last executing test programs: 17m55.674478671s ago: executing program 0 (id=3002): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = dup(r1) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000001200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r5, 0x29, 0x33, &(0x7f0000000000)=0x3, 0x4) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000080)) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000000)={0x5, 0x1, 0x10, "c5e709002ce6c1cbfd000000000e5380c1f500000600", 0x3231564e}) bind$alg(0xffffffffffffffff, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r7, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r7, 0x10e, 0x3, &(0x7f0000000040)=0x9d5, 0x4) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, 0x1, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4041}, 0x40004) recvmmsg(r7, &(0x7f00000019c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/202, 0xca}, 0x6}], 0x1, 0x0, 0x0) 17m54.467942466s ago: executing program 0 (id=3006): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x90) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x204002, 0x0) close(0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbf0fe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = io_uring_setup(0x5513, &(0x7f0000000100)={0x0, 0x857, 0x2, 0x3, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000002280)={0x1, 0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000040)=""/168, 0xa8}], &(0x7f0000001540)=[0x2]}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r7, @ANYBLOB='&'], 0x10) sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002) socket$packet(0x11, 0x2, 0x300) 17m52.365810161s ago: executing program 0 (id=3010): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x200010) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000060000/0x2000)=nil, 0x2000, 0x1, 0x80050, 0xffffffffffffffff, 0x4733000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r4, 0x800448d7, 0x0) shmctl$IPC_RMID(0x0, 0x0) ioctl$sock_bt_hci(r4, 0x400448e7, &(0x7f0000000080)) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) 17m51.079453118s ago: executing program 0 (id=3012): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f00000001c0)=ANY=[@ANYBLOB='part=0x000000000010ffff,umask=000000007777,codepage=cp861,iocharset=macgreek,\x00'], 0x4, 0x344, &(0x7f0000000600)="$eJzs3U9r1EwcB/DvJLvb7LOlT2wrBU9SLXgqbT0oHrRI8eIb8CDF2m6hNFbQCloQq2cRb4Lg0Ztn0begF/ENKB4Kiie9FA9GZjLJJutMNk233db9fsDd7Gb+/CaZSWZaakBEfevi3KeXp7fkP1EF4AI4BzgAPKAC4CjGvDtr6x0LcpMtgSin+CvN4lrTlNWDzqH58lMFg+nvaG+EYRh+tu/+cl69/di/gKgnRHoEpzjAABw1EtV+b98j2xubsl39JnWGxTa2cRdDvQyHiIh6T9//HX2XGNTzd8cBJvQ8/LDf/zPzm+3exXEgJPd/J/ocCnl8/le75HpvZT1oLkVLOHn2nXiVaCrL2CdCFzW9qd4dwG2kplypWsxULE59eSVoTm6qAh7hgpZKNqpelxA3RCaFLVod0bhhbZojr+35GqoNVdmGGUv8I3k1GhfAb7/hmbm6+fcFYhLvxAcxL3w8x1Iy/6uEQh4cdXz8tqESxT9lL1G10o9SZVrZCv+IquRYfAbevGq1sm47rh5cGYuJLEW0z9/9OM6nNXsuDCP7Y4WoddP21qlcI0BF6M7VyjWTJPplzDXaXld9uRo0JxdvBrZO313GFZ14Iq6IcXzHa8yl5v+OTD0B+8jMjHKhUuqekdueikppOY8ZagDfKD4yq4VT/usuGU90m6/Zj49xHWcxdPvexupCEDRv9X4jHiolsx/vcjxRR9TdUX4j31Np4MkN2Qm7VunvMAyNuyooWI4cpKXDiAbUmRetJm+sLgh9zdtdA+WVs23XrD0xgFkA+pv4ilCm9gdJrgFdoF8w+095ttU35g4ZR7UPAySuKrPLxUChkVIvUenl+6sLQemrER0irZOOsavJBFnijwb7hJx3iWj9l1qvTKmrjnzxc9Y/YafCUyVOW1ZAw+r1v2QFp3RYczXsK7hGvNFhzXXiFHCylq3RQVzjw/ZifR0nDuJvJXf+qwwxh4+4xkFORERERERERERERERERERERERERHTY7PSvEcr8OUG2xq0+/I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIh2p/X83+T5LjXT83/zntSkuNETYrxuPP/XLfD8X7FZrIFEZPUnAAD//2/CX5Q=") rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='./bus\x00') 17m50.55574932s ago: executing program 0 (id=3014): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x20000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) epoll_create(0x8) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) kcmp(r2, r3, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, 0x0, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x380000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f0000000240)={0x80004, 0x0}) 17m48.268287388s ago: executing program 0 (id=3016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x80c0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) socket$l2tp(0x2, 0x2, 0x73) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='cgroup\x00') writev(r2, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) unshare(0x6a040000) 17m33.181367508s ago: executing program 32 (id=3016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x80c0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) socket$l2tp(0x2, 0x2, 0x73) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='cgroup\x00') writev(r2, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) unshare(0x6a040000) 11m0.58241531s ago: executing program 1 (id=4424): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0xfffffffe, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x7fffffff, 0x6361, 0x5, 0xffffffff, 0x407}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd, 0x101}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 11m0.477823472s ago: executing program 1 (id=4426): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5"}, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) sendto$inet6(r3, &(0x7f0000000300)="a6", 0x1, 0x24000045, 0x0, 0x0) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_group_source_req(r4, 0x0, 0x2e, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast1}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001, 0x0, 0x2}}}}}, 0x0) shutdown(r3, 0x1) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r6, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 10m59.439483494s ago: executing program 1 (id=4430): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_ethernet(0x66, &(0x7f0000000bc0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x30, 0x67, 0x0, @dev, @local, {[@fragment={0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, @dstopts={0x84, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x7}, @ra={0x5, 0x2, 0x7}, @calipso={0x7, 0x10, {0x0, 0x2, 0x0, 0x0, [0x1]}}]}]}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000900)=ANY=[@ANYBLOB="1c0000000406010800000000000000000200000205000100070000008d19e0da1eab44795dee96d502b9dd1c0facca66750302e07ad5035f33ea1709268fc2"], 0x1c}, 0x1, 0x0, 0x0, 0x20000810}, 0x80d0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) unshare(0x100000) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x40) flistxattr(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', 0x0}) syz_open_procfs(0x0, &(0x7f0000000180)='net/netfilter\x00') sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r7, @ANYBLOB="080003"], 0x44}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd050007008800000006000540"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000b00000000008000000100000305000100070000020000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x800) 10m58.441031796s ago: executing program 1 (id=4433): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = dup(r1) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000001200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$alg(0x26, 0x5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000000)=0x3, 0x4) getsockopt$inet6_buf(r6, 0x29, 0x6, 0x0, &(0x7f0000000080)) r7 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000000)={0x5, 0x1, 0x10, "c5e709002ce6c1cbfd000000000e5380c1f500000600", 0x3231564e}) bind$alg(r5, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080), 0x0) accept$alg(r5, 0x0, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r8, 0x10e, 0x8, 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r8, 0x10e, 0x3, &(0x7f0000000040)=0x9d5, 0x4) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, 0x1, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4041}, 0x40004) recvmmsg(r8, &(0x7f00000019c0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x0, 0x0) 10m55.293663682s ago: executing program 1 (id=4436): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) mknodat$null(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x103) removexattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@known='security.selinux\x00') openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mount$9p_fd(0x0, 0x0, 0x0, 0x200c01, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000003000/0x2000)=nil) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x0, 0x0, 0xe4ffffff}, 0x93}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, {}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x800000, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x0, 0x800}, {0x2, 0x0, 0x0, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x2000004, 0x0, 0x0, 0x0, 0x5}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0xffffffff, 0x9}, {0x0, 0x0, 0x0, 0x0, 0xfffff800}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x80}, {0x80}, {0x0, 0x0, 0x0, 0x5, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0xfffffff9}, {0x0, 0x0, 0x0, 0x8510}, {0xffff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0xf}, {0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, {0x0, 0xfffffffc, 0x200}, {}, {0x0, 0x0, 0x0, 0x3}, {0x7}, {}, {}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x80000001, 0x4, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x2, 0x9, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0xe5fc, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x7, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x8, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffb, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x2d}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000}, {0x0, 0x80000000, 0x0, 0x7fff800}, {}, {0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {0x1}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {}, {0x5, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r6 = syz_ublk_setup_io_uring(0x31d, &(0x7f00000000c0)={0x0, 0x1073, 0x8, 0x2, 0x152}, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r6, 0x19, &(0x7f0000000200)={0x4, 0x8c9, 0x4}, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil) syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') 10m53.919386692s ago: executing program 1 (id=4442): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x1, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{0x2, 0x9, 0x6, 0x6}, 0x1, 0xfb, [{0x8, 0x7, 0x4b24e3f, 0x7, 0x200}]}, [{0x2, 0x9c, 0x0, 0x6, 0x2, 0x7}, {0x1, 0x6, 0x4, 0x3, 0xfffffffd, 0x81}, {0x1, 0x80000001, 0x8, 0x101, 0x3}, {0x3, 0x9, 0x0, 0x7, 0x5, 0x4}, {0xf, 0x4, 0x9, 0x51, 0x8}, {0x3, 0x4, 0xc, 0x101, 0x3, 0x84b5}, {0x9c, 0x4, 0x9, 0x2, 0x487, 0x8}, {0x1, 0x10000, 0x5, 0x4, 0x3, 0x8000}, {0x7, 0x9, 0x1ff, 0x8, 0x2, 0x7fff}, {0x439356e7, 0x609, 0x16, 0x0, 0x10000, 0x6}, {0x5, 0x3, 0x8, 0x4, 0x0, 0xffffffff}, {0x5, 0x0, 0x7, 0x7, 0x8, 0x5}, {0x5, 0x8, 0x9, 0x5, 0xfffff000, 0x7}, {0x768d, 0xcd, 0x8, 0x7, 0x5, 0x9}, {0x1, 0xfffffffb, 0x6, 0x5, 0x7ff, 0x6}, {0xfffffffb, 0xffffffff, 0xfffffffe, 0x6, 0x2}, {0xfffff9fd, 0x9, 0xa5f, 0xa, 0x5, 0x2}, {0xffff997c, 0x9, 0x167, 0x2, 0x71, 0xa2}, {0x140, 0x2, 0xc, 0x8, 0x87, 0x60}, {0x5, 0xa, 0x2, 0x4, 0x3, 0x2000}, {0x32d, 0x8, 0x7fff, 0x4, 0x8, 0x9}, {0x8, 0x200, 0x58fe, 0x7ff, 0x4, 0x3}, {0x101, 0xd, 0x101, 0x1, 0x3, 0x8}, {0x0, 0x3, 0x1ff, 0x7437ec78, 0x2, 0x9}, {0xffffffff, 0x1, 0x9, 0x0, 0x1, 0x4}, {0xc, 0xe, 0x0, 0x3, 0x8, 0x81}, {0x3, 0x3, 0x6, 0xe, 0x0, 0x80}, {0xd, 0x0, 0x7ff, 0x0, 0x80000000, 0x2}, {0x4, 0xb, 0x6c5f1878, 0x57c4, 0x8, 0x25ff}, {0x4, 0xd, 0x1fadd976, 0x3071, 0x0, 0x1}, {0x5, 0x800, 0x3, 0x3, 0x3, 0x3}, {0x9, 0x1ff, 0x81, 0x9c, 0x1, 0x5}, {0x9, 0xd76, 0x6, 0xdc2, 0xa16a, 0x2}, {0x1ff, 0x5, 0x7, 0x2, 0x2, 0x1}, {0x9, 0x32158140, 0x0, 0x8, 0x6, 0x7}, {0xe, 0x4, 0x9000, 0x5, 0x2, 0x7f}, {0x3, 0x2ec74d53, 0x0, 0x0, 0x8, 0x2}, {0x5, 0xfff, 0xffffff15, 0x6, 0x2, 0x6}, {0x1, 0x6, 0x3, 0x4, 0xffb, 0xc}, {0xa, 0x6, 0x1ff, 0x8, 0x7ff, 0x8001}, {0x4, 0xffffffff, 0x0, 0xfffff740, 0x4, 0x4}, {0xffff, 0x5, 0x7, 0xac, 0xf}, {0x5, 0x3, 0x6, 0x1000, 0xd8fe, 0x8001}, {0xd, 0x0, 0x80000000, 0x1, 0xffffff81, 0x7ff}, {0xfffffffb, 0x2, 0x1ff, 0xf9, 0xffff8001}, {0x0, 0x6, 0x7ffc, 0x9, 0x500, 0x7}, {0x1, 0xffffffff, 0x834, 0x7, 0x0, 0x3}, {0x7fff, 0x6, 0x0, 0x2002, 0x2, 0x8}, {0xf61, 0x101, 0x9, 0x2, 0x80000000, 0x7fff}, {0xc7, 0x1, 0x8, 0x2, 0xffff, 0x20000000}, {0x0, 0x5, 0x1, 0xffff, 0x3, 0x3}, {0x8, 0x10001, 0x9f98, 0x1, 0x8, 0x66a}, {0xfff, 0x6, 0x8, 0x80000001, 0x0, 0x7f}, {0x8, 0x6, 0x7f, 0x5, 0x3, 0xb}, {0x4, 0x4b, 0x0, 0x1, 0x7f, 0x7fffffff}, {0xfff, 0x47e4, 0x1, 0x0, 0x80000001, 0x9}, {0x3, 0x9, 0x7, 0x6, 0x3e6b7592, 0xe5}, {0x9, 0x9, 0x1, 0x9, 0x0, 0x2}, {0x8, 0x80000001, 0x7fff, 0xb2d9, 0xfffffffe, 0x8}, {0x80000001, 0x9, 0xffff8000, 0x2, 0x53ce, 0x3}, {0x6, 0x7, 0x8, 0x8, 0x7f, 0x80000000}, {0xfffffff9, 0x9, 0x6, 0x6, 0x9, 0x3}, {0xfffffffd, 0x8, 0x6, 0x5, 0x3, 0x8f}, {0x741, 0x0, 0x9, 0x7fffffff, 0x2, 0x200}, {0x401, 0x2, 0x8, 0x6, 0x4, 0xc6e9}, {0x1, 0x2d73, 0x3ff, 0x5, 0x9f17, 0xffffff7f}, {0x2, 0x401, 0x2b00, 0x10000, 0xfffffc00, 0xd}, {0x3, 0x4, 0xc52b, 0x9, 0x5, 0xff}, {0x0, 0x4, 0x401, 0x0, 0x1, 0x9}, {0x8, 0x4, 0x1, 0x2, 0x10, 0x1}, {0xff, 0x8, 0x6, 0x5, 0xff, 0x5}, {0x2, 0xb15ce2d, 0x80000001, 0xbeab, 0x8, 0x5}, {0x3, 0x8, 0x3, 0x7, 0x8, 0x4}, {0xfff, 0x9, 0x5, 0x3, 0x100, 0x57}, {0x9, 0x5, 0x7, 0x3, 0xa, 0x2}, {0xb3, 0xe, 0x3, 0x8000, 0x7, 0x9}, {0xff, 0x7, 0x5, 0x10001, 0x6, 0x6}, {0x2, 0x8f, 0x9, 0xffffff46, 0x4, 0x80000000}, {0x9, 0x2, 0xfffffffc, 0x1, 0xd50, 0x3}, {0xd203, 0x7, 0x1, 0x10000, 0x43, 0x1ff}, {0x4, 0x3ff, 0xffffffff, 0x1, 0x5, 0x100}, {0x1ff, 0x3, 0x7ff, 0xfffffff8, 0x1ff, 0xfffffffc}, {0x7, 0x9, 0x3ff, 0x1, 0x7, 0x4}, {0x0, 0x6, 0x0, 0x9, 0xffff0001, 0xcca}, {0x7, 0x1, 0xfffffff1, 0x3ff, 0x100, 0x4}, {0x3, 0x9, 0x0, 0xed4, 0x4, 0x6}, {0x9, 0x7, 0x8001, 0x7, 0x7, 0x2}, {0x3, 0xfff, 0x9, 0x5, 0xb5, 0x3}, {0x0, 0x1, 0x1, 0x5, 0xffffff01, 0xfff}, {0x7, 0x5, 0x2, 0x2, 0x0, 0xfffff9de}, {0x5, 0xffffffff, 0xe6b, 0xb, 0xb, 0x4}, {0x1d, 0xffffff10, 0x1, 0x2, 0xff, 0x52e2}, {0x0, 0x9, 0x0, 0x7, 0xdb, 0x5}, {0x7, 0x2, 0x9, 0x8, 0xa, 0x100}, {0x81, 0x4, 0x988, 0x0, 0x0, 0x7}, {0xdc03, 0x8000007, 0x402c, 0xffff, 0xfffffff9, 0x4}, {0xa, 0xfffffffe, 0x1, 0x1ff, 0x1ff, 0xc1b7}, {0xa24b, 0x947d, 0x40, 0x4, 0x9, 0x2}, {0x9, 0x401, 0xa89, 0x5ef, 0x9, 0x8}, {0x4, 0x7fff, 0x0, 0x4, 0x7fffffff}, {0x3, 0xb8c, 0x6, 0x21761f6a, 0x1, 0x4}, {0xfff, 0xda, 0x1f, 0x4, 0x8, 0x2}, {0x8, 0x10, 0x100, 0x0, 0xfffffff7, 0x43}, {0xfffff000, 0x8, 0xe96, 0x9, 0x9, 0x34b0}, {0x4, 0x8, 0x8, 0x3, 0x6cf4, 0x1}, {0x3, 0x3, 0x7, 0x4, 0xbe, 0x81}, {0x4, 0x800, 0x0, 0x5, 0x8, 0xfa2f}, {0x3, 0x8d, 0x81, 0x2, 0x8, 0x6}, {0x9, 0x2, 0x6, 0x4, 0xf, 0x5}, {0x100, 0x1, 0x2, 0xffffffff, 0x9, 0x74}, {0x4, 0x4, 0x8, 0x1, 0x0, 0x3}, {0xfffffff8, 0xfffffffb, 0xffffffff, 0x62f, 0x401, 0x30564e0}, {0x9a2f, 0x800, 0x8, 0x7, 0x7}, {0x20000006, 0x2, 0x800, 0x200, 0x9, 0x3}, {0x7, 0x6, 0x8936, 0xdcb, 0x10000, 0x78}, {0x6, 0x80000000, 0x8, 0xe, 0xfffffffa, 0xde3}, {0x0, 0x9, 0x8, 0xfff, 0x6, 0x1ff}, {0x8195, 0x2, 0x1000}, {0x1, 0x5, 0xff, 0x9e0f, 0x5, 0x6}, {0x7fff, 0x6, 0x0, 0x5, 0x8000, 0x3}, {0x7ff, 0x9, 0xa, 0x6, 0x7, 0xe77}, {0x1, 0x5e12, 0x3, 0xfffffffa, 0x2, 0x80000001}, {0xffffff8c, 0x2, 0x1, 0x1, 0x10, 0x5}, {0x4, 0x7, 0x104, 0x40078d, 0xffffcff9, 0x9}, {0x1, 0xe, 0x7, 0x2, 0x2, 0x207f}, {0x10, 0x5, 0xfffffffa, 0xff, 0x80000, 0xfff}, {0x1, 0x7ff, 0x696e, 0xa, 0x49d, 0xb}, {0x9bf4, 0x0, 0x5, 0x3, 0x3, 0x1000}], [{0x1, 0x1}, {0x2}, {0x5}, {0x2}, {0x2, 0x745e81639ff0f356}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x5}, {0x2}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0xa}, {0x3}, {0x3}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4}, {0x4}, {0x5, 0x1}, {0x4}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x4, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x6}, {0xa}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x4}, {0x5}, {0x3}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x2}, {0xb82e57098c7a44ef}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x4}, {0x3}, {0x3}, {0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x0, 0x1}, {0x4}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$kcm(r5, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r3, 0x10c}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000380)="da", 0x14}], 0x1}, 0x4000880) 10m37.44595323s ago: executing program 33 (id=4442): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x1, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{0x2, 0x9, 0x6, 0x6}, 0x1, 0xfb, [{0x8, 0x7, 0x4b24e3f, 0x7, 0x200}]}, [{0x2, 0x9c, 0x0, 0x6, 0x2, 0x7}, {0x1, 0x6, 0x4, 0x3, 0xfffffffd, 0x81}, {0x1, 0x80000001, 0x8, 0x101, 0x3}, {0x3, 0x9, 0x0, 0x7, 0x5, 0x4}, {0xf, 0x4, 0x9, 0x51, 0x8}, {0x3, 0x4, 0xc, 0x101, 0x3, 0x84b5}, {0x9c, 0x4, 0x9, 0x2, 0x487, 0x8}, {0x1, 0x10000, 0x5, 0x4, 0x3, 0x8000}, {0x7, 0x9, 0x1ff, 0x8, 0x2, 0x7fff}, {0x439356e7, 0x609, 0x16, 0x0, 0x10000, 0x6}, {0x5, 0x3, 0x8, 0x4, 0x0, 0xffffffff}, {0x5, 0x0, 0x7, 0x7, 0x8, 0x5}, {0x5, 0x8, 0x9, 0x5, 0xfffff000, 0x7}, {0x768d, 0xcd, 0x8, 0x7, 0x5, 0x9}, {0x1, 0xfffffffb, 0x6, 0x5, 0x7ff, 0x6}, {0xfffffffb, 0xffffffff, 0xfffffffe, 0x6, 0x2}, {0xfffff9fd, 0x9, 0xa5f, 0xa, 0x5, 0x2}, {0xffff997c, 0x9, 0x167, 0x2, 0x71, 0xa2}, {0x140, 0x2, 0xc, 0x8, 0x87, 0x60}, {0x5, 0xa, 0x2, 0x4, 0x3, 0x2000}, {0x32d, 0x8, 0x7fff, 0x4, 0x8, 0x9}, {0x8, 0x200, 0x58fe, 0x7ff, 0x4, 0x3}, {0x101, 0xd, 0x101, 0x1, 0x3, 0x8}, {0x0, 0x3, 0x1ff, 0x7437ec78, 0x2, 0x9}, {0xffffffff, 0x1, 0x9, 0x0, 0x1, 0x4}, {0xc, 0xe, 0x0, 0x3, 0x8, 0x81}, {0x3, 0x3, 0x6, 0xe, 0x0, 0x80}, {0xd, 0x0, 0x7ff, 0x0, 0x80000000, 0x2}, {0x4, 0xb, 0x6c5f1878, 0x57c4, 0x8, 0x25ff}, {0x4, 0xd, 0x1fadd976, 0x3071, 0x0, 0x1}, {0x5, 0x800, 0x3, 0x3, 0x3, 0x3}, {0x9, 0x1ff, 0x81, 0x9c, 0x1, 0x5}, {0x9, 0xd76, 0x6, 0xdc2, 0xa16a, 0x2}, {0x1ff, 0x5, 0x7, 0x2, 0x2, 0x1}, {0x9, 0x32158140, 0x0, 0x8, 0x6, 0x7}, {0xe, 0x4, 0x9000, 0x5, 0x2, 0x7f}, {0x3, 0x2ec74d53, 0x0, 0x0, 0x8, 0x2}, {0x5, 0xfff, 0xffffff15, 0x6, 0x2, 0x6}, {0x1, 0x6, 0x3, 0x4, 0xffb, 0xc}, {0xa, 0x6, 0x1ff, 0x8, 0x7ff, 0x8001}, {0x4, 0xffffffff, 0x0, 0xfffff740, 0x4, 0x4}, {0xffff, 0x5, 0x7, 0xac, 0xf}, {0x5, 0x3, 0x6, 0x1000, 0xd8fe, 0x8001}, {0xd, 0x0, 0x80000000, 0x1, 0xffffff81, 0x7ff}, {0xfffffffb, 0x2, 0x1ff, 0xf9, 0xffff8001}, {0x0, 0x6, 0x7ffc, 0x9, 0x500, 0x7}, {0x1, 0xffffffff, 0x834, 0x7, 0x0, 0x3}, {0x7fff, 0x6, 0x0, 0x2002, 0x2, 0x8}, {0xf61, 0x101, 0x9, 0x2, 0x80000000, 0x7fff}, {0xc7, 0x1, 0x8, 0x2, 0xffff, 0x20000000}, {0x0, 0x5, 0x1, 0xffff, 0x3, 0x3}, {0x8, 0x10001, 0x9f98, 0x1, 0x8, 0x66a}, {0xfff, 0x6, 0x8, 0x80000001, 0x0, 0x7f}, {0x8, 0x6, 0x7f, 0x5, 0x3, 0xb}, {0x4, 0x4b, 0x0, 0x1, 0x7f, 0x7fffffff}, {0xfff, 0x47e4, 0x1, 0x0, 0x80000001, 0x9}, {0x3, 0x9, 0x7, 0x6, 0x3e6b7592, 0xe5}, {0x9, 0x9, 0x1, 0x9, 0x0, 0x2}, {0x8, 0x80000001, 0x7fff, 0xb2d9, 0xfffffffe, 0x8}, {0x80000001, 0x9, 0xffff8000, 0x2, 0x53ce, 0x3}, {0x6, 0x7, 0x8, 0x8, 0x7f, 0x80000000}, {0xfffffff9, 0x9, 0x6, 0x6, 0x9, 0x3}, {0xfffffffd, 0x8, 0x6, 0x5, 0x3, 0x8f}, {0x741, 0x0, 0x9, 0x7fffffff, 0x2, 0x200}, {0x401, 0x2, 0x8, 0x6, 0x4, 0xc6e9}, {0x1, 0x2d73, 0x3ff, 0x5, 0x9f17, 0xffffff7f}, {0x2, 0x401, 0x2b00, 0x10000, 0xfffffc00, 0xd}, {0x3, 0x4, 0xc52b, 0x9, 0x5, 0xff}, {0x0, 0x4, 0x401, 0x0, 0x1, 0x9}, {0x8, 0x4, 0x1, 0x2, 0x10, 0x1}, {0xff, 0x8, 0x6, 0x5, 0xff, 0x5}, {0x2, 0xb15ce2d, 0x80000001, 0xbeab, 0x8, 0x5}, {0x3, 0x8, 0x3, 0x7, 0x8, 0x4}, {0xfff, 0x9, 0x5, 0x3, 0x100, 0x57}, {0x9, 0x5, 0x7, 0x3, 0xa, 0x2}, {0xb3, 0xe, 0x3, 0x8000, 0x7, 0x9}, {0xff, 0x7, 0x5, 0x10001, 0x6, 0x6}, {0x2, 0x8f, 0x9, 0xffffff46, 0x4, 0x80000000}, {0x9, 0x2, 0xfffffffc, 0x1, 0xd50, 0x3}, {0xd203, 0x7, 0x1, 0x10000, 0x43, 0x1ff}, {0x4, 0x3ff, 0xffffffff, 0x1, 0x5, 0x100}, {0x1ff, 0x3, 0x7ff, 0xfffffff8, 0x1ff, 0xfffffffc}, {0x7, 0x9, 0x3ff, 0x1, 0x7, 0x4}, {0x0, 0x6, 0x0, 0x9, 0xffff0001, 0xcca}, {0x7, 0x1, 0xfffffff1, 0x3ff, 0x100, 0x4}, {0x3, 0x9, 0x0, 0xed4, 0x4, 0x6}, {0x9, 0x7, 0x8001, 0x7, 0x7, 0x2}, {0x3, 0xfff, 0x9, 0x5, 0xb5, 0x3}, {0x0, 0x1, 0x1, 0x5, 0xffffff01, 0xfff}, {0x7, 0x5, 0x2, 0x2, 0x0, 0xfffff9de}, {0x5, 0xffffffff, 0xe6b, 0xb, 0xb, 0x4}, {0x1d, 0xffffff10, 0x1, 0x2, 0xff, 0x52e2}, {0x0, 0x9, 0x0, 0x7, 0xdb, 0x5}, {0x7, 0x2, 0x9, 0x8, 0xa, 0x100}, {0x81, 0x4, 0x988, 0x0, 0x0, 0x7}, {0xdc03, 0x8000007, 0x402c, 0xffff, 0xfffffff9, 0x4}, {0xa, 0xfffffffe, 0x1, 0x1ff, 0x1ff, 0xc1b7}, {0xa24b, 0x947d, 0x40, 0x4, 0x9, 0x2}, {0x9, 0x401, 0xa89, 0x5ef, 0x9, 0x8}, {0x4, 0x7fff, 0x0, 0x4, 0x7fffffff}, {0x3, 0xb8c, 0x6, 0x21761f6a, 0x1, 0x4}, {0xfff, 0xda, 0x1f, 0x4, 0x8, 0x2}, {0x8, 0x10, 0x100, 0x0, 0xfffffff7, 0x43}, {0xfffff000, 0x8, 0xe96, 0x9, 0x9, 0x34b0}, {0x4, 0x8, 0x8, 0x3, 0x6cf4, 0x1}, {0x3, 0x3, 0x7, 0x4, 0xbe, 0x81}, {0x4, 0x800, 0x0, 0x5, 0x8, 0xfa2f}, {0x3, 0x8d, 0x81, 0x2, 0x8, 0x6}, {0x9, 0x2, 0x6, 0x4, 0xf, 0x5}, {0x100, 0x1, 0x2, 0xffffffff, 0x9, 0x74}, {0x4, 0x4, 0x8, 0x1, 0x0, 0x3}, {0xfffffff8, 0xfffffffb, 0xffffffff, 0x62f, 0x401, 0x30564e0}, {0x9a2f, 0x800, 0x8, 0x7, 0x7}, {0x20000006, 0x2, 0x800, 0x200, 0x9, 0x3}, {0x7, 0x6, 0x8936, 0xdcb, 0x10000, 0x78}, {0x6, 0x80000000, 0x8, 0xe, 0xfffffffa, 0xde3}, {0x0, 0x9, 0x8, 0xfff, 0x6, 0x1ff}, {0x8195, 0x2, 0x1000}, {0x1, 0x5, 0xff, 0x9e0f, 0x5, 0x6}, {0x7fff, 0x6, 0x0, 0x5, 0x8000, 0x3}, {0x7ff, 0x9, 0xa, 0x6, 0x7, 0xe77}, {0x1, 0x5e12, 0x3, 0xfffffffa, 0x2, 0x80000001}, {0xffffff8c, 0x2, 0x1, 0x1, 0x10, 0x5}, {0x4, 0x7, 0x104, 0x40078d, 0xffffcff9, 0x9}, {0x1, 0xe, 0x7, 0x2, 0x2, 0x207f}, {0x10, 0x5, 0xfffffffa, 0xff, 0x80000, 0xfff}, {0x1, 0x7ff, 0x696e, 0xa, 0x49d, 0xb}, {0x9bf4, 0x0, 0x5, 0x3, 0x3, 0x1000}], [{0x1, 0x1}, {0x2}, {0x5}, {0x2}, {0x2, 0x745e81639ff0f356}, {0x4}, {0x5}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x5}, {0x2}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0xa}, {0x3}, {0x3}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x4}, {0x4}, {0x5, 0x1}, {0x4}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x4, 0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x6}, {0xa}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x4}, {0x5}, {0x3}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x2}, {0xb82e57098c7a44ef}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x4}, {0x3}, {0x3}, {0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x0, 0x1}, {0x4}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$kcm(r5, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r3, 0x10c}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000380)="da", 0x14}], 0x1}, 0x4000880) 5m3.980305753s ago: executing program 2 (id=5384): open(&(0x7f0000000280)='.