last executing test programs: 1m50.343038301s ago: executing program 0 (id=3148): r0 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) (async) r2 = socket(0x10, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000008000000d40000000000000016000000ffff4dae9500000000000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff4e}, 0x23) (async) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000008000000d40000000000000016000000ffff4dae9500000000000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff4e}, 0x23) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) capset(&(0x7f0000000680)={0x19980330}, &(0x7f00000006c0)={0x0, 0x0, 0x101}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x40022000, 0x0, 0x3) prctl$PR_CAPBSET_DROP(0x18, 0x4) socket(0x1e, 0x4, 0x0) (async) r4 = socket(0x1e, 0x4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000017c0)={0x28, r6, 0x7, 0x70bd28, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x9}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48050}, 0x8000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) r7 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) signalfd4(r7, 0x0, 0x0, 0x0) r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r4) sendmsg$DEVLINK_CMD_TRAP_SET(r7, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x9c, r8, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x400c000}, 0x1) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r7, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x9c, r8, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x400c000}, 0x1) sendmsg$DEVLINK_CMD_PORT_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x6c, r8, 0x200, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0) sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c286dd", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14) 1m50.15384722s ago: executing program 0 (id=3149): mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, 0x1ed, 0x4, 0xa}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0x1, 0xffffffffffffffff}, 0x4) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000080)={0x1, 0x5, 0x4, 0x5ab6, 0x2, 0x0, [{0x5, 0x22e7, 0x5, '\x00', 0x1800}, {0xfff, 0x1, 0x4bd, '\x00', 0x400}]}) r1 = dup2(r0, r0) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000140)) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000180)=0x200000, 0x4) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f00000001c0)={0x1, 0x0, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x6}) r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(r3, 0x6430) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000400)=[@text32={0x20, &(0x7f0000000380)="66baf80cb8aba83e8def66bafc0cb000eeb9d20a00000f3266ba4100b8745c0000ef0f01cb260f217c0f5fa0fd24000066b8f5008ed8c74424002c260000c74424020b000000c7442406000000000f011c240fc75881c4e35968ffb5", 0x5c}], 0x1, 0x20, &(0x7f0000000440)=[@dstype0={0x6, 0xe}], 0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) futimesat(r1, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={{0x77359400}}) prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000fec000/0x4000)=nil) setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000500)={{0xa, 0x4e20, 0x3, @mcast1, 0x1}, {0xa, 0x4e24, 0xc, @private1, 0x5}, 0x1, {[0x297e, 0x6, 0x9, 0xa, 0x80000001, 0x1, 0x80000001, 0x1000]}}, 0x5c) ioctl$DRM_IOCTL_AGP_RELEASE(r5, 0x6431) ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000580)={0x4000000, 0x3, 0x7}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f00000005c0)={0x9, 0x9447, 0x3, {0x1000, 0x2}, 0x6, 0xfffffc01}) read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000026c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f00000027c0)={&(0x7f0000002680)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002780)={&(0x7f0000002740)={0x2c, r7, 0x600, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) mmap$dsp(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x1, 0x10, r1, 0x0) close(r5) bind$alg(r4, &(0x7f0000002800)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) 1m50.048415813s ago: executing program 0 (id=3150): r0 = socket$inet6(0xa, 0x3, 0x3) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x80, 0x16a}, 0x8) close(r0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x6}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x6}, @fda={0x66646185, 0x5, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x20900, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0xd0}, 0x2400c020) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}, 0x1, 0x0, 0x0, 0x200c0810}, 0x44004) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a30000000001400038008000240000000000800014000000000140000001100"], 0x68}}, 0x0) r7 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x1ff, 0x40102) preadv2(r3, &(0x7f00000002c0)=[{&(0x7f0000000640)=""/131, 0x83}], 0x1, 0x7, 0xffff3a50, 0x1) ioctl$VIDIOC_TRY_EXT_CTRLS(r7, 0xc0205647, &(0x7f0000000040)={0x980000, 0x0, 0x7f, 0xffffffffffffffff, 0x0, 0x0}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x42080000, 0x0, 0x0, 0x0, 0x0, 