable to read RDB block 7 [ 1105.100550][T14203] loop2: unable to read partition table [ 1105.109994][T14203] loop2: partition table beyond EOD, truncated [ 1105.126182][T18508] Dev loop2: unable to read RDB block 7 [ 1105.142432][T18508] loop2: unable to read partition table [ 1105.165026][T18508] loop2: partition table beyond EOD, truncated [ 1105.194975][T18508] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1105.422603][T18514] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3630'. [ 1106.260516][T18528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3636'. [ 1107.092196][T18538] binder: BINDER_SET_CONTEXT_MGR already set [ 1107.098330][T18538] binder: 18532:18538 ioctl 4018620d 80000040 returned -16 [ 1107.120124][ T1217] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:81.93/input/input89 [ 1107.132735][ T5185] bcm5974 6-1:81.93: could not read from device [ 1107.265915][ T5185] bcm5974 6-1:81.93: could not read from device [ 1107.278810][ T1217] usb 6-1: USB disconnect, device number 9 [ 1107.619888][T18542] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3642'. [ 1108.174760][ T5900] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 1108.334104][ T5900] usb 1-1: Using ep0 maxpacket: 16 [ 1108.353712][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1108.374458][ T5900] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1108.394431][ T5900] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1108.403537][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.430085][ T5900] usb 1-1: config 0 descriptor?? [ 1109.880285][T18572] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3653'. [ 1110.806906][T18577] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3656'. [ 1110.897008][T18582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3658'. [ 1110.984098][ T1217] usb 1-1: USB disconnect, device number 89 [ 1111.263210][T18594] netlink: 'syz.5.3662': attribute type 5 has an invalid length. [ 1112.530227][T18622] loop2: detected capacity change from 0 to 7 [ 1112.551136][T13776] Dev loop2: unable to read RDB block 7 [ 1112.572027][T13776] loop2: AHDI p1 p2 p3 [ 1112.584513][T13776] loop2: partition table partially beyond EOD, truncated [ 1112.602706][T13776] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1112.626426][T13776] loop2: p3 start 335544320 is beyond EOD, truncated [ 1112.668800][T18622] Dev loop2: unable to read RDB block 7 [ 1112.684606][T18622] loop2: AHDI p1 p2 p3 [ 1112.690831][T18622] loop2: partition table partially beyond EOD, truncated [ 1112.708838][T18622] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1112.743730][T18622] loop2: p3 start 335544320 is beyond EOD, truncated [ 1112.984249][ T6788] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1113.101950][T18632] netlink: 'syz.4.3678': attribute type 1 has an invalid length. [ 1113.157976][T18632] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1113.168047][ T6788] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1113.197506][T18636] syzkaller1: entered promiscuous mode [ 1113.202135][ T6788] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1113.203029][T18636] syzkaller1: entered allmulticast mode [ 1113.237736][T18632] bond2: (slave erspan0): making interface the new active one [ 1113.257428][ T6788] usb 4-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1113.267820][T18632] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 1113.277447][ T6788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1113.291875][ T6788] usb 4-1: Product: syz [ 1113.304437][ T6788] usb 4-1: Manufacturer: syz [ 1113.313893][ T6788] usb 4-1: SerialNumber: syz [ 1113.324797][T18639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3680'. [ 1113.359557][ T6788] usb 4-1: config 0 descriptor?? [ 1113.578575][ T6788] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1115.184174][ T6788] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 1115.214732][T18686] syz.5.3697 (18686): drop_caches: 2 [ 1115.346114][ T6788] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1115.375176][ T6788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1115.386405][ T6788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1115.396705][ T6788] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1115.409917][ T6788] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1115.419244][ T6788] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.466019][ T6788] usb 3-1: config 0 descriptor?? [ 1115.635983][ T5900] usb 4-1: USB disconnect, device number 78 [ 1115.981817][ T6788] plantronics 0003:047F:FFFF.004F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1116.249852][T18701] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3703'. [ 1116.756421][T18710] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3704'. [ 1117.162397][T18719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3710'. [ 1118.424594][ T1217] usb 3-1: reset high-speed USB device number 90 using dummy_hcd [ 1118.441378][ T1217] usb 3-1: device reset changed ep0 maxpacket size! [ 1118.472896][ T5900] usb 3-1: USB disconnect, device number 90 [ 1118.549676][T18756] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3723'. [ 1118.683986][ T5900] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1118.812660][T18748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3720'. [ 1118.845084][ T5900] usb 3-1: Using ep0 maxpacket: 16 [ 1118.853542][ T5900] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1118.862365][ T5900] usb 3-1: config 1 has no interface number 0 [ 1118.873295][ T5900] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1118.919854][ T5900] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1118.948992][ T5900] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1118.967420][ T5900] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1118.979534][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.987856][ T5900] usb 3-1: Product: syz [ 1118.992513][ T5900] usb 3-1: Manufacturer: syz [ 1118.997427][ T5900] usb 3-1: SerialNumber: syz [ 1119.017739][T18745] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1119.049455][T18745] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1119.263896][T18765] netlink: 'syz.5.3728': attribute type 1 has an invalid length. [ 1119.271688][T18765] netlink: 'syz.5.3728': attribute type 2 has an invalid length. [ 1119.294410][T18765] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3728'. [ 1119.589731][T18745] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1119.616653][T18745] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1120.057682][T18779] loop2: detected capacity change from 0 to 7 [ 1120.079006][T14203] loop2: [ 1120.082090][T14203] loop2: partition table partially beyond EOD, truncated [ 1120.103040][T18779] loop2: [ 1120.107588][T18779] loop2: partition table partially beyond EOD, truncated [ 1120.284625][ T5900] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 1120.363231][ T5900] aqc111 3-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 92:83:e2:3b:7d:c3 [ 1120.539737][ T1217] usb 3-1: USB disconnect, device number 91 [ 1120.611734][ T1217] aqc111 3-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 1120.709211][T18784] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3735'. [ 1120.927020][ T1217] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1120.984195][ T1217] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1121.060666][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.067303][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.177678][ T1217] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 1121.944357][T18811] netlink: 'syz.5.3742': attribute type 1 has an invalid length. [ 1122.020951][T18806] syz.4.3741 (18806): drop_caches: 2 [ 1122.192897][T18811] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1122.226954][T18813] bond1: (slave geneve2): making interface the new active one [ 1122.246370][T18813] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 1122.340298][T18818] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3744'. [ 1123.957418][T18848] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3750'. [ 1124.448567][T18866] netlink: 'syz.0.3756': attribute type 3 has an invalid length. [ 1124.551065][T18866] netlink: 240 bytes leftover after parsing attributes in process `syz.0.3756'. [ 1125.081732][T18885] loop2: detected capacity change from 0 to 7 [ 1125.114682][T18885] loop2: [ 1125.117724][T18885] loop2: partition table partially beyond EOD, truncated [ 1125.529549][T18902] netlink: 'syz.0.3769': attribute type 3 has an invalid length. [ 1125.564065][T18902] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3769'. [ 1125.702854][T18903] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3766'. [ 1126.169391][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3773'. [ 1126.355526][T18917] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3774'. [ 1126.411708][T18918] loop2: detected capacity change from 0 to 7 [ 1126.425319][T18920] loop2: [ 1126.428485][T18920] loop2: partition table partially beyond EOD, truncated [ 1126.441373][T18918] loop2: [ 1126.448633][T18918] loop2: partition table partially beyond EOD, truncated [ 1126.799365][T18924] loop2: detected capacity change from 0 to 7 [ 1126.812857][T18924] Dev loop2: unable to read RDB block 7 [ 1126.832897][T18924] loop2: AHDI p1 p2 p3 [ 1126.861201][T18924] loop2: partition table partially beyond EOD, truncated [ 1126.877915][T18924] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1126.892130][T18924] loop2: p3 start 335544320 is beyond EOD, truncated [ 1127.060111][T18927] futex_wake_op: syz.3.3779 tries to shift op by 144; fix this program [ 1127.394696][T18935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3782'. [ 1127.610727][T18936] syz.0.3781 (18936): drop_caches: 2 [ 1127.960712][T18948] loop2: detected capacity change from 0 to 7 [ 1127.982113][T18948] Dev loop2: unable to read RDB block 7 [ 1128.063572][T18948] loop2: AHDI p1 p2 p3 [ 1128.078461][T18948] loop2: partition table partially beyond EOD, truncated [ 1128.091421][T18948] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1128.099870][T18948] loop2: p3 start 335544320 is beyond EOD, truncated [ 1128.240178][T18952] loop2: detected capacity change from 0 to 7 [ 1128.289504][T13776] loop2: [POWERTEC] p1 p2 [ 1128.314055][T13776] loop2: p1 start 4293918720 is beyond EOD, truncated [ 1128.320901][T13776] loop2: p2 start 951 is beyond EOD, truncated [ 1128.363111][T18952] loop2: [POWERTEC] p1 p2 [ 1128.382726][T18952] loop2: p1 start 4293918720 is beyond EOD, truncated [ 1128.406497][T18952] loop2: p2 start 951 is beyond EOD, truncated [ 1128.743068][T18959] binder: BINDER_SET_CONTEXT_MGR already set [ 1128.749759][T18959] binder: 18957:18959 ioctl 4018620d 80000040 returned -16 [ 1128.767084][T18959] syz.5.3792 (18959): drop_caches: 2 [ 1128.881258][T18960] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3791'. [ 1129.474849][T18968] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1130.603678][T19007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3809'. [ 1131.238934][T19025] syz.5.3813 (19025): drop_caches: 2 [ 1131.569189][T19038] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3819'. [ 1132.635364][T19051] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3824'. [ 1132.845727][T19054] netlink: 'syz.3.3824': attribute type 10 has an invalid length. [ 1132.907943][T19054] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3824'. [ 1132.934805][T19051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1132.986366][T19054] dummy0: entered promiscuous mode [ 1133.195788][T19059] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3826'. [ 1133.303673][T19059] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1133.404774][T19063] bond2: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 1134.163489][T19075] loop2: detected capacity change from 0 to 7 [ 1134.177625][T19075] loop2: [ 1134.183058][T19075] loop2: partition table partially beyond EOD, truncated [ 1134.576535][T19081] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3833'. [ 1134.881754][T19084] syz_tun: entered allmulticast mode [ 1134.893532][T19083] syz_tun: left allmulticast mode [ 1135.574542][ T5911] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1135.615787][T19095] loop2: detected capacity change from 0 to 7 [ 1135.636225][T19095] loop2: [ 1135.639275][T19095] loop2: partition table partially beyond EOD, truncated [ 1135.774286][ T5911] usb 6-1: Using ep0 maxpacket: 16 [ 1135.786177][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1135.833162][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1135.883945][ T5911] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1135.936598][ T5911] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1135.975113][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1135.990951][T19098] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3840'. [ 1136.007421][ T5911] usb 6-1: config 0 descriptor?? [ 1136.407586][T19109] loop2: detected capacity change from 0 to 7 [ 1136.415437][T19109] loop2: [ 1136.418693][T19109] loop2: partition table partially beyond EOD, truncated [ 1136.524577][ T5911] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0050/input/input92 [ 1136.580069][ T5911] microsoft 0003:045E:07DA.0050: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 1137.249673][ T30] audit: type=1326 audit(1765555506.051:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19115 comm="syz.3.3848" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x0 [ 1137.469682][T19124] binder: BINDER_SET_CONTEXT_MGR already set [ 1137.498309][T19128] loop2: detected capacity change from 0 to 7 [ 1137.508312][T19124] binder: 19118:19124 ioctl 4018620d 80000040 returned -16 [ 1137.518188][T19128] loop2: [ 1137.526271][T19128] loop2: partition table partially beyond EOD, truncated [ 1137.669456][T19124] syz.4.3850 (19124): drop_caches: 2 [ 1137.713281][T19130] input: syz0 as /devices/virtual/input/input93 [ 1137.933921][ T5911] usb 6-1: reset high-speed USB device number 10 using dummy_hcd [ 1138.103998][ T5911] usb 6-1: device descriptor read/64, error -32 [ 1138.344945][ T5911] usb 6-1: reset high-speed USB device number 10 using dummy_hcd [ 1138.732014][ T30] audit: type=1326 audit(1765555507.531:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19140 comm="syz.5.3856" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe7539 code=0x0 [ 1138.772248][T19145] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3855'. [ 1139.357264][ T5900] usb 6-1: USB disconnect, device number 10 [ 1140.732108][T19178] l2tp_ppp: sess 2/0: no socket in recv [ 1141.191424][T19184] binder: BINDER_SET_CONTEXT_MGR already set [ 1141.197741][T19184] binder: 19179:19184 ioctl 4018620d 80000040 returned -16 [ 1141.210940][T19184] syz.3.3880 (19184): drop_caches: 2 [ 1142.047704][T19195] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3872'. [ 1143.270364][T13776] buffer_io_error: 8 callbacks suppressed [ 1143.270386][T13776] Buffer I/O error on dev loop6, logical block 32767999, async page read [ 1143.671374][ T30] audit: type=1326 audit(1765555512.471:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19203 comm="syz.0.3877" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7fc00000 [ 1144.112113][T19225] syz.0.3883 (19225): drop_caches: 2 [ 1144.971946][T19245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3893'. [ 1144.987259][T19245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3893'. [ 1145.141938][T19248] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3891'. [ 1145.303053][T19249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3893'. [ 1145.323916][T19245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3893'. [ 1145.933541][T19260] loop2: detected capacity change from 0 to 7 [ 1145.950591][T13776] loop2: [ 1145.953634][T13776] loop2: partition table partially beyond EOD, truncated [ 1145.979843][T19260] loop2: [ 1145.992900][T19260] loop2: partition table partially beyond EOD, truncated [ 1146.032593][ T5200] loop2: [ 1146.051383][ T5200] loop2: partition table partially beyond EOD, truncated [ 1146.292353][T19264] loop2: detected capacity change from 0 to 7 [ 1146.326131][T19264] loop2: [ 1146.329177][T19264] loop2: partition table partially beyond EOD, truncated [ 1146.580887][T19276] input: syz1 as /devices/virtual/input/input94 [ 1146.794328][ T129] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 1146.973859][ T129] usb 1-1: Using ep0 maxpacket: 32 [ 1147.051960][ T129] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1147.087289][T19283] syz.4.3907 (19283): drop_caches: 2 [ 1147.131632][ T129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1147.162217][ T129] usb 1-1: config 0 descriptor?? [ 1147.226037][ T129] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1147.331658][T19290] syz.5.3909 (19290): drop_caches: 2 [ 1147.694635][ T129] gspca_vc032x: reg_w err -71 [ 1147.699440][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.760878][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.770935][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.783612][T19298] netlink: 'syz.2.3913': attribute type 33 has an invalid length. [ 1147.791867][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.797566][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.804322][T19298] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3913'. [ 1147.814309][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.839423][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.852733][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.859941][T19298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3913'. [ 1147.870107][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.939641][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.945575][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.955510][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.965375][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.970754][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.979967][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1147.986794][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1148.000212][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1148.027264][ T129] gspca_vc032x: I2c Bus Busy Wait 00 [ 1148.047819][T19300] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3912'. [ 1148.064084][ T129] gspca_vc032x: Unknown sensor... [ 1148.094012][ T129] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 1148.162490][ T129] usb 1-1: USB disconnect, device number 90 [ 1148.546054][T19305] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3915'. [ 1148.557060][T19305] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3915'. [ 1150.175831][T19334] @: entered allmulticast mode [ 1150.194904][T19333] @: left allmulticast mode [ 1150.731696][T19342] syz.0.3930 (19342): drop_caches: 2 [ 1150.864610][T19352] __nla_validate_parse: 2 callbacks suppressed [ 1150.864632][T19352] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3932'. [ 1151.029316][T19359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3936'. [ 1152.370707][T19388] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3943'. [ 1153.322498][T19412] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3953'. [ 1154.226911][ T6788] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 1154.535903][ T6788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1154.567154][ T6788] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1154.578217][ T6788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1154.603349][ T6788] usb 6-1: config 0 descriptor?? [ 1154.610004][T19426] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1155.079501][ T6788] elan 0003:04F3:0755.0051: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0 [ 1155.259658][T19441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3962'. [ 1155.603854][ T5900] usb 6-1: USB disconnect, device number 11 [ 1156.033897][ T5900] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1156.254058][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 1156.275065][ T5900] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 1156.295544][ T5900] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1156.328388][ T5900] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1156.381669][ T5900] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 1156.477137][ T5900] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 1156.494512][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1156.502670][ T5900] usb 3-1: Product: syz [ 1156.542264][T19458] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3967'. [ 1156.551771][ T5900] usb 3-1: Manufacturer: syz [ 1156.556742][ T5900] usb 3-1: SerialNumber: syz [ 1156.695243][ C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 1156.740648][ T5900] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input95 [ 1156.974667][ T5900] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 1156.993035][ T5900] (id 0x00) [ 1157.153187][ T5900] rc_core: IR keymap rc-imon-pad not found [ 1157.166082][ T5900] Registered IR keymap rc-empty [ 1157.193986][ T5900] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 1157.289808][ T5900] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 1157.335723][ T5900] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0 [ 1157.376629][ T5900] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input96 [ 1157.418426][ T5900] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:92> initialized [ 1157.547128][T19450] imon:vfd_write: invalid payload size [ 1157.564710][ T6788] usb 3-1: USB disconnect, device number 92 [ 1157.685884][T19463] netem: incorrect ge model size [ 1157.692855][T19463] netem: change failed [ 1160.149687][T19521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3985'. [ 1160.177153][T19521] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3985'. [ 1160.194343][T19521] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3985'. [ 1160.414342][ T1217] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1160.448018][T19525] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3987'. [ 1160.563932][ T1217] usb 4-1: Using ep0 maxpacket: 32 [ 1160.571616][ T1217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1160.644245][ T1217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1160.685254][ T1217] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1160.723889][ T1217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1160.757051][ T1217] usb 4-1: config 0 descriptor?? [ 1160.986682][T19533] tipc: Failed to remove unknown binding: 66,1,1/0:3843388001/3843388003 [ 1161.265872][T19537] loop5: detected capacity change from 0 to 7 [ 1161.266848][T19537] loop5: [ 1161.274959][ T30] audit: type=1326 audit(1765555530.061:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.298374][T19537] loop5: partition table partially beyond EOD, truncated [ 1161.573288][ T30] audit: type=1326 audit(1765555530.061:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573347][ T30] audit: type=1326 audit(1765555530.061:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573396][ T30] audit: type=1326 audit(1765555530.061:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573443][ T30] audit: type=1326 audit(1765555530.061:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573489][ T30] audit: type=1326 audit(1765555530.071:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573535][ T30] audit: type=1326 audit(1765555530.071:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573580][ T30] audit: type=1326 audit(1765555530.071:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573628][ T30] audit: type=1326 audit(1765555530.101:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.573672][ T30] audit: type=1326 audit(1765555530.111:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19536 comm="syz.2.3992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd539 code=0x7ffc0000 [ 1161.600256][ T1217] ft260 0003:0403:6030.0052: unknown main item tag 0x7 [ 1161.636731][T19422] Set syz1 is full, maxelem 65536 reached [ 1161.657932][ T1217] ft260 0003:0403:6030.0052: chip code: 6424 8183 [ 1161.834411][ T1217] ft260 0003:0403:6030.0052: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0 [ 1161.996741][T19548] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3996'. [ 1162.041172][ T1217] ft260 0003:0403:6030.0052: failed to retrieve status: -32, no wakeup [ 1162.252150][ T1217] ft260 0003:0403:6030.0052: failed to reset I2C controller: -71 [ 1162.278219][ T1217] usb 4-1: USB disconnect, device number 79 [ 1162.438096][T19554] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3999'. [ 1162.916203][T19560] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4000'. [ 1163.442593][T19566] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4001'. [ 1164.044857][T19572] loop2: detected capacity change from 0 to 7 [ 1164.090813][T19572] loop2: [ 1164.114822][T19572] loop2: partition table partially beyond EOD, truncated [ 1164.904037][ T129] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1165.113938][ T129] usb 6-1: config 0 has no interfaces? [ 1165.119496][ T129] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 