\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = getpid() syz_pidfd_open(r1, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0xfff7ffff, 0x8000000008000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 5m2.345583359s ago: executing program 2 (id=5385): openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000100), 0x900, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x40000183}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5m2.240046971s ago: executing program 2 (id=5386): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x7, 0x0, &(0x7f0000000200)="63eced8e46dc3f", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0xc1, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000840)={0x2c, &(0x7f00000004c0)={0x20, 0x21, 0x5b, {0x5b, 0x1, "fb4d919175b05ddef59508a39ed4ed83ee60aeba3521992efab35cab99afa9a6fc16912016e9b8fc0c7d22d64bee48d6bc96bc787b806295f6d33439b9221de09c42694863fb29d951d8da749e8563cda80994d5e5f6f3ecd2"}}, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000dc0)={0x84, &(0x7f0000000880)={0x20, 0x9, 0x9e, "f0a738ff132b879fcb90d84151c969fe100ddb957600036b2118b8abcaa98669dcaa0d766db265a37b6e19150e117298a2456425ccd5ea3765e7fabf31480ad730828fe9168838949d427173746c98e11aa187281e82ed35c6f883b978d776bb74544802ad3e29e63d640c357d0a29e107c5f0cb05bd3f6ea67ae91bd35c390e1664b594ef5888f7711aaf75f573d787b05ca393a0ea86a44984da1cad8e"}, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x100, 0x20}}, &(0x7f0000000a40)={0x40, 0x7, 0x2}, &(0x7f0000000a80)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000ac0)={0x40, 0xb, 0x2, "f9d5"}, &(0x7f0000000b00)={0x40, 0xf, 0x2, 0xccb}, &(0x7f0000000b40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000b80)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000c80)={0x40, 0x19, 0x2, "8e93"}, 0x0, &(0x7f0000000d00)={0x40, 0x1c, 0x1, 0x4}, 0x0, &(0x7f0000000d80)={0x40, 0x21, 0x1, 0xa}}) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000200)={0x20, 0x6, 0xe9, "7d11ca971e23326b5f42f9284d15741213bf080933bbd551e21517f6d10e516b9175139a93e31210f44d05fbe22745994ea8168740257812b7a88375d8055f85f73cdeeb16b83a8787da4a7fb2f50d02ba3be779c16f305ceaee91088b562dfef917be2703415b7204d3aae94a4041e900fe0cef2b1586401f85125a9c98cfe1ab8d4edd055fbf89323006ef2c6c78dff83df20f1d7866d5f539b171e5dd25b1b40f06b320371305442d8fe1b04ab564a878003a5e783e269a2c6f00cf073867b302b4b322a4cb956b2d8368c891ebdfb70ec8451e10f602c28d2fbffc41f9f9f2bde31df811ee3049"}, &(0x7f0000000300)={0x0, 0xa, 0x1}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000380)={0x20, 0x0, 0x33, {0x31, "fbaba77616041a67886819fd442bfd3f8fe3c53d669507dbf29360c6570f8cf3c3a96b02dea28d2ba5e3f7a303074f4dc6"}}, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0xdd}, &(0x7f0000000400)={0x20, 0x0, 0x1, 0x8}}) syz_usb_control_io(r0, 0x0, 0x0) 4m59.108551179s ago: executing program 2 (id=5395): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = open(0x0, 0x8000, 0x50) fstat(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r1, 0xffffffffffffffff) poll(0x0, 0x0, 0xfa) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) 4m58.689256328s ago: executing program 2 (id=5398): socket$inet6_sctp(0xa, 0x5, 0x84) openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x30b5, 0x42, 0x2, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f00000003c0)={0x2e, 0x14, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000004c0)=@any_dev={0x3, 0xe26, 0x0, 0x0, 0x1000, 0x10000, 0xffffffffffffffff, 0x0, 0x4d}}}, &(0x7f0000000480)=0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) syz_ublk_setup_queues(r6, r4, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x4, 0x257}, 0x0, 0x1, &(0x7f0000000340)={0x2e, 0x44, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x1f, 0x0, '\x00', {0xfff9, 0x4, 0x0, 0x0}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004", @ANYRES32=0x0], 0x48) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100008b}, 0x0) r7 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) 4m57.017834305s ago: executing program 2 (id=5402): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001680), r2) sendmsg$NLBL_UNLABEL_C_ACCEPT(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x1c, r3, 0x537876f5c96d715b, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000804}, 0x20004014) socket(0x29, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/168, 0xa8}], 0x1, 0x2004, 0x80) 4m41.745689157s ago: executing program 34 (id=5402): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001680), r2) sendmsg$NLBL_UNLABEL_C_ACCEPT(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x1c, r3, 0x537876f5c96d715b, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000804}, 0x20004014) socket(0x29, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/168, 0xa8}], 0x1, 0x2004, 0x80) 8.947750955s ago: executing program 4 (id=6136): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058d"], 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x70bd29, 0x25dfdbf7, {0x0, 0x0, 0x0, 0x0, 0x2202e}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048050}, 0x40014) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) openat$mice(0xffffff9c, &(0x7f0000000180), 0x2080) openat$kvm(0xffffffffffffff9c, 0x0, 0x8000, 0x0) 5.924689941s ago: executing program 3 (id=6142): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b40)=@deltclass={0xd0, 0x29, 0x800, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0xc}, {0x8}, {0xd, 0x1d}}, [@c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x80}}}, @c_atm={{0x8}, {0x8c, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "2e6a13bc7ccb8162e9720b9e7a7c067cdc7c9aa9a3db0f1ef7bd2ba413"}, @TCA_ATM_HDR={0xe, 0x3, "04eab27a0d4ac41562b3"}, @TCA_ATM_EXCESS={0x8, 0x4, {0xf, 0xffe0}}, @TCA_ATM_EXCESS={0x8, 0x4, {0x8, 0x7}}, @TCA_ATM_HDR={0x39, 0x3, "7c44faeca1d33e0dba78c4b73a8c42be56647af274c01a02e285aea28227f0e7e075eaeb8a92902c2419f841843d8dd5af8c5c1a47"}, @TCA_ATM_FD={0x8, 0x1, r0}]}}]}, 0xd0}}, 0x40c1) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}, 0xb}], 0x1, 0x10, 0x0) 5.825440423s ago: executing program 4 (id=6143): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) unshare(0x28060400) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab968508", 0xd, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) io_uring_setup(0x1694, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000680)=[@acquire], 0x0, 0x0, 0x0}) 5.670199566s ago: executing program 4 (id=6145): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) syz_emit_ethernet(0x15, &(0x7f00000003c0)={@remote, @empty, @val={@void, {0x8100, 0x5, 0x1, 0x4}}, {@x25={0x805, {0x1, 0x6, 0xf3}}}}, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6(0xa, 0x3, 0x3c) writev(r4, 0x0, 0x0) setxattr(0x0, &(0x7f0000000080)=@known='trusted.overlay.origin\x00', 0x0, 0x0, 0x1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, 0xd45, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x42}, 0x2810) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c00)={{r6}, 0x0, &(0x7f0000001bc0)=r5}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xfff2}, {0xfff3}}}, 0x24}}, 0x0) 5.542061619s ago: executing program 5 (id=6147): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110b}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a63cd"], 0x0) r4 = socket$packet(0x11, 0x3, 0x300) unshare(0x28060400) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) r6 = io_uring_setup(0x1694, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000193000/0x2000)=nil, 0x2000, &(0x7f0000000000)='\x00') ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000680)=[@acquire], 0x0, 0x0, 0x0}) 5.279526414s ago: executing program 5 (id=6148): socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x388, 0x41d9fda7) write(0xffffffffffffffff, 0x0, 0x0) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x1, 0x4000) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r6, 0x12, 0x3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="0408009a0002e20000ae50695058b225a5ba0ca954c5ee55bf341a28ecd060205edeb8312860e297f64d742d5f9346b76fa900000000ee81fe5b413c672d906162e7c0c24bbb491e3a999fa01e0e6cc27a9e0ee7ef9081de7159ee719f1c802c781882e3953627738c6b006f3611", @ANYBLOB="13000000", @ANYBLOB="103cfe8f4ba0e6fb8e67009f9f2160a71b5a330f2145b384c42066616d1f057771b900fe2757a02e20c1bb9ac7a06d0669058578cf1110b1c0cb6ccaa00da484114a20f6f1abd1cfa7c07aee"], 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x0) connect$bt_rfcomm(r6, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 4.369022665s ago: executing program 5 (id=6149): syz_open_dev$media(&(0x7f0000000380), 0x13, 0x0) syz_open_dev$media(&(0x7f0000000300), 0x0, 0x0) r0 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x30b5, 0x0, 0x2, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) r4 = openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/kernel/notes', 0x0, 0x15) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_ublk_add_dev(r0, r1, r2, r3, 0x0, &(0x7f0000000480)=0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) sched_setscheduler(0x0, 0x5, &(0x7f0000000500)=0x7fa) syz_ublk_setup_queues(r7, r5, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3, 0x255}, &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7ffffe, 0x400, 0x2100, 0x10000004, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x11e0, 0x1, 0xfffffffe, 0xae, 0x0, r4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xf911, 0x0, 0x0, 0x1f0, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xac1b, 0x8200, 0x2, 0x250}}], 0x1, &(0x7f0000000340)={0x2e, 0x44, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x1, {}, 0x1f, 0x0, '\x00', {0xfff6, 0x0, 0x0, 0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x6, 0x0, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) 4.320697305s ago: executing program 4 (id=6150): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) dup3(r0, r1, 0x80000) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000180)={0x23c, r2, 0x347, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xd5, 0x2a, [@random={0x9, 0x92, "30780a39fb5022b6be82e9e440e465855ca380b3f5b68ea5307a47076908aff5c0d4874eb5f240d51a2995fcca889407dfde4b41797c293ec4aae1efc2c1d70b9dc8d97f85e661cc3e4ed574a2ea75f41f33836287a374b3e6050764ecc427623ee14a09a0dc3d5860d9072c92abf5de61bdeb960532a189b22dd8c48f6b5954d82560ccdaebfa647b57a35abd7c49319a1f"}, @peer_mgmt={0x75, 0x6, {0x1, 0x9, @val=0x200, @void, @void}}, @link_id={0x65, 0x12, {@random="5367dfd5d167", @device_a, @broadcast}}, @chsw_timing={0x68, 0x4, {0xc3, 0x80}}, @dsss={0x3, 0x1, 0x95}, @ssid={0x0, 0x6, @default_ibss_ssid}, @mesh_chsw={0x76, 0x6, {0x1, 0x0, 0x2b, 0x800}}, @mesh_id={0x72, 0x6}]}, @NL80211_ATTR_IE={0x149, 0x2a, [@prep={0x83, 0x25, {{0x0, 0x1}, 0x1, 0x5, @device_b, 0x0, @value=@broadcast, 0x0, 0x6, @device_b, 0x9}}, @cf={0x4, 0x6, {0x1, 0x5f, 0x137, 0xb}}, @fast_bss_trans={0x37, 0x76, {0x8, 0x2, "357007748fce2fa5865fb2003ea7ba60", "f63abef0ad8ae2c0ce3242cab4a4becf6cdd41d5393f28637cb1b32f24d0d5c5", "605fc777da15a4c2b14fd7a16cca0500318ec1948008db55bfa3ec3e097d7dca", [{0x1, 0x5, "b2023b5368"}, {0x1, 0x1b, "593740915b7863194625464aba6c932c5f4678c51543a9959503ac"}]}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x9d, 0x2}}, @random_vendor={0xdd, 0x90, "8af7afe94510848d6d7b8df81ef248b71aac5a6131fe7a6c141a9c9058991999b0d6dc8b0065b6eb08ec5db88af78302eba3854bf7e35fa5204616183f3778275dd9c3ee26d0f8b4546655e7a31d25fb21c54894319d99a987f0508cb31ae1609dc539ba27e43a0fad1cc3f72e6964c5ea3ed643bcc26ba6dbcb52b4f74c031f231472cc528cc93915ac46f03fbb8537"}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x2, 0xac, 0xc}}]}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x23c}, 0x1, 0x0, 0x0, 0x40}, 0x20001000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x8000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r5, 0x400, 0x1) fcntl$getflags(r5, 0x401) read$msr(r4, &(0x7f0000019300)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_vhci(&(0x7f0000004e40)=ANY=[@ANYBLOB], 0x17) bind$can_raw(0xffffffffffffffff, &(0x7f00000001c0), 0x10) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000001040)=0x8aa760e3, 0x4) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a030000000000000000000002"], 0x0, 0x56}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x8000, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @value=r6}, 0x50) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xa, 0x42032, 0xffffffffffffffff, 0x0) r7 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r7, 0xc0884123, &(0x7f0000000540)={0x0, "d8d7531c1c6054b6b70657ec47e25dc91f003f19004f6ceb55fb98d58dccd7f0fe41ae63a0df07926f45a38667324ab9b9b98347fbe76528e77e751fd98d62be", {0x6}}) 4.320013185s ago: executing program 3 (id=6151): openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) rmdir(&(0x7f00000000c0)='./bus\x00') ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1}) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x3, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x24}}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) socket(0x10, 0x3, 0x0) 3.731752548s ago: executing program 5 (id=6152): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="bcea"]) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0x75c, 0x10d840) 2.861142217s ago: executing program 4 (id=6153): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) unshare(0x28060400) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0xe, 0x0, 0x0, 0x0) io_uring_setup(0x1694, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000680)=[@acquire], 0x0, 0x0, 0x0}) 2.75314532s ago: executing program 3 (id=6154): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0) 2.146070343s ago: executing program 3 (id=6155): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$binder_debug(0xffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x201, 0x440) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000180)={0x6, 0x0, 0x1fd, 0x5, 0xfffffffffffffffd, 0x7f, 0x104, 0x1}, 0x0, &(0x7f0000000440)={0x3ff, 0x6, 0xae07, 0x9, 0x4, 0x9, 0x80000006, 0x6}, 0x0, 0x0) 1.879564768s ago: executing program 3 (id=6156): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0x24, r3, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2}]}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00'}) recvmsg(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000280)=""/159, 0x9f}, 0x3) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000840)=@newtfilter={0x48, 0x2c, 0x42f, 0x870bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'geneve1\x00'}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_newrule={0x24, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1}, [@FRA_DST={0x8, 0x1, @empty}]}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x0) 1.879288639s ago: executing program 4 (id=6157): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[]) 1.574986355s ago: executing program 6 (id=6158): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) syz_emit_ethernet(0x15, &(0x7f00000003c0)={@remote, @empty, @val={@void, {0x8100, 0x5, 0x1, 0x4}}, {@x25={0x805, {0x1, 0x6, 0xf3}}}}, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6(0xa, 0x3, 0x3c) writev(r4, 0x0, 0x0) setxattr(0x0, &(0x7f0000000080)=@known='trusted.overlay.origin\x00', 0x0, 0x0, 0x1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000002c0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, 0xd45, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x42}, 0x2810) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c00)={{r6}, 0x0, &(0x7f0000001bc0)=r5}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xfff2}, {0xfff3}}}, 0x24}}, 0x0) 1.298180721s ago: executing program 6 (id=6159): socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x388, 0x41d9fda7) write(0xffffffffffffffff, 0x0, 0x0) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) remap_file_pages(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x1, 0x4000) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r6, 0x12, 0x3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REQ_SET_REG(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="0408009a0002e20000ae50695058b225a5ba0ca954c5ee55bf341a28ecd060205edeb8312860e297f64d742d5f9346b76fa900000000ee81fe5b413c672d906162e7c0c24bbb491e3a999fa01e0e6cc27a9e0ee7ef9081de7159ee719f1c802c781882e3953627738c6b006f3611", @ANYBLOB="13000000", @ANYBLOB="103cfe8f4ba0e6fb8e67009f9f2160a71b5a330f2145b384c42066616d1f057771b900fe2757a02e20c1bb9ac7a06d0669058578cf1110b1c0cb6ccaa00da484114a20f6f1abd1cfa7c07aee"], 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x0) connect$bt_rfcomm(r6, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 394.872301ms ago: executing program 6 (id=6160): syz_open_dev$media(&(0x7f0000000380), 0x13, 0x0) syz_open_dev$media(&(0x7f0000000300), 0x0, 0x0) r0 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x30b5, 0x0, 0x2, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) r4 = openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/kernel/notes', 0x0, 0x15) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_ublk_add_dev(r0, r1, r2, r3, 