0x0) r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000040000005abc0de3107cd43183f159765fded7db0af75cdbc8151fb5f693a23f0dfbe02fc0ee29587ccc970904cdfa43f599b2c28f0f7063b5aab997865b2ce28d476c98e5b1c0bb7fca43690c72c62f9906897defdb00a7c392c4cf8c560fcd81"]) rt_sigaction(0xa, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8, &(0x7f00000001c0)) sendmsg$NFT_MSG_GETFLOWTABLE(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYRES8=r0], 0x188}}, 0x0) 1m48.244708217s ago: executing program 0 (id=3160): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8, 0x72, 0x80000}, 0x20) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x1}, @IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x8}]}}}]}, 0x44}}, 0x0) 1m47.278392844s ago: executing program 0 (id=3165): mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000500000000000000740201001801000020696c25000000ffd02020207b1af8ff00000000bfa100000000000007010000f837974fd76b540a8d0000007b030010a4160000850000005600000095"], &(0x7f0000000300)='syzkaller\x00', 0x4, 0xfee, &(0x7f0000002e40)=""/4078, 0x410fd, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffed, 0x0, 0x0, 0x10, 0x202}, 0x94) 1m46.603714246s ago: executing program 0 (id=3167): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500000000fcdbdf2500000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c28000050006"], 0x48}, 0x1, 0x0, 0x2000000}, 0x0) 1m45.8334458s ago: executing program 32 (id=3167): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500000000fcdbdf2500000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c28000050006"], 0x48}, 0x1, 0x0, 0x2000000}, 0x0) 8.454998583s ago: executing program 5 (id=3631): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000"], 0x0}, 0x94) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000200)='=', 0x1}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r3, &(0x7f0000000040), 0xffc1) setsockopt$sock_int(r4, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4) splice(r1, 0x0, r3, 0x0, 0x4ffe0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={0x0, 0x0, 0x4a}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180200000300000000000000000000008500000087000000850000009e00000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x80) 8.140362351s ago: executing program 5 (id=3635): socket$kcm(0x10, 0x2, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) fsopen(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0xf39, 0x7fff, 0x6, 0x400, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0xc}, 0x50) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x3, 0x0, {0x27, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) fchdir(0xffffffffffffffff) 6.32644776s ago: executing program 4 (id=3640): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unshare(0x22020600) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 6.261098707s ago: executing program 5 (id=3642): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)='u', 0x1, 0x24000010, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendfile(r0, r1, 0x0, 0x1000004) 6.189223978s ago: executing program 4 (id=3643): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48) 6.111706855s ago: executing program 4 (id=3645): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) 5.880394347s ago: executing program 2 (id=3647): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xd}}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000000c0)={@remote}, 0x14) 5.801066014s ago: executing program 2 (id=3649): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f00000002c0)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000240)={{@hyper, 0x5}, @my=0x1, 0x0, 0x4, 0x4, 0x5, 0x4, 0x100, 0x5}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, &(0x7f0000000180)={{@host}, 0xe1, 0x800000000000002, 0x20007fff}) openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x127e40, 0x0) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x298f3cc22e12b39a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) write$proc_mixer(r4, &(0x7f00000016c0)=ANY=[@ANYBLOB='LINE1 \'Master Capture\' 00000000000000000000\nCD \'CD Capture\' 0000'], 0x178) dup3(r5, r4, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48}) 3.516548547s ago: executing program 4 (id=3653): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="090000000600000004000000fc"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x3ff, r0, 0x0, 0x100000000000000}, 0x38) 3.497544152s ago: executing program 3 (id=3654): connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @host}, 0x10) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0x1d, 0x0, 0x4) 3.38225443s ago: executing program 2 (id=3655): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0xffffffffffffff12, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x25dfdbfc, {0xa, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, 0x12}, [@FRA_SRC={0x14, 0x2, @dev}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004044}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) 3.309285971s ago: executing program 4 (id=3656): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x9, 0x3, 0x290, 0x160, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x3, &(0x7f00000002c0), {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @loopback, [0xffffffff, 0xff000000, 0xffffffff, 0x101000000], [0xff000000, 0x7f, 0xff, 0xff], 'bridge0\x00', 