1165.163861][ T129] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1165.197224][ T129] usb 6-1: config 0 descriptor?? [ 1165.290102][T19598] syz.4.4013 (19598): drop_caches: 2 [ 1165.446033][ T129] usb 6-1: USB disconnect, device number 12 [ 1165.666888][T19597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4012'. [ 1166.146404][T19609] binder: 19608:19609 ioctl c0306201 800001c0 returned -22 [ 1166.856399][T19629] loop2: detected capacity change from 0 to 7 [ 1166.858245][T13776] loop2: [ 1166.858278][T13776] loop2: partition table partially beyond EOD, truncated [ 1166.863467][T19629] loop2: [ 1166.863500][T19629] loop2: partition table partially beyond EOD, truncated [ 1167.478128][T19633] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.4022'. [ 1167.540946][T19637] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4024'. [ 1169.043715][T19655] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1169.084155][ T1217] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1169.253819][ T1217] usb 4-1: Using ep0 maxpacket: 32 [ 1169.262008][ T1217] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 1169.287357][ T1217] usb 4-1: config 0 has no interface number 0 [ 1169.293528][ T1217] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1169.332960][ T1217] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1169.352956][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1169.368115][ T1217] usb 4-1: Product: syz [ 1169.372336][ T1217] usb 4-1: Manufacturer: syz [ 1169.385813][ T1217] usb 4-1: SerialNumber: syz [ 1169.393499][ T1217] usb 4-1: config 0 descriptor?? [ 1169.424854][T19660] syz.2.4032 (19660): drop_caches: 2 [ 1169.434112][T19653] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1169.657718][T19653] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1170.983847][ T129] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1170.994529][T19687] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.4041'. [ 1171.156265][ T129] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1171.174849][ T129] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1171.206071][ T129] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1171.218879][ T129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.263366][ T129] usb 3-1: config 0 descriptor?? [ 1171.275563][ T129] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1171.287463][ T1217] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1171.298888][ T1217] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1171.324175][ T1217] asix 4-1:0.188: probe with driver asix failed with error -71 [ 1171.355180][ T1217] usb 4-1: USB disconnect, device number 80 [ 1171.624901][ T129] usb 3-1: USB disconnect, device number 93 [ 1172.292979][T19704] loop2: detected capacity change from 0 to 7 [ 1172.304907][T19704] Dev loop2: unable to read RDB block 7 [ 1172.310532][T19704] loop2: unable to read partition table [ 1172.324075][T19704] loop2: partition table beyond EOD, truncated [ 1172.330312][T19704] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1172.504297][ T1217] usb 4-1: new full-speed USB device number 81 using dummy_hcd [ 1172.694396][ T1217] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1172.704364][ T1217] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1172.729247][ T1217] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1172.752464][ T1217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.959464][T19719] syz.2.4052 (19719): drop_caches: 2 [ 1172.981579][ T1217] usb 4-1: usb_control_msg returned -32 [ 1172.989390][ T1217] usbtmc 4-1:16.0: can't read capabilities [ 1173.551498][T19725] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1174.058022][T19736] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4058'. [ 1174.100600][T19738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4061'. [ 1174.139477][ T129] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1174.353821][ T129] usb 6-1: Using ep0 maxpacket: 32 [ 1174.360712][ T129] usb 6-1: config 0 has an invalid interface number: 111 but max is 0 [ 1174.369102][ T129] usb 6-1: config 0 has no interface number 0 [ 1174.385645][ T129] usb 6-1: New USB device found, idVendor=0499, idProduct=1029, bcdDevice=c0.55 [ 1174.460470][ T129] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1174.477847][ T129] usb 6-1: Product: syz [ 1174.485614][ T129] usb 6-1: Manufacturer: syz [ 1174.493190][ T129] usb 6-1: SerialNumber: syz [ 1174.508196][ T129] usb 6-1: config 0 descriptor?? [ 1174.753662][ T129] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1174.813313][ T129] snd-usb-audio 6-1:0.111: probe with driver snd-usb-audio failed with error -2 [ 1174.836781][ T129] usb 6-1: USB disconnect, device number 13 [ 1174.861269][T13776] udevd[13776]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.111/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1175.271400][ T6787] usb 4-1: USB disconnect, device number 81 [ 1175.304333][T19750] fuse: root generation should be zero [ 1175.356884][ T129] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 1175.523846][ T129] usb 1-1: Using ep0 maxpacket: 16 [ 1175.532421][ T129] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 1175.553821][ T129] usb 1-1: config 1 has no interface number 0 [ 1175.560493][ T129] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1175.591447][ T129] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1175.610855][ T129] usb 1-1: config 1 interface 105 has no altsetting 0 [ 1175.625112][ T129] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1175.658309][T19760] binder: BINDER_SET_CONTEXT_MGR already set [ 1175.664462][T19760] binder: 19757:19760 ioctl 4018620d 80000040 returned -16 [ 1175.682715][T19760] syz.2.4069 (19760): drop_caches: 2 [ 1175.696364][ T129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1175.704810][ T129] usb 1-1: Product: syz [ 1175.709011][ T129] usb 1-1: Manufacturer: syz [ 1175.713638][ T129] usb 1-1: SerialNumber: syz [ 1175.713828][ T6787] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1175.786929][T19748] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1175.796322][T19748] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1175.899174][T19764] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4071'. [ 1175.934248][ T6787] usb 6-1: Using ep0 maxpacket: 8 [ 1175.947208][ T6787] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1175.959996][ T6787] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1176.002993][ T6787] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1176.087619][ T6787] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1176.110691][ T6787] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1176.141247][ T6787] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1176.169324][ T6787] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1176.295670][T19748] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1176.303558][T19748] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1176.415737][ T6787] usb 6-1: GET_CAPABILITIES returned 0 [ 1176.421480][ T6787] usbtmc 6-1:16.0: can't read capabilities [ 1176.701753][ T30] audit: type=1326 audit(1765555545.501:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.759245][ T30] audit: type=1326 audit(1765555545.541:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.782009][ T30] audit: type=1326 audit(1765555545.541:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.807324][ T30] audit: type=1326 audit(1765555545.541:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.832692][ T5893] usb 6-1: USB disconnect, device number 14 [ 1176.857675][ T30] audit: type=1326 audit(1765555545.541:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.882629][ T30] audit: type=1326 audit(1765555545.541:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1176.936134][ T129] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 1176.959403][ T30] audit: type=1326 audit(1765555545.541:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1177.005664][ T129] aqc111 1-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 4e:7d:9f:d1:eb:5a [ 1177.030852][ T30] audit: type=1326 audit(1765555545.541:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1177.129349][ T30] audit: type=1326 audit(1765555545.541:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1177.216945][T19777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4075'. [ 1177.233676][ T30] audit: type=1326 audit(1765555545.541:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19771 comm="syz.4.4074" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7ffc0000 [ 1177.312056][ T1217] usb 1-1: USB disconnect, device number 91 [ 1177.324301][T19778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4075'. [ 1177.349748][ T1217] aqc111 1-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 1177.469708][ T1217] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1177.678981][ T1217] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1177.708450][ T1217] aqc111 1-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 1178.394992][ T129] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1178.563917][ T129] usb 6-1: Using ep0 maxpacket: 32 [ 1178.589068][ T129] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 1178.637083][ T129] usb 6-1: config 0 has no interface number 0 [ 1178.670512][ T129] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1178.713481][ T129] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1178.765919][T19804] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1178.768249][ T129] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.788334][ T129] usb 6-1: Product: syz [ 1178.792561][ T129] usb 6-1: Manufacturer: syz [ 1178.826422][ T129] usb 6-1: SerialNumber: syz [ 1178.844884][ T129] usb 6-1: config 0 descriptor?? [ 1178.850666][T19792] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1179.098694][T19792] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1179.192927][T19816] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4084'. [ 1180.475254][T19842] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.4090'. [ 1180.770451][ T129] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1180.789395][ T129] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1180.834910][ T129] asix 6-1:0.188: probe with driver asix failed with error -71 [ 1180.870146][ T129] usb 6-1: USB disconnect, device number 15 [ 1181.893993][ T1217] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1182.043974][ T1217] usb 6-1: Using ep0 maxpacket: 16 [ 1182.054362][ T1217] usb 6-1: config 1 has an invalid interface number: 105 but max is 0 [ 1182.062634][ T1217] usb 6-1: config 1 has no interface number 0 [ 1182.096827][ T1217] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1182.133863][ T1217] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1182.163988][ T1217] usb 6-1: config 1 interface 105 has no altsetting 0 [ 1182.174434][ T1217] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1182.195390][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.203446][ T1217] usb 6-1: Product: syz [ 1182.220104][ T1217] usb 6-1: Manufacturer: syz [ 1182.235861][ T1217] usb 6-1: SerialNumber: syz [ 1182.286858][T19859] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1182.296080][T19859] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1182.487846][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.501447][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1182.634021][ T6787] usb 3-1: new full-speed USB device number 94 using dummy_hcd [ 1182.720671][T19859] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1182.729020][T19859] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1182.797462][ T6787] usb 3-1: config 0 has an invalid interface number: 11 but max is 0 [ 1182.806356][ T6787] usb 3-1: config 0 has no interface number 0 [ 1182.812695][ T6787] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 1182.824877][ T6787] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1182.837609][ T6787] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid wMaxPacketSize 0 [ 1182.848423][ T6787] usb 3-1: config 0 interface 11 has no altsetting 0 [ 1182.855312][ T6787] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1182.865109][ T6787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1182.885598][ T6787] usb 3-1: config 0 descriptor?? [ 1182.902506][T19874] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1182.912970][ T6787] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected [ 1182.922919][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81 [ 1182.940885][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82 [ 1182.949484][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1 [ 1182.957986][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2 [ 1182.966201][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85 [ 1182.974728][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5 [ 1182.986906][ T6787] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 1182.999823][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83 [ 1183.008771][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84 [ 1183.017305][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3 [ 1183.025527][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4 [ 1183.044948][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86 [ 1183.057506][ T6787] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6 [ 1183.069364][ T6787] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 1183.169510][ T6787] usb 3-1: USB disconnect, device number 94 [ 1183.180870][ T6787] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 1183.200561][ T6787] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 1183.221369][ T6787] keyspan 3-1:0.11: device disconnected [ 1183.357935][ T1217] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 1184.003882][ T5900] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1184.153852][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 1184.165329][ T5900] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1184.180448][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1184.208055][ T5900] usb 3-1: config 0 descriptor?? [ 1184.237001][ T5900] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1184.557902][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 1184.820734][ T1217] aqc111 6-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, e6:d9:8c:8e:ea:98 [ 1184.841054][ T1217] usb 6-1: USB disconnect, device number 16 [ 1184.869738][ T1217] aqc111 6-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 1184.985642][ T1217] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1185.004130][ T1217] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 1185.020768][ T1217] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 1186.039119][T19925] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.4120'. [ 1186.071804][ T5900] gspca_sunplus: reg_w_riv err -71 [ 1186.098461][ T5900] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 1186.120164][ T5900] usb 3-1: USB disconnect, device number 95 [ 1186.586559][T19927] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4121'. [ 1186.851365][T19932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4123'. [ 1186.876625][T19932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4123'. [ 1187.090765][T19938] loop2: detected capacity change from 0 to 7 [ 1187.099170][T19938] loop2: [ 1187.102721][T19938] loop2: partition table partially beyond EOD, truncated [ 1187.115815][ T5200] loop2: [ 1187.121485][ T5200] loop2: partition table partially beyond EOD, truncated [ 1187.217985][ T129] hid-generic 0000:0000:0000.0053: unknown main item tag 0x0 [ 1187.263571][ T129] hid-generic 0000:0000:0000.0053: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1187.647120][T19954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1187.685464][ T1217] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 1187.704747][ T1217] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 1187.715279][T19954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1187.729805][T19638] wlan1: authenticated [ 1187.746430][T19638] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 1187.786877][ T3011] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 1187.797422][T19954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1187.815259][ T3011] wlan1: associated [ 1187.870298][T19958] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4134'. [ 1188.354921][T19962] syz.2.4135 (19962): drop_caches: 2 [ 1188.658383][T19964] syz_tun: entered allmulticast mode [ 1188.666908][T19963] syz_tun: left allmulticast mode [ 1188.840533][T19966] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4137'. [ 1188.889024][T19966] bond_slave_0: entered promiscuous mode [ 1188.909690][T19966] macvlan2: entered promiscuous mode [ 