0x0, &(0x7f0000000480)=0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) sched_setscheduler(0x0, 0x5, &(0x7f0000000500)=0x7fa) syz_ublk_setup_queues(r7, r5, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3, 0x255}, &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7ffffe, 0x400, 0x2100, 0x10000004, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x11e0, 0x1, 0xfffffffe, 0xae, 0x0, r4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xf911, 0x0, 0x0, 0x1f0, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xac1b, 0x8200, 0x2, 0x250}}], 0x1, &(0x7f0000000340)={0x2e, 0x44, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x1, {}, 0x1f, 0x0, '\x00', {0xfff6, 0x0, 0x0, 0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x6, 0x0, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) 275.728804ms ago: executing program 6 (id=6161): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000440)={@local, 0x1}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7cb, &(0x7f0000000100)={&(0x7f0000000780)={{@any, 0x1}, {@hyper, 0x3}, 0x400, "4145fdc5fec7663a106cef95c8d86f03d655b82e62dc5204ff06732791d90936bf31f7b4eafad3ed43e8da42de6780edce2e2f941399c9b9002a6a538fc1ebd3e994ce6fa4a67c775c476cdbedebbe34904cbe0d5808cf5892aa1e563f949f38cd2ebaa2c46464183ead798b1af0ba7ad5db77736a5329e7297e674242854f87ef03b0fba724523033529e64be44188740b9e9a0ba6944e9724c4aaa8470ab8d35a1746a1da4dfa2112cb5135d97efae0975e7fa5e421fe7ec12a8bbd7714076b63ddaca822d7c0383ccc4e21b11c8a0443850c05f4bb6716b6ba83016b709b44a9959c44daa717edf6b43f7c235fae47730ff2d435ed29d062451ab74bd9f65d9bf96e1afc645ca2249c89146fc815210d465ca0ede0acbfe1165b15d222ed668b79b14f901178d35e7421637588c887b0f2335ea84a442fc95bbcf0ea3b308ee18d913901cb8f40dd2798e781c4b1c620c23565b5bc18e25c206f772c863c8a8864f460c239033717d41f94fbf13b1d0c7271364bd6d144160e1df33fcb33e5d45a5e7ea4264d089397d7e022c6e1f37a2e464c01b4df6a906d3a46d9432ba1966d73aa0627491e3b3c33bee03ff2138896b64862910f24dbacc3c686e0059ff5915c8b69bce3c4022c5c80d574274d1107c9935898ae444a6c38dbd8319e778e1a86a293094bd98d0ae3ae2c32a4bcb20e0517c03e7b46839f4e3601ff98244ca5485cacbfe53c935cf14038bba908af19834a86b56cf68a7170448a434b55d66c080ea095b02ba4c3f8ba492c9e50111bf1b3085cc0f3938a58609a337e89eba9271ee071a8b9f3ab4ad0fc3c92a48cb6bc63ed74877d8425c88eb40d18c6260d2221dc295d1fa15b1235e28903ae5a4d3d358f6d3e2c87b110e38aab0fd1ca2c047b3ea826d8cd9b980b3fc64fbf38d0d3fed0057b30612880a3d93aa3e16e1c1902cc8c206d7732f426fbb063b020a03d08e3bcd4ff32c30c8ea424ea0c746e72c23e8d53576cc801bdf82f8bba865074e5dde3177820c24be87b9bd36e30a81d1d50b5aa0628262d46d19060ae37a33aa8e515fed3f8bfdf65ba5f8e11e4d517a50ce03f82bc5b3c8e9b3eb6572f1a686430170ce64bc1a61246fd99b2d8a3215104478eead271fcca07bc66e637d5543ad47147f5ad50cc5a203a37b7d2f67bb0387ae189ee7d5cfc0a421b0f0e6286aaf28a3eadfad1b8c83a26ac0a1d4a3846d93e14ec82be100278d94e35fc7b5f1feb833f1b975adb33bec5d777cfbdb2c5fe171e205fd6596b37ba646b9ecb163fabcd89a469f6ad539a80937748105298b0a6364d75c6de3cbcbb96c440d5489f3f47149551e7f53d3a22d837cfb59c3e43f0c95760791ed36ff84ae82a679e4e062461bda5db7c27fb00c3238266734bc7c16d45ce7cd3f0b7e63c309977816048f2400"}, 0x418, 0x4}) ioctl$IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, &(0x7f0000000040)={0x3, 0x2, 0x9}) 206.349645ms ago: executing program 3 (id=6162): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x80000}) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x200000000000001d, &(0x7f0000000480)=ANY=[@ANYBLOB="1700000004000080140d00005c00000002600000", @ANYRES32, @ANYBLOB="01000000000000000000000000000000000800006d439b68ce1e8360e4dddcd8024db10fd723857d9c4ddd87279b4578a6bafa74d97da20ec940a7616e00"/76, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002000000fcffffff00"/28], 0x50) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x9, 0xc, 0x8001, 0x0, 0x4, 0x6, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000002c0)=""/162, 0xa2, 0x10001) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg$sock(r4, &(0x7f00000044c0), 0x4000000000001c0, 0x0) r5 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x5, 0x4, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x10000, r5}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r6, 0x4001af84, &(0x7f0000000000)) ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0) close(r6) 189.209025ms ago: executing program 6 (id=6163): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0) 111.986367ms ago: executing program 5 (id=6164): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$binder_debug(0xffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x201, 0x440) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000180)={0x6, 0x0, 0x1fd, 0x5, 0xfffffffffffffffd, 0x7f, 0x104, 0x1}, 0x0, &(0x7f0000000440)={0x3ff, 0x6, 0xae07, 0x9, 0x4, 0x9, 0x80000006, 0x6}, 0x0, 0x0) 27.669749ms ago: executing program 6 (id=6165): openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) rmdir(&(0x7f00000000c0)='./bus\x00') ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1}) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x3, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x24}}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) 0s ago: executing program 5 (id=6166): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) r0 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x30b5, 0x0, 0x2, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup(r4) syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000640)={0x2e, 0x34, 0x0, r5, 0xc0207504, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffff801, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000002c0)=@any_dev={0x1, 0xeae, 0x0, 0x0, 0x1000, 0x690fc7e8, 0x0, 0x0, 0x15b}}}, &(0x7f00000006c0)=0x0) syz_ublk_setup_queues(r5, r6, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3, 0x255}, &(0x7f0000000a80)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7ffffe, 0x400, 0x40002100, 0x10000004, 0x0, r5}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x11e0, 0x8000, 0xfffffffb, 0x146}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xf910, 0x2000, 0x0, 0x801f0, 0x0, r5}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x587e, 0x8200, 0x2, 0x367}}], 0x1, &(0x7f0000000340)={0x2e, 0x50, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x1, {}, 0x1f, 0x0, '\x00', {0xfff9, 0x0, 0x0, 0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xa, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) kernel console output (not intermixed with test programs): ontrol event. [ 1410.215395][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1410.253744][T19540] dvb-usb: error while querying for an remote control event. [ 1410.426955][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1410.434508][T19540] dvb-usb: error while querying for an remote control event. [ 1410.546585][T19545] libceph: connect (1)[c::]:6789 error -101 [ 1410.552744][T19545] libceph: mon0 (1)[c::]:6789 connect error [ 1410.605553][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1410.611465][T19540] dvb-usb: error while querying for an remote control event. [ 1410.797049][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1410.803836][T19540] dvb-usb: error while querying for an remote control event. [ 1410.828774][T11493] team0 (unregistering): Port device team_slave_1 removed [ 1410.942031][T11493] team0 (unregistering): Port device team_slave_0 removed [ 1410.981746][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1410.987688][T19540] dvb-usb: error while querying for an remote control event. [ 1411.029477][T11493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1411.111103][T22462] ceph: No mds server is up or the cluster is laggy [ 1411.175793][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1411.181598][T19540] dvb-usb: error while querying for an remote control event. [ 1411.830627][ T5877] dvb-usb: bulk message failed: -22 (1/0) [ 1411.900782][ T5877] dvb-usb: error while querying for an remote control event. [ 1411.939187][T11493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1412.182637][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1412.188526][T19540] dvb-usb: error while querying for an remote control event. [ 1412.462869][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1412.469109][T19540] dvb-usb: error while querying for an remote control event. [ 1412.650122][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1412.662914][T19540] dvb-usb: error while querying for an remote control event. [ 1412.893770][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1412.899715][T19540] dvb-usb: error while querying for an remote control event. [ 1413.072045][T11493] team0 (unregistering): Port device dummy0 removed [ 1413.079921][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1413.102018][T19540] dvb-usb: error while querying for an remote control event. [ 1413.149800][T11493] bond0 (unregistering): Released all slaves [ 1413.265594][T19540] dvb-usb: bulk message failed: -22 (1/0) [ 1413.271411][T19540] dvb-usb: error while querying for an remote control event. [ 1413.304027][T22460] vlan2: entered allmulticast mode [ 1413.330048][T22460] veth1_macvtap: entered allmulticast mode [ 1413.405054][T22461] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 1413.445801][T13311] dvb-usb: bulk message failed: -22 (1/0) [ 1413.505841][T13311] dvb-usb: error while querying for an remote control event. [ 1413.586390][T13311] usb 4-1: USB disconnect, device number 52 [ 1413.722984][T13311] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1413.798926][T22492] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4781'. [ 1413.886718][T22501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4783'. [ 1414.941227][T22504] binder_alloc: 22491: binder_alloc_buf, no vma [ 1416.617785][T11493] IPVS: stop unused estimator thread 0... [ 1419.806967][T19573] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1420.344828][T19573] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1420.383563][T19573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1420.437526][T19573] usb 6-1: config 0 descriptor?? [ 1420.463751][T19573] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1420.514030][T22299] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1420.557355][T22299] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1420.603637][T22299] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1420.647026][T22299] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1420.778618][T19573] gspca_spca508: reg_read err -71 [ 1420.804988][T19573] gspca_spca508: reg_read err -71 [ 1420.835096][T19573] gspca_spca508: reg_read err -71 [ 1420.854719][T19573] gspca_spca508: reg_read err -71 [ 1420.881135][T19573] gspca_spca508: reg_read err -71 [ 1420.894870][T19573] gspca_spca508: reg write: error -71 [ 1420.911070][T19573] spca508: probe of 6-1:0.0 failed with error -71 [ 1420.957393][T19573] usb 6-1: USB disconnect, device number 3 [ 1421.018286][T22299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1421.078740][T22299] 8021q: adding VLAN 0 to HW filter on device team0 [ 1421.112444][T11493] bridge0: port 1(bridge_slave_0) entered blocking state [ 1421.119597][T11493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1421.165551][T11498] bridge0: port 2(bridge_slave_1) entered blocking state [ 1421.172783][T11498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1423.300933][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.446066][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.495053][T22299] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1423.591159][T22299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1423.860166][T22569] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4792'. [ 1424.762356][T22299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1424.944153][T22299] veth0_vlan: entered promiscuous mode [ 1424.994368][T22299] veth1_vlan: entered promiscuous mode [ 1425.052581][T22299] veth0_macvtap: entered promiscuous mode [ 1425.201244][T22299] veth1_macvtap: entered promiscuous mode [ 1425.224635][T22299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1425.761847][T22299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1425.905430][T22299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1425.935471][T22299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1426.000713][T22299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1426.089417][T22299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1426.113480][T22299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1426.138221][T22299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1426.161769][T22299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1426.162068][T22599] xt_HMARK: spi-set and port-set can't be combined [ 1426.179154][T22299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1426.199263][T22299] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.257990][T22299] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.273697][T22299] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.725102][T22299] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.975830][T19545] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1426.984024][T11493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1427.005128][T11493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1427.149110][ T8847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1427.206181][T19545] usb 4-1: Using ep0 maxpacket: 32 [ 1427.207574][ T8847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1427.220319][T19545] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 1427.234338][T19545] usb 4-1: config 0 has no interface number 0 [ 1427.268765][T19545] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1427.309954][T19545] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 1427.324328][T19545] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 1427.334318][T19545] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1427.342908][T19545] usb 4-1: Product: syz [ 1427.355570][T19545] usb 4-1: Manufacturer: syz [ 1427.360405][T19545] usb 4-1: SerialNumber: syz [ 1427.397274][T19545] usb 4-1: config 0 descriptor?? [ 1427.403021][T22606] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1427.426471][T22606] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1427.590461][T22622] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1428.301125][T19545] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 1428.969425][T19545] usb 4-1: USB disconnect, device number 53 [ 1429.062737][T10508] udevd[10508]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1430.466207][T22645] binfmt_misc: register: failed to install interpreter file ./file0 [ 1430.534730][T22650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4809'. [ 1430.998091][T22666] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1436.219094][T22712] kernel profiling enabled (shift: 9) [ 1442.105351][T19545] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 1442.278556][T19545] usb 3-1: device descriptor read/64, error -71 [ 1442.578160][T19545] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 1442.757731][T19545] usb 3-1: device descriptor read/64, error -71 [ 1442.917129][T19545] usb usb3-port1: attempt power cycle [ 1444.175520][T19545] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 1444.997552][T19545] usb 3-1: device descriptor read/8, error -71 [ 1445.327300][T19545] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 1445.371759][T19545] usb 3-1: device descriptor read/8, error -71 [ 1445.515846][T19545] usb usb3-port1: unable to enumerate USB device [ 1449.806188][T22883] binder: 22880:22883 ioctl 4018620d 0 returned -22 [ 1449.880552][T22881] syzkaller0: entered promiscuous mode [ 1449.915344][T22881] syzkaller0: entered allmulticast mode [ 1450.100855][T22896] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1450.122397][T22895] overlayfs: failed to clone lowerpath [ 1453.146560][T22922] FAT-fs (nullb0): bogus number of reserved sectors [ 1453.153736][T22922] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 1454.402476][T22929] binder: 22928:22929 ioctl 4018620d 0 returned -22 [ 1455.691112][T22944] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1455.875329][ T5816] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1456.180851][ T5816] usb 4-1: Using ep0 maxpacket: 8 [ 1456.276048][ T5816] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 1456.303591][ T5816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1456.347507][ T5816] usb 4-1: Product: syz [ 1456.390529][ T5816] usb 4-1: Manufacturer: syz [ 1456.403788][ T5816] usb 4-1: SerialNumber: syz [ 1456.455484][ T5816] usb 4-1: config 0 descriptor?? [ 1456.497713][ T5816] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state. [ 1456.563936][ T5816] dvb-usb: bulk message failed: -22 (2/0) [ 1456.607073][ T5816] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1456.618197][ T5816] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201)) [ 1456.627316][ T5816] usb 4-1: media controller created [ 1456.736105][ T5816] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1456.777969][ T5816] cxusb: set interface failed [ 1456.795685][ T5816] dvb-usb: bulk message failed: -22 (1/0) [ 1456.853159][ T5816] DVB: Unable to find symbol mt352_attach() [ 1456.859263][ T5816] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)' [ 1456.975343][ T5816] rc_core: IR keymap rc-dvico-portable not found [ 1456.981749][ T5816] Registered IR keymap rc-empty [ 1456.989074][ T5816] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 1457.001693][ T5816] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input50 [ 1457.016013][ T5816] dvb-usb: schedule remote query interval to 100 msecs. [ 1457.023043][ T5816] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected. [ 1457.060658][ T5816] usb 4-1: USB disconnect, device number 54 [ 1457.129583][ T5816] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected. [ 1459.016914][T22954] raw_sendmsg: syz.3.4876 forgot to set AF_INET. Fix it! [ 1459.083277][T22954] ceph: No mds server is up or the cluster is laggy [ 1459.128460][T19545] libceph: connect (1)[c::]:6789 error -101 [ 1459.142992][T18840] Bluetooth: hci3: Malformed LE Event: 0x1b [ 1459.173012][T19545] libceph: mon0 (1)[c::]:6789 connect error [ 1459.268556][T22965] binder: 22963:22965 ioctl 4018620d 0 returned -22 [ 1459.427569][T22968] fuse: Unknown parameter '0x0000000000000004' [ 1459.474733][ T28] kauditd_printk_skb: 63 callbacks suppressed [ 1459.474749][ T28] audit: type=1326 audit(1782772092.457:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1459.554125][ T28] audit: type=1326 audit(1782772092.457:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1459.595308][ T28] audit: type=1326 audit(1782772092.457:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1459.665635][ T28] audit: type=1326 audit(1782772092.457:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1459.779278][ T28] audit: type=1326 audit(1782772092.457:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1459.907021][ T28] audit: type=1326 audit(1782772092.517:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1460.033674][ T28] audit: type=1326 audit(1782772092.517:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1461.095663][ T28] audit: type=1326 audit(1782772092.517:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1461.225903][ T28] audit: type=1326 audit(1782772092.517:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1461.294120][ T28] audit: type=1326 audit(1782772092.517:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.4881" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1461.342576][T22987] syzkaller0: entered promiscuous mode [ 