'team_slave_0\x00', {0xff}, {0xff}, 0x3a, 0x6, 0x3, 0x49}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x4, 'syz1\x00', {0x3ff}}}}, {{@ipv6={@remote, @private2, [0xffffff00, 0x0, 0x0, 0xff000000], [0xffffffff, 0xffffffff, 0xff000000, 0xff000000], '\x00', 'bond0\x00', {}, {0xff}, 0x5c, 0xf9, 0x0, 0x36}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x19, 0x3, 0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x19, 0x4, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x400001}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.308858324s ago: executing program 3 (id=3657): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff85000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, 0x0, 0x20040000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}], 0x10) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)=0x12) 3.222373925s ago: executing program 2 (id=3659): socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000380)={0x20080522}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4004010) munlockall() r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x34, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0x4c044) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x34, 0x9, 0x0, 0x4000, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x14040044) 3.102797831s ago: executing program 5 (id=3661): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMRU1(r2, 0x40047452, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, 0x0) 2.740368114s ago: executing program 5 (id=3662): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0x7005, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.418860114s ago: executing program 4 (id=3667): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0xfdef, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x14}}, 0x0) r3 = userfaultfd(0x801) r4 = getpid() process_vm_readv(r4, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/timer\x00', 0x0, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r7, 0xc0045103, &(0x7f0000000040)) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r5) 1.360477057s ago: executing program 2 (id=3668): r0 = syz_io_uring_setup(0x37, &(0x7f0000000080)={0x0, 0x36c4, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{0x0}], 0x1}, 0x0, 0x80002101}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ff"], 0x0}, 0x94) io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0) 1.316124807s ago: executing program 3 (id=3670): socket(0x10, 0x3, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r1 = dup2(r0, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x11a}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x1}, 0x50) io_uring_enter(r3, 0x567, 0x1000a387, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) 1.17592471s ago: executing program 2 (id=3672): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 982.052887ms ago: executing program 1 (id=3673): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x6d}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) 835.517521ms ago: executing program 1 (id=3674): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840, 0x42c04}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x3c}}, 0x0) 752.325678ms ago: executing program 5 (id=3675): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, &(0x7f0000001080)) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x1f4, 0x0, 0x0) 665.953842ms ago: executing program 1 (id=3676): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0) 541.01219ms ago: executing program 1 (id=3677): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed03000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"]) r0 = openat$kvm(0xffffff9c, &(0x7f0000000500), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa"], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0x0, 0x2, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x200, 0x0, 0x3, 0x3, 0x0, 0x0, 0x8c], 0xeeee8000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 284.470097ms ago: executing program 3 (id=3678): rseq(&(0x7f0000000240), 0x20, 0x0, 0x0) r0 = memfd_secret(0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r1, r0, 0x2e, 0x4608, @void}, 0x10) 197.923251ms ago: executing program 3 (id=3679): r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000f00)=ANY=[@ANYBLOB="0002020100"], 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e20, 0x7fff, @empty}, 0x1c) 178.131958ms ago: executing program 1 (id=3680): landlock_create_ruleset(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x48000) r0 = io_uring_setup(0x1de0, &(0x7f0000000a00)={0x0, 0x40007068, 0x1}) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 32.521733ms ago: executing program 3 (id=3681): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000180)={{{0x1, 0x1}}, 0x0, 0x6, 0x0}) 0s ago: executing program 1 (id=3682): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x1, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f0000000540)=ANY=[@ANYRES16=r1, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000500)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_adj\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=@gettclass={0x24, 0x2a, 0x20, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7ff8, 