1188.936549][T19966] bond0: entered promiscuous mode [ 1189.038401][T19966] bond_slave_1: entered promiscuous mode [ 1189.047619][T19966] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1189.101598][T19972] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.4138'. [ 1189.486896][T19976] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1189.574191][ T6788] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1189.768180][ T6788] usb 6-1: Using ep0 maxpacket: 16 [ 1189.786486][ T6788] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 1189.795837][ T6788] usb 6-1: config 0 has no interface number 0 [ 1189.801965][ T6788] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1189.856733][ T6788] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1189.874958][ T6788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1189.906740][ T6788] usb 6-1: Product: syz [ 1189.910958][ T6788] usb 6-1: Manufacturer: syz [ 1189.934683][ T6788] usb 6-1: SerialNumber: syz [ 1189.963245][ T6788] usb 6-1: config 0 descriptor?? [ 1190.598166][ T6788] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.214/input/input97 [ 1190.686505][ T30] audit: type=1326 audit(1765555559.491:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19995 comm="syz.0.4148" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x0 [ 1190.852317][T19974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1190.896952][T19974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1190.934623][ T129] usb 6-1: USB disconnect, device number 17 [ 1190.981777][T20001] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4149'. [ 1191.325078][T20003] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4150'. [ 1191.356066][T20003] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4150'. [ 1191.397124][T20003] ip6gretap0: entered promiscuous mode [ 1191.416449][T20003] @: entered promiscuous mode [ 1191.422881][T20003] hsr1: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network [ 1191.453782][T20003] hsr1: Slave B (@) is not up; please bring it up to get a fully working HSR network [ 1191.493875][T20007] lo: entered allmulticast mode [ 1191.516173][T20006] lo: left allmulticast mode [ 1191.689278][T20015] [ 1191.691672][T20015] ===================================================== [ 1191.698748][T20015] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1191.706234][T20015] syzkaller #0 Tainted: G L [ 1191.712245][T20015] ----------------------------------------------------- [ 1191.719200][T20015] syz.2.4155/20015 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1191.726953][T20015] ffffffff8dc0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420 [ 1191.735720][T20015] [ 1191.735720][T20015] and this task is already holding: [ 1191.743108][T20015] ffff888076c33aa0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 [ 1191.751877][T20015] which would create a new lock dependency: [ 1191.757794][T20015] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1191.765396][T20015] [ 1191.765396][T20015] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1191.774856][T20015] (&dev->event_lock#2){..-.}-{3:3} [ 1191.774895][T20015] [ 1191.774895][T20015] ... which became SOFTIRQ-irq-safe at: [ 1191.787805][T20015] lock_acquire+0x117/0x340 [ 1191.792410][T20015] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1191.797718][T20015] input_event+0x76/0xe0 [ 1191.802064][T20015] atp_complete_geyser_3_4+0x11f2/0x1e80 [ 1191.807800][T20015] __usb_hcd_giveback_urb+0x376/0x540 [ 1191.813307][T20015] dummy_timer+0x85f/0x45b0 [ 1191.817912][T20015] __hrtimer_run_queues+0x51c/0xc30 [ 1191.823228][T20015] hrtimer_run_softirq+0x187/0x2b0 [ 1191.828446][T20015] handle_softirqs+0x27d/0x850 [ 1191.833307][T20015] __irq_exit_rcu+0xca/0x1f0 [ 1191.837993][T20015] irq_exit_rcu+0x9/0x30 [ 1191.842339][T20015] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1191.848168][T20015] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1191.854246][T20015] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1191.860084][T20015] dummy_urb_enqueue+0x58a/0x780 [ 1191.865124][T20015] usb_hcd_submit_urb+0x328/0x1b80 [ 1191.870348][T20015] atp_open+0x63/0xc0 [ 1191.874431][T20015] input_open_device+0x1d3/0x390 [ 1191.879486][T20015] mousedev_open_device+0xcc/0x150 [ 1191.884726][T20015] mousedev_open+0x2ef/0x4a0 [ 1191.889422][T20015] chrdev_open+0x4cc/0x5e0 [ 1191.893947][T20015] do_dentry_open+0x7ce/0x1420 [ 1191.898829][T20015] vfs_open+0x3b/0x340 [ 1191.903015][T20015] path_openat+0x340e/0x3dd0 [ 1191.907709][T20015] do_filp_open+0x1fa/0x410 [ 1191.912433][T20015] do_sys_openat2+0x121/0x200 [ 1191.917225][T20015] __x64_sys_openat+0x138/0x170 [ 1191.922241][T20015] do_syscall_64+0xfa/0xf80 [ 1191.926872][T20015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.932877][T20015] [ 1191.932877][T20015] to a SOFTIRQ-irq-unsafe lock: [ 1191.939921][T20015] (tasklist_lock){.+.+}-{3:3} [ 1191.939970][T20015] [ 1191.939970][T20015] ... which became SOFTIRQ-irq-unsafe at: [ 1191.952637][T20015] ... [ 1191.952649][T20015] lock_acquire+0x117/0x340 [ 1191.959848][T20015] _raw_read_lock+0x36/0x50 [ 1191.964459][T20015] __do_wait+0xde/0x740 [ 1191.968721][T20015] do_wait+0x1e8/0x4f0 [ 1191.972917][T20015] kernel_wait+0xab/0x170 [ 1191.977350][T20015] call_usermodehelper_exec_work+0xbe/0x230 [ 1191.983335][T20015] process_scheduled_works+0xad1/0x1770 [ 1191.988972][T20015] worker_thread+0x8a0/0xda0 [ 1191.993663][T20015] kthread+0x711/0x8a0 [ 1191.997838][T20015] ret_from_fork+0x599/0xb30 [ 1192.002519][T20015] ret_from_fork_asm+0x1a/0x30 [ 1192.007381][T20015] [ 1192.007381][T20015] other info that might help us debug this: [ 1192.007381][T20015] [ 1192.017697][T20015] Chain exists of: [ 1192.017697][T20015] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 1192.017697][T20015] [ 1192.030773][T20015] Possible interrupt unsafe locking scenario: [ 1192.030773][T20015] [ 1192.039113][T20015] CPU0 CPU1 [ 1192.044486][T20015] ---- ---- [ 1192.049858][T20015] lock(tasklist_lock); [ 1192.054114][T20015] local_irq_disable(); [ 1192.060877][T20015] lock(&dev->event_lock#2); [ 1192.068106][T20015] lock(&f_owner->lock); [ 1192.075011][T20015] [ 1192.078493][T20015] lock(&dev->event_lock#2); [ 1192.083401][T20015] [ 1192.083401][T20015] *** DEADLOCK *** [ 1192.083401][T20015] [ 1192.091549][T20015] 2 locks held by syz.2.4155/20015: [ 1192.096805][T20015] #0: ffff888029a85e60 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x1b0/0x4f0 [ 1192.105375][T20015] #1: ffff888076c33aa0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 [ 1192.114542][T20015] [ 1192.114542][T20015] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1192.124950][T20015] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1192.130795][T20015] IN-SOFTIRQ-W at: [ 1192.135087][T20015] lock_acquire+0x117/0x340 [ 1192.141811][T20015] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1192.149228][T20015] input_event+0x76/0xe0 [ 1192.155668][T20015] atp_complete_geyser_3_4+0x11f2/0x1e80 [ 1192.163496][T20015] __usb_hcd_giveback_urb+0x376/0x540 [ 1192.171057][T20015] dummy_timer+0x85f/0x45b0 [ 1192.177752][T20015] __hrtimer_run_queues+0x51c/0xc30 [ 1192.185141][T20015] hrtimer_run_softirq+0x187/0x2b0 [ 1192.192442][T20015] handle_softirqs+0x27d/0x850 [ 1192.199414][T20015] __irq_exit_rcu+0xca/0x1f0 [ 1192.206199][T20015] irq_exit_rcu+0x9/0x30 [ 1192.212643][T20015] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1192.220477][T20015] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1192.228666][T20015] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1192.236647][T20015] dummy_urb_enqueue+0x58a/0x780 [ 1192.243778][T20015] usb_hcd_submit_urb+0x328/0x1b80 [ 1192.251083][T20015] atp_open+0x63/0xc0 [ 1192.257252][T20015] input_open_device+0x1d3/0x390 [ 1192.264565][T20015] mousedev_open_device+0xcc/0x150 [ 1192.271864][T20015] mousedev_open+0x2ef/0x4a0 [ 1192.278650][T20015] chrdev_open+0x4cc/0x5e0 [ 1192.285255][T20015] do_dentry_open+0x7ce/0x1420 [ 1192.292203][T20015] vfs_open+0x3b/0x340 [ 1192.298487][T20015] path_openat+0x340e/0x3dd0 [ 1192.305276][T20015] do_filp_open+0x1fa/0x410 [ 1192.311956][T20015] do_sys_openat2+0x121/0x200 [ 1192.318818][T20015] __x64_sys_openat+0x138/0x170 [ 1192.325855][T20015] do_syscall_64+0xfa/0xf80 [ 1192.332551][T20015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.340649][T20015] INITIAL USE at: [ 1192.344852][T20015] lock_acquire+0x117/0x340 [ 