1461.351865][T22987] syzkaller0: entered allmulticast mode [ 1462.313729][T22997] binder: 22996:22997 ioctl c0306201 0 returned -14 [ 1463.233832][T23005] fuse: Unknown parameter '0x0000000000000004' [ 1465.704690][T23025] binder: 23024:23025 ioctl c0306201 0 returned -14 [ 1466.359977][T19571] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1466.585619][T19571] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1466.645781][T19571] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1466.674261][T19571] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1466.715504][T19571] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.764960][T19571] usb 4-1: config 0 descriptor?? [ 1466.792516][T19571] smsusb:smsusb_probe: board id=8, interface number 0 [ 1466.805465][T19571] smsusb:smsusb_probe: Device initialized with return code -19 [ 1468.822531][T19540] usb 4-1: USB disconnect, device number 55 [ 1469.125326][T19573] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1469.338625][T23043] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4903'. [ 1469.475333][T19573] usb 3-1: Using ep0 maxpacket: 8 [ 1469.486916][T19573] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1469.495947][T19573] usb 3-1: config 179 has no interface number 0 [ 1469.502307][T19573] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1469.614289][T19573] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1469.670812][T19573] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1469.738229][T19573] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1469.862362][T19573] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1470.255440][T19573] usb 3-1: config 179 interface 65 has no altsetting 0 [ 1470.265607][T19573] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1470.275114][T19573] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1470.410171][T23052] binder: 23051:23052 ioctl c0306201 0 returned -14 [ 1470.423035][T19573] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input51 [ 1470.578129][ T5126] input input51: unable to receive magic message: -110 [ 1470.727741][ T5126] input input51: unable to receive magic message: -32 [ 1470.870452][ T5126] input input51: unable to receive magic message: -32 [ 1470.960033][ T5126] input input51: unable to receive magic message: -32 [ 1470.996003][ T5126] input input51: unable to receive magic message: -32 [ 1471.094554][ T5126] input input51: unable to receive magic message: -32 [ 1471.125386][T23064] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3659427032 (29275416256 ns) > initial count (39424 ns). Using initial count to start timer. [ 1471.241035][T23063] syzkaller0: entered promiscuous mode [ 1471.246805][T23063] syzkaller0: entered allmulticast mode [ 1471.294194][T19573] usb 3-1: USB disconnect, device number 47 [ 1471.300754][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1471.335105][T19573] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1475.935284][T19540] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1476.206601][T19540] usb 6-1: Using ep0 maxpacket: 16 [ 1476.231238][T19540] usb 6-1: New USB device found, idVendor=086a, idProduct=0002, bcdDevice= 0.40 [ 1476.245950][T19540] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1476.424193][T19540] usb 6-1: Product: 伀閿꺂⸍삳⫗뵶畎᭑듋暯ࡳ뺍࿸؀芔릑꽃㫄즘咧治茿熚臨졆㿥╅ஃ峣ꎛ඲環㑇˄⳧曘릜Ⴉᚼ쭡Ὦ릙捍邅ꢂ쟼掝ʠ뤵㲒茲︀骈븡贈鏺 [ 1476.513109][T19540] usb 6-1: Manufacturer: Ь [ 1476.523263][T19540] usb 6-1: SerialNumber: syz [ 1477.065685][ T5877] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 1477.258247][ T5877] usb 5-1: Using ep0 maxpacket: 16 [ 1477.266466][ T5877] usb 5-1: config 251 has an invalid interface number: 202 but max is 0 [ 1477.275197][ T5877] usb 5-1: config 251 has no interface number 0 [ 1477.282278][ T5877] usb 5-1: config 251 interface 202 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1477.292645][ T5877] usb 5-1: config 251 interface 202 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 1477.302887][ T5877] usb 5-1: config 251 interface 202 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 1477.313981][ T5877] usb 5-1: config 251 interface 202 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 1477.325315][ T5877] usb 5-1: config 251 interface 202 altsetting 1 has an invalid endpoint with address 0xC1, skipping [ 1477.336268][ T5877] usb 5-1: config 251 interface 202 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1477.349569][ T5877] usb 5-1: config 251 interface 202 has no altsetting 0 [ 1477.359064][ T5877] usb 5-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=bb.c9 [ 1477.380951][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1477.389372][ T5877] usb 5-1: Product: syz [ 1477.393744][ T5877] usb 5-1: SerialNumber: syz [ 1477.635602][ T5877] cxacru 5-1:251.202: usbatm_usb_probe: bind failed: -19! [ 1477.659516][ T5877] usb 5-1: USB disconnect, device number 11 [ 1478.995965][T19540] usb 6-1: USB disconnect, device number 4 [ 1480.492655][T18840] Bluetooth: hci3: Malformed LE Event: 0x1b [ 1481.396552][T23128] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1481.404947][T23128] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1482.027469][T23153] syzkaller0: entered promiscuous mode [ 1482.043509][T23153] syzkaller0: entered allmulticast mode [ 1482.806221][T18840] Bluetooth: hci4: Malformed LE Event: 0x1b [ 1484.763059][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.769635][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1490.337310][T19575] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 1490.630136][T19575] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1490.644260][T19575] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.663437][T19575] usb 5-1: Product: syz [ 1490.675287][T19575] usb 5-1: Manufacturer: syz [ 1490.679995][T19575] usb 5-1: SerialNumber: syz [ 1490.718602][T19575] usb 5-1: config 0 descriptor?? [ 1490.731269][T19575] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 012 [ 1491.167630][T19575] (null): failure reading functionality [ 1491.399737][T23230] hpfs: Bad magic ... probably not HPFS [ 1491.522177][T23181] Set syz1 is full, maxelem 65536 reached [ 1492.947046][T19575] i2c i2c-1: failure reading functionality [ 1492.960245][T19575] i2c i2c-1: connected i2c-tiny-usb device [ 1492.977098][T19575] usb 5-1: USB disconnect, device number 12 [ 1493.496792][T23271] binder: 23270:23271 ioctl c0306201 0 returned -14 [ 1498.121196][T23313] binder: 23308:23313 ioctl c0306201 0 returned -14 [ 1499.419747][T23324] syzkaller0: entered promiscuous mode [ 1499.435278][T23324] syzkaller0: entered allmulticast mode [ 1499.599496][T23331] binder: BINDER_SET_CONTEXT_MGR already set [ 1499.617046][T23331] binder: 23330:23331 ioctl 4018620d 200000004a80 returned -16 [ 1500.765536][T19545] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1500.997762][T19545] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1501.012642][T19545] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1501.036017][T19545] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1501.052563][T19545] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1501.101790][T19545] usb 6-1: config 0 descriptor?? [ 1501.119219][T19545] smsusb:smsusb_probe: board id=8, interface number 0 [ 1501.145738][T19545] smsusb:smsusb_probe: Device initialized with return code -19 [ 1502.618192][T19573] usb 6-1: USB disconnect, device number 5 [ 1502.893185][T23356] binder: 23355:23356 ioctl c0306201 0 returned -14 [ 1503.184323][T23361] trusted_key: syz.3.4997 sent an empty control message without MSG_MORE. [ 1509.477014][T19545] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1509.808297][T19545] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1509.823880][T19545] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1509.844867][T19545] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1509.854860][T19545] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1509.873302][T19545] usb 4-1: config 0 descriptor?? [ 1509.884121][T19545] smsusb:smsusb_probe: board id=8, interface number 0 [ 1509.894766][T19545] smsusb:smsusb_probe: Device initialized with return code -19 [ 1511.966765][T13311] usb 4-1: USB disconnect, device number 56 [ 1513.013323][T19545] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1513.365474][T19545] usb 5-1: Using ep0 maxpacket: 32 [ 1513.469532][T19545] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1513.608589][T19545] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1513.645994][T19545] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1513.703057][T23442] vlan2: entered allmulticast mode [ 1513.706953][T19545] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1513.732270][T19545] usb 5-1: Product: syz [ 1513.744593][T19545] usb 5-1: Manufacturer: syz [ 1513.752472][T19545] usb 5-1: SerialNumber: syz [ 1513.768781][T19545] usb 5-1: config 0 descriptor?? [ 1516.625163][T19545] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1516.982393][T13311] usb 5-1: USB disconnect, device number 13 [ 1517.681527][T19545] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1517.692636][T19545] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1517.705807][T19545] usb 4-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1517.715004][T19545] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1517.755639][T19545] usb 4-1: config 0 descriptor?? [ 1517.863110][T19545] smsusb:smsusb_probe: board id=8, interface number 0 [ 1517.938425][T19545] smsusb:smsusb_probe: Device initialized with return code -19 [ 1519.153167][T19540] usb 4-1: USB disconnect, device number 57 [ 1519.236898][T23499] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1519.650253][T23506] vlan2: entered allmulticast mode [ 1519.681386][T23506] veth1_macvtap: entered allmulticast mode [ 1520.176071][T23516] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1520.413655][T23515] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5036'. [ 1521.059731][T18840] Bluetooth: hci3: Malformed LE Event: 0x1b [ 1522.080727][T23545] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5050'. [ 1524.300518][T19573] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1524.439590][T19571] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1524.485500][T19573] usb 3-1: Using ep0 maxpacket: 32 [ 1524.504336][T19573] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1524.522861][T19573] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1524.548439][T19573] usb 3-1: config 0 descriptor?? [ 1524.625369][T19571] usb 4-1: Using ep0 maxpacket: 32 [ 1524.639886][T19571] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1524.658371][T19571] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.676661][T19571] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1524.686120][T19571] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1524.694325][T19571] usb 4-1: Product: syz [ 1524.699524][T19571] usb 4-1: Manufacturer: syz [ 1524.704266][T19571] usb 4-1: SerialNumber: syz [ 1524.775494][T19573] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1524.804291][T19573] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1524.829120][T19573] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1524.839435][T19573] usb 3-1: media controller created [ 1524.877614][T19573] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1524.925622][T19571] usb 4-1: Invalid number of CPorts: 0 [ 1524.931229][T19571] es2_ap_driver: probe of 4-1:7.0 failed with error -22 [ 1525.925726][T19573] stb0899_attach: Driver disabled by Kconfig [ 1525.952390][T19573] az6027: no front-end attached [ 1525.952390][T19573] [ 1525.980534][T19573] az6027: usb out operation failed. (-71) [ 1525.986810][T19573] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1526.016440][T19573] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input53 [ 1526.042080][T19573] dvb-usb: schedule remote query interval to 400 msecs. [ 1526.065332][T19573] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1526.100973][T19573] usb 3-1: USB disconnect, device number 49 [ 1526.198534][T19573] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1526.795516][T19573] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1527.005463][T19573] usb 6-1: Using ep0 maxpacket: 32 [ 1527.018324][T19573] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1527.028216][T19573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1527.070859][T19573] usb 6-1: config 0 descriptor?? [ 1527.197459][T19575] usb 4-1: USB disconnect, device number 58 [ 1527.364686][T19573] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1527.376243][T19573] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1527.396352][T19573] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1527.412394][T19573] usb 6-1: media controller created [ 1527.461039][T19573] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1529.304302][T19573] az6027: usb out operation failed. (-71) [ 1529.459489][T19573] stb0899_attach: Driver disabled by Kconfig [ 1529.471653][T19573] az6027: no front-end attached [ 1529.471653][T19573] [ 1529.480294][T19573] az6027: usb out operation failed. (-71) [ 1529.487501][T19573] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1529.498219][T19573] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input54 [ 1529.512189][T19573] dvb-usb: schedule remote query interval to 400 msecs. [ 1529.522667][T19573] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1529.543251][T19573] usb 6-1: USB disconnect, device number 6 [ 1529.548098][ T28] kauditd_printk_skb: 108 callbacks suppressed [ 1529.548113][ T28] audit: type=1326 audit(1782772162.527:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1529.584763][ T28] audit: type=1326 audit(1782772162.557:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1529.617317][ T28] audit: type=1326 audit(1782772162.567:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1529.697085][T19573] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1529.709377][ T28] audit: type=1326 audit(1782772162.567:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1529.750188][ T28] audit: type=1326 audit(1782772162.567:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1529.795718][ T28] audit: type=1326 audit(1782772162.637:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1529.843541][ T28] audit: type=1326 audit(1782772162.637:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1529.875530][ T28] audit: type=1326 audit(1782772162.637:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1529.900236][ T28] audit: type=1326 audit(1782772162.647:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1529.935468][ T28] audit: type=1326 audit(1782772162.647:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23610 comm="syz.4.5073" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1535.218568][ T28] kauditd_printk_skb: 66 callbacks suppressed [ 1535.218580][ T28] audit: type=1326 audit(1782772168.137:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1535.515425][ T28] audit: type=1326 audit(1782772168.137:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1535.550971][ T28] audit: type=1326 audit(1782772168.137:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1535.655380][ T28] audit: type=1326 audit(1782772168.137:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1535.804656][ T28] audit: type=1326 audit(1782772168.277:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1535.864215][ T28] audit: type=1326 audit(1782772168.287:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1535.978147][ T28] audit: type=1326 audit(1782772168.287:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1536.010921][ T28] audit: type=1326 audit(1782772168.297:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1536.075391][ T28] audit: type=1326 audit(1782772168.297:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1536.115427][ T28] audit: type=1326 audit(1782772168.297:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23664 comm="syz.4.5085" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff82535d68e code=0x7ffc0000 [ 1536.400218][T23674] Bluetooth: hci3: Malformed LE Event: 0x1b [ 1538.015708][T23674] Bluetooth: hci3: command 0x0406 tx timeout [ 1540.716501][T23719] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1540.736261][T23717] overlayfs: failed to resolve './file0': -2 [ 1544.253893][T23766] overlayfs: failed to resolve './file0': -2 [ 1546.215657][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.227696][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1549.380490][T23816] syzkaller0: entered promiscuous mode [ 1549.400554][T23816] syzkaller0: entered allmulticast mode [ 1552.445390][T19540] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1552.895772][T19540] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1553.112819][T19540] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1553.178022][T19540] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1553.198745][T19540] usb 6-1: Product: syz [ 1553.209133][T19540] usb 6-1: Manufacturer: syz [ 1553.222015][T19540] usb 6-1: SerialNumber: syz [ 1553.619454][T18840] Bluetooth: hci4: Malformed LE Event: 0x1b [ 1555.091714][T19540] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1555.158271][T19540] usb 6-1: USB disconnect, device number 7 [ 1555.199186][T19540] usblp0: removed [ 1556.690980][T23904] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1557.821250][T18840] Bluetooth: hci3: unexpected event for opcode 0x040d [ 1559.765341][T19540] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1559.913571][T18840] Bluetooth: hci4: Malformed LE Event: 0x1b [ 1560.031513][T19540] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1560.103417][T19540] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1560.379922][T19540] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1560.415685][T19540] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1560.438477][T19540] usb 4-1: Product: syz [ 1560.443082][T19540] usb 4-1: Manufacturer: syz [ 1560.459333][T19540] usb 4-1: SerialNumber: syz [ 1560.722632][T23949] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1561.457554][T23928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1561.466801][T23928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1561.491526][T19540] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 1561.510024][T19540] usb 4-1: USB disconnect, device number 59 [ 1562.135451][T19540] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1562.365556][T19540] usb 4-1: Using ep0 maxpacket: 8 [ 1562.427070][T19540] usb 4-1: config index 0 descriptor too short (expected 301, got 72) [ 1562.514039][T19540] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1562.675841][T19540] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1562.712878][T19540] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1562.740495][T19540] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1563.962600][T19540] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1564.048603][T19540] usb 4-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1564.323284][T18840] Bluetooth: hci3: Malformed LE Event: 0x1b [ 1564.323874][T13311] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1564.416979][T19540] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1564.594507][T19540] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.628599][T19540] usb 4-1: can't set config #16, error -71 [ 1564.670600][T19540] usb 4-1: USB disconnect, device number 60 [ 1564.696893][T13311] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1564.729264][T13311] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1564.762986][T13311] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1564.814374][T13311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.851098][T13311] usb 