0xe}, {0xd, 0xb}, {0xb, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_TYPE(r1, 0x0, 0x200000b0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200c0e9}, 0x20000004) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): fig 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 747.680128][ T5922] usb 4-1: config 5 interface 168 has no altsetting 0 [ 747.709127][T14329] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 747.710554][ T5922] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 747.721781][T14329] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 747.753434][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.758314][T14329] usb 2-1: Product: syz [ 747.768753][T14329] usb 2-1: Manufacturer: syz [ 747.785024][T17859] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 747.789284][ T5922] usb 4-1: Product: syz [ 747.803661][T14329] cdc_wdm 2-1:1.0: skipping garbage [ 747.816988][T14329] cdc_wdm 2-1:1.0: skipping garbage [ 747.825348][T14329] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 747.831268][T14329] cdc_wdm 2-1:1.0: Unknown control protocol [ 747.836392][ T5922] usb 4-1: Manufacturer: syz [ 747.851240][ T5922] usb 4-1: SerialNumber: syz [ 747.871319][T17857] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 747.882776][T17857] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 748.045606][T17877] binder: binder_mmap: 17876 200000ffb000-200000ffd000 bad vm_flags failed -1 [ 748.048294][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.061576][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.068750][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.075368][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.082083][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.088692][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.095989][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.102599][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.108872][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.115483][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.123441][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.127113][T17857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 748.130039][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.130239][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.151028][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.157716][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.164333][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.170628][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.177239][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.183869][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 748.190474][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 748.212756][T17857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 748.239049][T14330] usb 2-1: USB disconnect, device number 62 [ 748.278272][ C1] usb 4-1: NFC: Urb failure (status -71) [ 748.293364][ C1] usb 4-1: NFC: Urb failure (status -71) [ 748.332436][ T5922] usb 4-1: NFC: Unable to get FW version [ 748.338621][ T5922] pn533_usb 4-1:5.168: probe with driver pn533_usb failed with error -71 [ 748.377820][ T5922] usb 4-1: USB disconnect, device number 58 [ 748.770229][T17890] ptrace attach of "./syz-executor exec"[16936] was attempted by "./syz-executor exec"[17890] [ 748.790832][T17890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3158'. [ 749.396405][T17904] delete_channel: no stack [ 749.592540][T14330] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 749.832453][T14330] usb 4-1: Using ep0 maxpacket: 8 [ 749.851739][T14330] usb 4-1: config 0 has an invalid interface number: 186 but max is 0 [ 749.864900][T14330] usb 4-1: config 0 has no interface number 0 [ 749.871214][T14330] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 749.909169][T14330] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 749.959082][T14330] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 749.976656][T14330] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 749.987150][T14330] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 750.011837][T14330] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 750.022974][T14330] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.054057][T14330] usb 4-1: Product: syz [ 750.076376][T14330] usb 4-1: Manufacturer: syz [ 750.093336][T14330] usb 4-1: SerialNumber: syz [ 750.188758][T14330] usb 4-1: config 0 descriptor?? [ 750.409616][T17900] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3162'. [ 750.593262][T14330] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 750.622658][T14330] usb 4-1: USB disconnect, device number 59 [ 750.681874][T16712] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.884436][T16712] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.001371][T16712] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.190731][T16712] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.253669][T17919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3169'. [ 751.396404][T17927] sock: sock_timestamping_bind_phc: sock not bind to device [ 751.483142][T17931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3173'. [ 