1192.351458][T20015] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1192.358780][T20015] input_inject_event+0xa5/0x340 [ 1192.365822][T20015] kbd_led_trigger_activate+0xbc/0x100 [ 1192.373373][T20015] led_trigger_set+0x52d/0x950 [ 1192.380229][T20015] led_trigger_set_default+0x260/0x2a0 [ 1192.387802][T20015] led_classdev_register_ext+0x73d/0x960 [ 1192.395541][T20015] input_leds_connect+0x517/0x790 [ 1192.402757][T20015] input_register_device+0xd00/0x1170 [ 1192.410235][T20015] atkbd_connect+0x73b/0xa50 [ 1192.416918][T20015] serio_driver_probe+0x82/0xd0 [ 1192.423875][T20015] really_probe+0x26d/0xad0 [ 1192.430476][T20015] __driver_probe_device+0x18c/0x320 [ 1192.437864][T20015] driver_probe_device+0x4f/0x240 [ 1192.444980][T20015] __driver_attach+0x349/0x650 [ 1192.451840][T20015] bus_for_each_dev+0x233/0x2b0 [ 1192.458788][T20015] serio_handle_event+0x1f9/0x8d0 [ 1192.465915][T20015] process_scheduled_works+0xad1/0x1770 [ 1192.473554][T20015] worker_thread+0x8a0/0xda0 [ 1192.480236][T20015] kthread+0x711/0x8a0 [ 1192.486412][T20015] ret_from_fork+0x599/0xb30 [ 1192.493089][T20015] ret_from_fork_asm+0x1a/0x30 [ 1192.499958][T20015] } [ 1192.502761][T20015] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 1192.512070][T20015] -> (&client->buffer_lock){....}-{3:3} { [ 1192.517994][T20015] INITIAL USE at: [ 1192.522068][T20015] lock_acquire+0x117/0x340 [ 1192.528490][T20015] _raw_spin_lock+0x2e/0x40 [ 1192.534920][T20015] evdev_pass_values+0xb9/0xbd0 [ 1192.541699][T20015] evdev_events+0x1aa/0x340 [ 1192.548130][T20015] input_pass_values+0x1c2/0x890 [ 1192.554995][T20015] input_event_dispose+0x330/0x6b0 [ 1192.562038][T20015] input_inject_event+0x1dd/0x340 [ 1192.568986][T20015] evdev_write+0x2fc/0x480 [ 1192.575334][T20015] vfs_write+0x27e/0xb30 [ 1192.581492][T20015] ksys_write+0x145/0x250 [ 1192.587738][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1192.594858][T20015] do_fast_syscall_32+0x34/0x80 [ 1192.601631][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1192.609901][T20015] } [ 1192.612583][T20015] ... key at: [] evdev_open.__key.26+0x0/0x20 [ 1192.620928][T20015] ... acquired at: [ 1192.624904][T20015] _raw_spin_lock+0x2e/0x40 [ 1192.629594][T20015] evdev_pass_values+0xb9/0xbd0 [ 1192.634643][T20015] evdev_events+0x1aa/0x340 [ 1192.639344][T20015] input_pass_values+0x1c2/0x890 [ 1192.644470][T20015] input_event_dispose+0x330/0x6b0 [ 1192.649769][T20015] input_inject_event+0x1dd/0x340 [ 1192.654980][T20015] evdev_write+0x2fc/0x480 [ 1192.659589][T20015] vfs_write+0x27e/0xb30 [ 1192.664016][T20015] ksys_write+0x145/0x250 [ 1192.668529][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1192.673905][T20015] do_fast_syscall_32+0x34/0x80 [ 1192.678938][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1192.685448][T20015] [ 1192.687773][T20015] -> (&new->fa_lock){...-}-{3:3} { [ 1192.692999][T20015] IN-SOFTIRQ-R at: [ 1192.697076][T20015] lock_acquire+0x117/0x340 [ 1192.703412][T20015] _raw_read_lock_irqsave+0xaf/0x100 [ 1192.710538][T20015] kill_fasync+0x199/0x4d0 [ 1192.716801][T20015] sock_wake_async+0x137/0x160 [ 1192.723411][T20015] sock_def_readable+0x3c1/0x530 [ 1192.730202][T20015] tcp_rcv_established+0x18e3/0x2580 [ 1192.737327][T20015] tcp_v6_do_rcv+0x8eb/0x1ba0 [ 1192.743855][T20015] tcp_v6_rcv+0x2247/0x2ae0 [ 1192.750212][T20015] ip6_protocol_deliver_rcu+0xcb0/0x15c0 [ 1192.757702][T20015] ip6_input_finish+0x191/0x370 [ 1192.764401][T20015] NF_HOOK+0x30c/0x3a0 [ 1192.770311][T20015] ip6_input+0x16a/0x270 [ 1192.776390][T20015] NF_HOOK+0x30c/0x3a0 [ 1192.782291][T20015] __netif_receive_skb+0xd3/0x380 [ 1192.789158][T20015] process_backlog+0x622/0x1500 [ 1192.795849][T20015] __napi_poll+0xae/0x320 [ 1192.802027][T20015] net_rx_action+0x672/0xe50 [ 1192.808458][T20015] handle_softirqs+0x27d/0x850 [ 1192.815051][T20015] do_softirq+0xec/0x180 [ 1192.821132][T20015] __local_bh_enable_ip+0x17d/0x1c0 [ 1192.828254][T20015] tcp_sendmsg+0x39/0x50 [ 1192.834332][T20015] __sock_sendmsg+0xe5/0x270 [ 1192.840776][T20015] sock_write_iter+0x279/0x360 [ 1192.847379][T20015] vfs_write+0x5c9/0xb30 [ 1192.853453][T20015] ksys_write+0x145/0x250 [ 1192.859612][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1192.866648][T20015] do_fast_syscall_32+0x34/0x80 [ 1192.873363][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1192.881539][T20015] INITIAL USE at: [ 1192.885620][T20015] lock_acquire+0x117/0x340 [ 1192.891886][T20015] _raw_write_lock_irq+0xa2/0xf0 [ 1192.898591][T20015] fasync_remove_entry+0xf1/0x1c0 [ 1192.905385][T20015] sock_fasync+0x85/0xf0 [ 1192.911390][T20015] __fput+0x8a2/0xa70 [ 1192.917131][T20015] task_work_run+0x1d4/0x260 [ 1192.923494][T20015] exit_to_user_mode_loop+0xff/0x4f0 [ 1192.930543][T20015] __do_fast_syscall_32+0x3cb/0x570 [ 1192.937512][T20015] do_fast_syscall_32+0x34/0x80 [ 1192.944121][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1192.952208][T20015] INITIAL READ USE at: [ 1192.956636][T20015] lock_acquire+0x117/0x340 [ 1192.963326][T20015] _raw_read_lock_irqsave+0xaf/0x100 [ 1192.970808][T20015] kill_fasync+0x199/0x4d0 [ 1192.977417][T20015] sock_wake_async+0x137/0x160 [ 1192.984364][T20015] sock_def_readable+0x3c1/0x530 [ 1192.991485][T20015] tcp_rcv_established+0x18e3/0x2580 [ 1192.998952][T20015] tcp_v6_do_rcv+0x8eb/0x1ba0 [ 1193.005821][T20015] __release_sock+0x1b8/0x3a0 [ 1193.012685][T20015] release_sock+0x5f/0x1f0 [ 1193.019286][T20015] tcp_sendmsg+0x39/0x50 [ 1193.025713][T20015] __sock_sendmsg+0xe5/0x270 [ 1193.032491][T20015] sock_write_iter+0x279/0x360 [ 1193.039442][T20015] vfs_write+0x5c9/0xb30 [ 1193.045869][T20015] ksys_write+0x145/0x250 [ 1193.052407][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.059786][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.066821][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.075332][T20015] } [ 1193.077928][T20015] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1193.086704][T20015] ... acquired at: [ 1193.090601][T20015] _raw_read_lock_irqsave+0xaf/0x100 [ 1193.096084][T20015] kill_fasync+0x199/0x4d0 [ 1193.100742][T20015] evdev_pass_values+0x627/0xbd0 [ 1193.105879][T20015] evdev_events+0x1e6/0x340 [ 1193.110593][T20015] input_pass_values+0x288/0x890 [ 1193.115722][T20015] input_event_dispose+0x330/0x6b0 [ 1193.121023][T20015] input_inject_event+0x1dd/0x340 [ 1193.126233][T20015] evdev_write+0x2fc/0x480 [ 1193.130861][T20015] vfs_write+0x27e/0xb30 [ 1193.135292][T20015] ksys_write+0x145/0x250 [ 1193.139898][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.145281][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.150318][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.156834][T20015] [ 1193.159160][T20015] -> (&f_owner->lock){....}-{3:3} { [ 1193.164389][T20015] INITIAL USE at: [ 1193.168291][T20015] lock_acquire+0x117/0x340 [ 1193.174370][T20015] _raw_write_lock_irq+0xa2/0xf0 [ 1193.180892][T20015] __f_setown+0x67/0x370 [ 1193.186712][T20015] generic_setlease+0xe1e/0x1280 [ 1193.193226][T20015] do_fcntl_add_lease+0x34d/0x460 [ 1193.199835][T20015] fcntl_setlease+0x123/0x180 [ 1193.206109][T20015] do_fcntl+0x867/0x1a50 [ 1193.211928][T20015] do_compat_fcntl64+0x477/0x720 [ 1193.218447][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.225229][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.231651][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.239555][T20015] INITIAL READ USE at: [ 1193.243903][T20015] lock_acquire+0x117/0x340 [ 1193.250421][T20015] _raw_read_lock_irqsave+0xaf/0x100 [ 1193.257722][T20015] send_sigio+0x38/0x370 [ 1193.263984][T20015] kill_fasync+0x24d/0x4d0 [ 1193.270415][T20015] lease_break_callback+0x26/0x30 [ 1193.277453][T20015] __break_lease+0x730/0x1620 [ 1193.284140][T20015] do_dentry_open+0x73a/0x1420 [ 1193.290912][T20015] vfs_open+0x3b/0x340 [ 1193.296995][T20015] path_openat+0x340e/0x3dd0 [ 1193.303587][T20015] do_filp_open+0x1fa/0x410 [ 1193.310096][T20015] do_open_execat+0x135/0x560 [ 1193.316787][T20015] open_exec+0x40/0x60 [ 1193.322896][T20015] load_script+0x6e9/0x860 [ 1193.329345][T20015] bprm_execve+0x92e/0x1400 [ 1193.335874][T20015] do_execveat_common+0x510/0x6a0 [ 1193.342944][T20015] __ia32_compat_sys_execveat+0xca/0xe0 [ 1193.350524][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.357740][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.364622][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.372967][T20015] } [ 1193.375477][T20015] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1193.384345][T20015] ... acquired at: [ 1193.388151][T20015] _raw_read_lock_irqsave+0xaf/0x100 [ 1193.393625][T20015] send_sigio+0x38/0x370 [ 1193.398060][T20015] kill_fasync+0x24d/0x4d0 [ 1193.402670][T20015] lease_break_callback+0x26/0x30 [ 1193.407883][T20015] __break_lease+0x730/0x1620 [ 1193.412744][T20015] do_dentry_open+0x73a/0x1420 [ 1193.417697][T20015] vfs_open+0x3b/0x340 [ 1193.421952][T20015] path_openat+0x340e/0x3dd0 [ 1193.426719][T20015] do_filp_open+0x1fa/0x410 [ 1193.431400][T20015] do_open_execat+0x135/0x560 [ 1193.436268][T20015] open_exec+0x40/0x60 [ 1193.440526][T20015] load_script+0x6e9/0x860 [ 1193.445129][T20015] bprm_execve+0x92e/0x1400 [ 1193.449822][T20015] do_execveat_common+0x510/0x6a0 [ 1193.455030][T20015] __ia32_compat_sys_execveat+0xca/0xe0 [ 1193.460754][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.466137][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.471169][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.477679][T20015] [ 1193.480008][T20015] [ 1193.480008][T20015] the dependencies between the lock to be acquired [ 1193.480020][T20015] and SOFTIRQ-irq-unsafe lock: [ 1193.493548][T20015] -> (tasklist_lock){.