5-1: config 0 descriptor?? [ 1564.869033][T13311] smsusb:smsusb_probe: board id=8, interface number 0 [ 1564.886961][T13311] smsusb:smsusb_probe: Device initialized with return code -19 [ 1565.320944][T23984] IPVS: dh: FWM 3 0x00000003 - no destination available [ 1565.340080][T19573] IPVS: starting estimator thread 0... [ 1565.545738][T23985] IPVS: using max 16 ests per chain, 38400 per kthread [ 1566.091642][T23989] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1566.884864][T19573] usb 5-1: USB disconnect, device number 14 [ 1569.636292][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.643104][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.649888][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.669097][T24019] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1569.845528][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.854105][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.862244][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.870384][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1569.881188][T24019] wlan0 speed is unknown, defaulting to 1000 [ 1570.931248][T24030] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1571.025649][T19545] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1571.380192][T19545] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1571.452770][T19545] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1571.562267][T19545] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1571.641388][T19545] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1571.797721][T19545] usb 6-1: config 0 descriptor?? [ 1572.474039][T19545] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 1572.499566][T19545] cp2112 0003:10C4:EA90.0008: item fetching failed at offset 5/7 [ 1572.509516][T19545] cp2112 0003:10C4:EA90.0008: parse failed [ 1572.522812][T19545] cp2112: probe of 0003:10C4:EA90.0008 failed with error -22 [ 1572.674198][T19545] usb 6-1: USB disconnect, device number 8 [ 1574.414468][ T28] kauditd_printk_skb: 61 callbacks suppressed [ 1574.414484][ T28] audit: type=1326 audit(1782772207.397:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1574.548878][ T28] audit: type=1326 audit(1782772207.397:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1574.585828][T24071] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1574.759975][ T28] audit: type=1326 audit(1782772207.397:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1574.784433][ C1] vkms_vblank_simulate: vblank timer overrun [ 1575.600100][ T28] audit: type=1326 audit(1782772207.397:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1575.686307][ T28] audit: type=1326 audit(1782772207.437:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1575.818002][ T28] audit: type=1326 audit(1782772207.477:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1575.888749][ T28] audit: type=1326 audit(1782772207.497:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1575.980518][ T28] audit: type=1326 audit(1782772207.497:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1576.024532][ T28] audit: type=1326 audit(1782772207.497:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1576.108543][T24090] binder_alloc: 24089: binder_alloc_buf, no vma [ 1576.117388][ T28] audit: type=1326 audit(1782772207.497:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24059 comm="syz.3.5195" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1578.275367][T24108] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1582.415834][ T28] kauditd_printk_skb: 55 callbacks suppressed [ 1582.415852][ T28] audit: type=1326 audit(1782772215.397:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1583.831604][ T28] audit: type=1326 audit(1782772215.397:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1583.857172][ T28] audit: type=1326 audit(1782772215.397:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1583.884207][ T28] audit: type=1326 audit(1782772215.397:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1583.909878][ T28] audit: type=1326 audit(1782772215.397:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f10aa99ce59 code=0x7ffc0000 [ 1583.934882][ T28] audit: type=1326 audit(1782772215.457:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1583.965784][ T28] audit: type=1326 audit(1782772215.457:2195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1583.991996][ T28] audit: type=1326 audit(1782772215.457:2196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1584.021218][ T28] audit: type=1326 audit(1782772215.457:2197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1584.075323][ T28] audit: type=1326 audit(1782772215.467:2198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24140 comm="syz.3.5218" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f10aa95d68e code=0x7ffc0000 [ 1585.831643][T24192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5231'. [ 1586.574806][T24197] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1587.485716][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 1587.485761][ T28] audit: type=1326 audit(1782772220.467:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f543ab9ce59 code=0x7ffc0000 [ 1587.783585][ T28] audit: type=1326 audit(1782772220.507:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f543ab9ce59 code=0x7ffc0000 [ 1587.808149][ T28] audit: type=1326 audit(1782772220.587:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f543ab9ce59 code=0x7ffc0000 [ 1587.832716][ T28] audit: type=1326 audit(1782772220.597:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f543ab9ce59 code=0x7ffc0000 [ 1587.857215][ T28] audit: type=1326 audit(1782772220.657:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f543ab5d68e code=0x7ffc0000 [ 1587.881711][ T28] audit: type=1326 audit(1782772220.667:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f543ab5d68e code=0x7ffc0000 [ 1587.906052][ T28] audit: type=1326 audit(1782772220.647:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f543ab9ce59 code=0x7ffc0000 [ 1587.930319][ T28] audit: type=1326 audit(1782772220.667:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f543ab5d68e code=0x7ffc0000 [ 1587.964325][ T28] audit: type=1326 audit(1782772220.677:2242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f543ab5d68e code=0x7ffc0000 [ 1588.029893][ T28] audit: type=1326 audit(1782772220.697:2243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24198 comm="syz.5.5234" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f543ab5d68e code=0x7ffc0000 [ 1589.391413][T24239] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1589.422131][T24240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5244'. [ 1592.801759][T24278] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1593.863264][T24288] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5259'. [ 1596.842974][T24325] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1598.016107][T19573] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1598.060701][T24340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5272'. [ 1598.235337][T19573] usb 4-1: Using ep0 maxpacket: 32 [ 1598.246307][T19573] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1598.254902][T19573] usb 4-1: config 0 has no interface number 0 [ 1598.265589][T19573] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1598.355681][T19573] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1598.395345][T19573] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1598.758999][T19573] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1598.776356][T19573] usb 4-1: Product: syz [ 1598.780765][T19573] usb 4-1: Manufacturer: syz [ 1598.835532][T19573] usb 4-1: SerialNumber: syz [ 1598.884252][T19573] usb 4-1: config 0 descriptor?? [ 1598.938643][T19573] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1598.966595][T19573] em28xx 4-1:0.89: Video interface 89 found: [ 1599.002116][T24347] binder: BINDER_SET_CONTEXT_MGR already set [ 1599.052759][T24347] binder: 24346:24347 ioctl 4018620d 200000004a80 returned -16 [ 1600.358170][T19573] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 1601.661975][T19573] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 1601.687692][T19573] em28xx 4-1:0.89: board has no eeprom [ 1601.772044][T19573] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 1601.782558][T24374] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1601.796560][T19573] em28xx 4-1:0.89: analog set to bulk mode. [ 1601.824852][T19545] em28xx 4-1:0.89: Registering V4L2 extension [ 1601.863733][T19573] usb 4-1: USB disconnect, device number 61 [ 1601.872764][T24379] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5282'. [ 1601.893850][T19573] em28xx 4-1:0.89: Disconnecting em28xx [ 1602.100183][T19545] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 1602.110965][T19545] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 1602.122707][T19545] em28xx 4-1:0.89: No AC97 audio processor [ 1602.148824][T19545] usb 4-1: Decoder not found [ 1602.153458][T19545] em28xx 4-1:0.89: failed to create media graph [ 1602.164714][T19545] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 1602.267505][T19545] em28xx 4-1:0.89: Registering snapshot button... [ 1602.307010][T19545] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input55 [ 1602.429536][T19545] em28xx 4-1:0.89: Remote control support is not available for this card. [ 1602.465204][T19573] em28xx 4-1:0.89: Closing input extension [ 1602.491789][T19573] em28xx 4-1:0.89: Deregistering snapshot button [ 1602.668958][T19573] em28xx 4-1:0.89: Freeing device [ 1604.211989][T24410] binder: BINDER_SET_CONTEXT_MGR already set [ 1604.238792][T24410] binder: 24408:24410 ioctl 4018620d 200000004a80 returned -16 [ 1604.298586][T24416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5292'. [ 1604.577799][T18840] Bluetooth: hci4: command 0x0406 tx timeout [ 1604.961538][T24429] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5294'. [ 1605.152115][T24429] wlan0 speed is unknown, defaulting to 1000 [ 1606.302616][T24446] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1607.619853][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.628879][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.205316][T19540] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 1608.319775][T24476] fuse: Bad value for 'fd' [ 1608.414314][T19540] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1608.423888][T19540] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1608.434865][T19540] usb 5-1: Product: syz [ 1608.439360][T19540] usb 5-1: Manufacturer: syz [ 1608.444899][T19540] usb 5-1: SerialNumber: syz [ 1608.459794][T19540] usb 5-1: config 0 descriptor?? [ 1608.698036][T19540] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1610.376754][T24493] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1611.243763][T24495] netlink: 'syz.2.5313': attribute type 6 has an invalid length. [ 1611.253625][T24495] netlink: 'syz.2.5313': attribute type 6 has an invalid length. [ 1612.487648][T19540] usb 5-1: dvb_usb_v2: will use the device's hardware PID filter (table count: 32) [ 1612.505029][T19540] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 1612.538993][T19540] usb 5-1: media controller created [ 1612.573442][T19540] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1612.600738][T19540] dvb_usb_rtl28xxu 5-1:0.0: unknown tuner NONE [ 1612.761539][T19540] usb 5-1: USB disconnect, device number 15 [ 1614.449333][T24542] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1617.602432][T24578] syz.4.5335 (24578) used obsolete PPPIOCDETACH ioctl [ 1618.201489][T24585] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1618.460729][T24587] fuse: Invalid rootmode [ 1618.967300][T11493] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1619.017951][T11493] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1619.069991][T23674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1619.088902][T23674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1619.098789][T23674] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1619.109239][T23674] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1619.122385][T23674] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1619.129991][T23674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1619.299441][T24591] wlan0 speed is unknown, defaulting to 1000 [ 1619.369499][T11493] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1619.381338][T11493] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1619.463727][T23674] Bluetooth: hci4: command 0x0406 tx timeout [ 1619.583281][T11493] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1619.624699][T11493] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1620.516856][T11493] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1620.532318][T11493] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1621.728951][T23674] Bluetooth: hci0: command tx timeout [ 1622.499352][T24626] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1622.604309][T24628] fuse: Invalid rootmode [ 1622.699918][T24591] chnl_net:caif_netlink_parms(): no params data found [ 1623.109312][T24591] bridge0: port 1(bridge_slave_0) entered blocking state [ 1623.150992][T24591] bridge0: port 1(bridge_slave_0) entered disabled state [ 1623.197159][T24591] bridge_slave_0: entered allmulticast mode [ 1623.234852][T24591] bridge_slave_0: entered promiscuous mode [ 1623.248249][T24591] bridge0: port 2(bridge_slave_1) entered blocking state [ 1623.272639][T24591] bridge0: port 2(bridge_slave_1) entered disabled state [ 1623.290280][T24591] bridge_slave_1: entered allmulticast mode [ 1623.302711][T24591] bridge_slave_1: entered promiscuous mode [ 1623.442288][T24591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1623.468793][T24591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1624.195847][T18840] Bluetooth: hci0: command tx timeout [ 1625.255812][T24591] team0: Port device team_slave_0 added [ 1625.293356][T24591] team0: Port device team_slave_1 added [ 1626.256812][T18840] Bluetooth: hci0: command tx timeout [ 1626.382354][T24591] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1626.419253][T24591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1626.454128][T24591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1626.624240][T24677] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1626.675053][T24591] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1626.742727][T24591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1626.986396][T24591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1627.038883][T24591] hsr_slave_0: entered promiscuous mode [ 1627.045772][T24591] hsr_slave_1: entered promiscuous mode [ 1627.052332][T24591] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1627.076299][T24591] Cannot create hsr debugfs directory [ 1627.405132][T24684] fuse: Bad value for 'rootmode' [ 1628.465135][T18840] Bluetooth: hci0: command tx timeout [ 1629.532542][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 1629.532552][ T28] audit: type=1326 audit(1782772262.517:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1629.655881][ T28] audit: type=1326 audit(1782772262.517:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1629.690742][ T28] audit: type=1326 audit(1782772262.557:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1629.746802][T11493] hsr_slave_0: left promiscuous mode [ 1629.755744][ T28] audit: type=1326 audit(1782772262.557:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1629.781397][T11493] hsr_slave_1: left promiscuous mode [ 1629.817145][ T28] audit: type=1326 audit(1782772262.577:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1630.606122][T11493] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1630.628275][ T28] audit: type=1326 audit(1782772262.577:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1631.020412][T11493] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1631.066044][ T28] audit: type=1326 audit(1782772262.577:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1631.091356][ T28] audit: type=1326 audit(1782772262.577:2299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1631.116463][ T28] audit: type=1326 audit(1782772262.577:2300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24703 comm="syz.4.5362" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff82539ce59 code=0x7ffc0000 [ 1631.336277][T11493] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1631.343797][T11493] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1631.366058][T24729] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1631.430689][T11493] bridge_slave_1: left allmulticast mode [ 1631.445604][T11493] bridge_slave_1: left promiscuous mode [ 1631.452010][T11493] bridge0: port 2(bridge_slave_1) entered disabled state [ 1631.462083][T11493] bridge_slave_0: left allmulticast mode [ 1631.467988][T11493] bridge_slave_0: left promiscuous mode [ 1631.473855][T11493] bridge0: port 1(bridge_slave_0) entered disabled state [ 1631.847718][T11493] veth1_macvtap: left promiscuous mode [ 1631.897469][T11493] veth0_macvtap: left promiscuous mode [ 1631.914382][T11493] veth1_vlan: left promiscuous mode [ 1631.923211][T11493] veth0_vlan: left promiscuous mode [ 1632.571198][T24742] fuse: Bad value for 'rootmode' [ 1633.953932][ T28] audit: type=1326 audit(1782772266.937:2301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24750 comm="syz.2.5373" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccadf9ce59 code=0x7ffc0000 [ 1637.165957][T24763] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1638.107933][T24790] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5383'. [ 1639.153438][T11493] team0 (unregistering): Port device team_slave_1 removed [ 1639.331227][T11493] team0 (unregistering): Port device team_slave_0 removed [ 1639.531822][T11493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1639.602556][T11493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1640.208729][T11493] bond0 (unregistering): Released all slaves [ 1640.336542][T19573] usb 3-1: new full-speed USB device number 50 using dummy_hcd [ 1640.343270][T24789] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5383'. [ 1640.568990][T19573] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1640.595343][T19573] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping [ 1640.710076][T19573] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1641.348037][T24810] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1641.592861][T19573] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1641.617155][T19573] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1641.625487][T19573] usb 3-1: Product: syz [ 1641.629678][T19573] usb 3-1: Manufacturer: syz [ 1641.634297][T19573] usb 3-1: SerialNumber: syz [ 1641.653899][T19573] usb 3-1: config 0 descriptor?? [ 1641.662757][T19573] radio-si470x 3-1:0.0: could not find interrupt in endpoint [ 1641.672004][T19573] radio-si470x: probe of 3-1:0.0 failed with error -5 [ 1641.682317][T19573] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1642.201825][T11493] IPVS: stop unused estimator thread 0... [ 1642.339239][T24591] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1642.349804][T24591] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1642.357596][T19573] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1642.373718][T24591] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1642.384511][T24591] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1642.481364][T24591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1642.509466][T24591] 8021q: adding VLAN 0 to HW filter on device team0 [ 1642.524333][T11511] bridge0: port 1(bridge_slave_0) entered