751.616449][T16712] bridge_slave_1: left allmulticast mode [ 751.631860][T16712] bridge_slave_1: left promiscuous mode [ 751.725402][T16712] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.810445][T16712] bridge_slave_0: left allmulticast mode [ 751.828238][T16712] bridge_slave_0: left promiscuous mode [ 751.835133][T16712] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.890614][T17938] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 752.229035][T15679] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 752.242722][T15679] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 752.444786][T15679] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 752.473370][T15679] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 752.483952][T15679] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 753.924215][T17963] binder: 17962:17963 ioctl c0306201 2000000003c0 returned -14 [ 754.481865][T16712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 754.510130][T16712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 754.544901][T16712] bond0 (unregistering): (slave bond1): Releasing backup interface [ 754.564189][ T5837] Bluetooth: hci0: command tx timeout [ 754.660190][T16712] bond0 (unregistering): Released all slaves [ 755.060527][T16712] bond1 (unregistering): Released all slaves [ 755.762470][ T2154] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 755.907899][ T2154] usb 2-1: device descriptor read/64, error -71 [ 756.085229][T16712] hsr_slave_0: left promiscuous mode [ 756.091426][T16712] hsr_slave_1: left promiscuous mode [ 756.099129][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.106819][T16712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 756.115086][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 756.122840][T16712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 756.132357][ T6528] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 756.153185][ T2154] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 756.170656][T16712] veth1_macvtap: left promiscuous mode [ 756.176614][T16712] veth0_macvtap: left promiscuous mode [ 756.182634][T16712] veth1_vlan: left promiscuous mode [ 756.189237][T16712] veth0_vlan: left promiscuous mode [ 756.297800][ T2154] usb 2-1: device descriptor read/64, error -71 [ 756.307113][ T6528] usb 5-1: config index 0 descriptor too short (expected 65069, got 45) [ 756.318806][ T6528] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 756.335763][ T6528] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 756.347276][ T6528] usb 5-1: config 0 has no interfaces? [ 756.355017][ T6528] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 756.366546][ T6528] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.379323][ T6528] usb 5-1: config 0 descriptor?? [ 756.414864][ T2154] usb usb2-port1: attempt power cycle [ 756.600606][ T6528] usb 5-1: USB disconnect, device number 77 [ 756.642670][ T5837] Bluetooth: hci0: command tx timeout [ 756.798000][ T2154] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 756.823885][ T2154] usb 2-1: device descriptor read/8, error -71 [ 757.068477][ T2154] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 757.105668][ T2154] usb 2-1: device descriptor read/8, error -71 [ 757.225212][ T2154] usb usb2-port1: unable to enumerate USB device [ 757.930017][T17951] chnl_net:caif_netlink_parms(): no params data found [ 758.387980][T17951] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.395565][ T24] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 758.424237][T17951] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.431429][T17951] bridge_slave_0: entered allmulticast mode [ 758.478234][T17951] bridge_slave_0: entered promiscuous mode [ 758.504115][T17951] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.512372][T17951] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.552519][T17951] bridge_slave_1: entered allmulticast mode [ 758.562328][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 758.604125][T17951] bridge_slave_1: entered promiscuous mode [ 758.635119][ T24] usb 3-1: config 2 has an invalid interface number: 45 but max is 0 [ 758.651071][ T24] usb 3-1: config 2 has no interface number 0 [ 758.686659][ T24] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 758.712370][ T5837] Bluetooth: hci0: command tx timeout [ 758.735210][ T24] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 758.766547][T18055] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3196'. [ 758.821285][ T24] usb 3-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92 [ 758.872697][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 758.907871][ T24] usb 3-1: Product: syz [ 758.928296][ T24] usb 3-1: Manufacturer: syz [ 758.933368][T17951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 758.955421][T17951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 759.047601][ T24] usb 3-1: SerialNumber: syz [ 759.101747][ T24] kobil_sct 3-1:2.45: KOBIL USB smart card terminal converter detected [ 759.158866][ T24] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 759.188017][T17951] team0: Port device team_slave_0 added [ 759.259111][T17951] team0: Port device team_slave_1 added [ 