+.+}-{3:3} { [ 1193.498696][T20015] HARDIRQ-ON-R at: [ 1193.502693][T20015] lock_acquire+0x117/0x340 [ 1193.508859][T20015] _raw_read_lock+0x36/0x50 [ 1193.515031][T20015] __do_wait+0xde/0x740 [ 1193.520848][T20015] do_wait+0x1e8/0x4f0 [ 1193.526588][T20015] kernel_wait+0xab/0x170 [ 1193.532582][T20015] call_usermodehelper_exec_work+0xbe/0x230 [ 1193.540134][T20015] process_scheduled_works+0xad1/0x1770 [ 1193.547337][T20015] worker_thread+0x8a0/0xda0 [ 1193.553589][T20015] kthread+0x711/0x8a0 [ 1193.559320][T20015] ret_from_fork+0x599/0xb30 [ 1193.565568][T20015] ret_from_fork_asm+0x1a/0x30 [ 1193.571997][T20015] SOFTIRQ-ON-R at: [ 1193.575984][T20015] lock_acquire+0x117/0x340 [ 1193.582147][T20015] _raw_read_lock+0x36/0x50 [ 1193.588319][T20015] __do_wait+0xde/0x740 [ 1193.594148][T20015] do_wait+0x1e8/0x4f0 [ 1193.599884][T20015] kernel_wait+0xab/0x170 [ 1193.605884][T20015] call_usermodehelper_exec_work+0xbe/0x230 [ 1193.613461][T20015] process_scheduled_works+0xad1/0x1770 [ 1193.620664][T20015] worker_thread+0x8a0/0xda0 [ 1193.626912][T20015] kthread+0x711/0x8a0 [ 1193.632645][T20015] ret_from_fork+0x599/0xb30 [ 1193.638927][T20015] ret_from_fork_asm+0x1a/0x30 [ 1193.645383][T20015] INITIAL USE at: [ 1193.649285][T20015] lock_acquire+0x117/0x340 [ 1193.655359][T20015] _raw_write_lock_irq+0xa2/0xf0 [ 1193.661874][T20015] copy_process+0x2185/0x3950 [ 1193.668126][T20015] kernel_clone+0x21e/0x820 [ 1193.674206][T20015] user_mode_thread+0xdd/0x140 [ 1193.680547][T20015] rest_init+0x23/0x300 [ 1193.686281][T20015] start_kernel+0x3a7/0x400 [ 1193.692358][T20015] x86_64_start_reservations+0x24/0x30 [ 1193.699402][T20015] x86_64_start_kernel+0x143/0x1c0 [ 1193.706094][T20015] common_startup_64+0x13e/0x147 [ 1193.712610][T20015] INITIAL READ USE at: [ 1193.716945][T20015] lock_acquire+0x117/0x340 [ 1193.723455][T20015] _raw_read_lock+0x36/0x50 [ 1193.729967][T20015] __do_wait+0xde/0x740 [ 1193.736133][T20015] do_wait+0x1e8/0x4f0 [ 1193.742214][T20015] kernel_wait+0xab/0x170 [ 1193.748555][T20015] call_usermodehelper_exec_work+0xbe/0x230 [ 1193.756485][T20015] process_scheduled_works+0xad1/0x1770 [ 1193.764055][T20015] worker_thread+0x8a0/0xda0 [ 1193.770674][T20015] kthread+0x711/0x8a0 [ 1193.776777][T20015] ret_from_fork+0x599/0xb30 [ 1193.783428][T20015] ret_from_fork_asm+0x1a/0x30 [ 1193.790224][T20015] } [ 1193.792736][T20015] ... key at: [] tasklist_lock+0x18/0x40 [ 1193.800480][T20015] ... acquired at: [ 1193.804294][T20015] _raw_read_lock+0x36/0x50 [ 1193.809018][T20015] send_sigurg+0x12b/0x420 [ 1193.813647][T20015] sk_send_sigurg+0x6c/0x2e0 [ 1193.818441][T20015] queue_oob+0x420/0x4f0 [ 1193.822879][T20015] unix_stream_sendmsg+0xc32/0xde0 [ 1193.828179][T20015] __sock_sendmsg+0x21c/0x270 [ 1193.833045][T20015] ____sys_sendmsg+0x52d/0x820 [ 1193.837997][T20015] ___sys_sendmsg+0x21f/0x2a0 [ 1193.842855][T20015] __sys_sendmmsg+0x28e/0x430 [ 1193.847715][T20015] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1193.853448][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.858831][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.863871][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.870386][T20015] [ 1193.872710][T20015] [ 1193.872710][T20015] stack backtrace: [ 1193.878662][T20015] CPU: 1 UID: 0 PID: 20015 Comm: syz.2.4155 Tainted: G L syzkaller #0 PREEMPT(full) [ 1193.878689][T20015] Tainted: [L]=SOFTLOCKUP [ 1193.878696][T20015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1193.878714][T20015] Call Trace: [ 1193.878725][T20015] [ 1193.878733][T20015] dump_stack_lvl+0x189/0x250 [ 1193.878759][T20015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1193.878781][T20015] ? __pfx__printk+0x10/0x10 [ 1193.878813][T20015] __lock_acquire+0x2a95/0x2cf0 [ 1193.878842][T20015] ? send_sigurg+0x12b/0x420 [ 1193.878869][T20015] lock_acquire+0x117/0x340 [ 1193.878887][T20015] ? send_sigurg+0x12b/0x420 [ 1193.878914][T20015] ? _raw_read_lock_irqsave+0xbb/0x100 [ 1193.878944][T20015] _raw_read_lock+0x36/0x50 [ 1193.878968][T20015] ? send_sigurg+0x12b/0x420 [ 1193.878993][T20015] send_sigurg+0x12b/0x420 [ 1193.879022][T20015] sk_send_sigurg+0x6c/0x2e0 [ 1193.879046][T20015] queue_oob+0x420/0x4f0 [ 1193.879076][T20015] ? __pfx_queue_oob+0x10/0x10 [ 1193.879104][T20015] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 1193.879126][T20015] unix_stream_sendmsg+0xc32/0xde0 [ 1193.879156][T20015] ? trace_sched_exit_tp+0x36/0xf0 [ 1193.879183][T20015] ? __schedule+0x14d2/0x5000 [ 1193.879210][T20015] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 1193.879237][T20015] ? __asan_memset+0x22/0x50 [ 1193.879253][T20015] ? __import_iovec+0x5d4/0x7f0 [ 1193.879270][T20015] ? aa_sock_msg_perm+0xda/0x1b0 [ 1193.879291][T20015] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1193.879308][T20015] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 1193.879335][T20015] __sock_sendmsg+0x21c/0x270 [ 1193.879360][T20015] ____sys_sendmsg+0x52d/0x820 [ 1193.879380][T20015] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1193.879401][T20015] ? futex_unqueue+0x22/0x240 [ 1193.879418][T20015] ? futex_unqueue+0x22/0x240 [ 1193.879437][T20015] ___sys_sendmsg+0x21f/0x2a0 [ 1193.879457][T20015] ? __pfx____sys_sendmsg+0x10/0x10 [ 1193.879476][T20015] ? __pfx___futex_wait+0x10/0x10 [ 1193.879499][T20015] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1193.879536][T20015] ? __fget_files+0x2a/0x420 [ 1193.879564][T20015] ? __fget_files+0x3a0/0x420 [ 1193.879591][T20015] __sys_sendmmsg+0x28e/0x430 [ 1193.879612][T20015] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1193.879633][T20015] ? __pfx_do_futex+0x10/0x10 [ 1193.879664][T20015] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1193.879687][T20015] __do_fast_syscall_32+0x1f7/0x570 [ 1193.879706][T20015] ? rcu_is_watching+0x15/0xb0 [ 1193.879728][T20015] ? do_fast_syscall_32+0x34/0x80 [ 1193.879747][T20015] do_fast_syscall_32+0x34/0x80 [ 1193.879764][T20015] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1193.879791][T20015] RIP: 0023:0xf70bd539 [ 1193.879815][T20015] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1193.879832][T20015] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1193.879852][T20015] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080006c40 [ 1193.879866][T20015] RDX: 0000000000000001 RSI: 0000000000040015 RDI: 0000000000000000 [ 1193.879878][T20015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1193.879890][T20015] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1193.879901][T20015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1193.879919][T20015] [ 1194.359050][T20011] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4153'. [ 1194.696116][T20022] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4156'. [ 1194.799369][T20021] syz.5.4154 (20021): drop_caches: 2 [ 1194.875577][ T129] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1195.083823][ T129] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1195.134008][ T129] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1195.183888][ T129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1195.218405][ T129] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1195.420116][ T1217] usb 3-1: USB disconnect, device number 96