blocking state [ 1642.531563][T11511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1642.548012][T19573] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1642.563527][T11498] bridge0: port 2(bridge_slave_1) entered blocking state [ 1642.570916][T11498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1642.570916][T19573] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1642.608001][T19573] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1642.620324][T19573] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1642.645682][T19573] usb 5-1: config 0 descriptor?? [ 1642.655059][T24591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1642.670357][T19573] smsusb:smsusb_probe: board id=8, interface number 0 [ 1642.678676][T19573] smsusb:smsusb_probe: Device initialized with return code -19 [ 1642.883466][ T5877] usb 5-1: USB disconnect, device number 16 [ 1643.141709][T19540] usb 3-1: USB disconnect, device number 50 [ 1643.144369][T24591] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1643.497590][T24591] veth0_vlan: entered promiscuous mode [ 1643.558820][T24591] veth1_vlan: entered promiscuous mode [ 1643.812524][T24591] veth0_macvtap: entered promiscuous mode [ 1643.845519][T24591] veth1_macvtap: entered promiscuous mode [ 1643.858749][T24591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1643.858772][T24591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.858787][T24591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1643.858800][T24591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.860131][T24591] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1643.871697][T24591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.871718][T24591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.871733][T24591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.871745][T24591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.873086][T24591] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1643.989050][T24591] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.385886][T24591] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.455744][T24591] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.492378][T24591] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1645.359531][T11511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1645.404425][T11511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1645.521734][T11493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1645.634025][T11493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1647.035446][T19540] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1647.218203][T19540] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1647.254718][T19540] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1647.293202][T19540] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1647.329108][T19540] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1647.358714][T19540] usb 6-1: config 0 descriptor?? [ 1647.368753][T19540] smsusb:smsusb_probe: board id=8, interface number 0 [ 1647.384012][T19540] smsusb:smsusb_probe: Device initialized with return code -19 [ 1647.614987][T19540] usb 6-1: USB disconnect, device number 9 [ 1648.153651][T18840] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1651.465403][T19545] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1651.675377][T19545] usb 5-1: Using ep0 maxpacket: 8 [ 1651.693845][T19545] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1651.722809][T19545] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1651.751032][T19545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1651.812828][T19545] usb 5-1: config 0 descriptor?? [ 1651.842154][T19545] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1653.399952][T19540] usb 5-1: USB disconnect, device number 17 [ 1657.517792][T25055] fuse: Unknown parameter 'user_id00000000000000000000' [ 1659.142262][T25067] netlink: 68 bytes leftover after parsing attributes in process `syz.5.5440'. [ 1661.406626][T23674] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1661.423695][T23674] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1661.433266][T23674] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1661.536025][T23674] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1661.553507][T23674] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1661.565668][T23674] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1661.712306][T25079] wlan0 speed is unknown, defaulting to 1000 [ 1663.795624][T23674] Bluetooth: hci1: command tx timeout [ 1663.988352][T25079] chnl_net:caif_netlink_parms(): no params data found [ 1664.070311][T18840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1664.100919][T18840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1664.136132][T18840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1664.144396][T18840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1664.164191][T18840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1664.187117][T18840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1665.013817][T25102] wlan0 speed is unknown, defaulting to 1000 [ 1665.926825][T25128] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1666.114870][T23674] Bluetooth: hci1: command tx timeout [ 1666.201027][T25079] bridge0: port 1(bridge_slave_0) entered blocking state [ 1666.238113][T25079] bridge0: port 1(bridge_slave_0) entered disabled state [ 1666.265392][T23674] Bluetooth: hci2: command tx timeout [ 1667.073850][T25079] bridge_slave_0: entered allmulticast mode [ 1667.100317][T25079] bridge_slave_0: entered promiscuous mode [ 1667.252645][T25079] bridge0: port 2(bridge_slave_1) entered blocking state [ 1667.285659][T25079] bridge0: port 2(bridge_slave_1) entered disabled state [ 1667.297326][T25079] bridge_slave_1: entered allmulticast mode [ 1667.346792][T25079] bridge_slave_1: entered promiscuous mode [ 1667.435497][T25146] kvm: vcpu 0: requested 39424 ns lapic timer period limited to 200000 ns [ 1667.476354][T25146] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3659427032 (29275416256 ns) > initial count (200000 ns). Using initial count to start timer. [ 1667.757615][T25079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1667.855429][T19573] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 1667.919520][T25079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1668.065409][T19573] usb 4-1: Using ep0 maxpacket: 32 [ 1668.185473][T23674] Bluetooth: hci1: command tx timeout [ 1668.187822][T25079] team0: Port device team_slave_0 added [ 1668.345371][T23674] Bluetooth: hci2: command tx timeout [ 1668.372062][T19571] libceph: connect (1)[c::]:6789 error -101 [ 1668.382851][T19571] libceph: mon0 (1)[c::]:6789 connect error [ 1668.689143][T19571] libceph: connect (1)[c::]:6789 error -101 [ 1668.701684][T19571] libceph: mon0 (1)[c::]:6789 connect error [ 1668.769668][T19573] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1668.816340][T19573] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1668.829764][T19573] usb 4-1: can't read configurations, error -71 [ 1668.876737][T25079] team0: Port device team_slave_1 added [ 1668.965480][T25157] ceph: No mds server is up or the cluster is laggy [ 1669.059606][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.066184][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.369927][T25079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1669.385390][T25079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1669.466183][T25079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1669.498430][T25079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1669.505981][T25079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1669.534883][T25079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1669.604806][T25102] chnl_net:caif_netlink_parms(): no params data found [ 1669.616795][T11511] IPVS: stopping backup sync thread 17610 ... [ 1670.140818][T25079] hsr_slave_0: entered promiscuous mode [ 1670.155991][T25079] hsr_slave_1: entered promiscuous mode [ 1670.172871][T25079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1670.200649][T25079] Cannot create hsr debugfs directory [ 1670.277200][T23674] Bluetooth: hci1: command tx timeout [ 1670.415651][T23674] Bluetooth: hci2: command tx timeout [ 1671.103975][T25194] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1671.835715][T25102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1671.842902][T25102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1671.882593][T25102] bridge_slave_0: entered allmulticast mode [ 1671.903725][T25102] bridge_slave_0: entered promiscuous mode [ 1671.956235][T25102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1672.074300][T25102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1672.082091][T25102] bridge_slave_1: entered allmulticast mode [ 1672.092499][T25102] bridge_slave_1: entered promiscuous mode [ 1672.607483][T23674] Bluetooth: hci2: command tx timeout [ 1672.792998][T25102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1672.806377][T25102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1672.918342][T11511] hsr_slave_0: left promiscuous mode [ 1672.975581][T11511] hsr_slave_1: left promiscuous mode [ 1673.003928][T11511] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1673.031759][T11511] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1673.047330][T11511] bridge_slave_1: left allmulticast mode [ 1673.053035][T11511] bridge_slave_1: left promiscuous mode [ 1673.061422][T11511] bridge0: port 2(bridge_slave_1) entered disabled state [ 1673.071143][T11511] bridge_slave_0: left allmulticast mode [ 1673.077458][T11511] bridge_slave_0: left promiscuous mode [ 1673.083442][T11511] bridge0: port 1(bridge_slave_0) entered disabled state [ 1673.295654][T19540] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1673.338505][T11511] bond1 (unregistering): Released all slaves [ 1673.525707][T19540] usb 6-1: Using ep0 maxpacket: 32 [ 1673.552901][T19540] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1673.740966][T19540] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1673.773911][T19540] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1673.887235][T19540] usb 6-1: Product: syz [ 1673.921394][T19540] usb 6-1: Manufacturer: syz [ 1673.971055][T19540] usb 6-1: SerialNumber: syz [ 1674.037625][T19540] usb 6-1: config 0 descriptor?? [ 1674.067827][T25215] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1674.083468][T19540] hub 6-1:0.0: bad descriptor, ignoring hub [ 1674.105588][T19540] hub: probe of 6-1:0.0 failed with error -5 [ 1674.450086][T25226] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1674.641653][T25225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1674.721787][T25225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1675.300196][T25229] loop5: detected capacity change from 0 to 7 [ 1675.315066][T25229] Dev loop5: unable to read RDB block 7 [ 1675.333290][T25229] loop5: AHDI p1 p2 [ 1675.337568][T25229] loop5: partition table partially beyond EOD, truncated [ 1675.345562][T25229] loop5: p1 start 1818582900 is beyond EOD, truncated [ 1675.980099][T19540] usb 6-1: USB disconnect, device number 10 [ 1676.114019][T11511] team0 (unregistering): Port device team_slave_1 removed [ 1676.196395][T19540] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 1676.228166][T11511] team0 (unregistering): Port device team_slave_0 removed [ 1676.311727][T11511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1676.396579][T19540] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 1676.411022][T11511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1676.422929][T19540] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1676.451407][T19540] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1676.460538][T19540] usb 6-1: Product: syz [ 1676.464741][T19540] usb 6-1: Manufacturer: syz [ 1676.470083][T19540] usb 6-1: SerialNumber: syz [ 1676.516216][T19540] usb 6-1: config 0 descriptor?? [ 1676.522099][T25225] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1676.548796][T19540] hub 6-1:0.0: bad descriptor, ignoring hub [ 1676.554779][T19540] hub: probe of 6-1:0.0 failed with error -5 [ 1676.785623][T19572] usb 6-1: USB disconnect, device number 11 [ 1678.336097][T11511] team0 (unregistering): Port device dummy0 removed [ 1678.464777][T11511] bond0 (unregistering): Released all slaves [ 1678.607479][T25102] team0: Port device team_slave_0 added [ 1678.616666][T25102] team0: Port device team_slave_1 added [ 1678.679627][T25239] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5473'. [ 1678.721930][T25102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1678.739625][T25102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1678.772818][T25102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1678.893445][T25102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1678.902731][T25102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1678.984448][T25102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1679.987584][T25102] hsr_slave_0: entered promiscuous mode [ 1680.091164][T25102] hsr_slave_1: entered promiscuous mode [ 1680.505897][T19572] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1680.715383][T19572] usb 4-1: Using ep0 maxpacket: 8 [ 1680.733368][T19572] usb 4-1: config 0 interface 0 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1680.764774][T19572] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1680.776922][T19572] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 1680.803394][T19572] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1680.828995][T19572] usb 4-1: config 0 descriptor?? [ 1681.476463][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.484216][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.495581][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.502975][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.510942][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.518317][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.526484][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.533813][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.548702][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.559646][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.569211][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.578975][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.591474][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.601827][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.609310][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.612241][T11511] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1681.618150][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.637758][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.645547][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.653160][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.662353][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.670199][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.677622][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.685299][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.692643][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.730622][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.760189][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.783224][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.790948][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.799157][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.806562][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.814214][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.823315][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.832210][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.839507][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.847321][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.854710][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.863462][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.870894][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.878859][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.886293][T19572] corsair 0003:1B1C:1B34.0009: unknown main item tag 0x0 [ 1681.922914][T19572] corsair 0003:1B1C:1B34.0009: hidraw0: USB HID v0.c1 Device [HID 1b1c:1b34] on usb-dummy_hcd.3-1/input0 [ 1681.964545][T19572] usb 4-1: USB disconnect, device number 64 [ 1682.073018][T11511] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1682.220765][T25287] fido_id[25287]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1682.241519][T11511] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1682.403367][T11511] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1682.482277][T25079] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1682.525540][T25079] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1682.548563][T25079] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1682.573778][T25079] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1682.733154][T25079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1682.781929][T25079] 8021q: adding VLAN 0 to HW filter on device team0 [ 1682.843438][T11498] bridge0: port 1(bridge_slave_0) entered blocking state [ 1682.850667][T11498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1682.952978][T11498] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.960170][T11498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1683.163158][T25102] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1683.203244][T25102] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1683.322010][T25102] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1683.374165][T25102] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1683.451878][T25079] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1686.188859][T25079] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1686.627612][T25102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1687.470277][T25102] 8021q: adding VLAN 0 to HW filter on device team0 [ 1688.229542][T11493] bridge0: port 1(bridge_slave_0) entered blocking state [ 1688.236766][T11493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1688.398477][T11493] bridge0: port 2(bridge_slave_1) entered blocking state [ 1688.405723][T11493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1688.591852][T25102] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1688.605116][T25102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1688.711691][T25079] veth0_vlan: entered promiscuous mode [ 1688.797968][T11511] hsr_slave_0: left promiscuous mode [ 1688.843493][T11511] hsr_slave_1: left promiscuous mode [ 1688.886209][T11511] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1688.947561][T11511] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1689.030838][T11511] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1689.067304][T11511] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1689.200515][T11511] bridge_slave_1: left allmulticast mode [ 1689.274697][T11511] bridge_slave_1: left promiscuous mode [ 1689.369146][T11511] bridge0: port 2(bridge_slave_1) entered disabled state [ 1689.407574][T11511] bridge_slave_0: left allmulticast mode [ 1689.424001][T11511] bridge_slave_0: left promiscuous mode [ 1689.445112][T11511] bridge0: port 1(bridge_slave_0) entered disabled state [ 1689.576580][T11511] veth1_macvtap: left promiscuous mode [ 1689.582497][T11511] veth0_macvtap: left promiscuous mode [ 1689.588903][T11511] veth1_vlan: left promiscuous mode [ 1689.594522][T11511] veth0_vlan: left promiscuous mode [ 1691.102237][T11511] team0 (unregistering): Port device team_slave_1 removed [ 1691.214843][T11511] team0 (unregistering): Port device team_slave_0 removed [ 