759.487497][T17951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 759.512326][T17951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 759.548656][ T24] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 759.620222][T17951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 759.624415][T18061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 759.656679][T17951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 759.674370][T17951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 759.700244][ C1] vkms_vblank_simulate: vblank timer overrun [ 759.728886][T18061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 759.732665][T17951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 759.753245][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 759.761338][ T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 759.769863][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 759.784068][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 759.848097][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 759.879885][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 759.909308][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 759.973502][T17951] hsr_slave_0: entered promiscuous mode [ 759.986264][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.003536][T17951] hsr_slave_1: entered promiscuous mode [ 760.013269][T17951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 760.021610][T17951] Cannot create hsr debugfs directory [ 760.236855][ T24] usb 5-1: usb_control_msg returned -32 [ 760.246446][ T24] usbtmc 5-1:16.0: can't read capabilities [ 760.567814][T17951] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 760.601043][T17951] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 760.638341][T17951] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 760.667047][T17951] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 760.793168][ T5837] Bluetooth: hci0: command tx timeout [ 760.843641][T18093] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 760.860293][T17951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.909032][T17951] 8021q: adding VLAN 0 to HW filter on device team0 [ 760.949679][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.956852][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 760.968126][T18099] usbtmc 5-1:16.0: usb_clear_halt returned -32 [ 760.977132][T18099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 760.997999][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.005156][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 761.019586][T18099] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.132919][T16311] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 761.174198][ T6528] usb 5-1: USB disconnect, device number 78 [ 761.251427][T17951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 761.309289][T16311] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 761.337021][T16311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.358226][ T24] usb 3-1: USB disconnect, device number 43 [ 761.389117][T16311] usb 2-1: Product: syz [ 761.389791][T18104] netlink: 'syz.3.3204': attribute type 6 has an invalid length. [ 761.396162][ T24] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 761.411522][T16311] usb 2-1: Manufacturer: syz [ 761.418713][T16311] usb 2-1: SerialNumber: syz [ 761.436027][T17951] veth0_vlan: entered promiscuous mode [ 761.463677][T16311] usb 2-1: config 0 descriptor?? [ 761.472539][ T24] kobil_sct 3-1:2.45: device disconnected [ 761.496079][T16311] ch341 2-1:0.0: ch341-uart converter detected [ 761.497059][T17951] veth1_vlan: entered promiscuous mode [ 761.656487][T17951] veth0_macvtap: entered promiscuous mode [ 761.696582][T18093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 761.715239][T17951] veth1_macvtap: entered promiscuous mode [ 761.738291][T18093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.778551][T18093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 761.797285][T17951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 761.841569][T18093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.855701][T17951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 761.895357][T17951] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.933168][T16311] usb 2-1: failed to receive control message: -71 [ 761.940144][T16311] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 761.962679][T17951] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.988683][T17951] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.006013][T16311] usb 2-1: USB disconnect, device number 67 [ 762.014813][T17951] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 762.027734][T16311] ch341 2-1:0.0: device disconnected [ 762.030794][T18126] netlink: 'syz.4.3209': attribute type 58 has an invalid length. [ 762.440036][T18137] loop2: detected capacity change from 0 to 7 [ 762.470084][T16712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 762.475380][ T5952] Dev loop2: unable to read RDB block 7 [ 762.495855][T16712] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 762.527255][ T5952] loop2: unable to read partition table [ 762.553965][ T5952] loop2: partition table beyond EOD, truncated [ 762.688276][T18137] Dev