1691.300879][T11511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1691.370407][T11511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1692.109348][T11511] bond0 (unregistering): Released all slaves [ 1692.412683][T25079] veth1_vlan: entered promiscuous mode [ 1692.630078][T25079] veth0_macvtap: entered promiscuous mode [ 1693.133751][T25079] veth1_macvtap: entered promiscuous mode [ 1693.254201][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1693.317817][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.377006][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1693.428318][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.518731][T25079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1693.581280][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1693.598345][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.625513][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1693.649429][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1693.681990][T25079] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1693.996401][T25079] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.080020][T25079] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.091826][T25079] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.104120][T25079] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.129232][T25102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1694.401334][ T8847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1694.448182][ T8847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1694.602795][T11493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1694.636943][T11493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1695.444193][T25102] veth0_vlan: entered promiscuous mode [ 1695.601157][T25102] veth1_vlan: entered promiscuous mode [ 1695.771333][T25102] veth0_macvtap: entered promiscuous mode [ 1695.838130][T25102] veth1_macvtap: entered promiscuous mode [ 1696.007195][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1696.115341][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1696.170858][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1696.206298][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1696.231799][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1696.262591][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1696.294845][T25102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1696.351153][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1696.713152][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1696.768435][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1696.819171][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1698.078485][T25102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1698.093425][T25102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1698.107184][T25102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1698.173890][T25102] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1698.225669][T25102] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1698.281626][T25102] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1698.331530][T25102] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1698.780486][ T8851] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1698.865288][ T8851] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1699.074719][ T8851] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1699.105985][ T8851] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1701.026071][T19573] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1701.337466][T19573] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1701.347822][T19573] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1701.360913][T19573] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1701.370276][T19573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1701.389634][T19573] usb 6-1: config 0 descriptor?? [ 1701.412354][T19573] smsusb:smsusb_probe: board id=8, interface number 0 [ 1701.451851][T19573] smsusb:smsusb_probe: Device initialized with return code -19 [ 1701.809995][T25571] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1701.818050][T25571] bond0: (slave bond1): Enslaving as an active interface with an up link [ 1702.245385][T19573] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1702.465434][T19573] usb 4-1: Using ep0 maxpacket: 8 [ 1702.487104][T19573] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 1702.571637][T19573] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1702.621648][T19573] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1702.651182][T19573] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1702.678973][T19573] usb 4-1: config 0 descriptor?? [ 1703.744417][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.755495][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.765599][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.772562][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.785369][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.797532][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.810396][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.818011][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.825007][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.832974][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.865396][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.907916][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.942518][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1703.992392][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.044096][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.096950][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.103973][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.155361][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.162358][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.258009][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.301828][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.332261][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.352692][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.385441][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.422996][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.465667][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.472713][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.561435][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.645937][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.652930][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1704.716762][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.558884][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.569221][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.579147][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.587639][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.594761][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.604921][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.614875][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.622468][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.635359][T19573] lenovo 0003:17EF:6047.000A: unknown main item tag 0x0 [ 1705.657072][T19573] lenovo 0003:17EF:6047.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 1705.725519][T19573] lenovo 0003:17EF:6047.000A: Failed to switch F7/9/11 mode: -71 [ 1705.788785][T13311] usb 6-1: USB disconnect, device number 12 [ 1705.827587][T19573] lenovo 0003:17EF:6047.000A: Failed to switch middle button: -71 [ 1705.905529][T19573] lenovo 0003:17EF:6047.000A: Fn-lock setting failed: -71 [ 1705.985541][T19573] lenovo 0003:17EF:6047.000A: Sensitivity setting failed: -71 [ 1706.303516][T19573] usb 4-1: USB disconnect, device number 65 [ 1710.535524][T19573] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1710.761320][T19573] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1710.819379][T19573] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1710.908365][T19573] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1711.037290][T19573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1711.151454][T19573] usb 6-1: config 0 descriptor?? [ 1711.201821][T19573] smsusb:smsusb_probe: board id=8, interface number 0 [ 1711.241128][T19573] smsusb:smsusb_probe: Device initialized with return code -19 [ 1712.478072][T19573] usb 6-1: USB disconnect, device number 13 [ 1723.496049][T19573] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1723.705515][T19573] usb 6-1: Using ep0 maxpacket: 32 [ 1723.727394][T19573] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1723.751681][T19573] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1723.790281][T19573] usb 6-1: config 0 descriptor?? [ 1724.051151][T19573] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1724.073546][T19573] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1724.091997][T19573] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1724.132421][T19573] usb 6-1: media controller created [ 1724.201996][T19573] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1724.278207][T19573] az6027: usb out operation failed. (-71) [ 1724.301013][T19573] az6027: usb out operation failed. (-71) [ 1724.321744][T19573] stb0899_attach: Driver disabled by Kconfig [ 1724.350894][T19573] az6027: no front-end attached [ 1724.350894][T19573] [ 1724.378653][T19573] az6027: usb out operation failed. (-71) [ 1724.397807][T19573] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1724.430795][T19573] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input56 [ 1724.485837][T19573] dvb-usb: schedule remote query interval to 400 msecs. [ 1724.513345][T19573] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1724.804760][T19573] usb 6-1: USB disconnect, device number 14 [ 1724.951720][T19573] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1727.860484][T25841] fuse: Bad value for 'fd' [ 1730.635791][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.737454][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1738.956729][T25967] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5621'. [ 1744.152359][T26018] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5633'. [ 1744.845464][T19572] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1745.094344][T19572] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1745.131305][T19572] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1745.196175][T19572] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1745.242706][T19572] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.303719][T19572] usb 6-1: config 0 descriptor?? [ 1745.366715][T19572] smsusb:smsusb_probe: board id=8, interface number 0 [ 1745.419247][T19572] smsusb:smsusb_probe: Device initialized with return code -19 [ 1748.937298][T19571] usb 6-1: USB disconnect, device number 15 [ 1751.923234][T23674] Bluetooth: hci2: link tx timeout [ 1751.933024][T23674] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1754.015399][T18840] Bluetooth: hci2: command 0x0406 tx timeout [ 1754.315340][ T10] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1755.184253][T26148] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1755.507432][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1757.136046][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1757.152578][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1757.166328][ T10] usb 4-1: can't set config #1, error -71 [ 1757.174728][ T10] usb 4-1: USB disconnect, device number 66 [ 1769.394826][T26300] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5688'. [ 1772.806361][T26344] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5702'. [ 1777.271246][T26407] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5713'. [ 1777.945831][T26421] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5717'. [ 1779.755627][T26474] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5729'. [ 1782.840403][T13311] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1783.197947][T13311] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1783.289048][T13311] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1783.534006][T13311] usb 7-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1783.559942][T13311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1783.610748][T13311] usb 7-1: config 0 descriptor?? [ 1783.667091][T13311] smsusb:smsusb_probe: board id=8, interface number 0 [ 1783.674461][T13311] smsusb:smsusb_probe: Device initialized with return code -19 [ 1783.780907][T18840] Bluetooth: hci1: command 0x0406 tx timeout [ 1785.813841][ T5816] usb 7-1: USB disconnect, device number 2 [ 1791.938848][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.945516][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1811.019935][T26777] fuse: Bad value for 'fd' [ 1812.547498][T26801] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1813.651169][T26823] fuse: Bad value for 'fd' [ 1815.721651][T26846] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1817.364872][T26868] fuse: Bad value for 'fd' [ 1820.441002][T26891] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1824.735815][T23674] Bluetooth: hci0: command 0x0406 tx timeout [ 1826.945354][T19573] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1827.807838][T19573] usb 7-1: Using ep0 maxpacket: 8 [ 1827.816910][T19573] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 1827.875500][T19573] usb 7-1: config 179 has no interface number 0 [ 1827.905837][T19573] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1827.947779][T19573] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1828.030342][T19573] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1828.085871][T19573] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1828.144605][T19573] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1828.166776][T19573] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1828.177410][T19573] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1828.257591][T26945] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1829.151833][T19573] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input57 [ 1832.415369][T13311] usb 7-1: USB disconnect, device number 3 [ 1832.415550][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1832.434176][ C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 1832.465790][T13311] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1843.445776][T13311] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1844.105452][T13311] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1844.182305][T13311] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1844.251574][T13311] usb 7-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1844.265694][T13311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1844.289909][T13311] usb 7-1: config 0 descriptor?? [ 1844.327697][T13311] smsusb:smsusb_probe: board id=8, interface number 0 [ 1844.368796][T13311] smsusb:smsusb_probe: Device initialized with return code -19 [ 1846.357054][T27121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1846.454991][T27121] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1848.165920][T19571] usb 7-1: USB disconnect, device number 4 [ 1849.760657][T27140] binder: 27139:27140 ioctl 4018620d 0 returned -22 [ 1850.755888][T27149] fuse: Bad value for 'fd' [ 1850.939912][T27152] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 1851.682009][T27157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5921'. [ 1853.381304][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.455720][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1854.056393][T27180] binder: 27178:27180 ioctl 4018620d 0 returned -22 [ 1859.881780][T27237] binder: 27236:27237 ioctl c0306201 0 returned -14 [ 1863.009359][T19545] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1864.248657][T19545] usb 5-1: Using ep0 maxpacket: 8 [ 1864.270684][T19545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1864.311325][T19545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1864.434925][T19545] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1864.526908][T19545] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 173 [ 1864.580632][T19545] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1864.666874][T19545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1864.706544][T19545] usb 5-1: config 0 descriptor?? [ 1864.747740][T27278] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1864.921468][T27290] binder: 27289:27290 ioctl c0306201 0 returned -14 [ 1865.080032][ C0] Bluetooth: hci4: Unexpected continuation: 1 bytes [ 1865.088899][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.096518][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.105742][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.112669][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.119637][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.126744][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.133569][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.141861][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.148776][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.155606][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.162419][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.169253][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.176100][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.182980][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.190157][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.197224][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.204205][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.211891][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.218865][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.225848][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.233252][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.242101][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.249213][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.256183][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.263190][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.270343][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.277694][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.285973][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.296163][T23674] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1865.383774][T19545] usb 5-1: USB disconnect, device number 18 [ 1865.386706][T18840] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 1870.349073][T27344] binder: 27343:27344 ioctl c0306201 0 returned -14 [ 1875.618846][T27376] binder: 27375:27376 ioctl c0306201 0 returned -14 [ 1878.123401][T27399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5995'. [ 1879.281789][T27416] binder: 27415:27416 ioctl c0306201 0 returned -14 [ 1881.425976][T27443] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6009'. [ 1887.178624][T27494] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6020'. [ 1892.053885][T27542] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1896.666633][T27580] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1901.779220][T27612] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1906.381056][T27638] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1908.624664][T19575] libceph: connect (1)[c::]:6789 error -101 [ 1908.637772][T19575] libceph: mon0 (1)[c::]:6789 connect error [ 1908.665041][T27654] ceph: No mds server is up or the cluster is laggy [ 1908.939117][T19575] libceph: connect (1)[c::]:6789 error -101 [ 1908.953207][T19575] libceph: mon0 (1)[c::]:6789 connect error [ 1913.346965][T27691] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6072'. [ 1914.705311][ T5816] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1914.876947][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.883368][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.485328][ T5816] usb 7-1: Using ep0 maxpacket: 32 [ 1917.100856][ T5816] usb 7-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1917.279469][ T5816] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1917.289168][ T5816] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1917.300096][ T5816] usb 7-1: config 0 descriptor?? [ 1917.388438][ T5816] usb 7-1: can't set config #0, error -71 [ 1917.407095][ T5816] usb 7-1: USB disconnect, device number 5 [ 1917.461934][T27717] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6083'. [ 1917.922310][T27727] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6085'. [ 1922.045652][ T5816] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 1922.255393][ T5816] usb 7-1: Using ep0 maxpacket: 16 [ 1922.281982][ T5816] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1922.303696][ T5816] usb 7-1: config 8 has an invalid interface number: 46 but max is 0 [ 1922.334852][ T5816] usb 7-1: config 8 has no interface number 0 [ 1922.358934][ T5816] usb 7-1: config 8 interface 46 has no altsetting 0 [ 1922.389197][ T5816] usb 7-1: New USB device found, idVendor=2040, idProduct=1700, bcdDevice=a7.db [ 1922.404942][ T5816] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1922.429526][ T5816] usb 7-1: Product: syz [ 1922.446904][ T5816] usb 7-1: Manufacturer: syz [ 1922.455068][ T5816] usb 7-1: SerialNumber: syz [ 1922.679022][ T5816] smsusb:smsusb_probe: board id=5, interface number 46 [ 1922.695833][ T5877] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1922.708853][ T5816] usb 7-1: USB disconnect, device number 6 [ 1922.935326][ T5877] usb 5-1: Using ep0 maxpacket: 32 [ 1922.969877][ T5877] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1923.537425][ T5877] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1923.591440][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1923.635341][ T5877] usb 5-1: Product: syz [ 1923.640935][ T5877] usb 5-1: Manufacturer: syz [ 1923.656523][ T5877] usb 5-1: SerialNumber: syz [ 1923.810834][ T5877] usb 5-1: config 0 descriptor?? [ 1923.959500][T27787] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1923.967633][ T5877] hub 5-1:0.0: bad descriptor, ignoring hub [ 1924.753063][ T5877] hub: probe of 5-1:0.0 failed with error -5 [ 1924.946610][ T5877] usb 5-1: USB disconnect, device number 19 [ 1926.426550][ T5877] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1926.795471][ T5877] usb 6-1: Using ep0 maxpacket: 16 [ 1927.196873][ T5877] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1927.245723][T27834] fuse: Bad value for 'fd' [ 1927.295742][ T5877] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1927.352999][ T5877] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1927.395502][ T5877] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 30768, setting to 1024 [ 1927.445544][ T5877] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1927.488967][ T5877] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 1927.569994][ T5877] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1927.628740][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1927.781042][ T5877] usb 6-1: SerialNumber: syz [ 1927.837303][T27816] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1927.879580][T27816] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1929.730251][ T5877] cdc_acm 6-1:1.0: ttyACM0: USB ACM device [ 1929.808936][ T5877] usb 6-1: USB disconnect, device number 16 [ 1930.635406][T19545] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1930.985625][T19545] usb 4-1: Using ep0 maxpacket: 32 [ 1931.089617][T19545] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1931.174334][T19545] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1931.253395][T19545] usb 4-1: config 0 descriptor?? [ 1931.975028][T19545] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1932.036621][T19545] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1932.050333][T19545] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1932.060508][T19545] usb 4-1: media controller created [ 1932.795521][T27886] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 1932.806401][T19545] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1932.960063][T19545] az6027: usb out operation failed. (-71) [ 1932.994767][T19545] az6027: usb out operation failed. (-71) [ 1933.011239][T19545] stb0899_attach: Driver disabled by Kconfig [ 1933.044635][T19545] az6027: no front-end attached [ 1933.044635][T19545] [ 1933.105743][T19545] az6027: usb out operation failed. (-71) [ 1933.158555][T19545] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1933.215602][T19545] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input58 [ 1933.265532][T19545] dvb-usb: schedule remote query interval to 400 msecs. [ 1933.272555][T19545] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1933.356216][T19545] usb 4-1: USB disconnect, device number 67 [ 1933.366557][T27895] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6134'. [ 1933.498039][T19545] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1933.656147][ T5877] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1933.727925][T27903] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6137'. [ 1934.177655][ T5877] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 1934.192743][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1934.212057][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1934.315492][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1934.331003][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1934.343385][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.201223][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.209236][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.225397][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.235354][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.243545][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.252611][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.262610][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.270890][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.279870][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.289746][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.299165][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.308166][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.317918][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.332639][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.351789][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.375354][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.395794][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1935.416959][ T5877] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1935.437020][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1935.457789][ T5877] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1935.467231][ T5877] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1935.489701][ T5877] usb 5-1: Product: syz [ 1935.494074][ T5877] usb 5-1: Manufacturer: syz [ 1935.622093][T27913] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1936.309753][ T5877] usb 5-1: SerialNumber: syz [ 1936.346451][ T5877] usb 5-1: config 0 descriptor?? [ 1936.358420][ T5877] yurex 5-1:0.0: Could not find endpoints [ 1936.384481][ T5877] usb 5-1: USB disconnect, device number 20 [ 1936.896159][T27931] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6145'. [ 1937.806495][T23674] Bluetooth: hci2: link tx timeout [ 1937.813443][T23674] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 1939.685678][T15911] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1939.897178][T15911] usb 6-1: Using ep0 maxpacket: 8 [ 1939.911420][T15911] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 1939.920020][T15911] usb 6-1: config 179 has no interface number 0 [ 1939.930115][T15911] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1939.942093][T15911] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1939.953930][T27941] Bluetooth: hci2: command 0x0406 tx timeout [ 1939.954110][T15911] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1939.976872][T15911] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1940.065515][T15911] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1940.096009][T15911] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1940.106298][T15911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1940.136113][T27952] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1940.422274][T15911] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input59 [ 1940.733931][ T5816] usb 6-1: USB disconnect, device number 17 [ 1940.733932][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1940.733981][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1940.772965][ T5816] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1940.855460][T15911] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1940.902961][T27971] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6158'. [ 1941.060015][T15911] usb 5-1: Using ep0 maxpacket: 32 [ 1941.878369][T15911] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1941.895579][T15911] usb 5-1: config 0 has no interface number 0 [ 1941.917755][T15911] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1941.928870][T15911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1942.035871][T15911] usb 5-1: Product: syz [ 1942.040111][T15911] usb 5-1: Manufacturer: syz [ 1942.045119][T15911] usb 5-1: SerialNumber: syz [ 1942.053397][T15911] usb 5-1: config 0 descriptor?? [ 1942.064869][T15911] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1942.324218][T15911] usb 5-1: qt2_attach - failed to power on unit: -71 [ 1942.415189][T27999] ================================================================== [ 1942.423305][T27999] BUG: KASAN: slab-use-after-free in dvb_device_open+0xc9/0x360 [ 1942.430973][T27999] Read of size 8 at addr ffff888145e46e18 by task syz.6.6165/27999 [ 1942.438882][T27999] [ 1942.441212][T27999] CPU: 0 PID: 27999 Comm: syz.6.6165 Not tainted syzkaller #0 [ 1942.448679][T27999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1942.458755][T27999] Call Trace: [ 1942.462042][T27999] [ 1942.464982][T27999] dump_stack_lvl+0x18c/0x250 [ 1942.469689][T27999] ? read_lock_is_recursive+0x20/0x20 [ 1942.475086][T27999] ? show_regs_print_info+0x20/0x20 [ 1942.480308][T27999] ? load_image+0x420/0x420 [ 1942.484834][T27999] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 1942.490321][T27999] ? __virt_addr_valid+0x10c/0x380 [ 1942.495488][T27999] ? __virt_addr_valid+0x10c/0x380 [ 1942.500622][T27999] ? __virt_addr_valid+0x10c/0x380 [ 1942.505757][T27999] print_report+0xa8/0x210 [ 1942.510206][T27999] ? dvb_device_open+0xc9/0x360 [ 1942.515077][T27999] kasan_report+0x117/0x150 [ 1942.519632][T27999] ? chrdev_open+0x385/0x600 [ 1942.524245][T27999] ? dvb_device_open+0xc9/0x360 [ 1942.529132][T27999] dvb_device_open+0xc9/0x360 [ 1942.533929][T27999] chrdev_open+0x58c/0x600 [ 1942.538363][T27999] ? cd_forget+0x160/0x160 [ 1942.542798][T27999] ? fsnotify_perm+0x3ed/0x5e0 [ 1942.547581][T27999] do_dentry_open+0x880/0x14b0 [ 1942.552366][T27999] ? cd_forget+0x160/0x160 [ 1942.556800][T27999] path_openat+0x284f/0x3270 [ 1942.561419][T27999] ? do_filp_open+0x430/0x430 [ 1942.566202][T27999] ? asan.module_dtor+0x20/0x20 [ 1942.571078][T27999] do_filp_open+0x1f2/0x430 [ 1942.575598][T27999] ? vfs_tmpfile+0x480/0x480 [ 1942.580216][T27999] ? _raw_spin_unlock+0x3a/0x40 [ 1942.585091][T27999] ? alloc_fd+0x590/0x640 [ 1942.589443][T27999] do_sys_openat2+0x134/0x1d0 [ 1942.594142][T27999] ? do_sys_open+0xe0/0xe0 [ 1942.598582][T27999] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 1942.604840][T27999] ? lock_chain_count+0x20/0x20 [ 1942.609721][T27999] __x64_sys_openat+0x139/0x160 [ 1942.614591][T27999] do_syscall_64+0x55/0xb0 [ 1942.619026][T27999] ? clear_bhb_loop+0x40/0x90 [ 1942.623728][T27999] ? clear_bhb_loop+0x40/0x90 [ 1942.628418][T27999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1942.634337][T27999] RIP: 0033:0x7fa383f5d68e [ 1942.638768][T27999] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1942.658400][T27999] RSP: 002b:00007fa384d6db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1942.666833][T27999] RAX: ffffffffffffffda RBX: 00007fa384d6e6c0 RCX: 00007fa383f5d68e [ 1942.674822][T27999] RDX: 0000000000000002 RSI: 00007fa384d6dc00 RDI: ffffffffffffff9c [ 1942.682811][T27999] RBP: 00007fa384d6dc00 R08: 0000000000000000 R09: 0000000000000000 [ 1942.690798][T27999] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 1942.698867][T27999] R13: 00007fa384216128 R14: 00007fa384216090 R15: 00007ffd491f0888 [ 1942.706861][T27999] [ 1942.709887][T27999] [ 1942.712212][T27999] Allocated by task 27886: [ 1942.716641][T27999] kasan_set_track+0x4e/0x70 [ 1942.721247][T27999] __kasan_kmalloc+0x8f/0xa0 [ 1942.725852][T27999] az6027_i2c_xfer+0x8c/0x1ac0 [ 1942.730730][T27999] __i2c_transfer+0x891/0x2090 [ 1942.735522][T27999] i2c_transfer+0x261/0x3a0 [ 1942.740038][T27999] i2cdev_ioctl_rdwr+0x3b0/0x690 [ 1942.745090][T27999] i2cdev_ioctl+0x6a0/0x840 [ 1942.749608][T27999] __se_sys_ioctl+0xfd/0x170 [ 1942.754211][T27999] do_syscall_64+0x55/0xb0 [ 1942.758642][T27999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1942.764554][T27999] [ 1942.766884][T27999] Freed by task 27886: [ 1942.770959][T27999] kasan_set_track+0x4e/0x70 [ 1942.775661][T27999] kasan_save_free_info+0x28/0x40 [ 1942.780707][T27999] ____kasan_slab_free+0x126/0x1f0 [ 1942.785828][T27999] slab_free_freelist_hook+0x130/0x1a0 [ 1942.791297][T27999] __kmem_cache_free+0xba/0x1f0 [ 1942.796168][T27999] az6027_i2c_xfer+0x1aa7/0x1ac0 [ 1942.801120][T27999] __i2c_transfer+0x891/0x2090 [ 1942.805899][T27999] i2c_transfer+0x261/0x3a0 [ 1942.810407][T27999] i2cdev_ioctl_rdwr+0x3b0/0x690 [ 1942.815363][T27999] i2cdev_ioctl+0x6a0/0x840 [ 1942.819899][T27999] __se_sys_ioctl+0xfd/0x170 [ 1942.824505][T27999] do_syscall_64+0x55/0xb0 [ 1942.828932][T27999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1942.834843][T27999] [ 1942.837178][T27999] The buggy address belongs to the object at ffff888145e46e00 [ 1942.837178][T27999] which belongs to the cache kmalloc-256 of size 256 [ 1942.851254][T27999] The buggy address is located 24 bytes inside of [ 1942.851254][T27999] freed 256-byte region [ffff888145e46e00, ffff888145e46f00) [ 1942.864984][T27999] [ 1942.867322][T27999] The buggy address belongs to the physical page: [ 1942.873758][T27999] page:ffffea0005179180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x145e46 [ 1942.884008][T27999] head:ffffea0005179180 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1942.892955][T27999] ksm flags: 0x57ff00000000840(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 1942.901383][T27999] page_type: 0xffffffff() [ 1942.905751][T27999] raw: 057ff00000000840 ffff888017c41b40 ffffea0000bd3680 0000000000000003 [ 1942.914347][T27999] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1942.922936][T27999] page dumped because: kasan: bad access detected [ 1942.929370][T27999] page_owner tracks the page as allocated [ 1942.935092][T27999] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 12502112587, free_ts 0 [ 1942.954838][T27999] post_alloc_hook+0x1c1/0x200 [ 1942.959629][T27999] get_page_from_freelist+0x2181/0x22a0 [ 1942.965187][T27999] __alloc_pages+0x1f0/0x460 [ 1942.969785][T27999] alloc_page_interleave+0x24/0x1e0 [ 1942.974998][T27999] alloc_slab_page+0x5d/0x180 [ 1942.979769][T27999] new_slab+0x87/0x2d0 [ 1942.983858][T27999] ___slab_alloc+0xc5c/0x12f0 [ 1942.988550][T27999] __kmem_cache_alloc_node+0x11f/0x250 [ 1942.994026][T27999] kmalloc_trace+0x2a/0xe0 [ 1942.998455][T27999] bus_add_driver+0x162/0x630 [ 1943.003169][T27999] driver_register+0x23a/0x310 [ 1943.007947][T27999] usb_register_driver+0x205/0x3c0 [ 1943.013100][T27999] au0828_init+0x139/0x170 [ 1943.017642][T27999] do_one_initcall+0x242/0x790 [ 1943.022440][T27999] do_initcall_level+0x13d/0x1f0 [ 1943.027588][T27999] do_initcalls+0x69/0xd0 [ 1943.031934][T27999] page_owner free stack trace missing [ 1943.037303][T27999] [ 1943.039629][T27999] Memory state around the buggy address: [ 1943.045256][T27999] ffff888145e46d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1943.053331][T27999] ffff888145e46d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1943.061567][T27999] >ffff888145e46e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1943.069619][T27999] ^ [ 1943.074451][T27999] ffff888145e46e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1943.082492][T27999] ffff888145e46f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1943.090529][T27999] ================================================================== [ 1943.101858][T27999] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1943.109087][T27999] CPU: 0 PID: 27999 Comm: syz.6.6165 Not tainted syzkaller #0 [ 1943.116558][T27999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1943.126704][T27999] Call Trace: [ 1943.129994][T27999] [ 1943.132938][T27999] dump_stack_lvl+0x18c/0x250 [ 1943.137637][T27999] ? show_regs_print_info+0x20/0x20 [ 1943.142848][T27999] ? load_image+0x420/0x420 [ 1943.147367][T27999] panic+0x2ca/0x720 [ 1943.151497][T27999] ? bpf_jit_dump+0xd0/0xd0 [ 1943.156203][T27999] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1943.161871][T27999] ? dvb_device_open+0xc9/0x360 [ 1943.166744][T27999] ? check_panic_on_warn+0x70/0xa0 [ 1943.171961][T27999] ? dvb_device_open+0xc9/0x360 [ 1943.176828][T27999] check_panic_on_warn+0x84/0xa0 [ 1943.181780][T27999] ? dvb_device_open+0xc9/0x360 [ 1943.186645][T27999] end_report+0x6f/0x130 [ 1943.190901][T27999] kasan_report+0x128/0x150 [ 1943.195431][T27999] ? chrdev_open+0x385/0x600 [ 1943.200035][T27999] ? dvb_device_open+0xc9/0x360 [ 1943.204905][T27999] dvb_device_open+0xc9/0x360 [ 1943.209602][T27999] chrdev_open+0x58c/0x600 [ 1943.214040][T27999] ? cd_forget+0x160/0x160 [ 1943.218470][T27999] ? fsnotify_perm+0x3ed/0x5e0 [ 1943.223240][T27999] do_dentry_open+0x880/0x14b0 [ 1943.228019][T27999] ? cd_forget+0x160/0x160 [ 1943.232447][T27999] path_openat+0x284f/0x3270 [ 1943.237068][T27999] ? do_filp_open+0x430/0x430 [ 1943.241762][T27999] ? asan.module_dtor+0x20/0x20 [ 1943.246626][T27999] do_filp_open+0x1f2/0x430 [ 1943.251155][T27999] ? vfs_tmpfile+0x480/0x480 [ 1943.255767][T27999] ? _raw_spin_unlock+0x3a/0x40 [ 1943.260638][T27999] ? alloc_fd+0x590/0x640 [ 1943.264988][T27999] do_sys_openat2+0x134/0x1d0 [ 1943.269692][T27999] ? do_sys_open+0xe0/0xe0 [ 1943.274130][T27999] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 1943.280134][T27999] ? lock_chain_count+0x20/0x20 [ 1943.285001][T27999] __x64_sys_openat+0x139/0x160 [ 1943.289872][T27999] do_syscall_64+0x55/0xb0 [ 1943.294303][T27999] ? clear_bhb_loop+0x40/0x90 [ 1943.298988][T27999] ? clear_bhb_loop+0x40/0x90 [ 1943.303682][T27999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1943.309595][T27999] RIP: 0033:0x7fa383f5d68e [ 1943.314020][T27999] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1943.333643][T27999] RSP: 002b:00007fa384d6db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1943.342070][T27999] RAX: ffffffffffffffda RBX: 00007fa384d6e6c0 RCX: 00007fa383f5d68e [ 1943.350141][T27999] RDX: 0000000000000002 RSI: 00007fa384d6dc00 RDI: ffffffffffffff9c [ 1943.358133][T27999] RBP: 00007fa384d6dc00 R08: 0000000000000000 R09: 0000000000000000 [ 1943.366201][T27999] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 1943.374182][T27999] R13: 00007fa384216128 R14: 00007fa384216090 R15: 00007ffd491f0888 [ 1943.382172][T27999] [ 1943.385470][T27999] Kernel Offset: disabled [ 1943.389784][T27999] Rebooting in 86400 seconds..