loop2: unable to read RDB block 7 [ 762.708619][ T2125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 762.722379][T18137] loop2: unable to read partition table [ 762.736893][ T2125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 762.745632][T18137] loop2: partition table beyond EOD, truncated [ 762.753669][T18137] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 762.776642][T18143] netlink: 'syz.4.3214': attribute type 41 has an invalid length. [ 763.070842][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 763.070859][ T30] audit: type=1800 audit(1750854371.425:586): pid=18151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3168" name="file1" dev="tmpfs" ino=18 res=0 errno=0 [ 763.133866][ T6525] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 763.234637][ T30] audit: type=1800 audit(1750854371.465:587): pid=18153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3168" name="file1" dev="tmpfs" ino=18 res=0 errno=0 [ 763.377217][ T6525] usb 3-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 16 [ 763.396068][ T6525] usb 3-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 763.452302][ T6525] usb 3-1: config 1 interface 0 has no altsetting 0 [ 763.481304][T18162] _Z`Ԁ@: entered promiscuous mode [ 763.492402][ T6525] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 763.501443][ T6525] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.511806][ T6525] usb 3-1: Product: syz [ 763.520045][ T6525] usb 3-1: Manufacturer: syz [ 763.542356][ T6525] usb 3-1: SerialNumber: syz [ 763.560945][T18148] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 763.572331][ T6528] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 763.588543][T18148] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 763.593108][T18164] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 763.708376][T18169] IPVS: set_ctl: invalid protocol: 9 0.0.0.0:0 [ 763.719014][T18169] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 763.762273][ T6528] usb 6-1: Using ep0 maxpacket: 8 [ 763.770841][ T6528] usb 6-1: config 203 has an invalid interface number: 92 but max is 1 [ 763.822273][ T6528] usb 6-1: config 203 contains an unexpected descriptor of type 0x2, skipping [ 763.853176][ T6528] usb 6-1: config 203 has an invalid descriptor of length 1, skipping remainder of the config [ 763.892948][ T6528] usb 6-1: config 203 has 1 interface, different from the descriptor's value: 2 [ 763.902113][ T6528] usb 6-1: config 203 has no interface number 0 [ 763.922596][ T6528] usb 6-1: config 203 interface 92 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 763.943794][T18177] loop2: detected capacity change from 0 to 7 [ 763.950919][ T6528] usb 6-1: config 203 interface 92 has no altsetting 0 [ 763.951080][T18177] Dev loop2: unable to read RDB block 7 [ 763.963759][T18177] loop2: unable to read partition table [ 763.969615][T18177] loop2: partition table beyond EOD, truncated [ 763.981217][T18177] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 763.995638][ T6528] usb 6-1: New USB device found, idVendor=045e, idProduct=045f, bcdDevice=d3.db [ 764.004905][ T6528] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.026320][ T6528] usb 6-1: Product: 蓮❈娒㰗ॢ肪Ҍ࠺䟀欃篷㨁戨埏ᏸ紾澍䄝泽俪靺侊‡럒Ḣ겻Զ꺷诒鞳鑼뼼꟡稯䪋鼘뚹鸭曽㔪뀄⤐䘞쿔㓀죞릺ᷓꢠת㷱燺∿ᑚ걾낯㕧硕灡㼄몬⼥㦉杒梕뗲蚾苴관萙ᙵΜ㔤럢 [ 764.083716][T18148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.116851][T18148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 764.138370][ T6528] usb 6-1: Manufacturer: 䠣㚔砙걟㦢欀昘䙂냵葸ꙶꌾ膽鯺⧌隌뽡区헐뜋눣᧞࡭頔䏂謥㔫켑ᄈ煒ﺌઽ飌勺竫籅䤘綳 [ 764.158280][T14330] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 764.182747][T18148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.211733][T18148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 764.232720][ T6528] usb 6-1: SerialNumber: 㠊 [ 764.287580][ T6525] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 764.330393][ T6525] usb 3-1: USB disconnect, device number 44 [ 764.362277][T14330] usb 4-1: Using ep0 maxpacket: 16 [ 764.373747][T14330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 764.416196][T14330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 764.436405][T14330] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 764.458693][T14330] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 764.483185][ T6528] usb 6-1: USB disconnect, device number 2 [ 764.493624][T14330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.535576][T14330] usb 4-1: config 0 descriptor?? [ 764.739063][T18201] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 764.746349][T18201] IPv6: NLM_F_CREATE should be set when creating new route [ 764.753632][T18201] IPv6: NLM_F_CREATE should be set when creating new route [ 764.760880][T18201] IPv6: NLM_F_CREATE should be set when creating new route [ 764.992319][T14330] usbhid 4-1:0.0: can't add hid device: -71 [ 764.998395][T14330] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 765.021498][T14330] usb 4-1: USB disconnect, device number 60 [ 766.142253][T14330] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 766.267344][ T6525] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 766.316028][T14330] usb 5-1: Using ep0 maxpacket: 32 [ 766.324957][T14330] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 766.389912][T14330] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 766.400318][T14330] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 766.412899][T14330] usb 5-1: Product: syz [ 766.419673][T14330] usb 5-1: Manufacturer: syz [ 766.429937][T14330] usb 5-1: SerialNumber: syz [ 766.445855][ T6525] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 766.457618][ T6525] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 766.479387][T14330] usb 5-1: config 0 descriptor?? [ 766.496990][T18230] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 766.517256][ T6525] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 766.561745][ T6525] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 766.653642][ T6525] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 766.679136][ T6525] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.730503][ T6525] usb 4-1: config 0 descriptor?? [ 767.148531][T18245] loop2: detected capacity change from 0 to 7 [ 767.160025][ T6525] usbhid 4-1:0.0: can't add hid device: -71 [ 767.170665][ T6525] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 767.221841][ T6525] usb 4-1: USB disconnect, device number 61 [ 767.325104][T18245] Dev loop2: unable to read RDB block 7 [ 767.331529][T18245] loop2: unable to read partition table [ 767.340160][T18245] loop2: partition table beyond EOD, truncated [ 767.385613][T18245] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 767.500245][ T2154] usb 5-1: USB disconnect, device number 79 [ 769.246359][T18275] [U]  [ 769.402253][ T6525] usb 6-1: new low-speed USB device number 3 using dummy_hcd [ 769.564665][ T6525] usb 6-1: Invalid ep0 maxpacket: 64 [ 769.712375][ T6525] usb 6-1: new low-speed USB device number 4 using dummy_hcd [ 769.893438][ T6525] usb 6-1: Invalid ep0 maxpacket: 64 [ 769.911933][ T6525] usb usb6-port1: attempt power cycle [ 770.233241][T18312] netlink: 'syz.4.3250': attribute type 5 has an invalid length. [ 770.252570][ T2154] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 770.278250][ T6525] usb 6-1: new low-speed USB device number 5 using dummy_hcd [ 770.329829][ T6525] usb 6-1: Invalid ep0 maxpacket: 64 [ 770.437924][ T2154] usb 3-1: not running at top speed; connect to a high speed hub [ 770.453417][ T2154] usb 3-1: config 8 has an invalid interface number: 82 but max is 1 [ 770.484786][ T2154] usb 3-1: config 8 has an invalid interface number: 32 but max is 1 [ 770.487137][ T6525] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 770.512342][ T2154] usb 3-1: config 8 has no interface number 0 [ 770.520187][T18323] xt_hashlimit: overflow, try lower: 17286/0 [ 770.534421][ T6525] usb 6-1: Invalid ep0 maxpacket: 64 [ 770.542238][ T2154] usb 3-1: config 8 has no interface number 1 [ 770.548391][ T2154] usb 3-1: config 8 interface 82 altsetting 2 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 770.551424][ T6525] usb usb6-port1: unable to enumerate USB device [ 770.582544][ T2154] usb 3-1: config 8 interface 82 altsetting 2 has a duplicate endpoint with address 0xF, skipping [ 770.628555][ T2154] usb 3-1: config 8 interface 32 altsetting 8 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 770.668043][ T2154] usb 3-1: config 8 interface 82 has no altsetting 0 [ 770.688500][ T2154] usb 3-1: config 8 interface 32 has no altsetting 0 [ 770.718130][ T2154] usb 3-1: New USB device found, idVendor=1a72, idProduct=1001, bcdDevice=9c.28 [ 770.719469][T18334] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3254'. [ 770.738450][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.768389][ T2154] usb 3-1: Product: Р [ 770.778233][ T2154] usb 3-1: Manufacturer: 菹哄ᯛ䮜ᕘ㒧侭匣৩ꭚᴢ뾆앴򥶙蠺뾲ᚮ밸뇪찊牡止灾䱬踭㻀借ꀌ숗꣬⳶ࢋ嬏‖ĸꢗﯕ◾ꡓ꘻窬ᵴ쪨창ႃ愁똝磠⍲⌊Ȇ홻훆Ú⬴幈ꊱ趭∲섢꥗⿓졟ノ㎺㴃豨等汫蝐 [ 770.831031][ T2154] usb 3-1: SerialNumber: Љ [ 770.852502][T18304] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 770.992868][T16311] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 771.052928][ T24] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 771.162552][T16311] usb 5-1: Using ep0 maxpacket: 8 [ 771.181814][T16311] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 771.206126][T16311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.222498][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 771.233000][ T24] usb 2-1: New USB device found, idVendor=110a, idProduct=1653, bcdDevice=5e.a7 [ 771.242075][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.262377][T16311] usb 5-1: Product: syz [ 771.302254][T16311] usb 5-1: Manufacturer: syz [ 771.306896][T16311] usb 5-1: SerialNumber: syz [ 771.322250][ T24] usb 2-1: Product: syz [ 771.326459][ T24] usb 2-1: Manufacturer: syz [ 771.343604][T16311] usb 5-1: config 0 descriptor?? [ 771.365979][ T24] usb 2-1: SerialNumber: syz [ 771.374607][ T24] usb 2-1: config 0 descriptor?? [ 771.563677][T16311] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 771.627618][ T2154] ftdi_sio 3-1:8.82: FTDI USB Serial Device converter detected [ 771.653405][ T2154] ftdi_sio ttyUSB0: unknown device type: 0x9c28 [ 771.682127][ T2154] ftdi_sio 3-1:8.32: FTDI USB Serial Device converter detected [ 771.707965][ T2154] ftdi_sio ttyUSB1: unknown device type: 0x9c28 [ 771.746949][ T2154] usb 3-1: USB disconnect, device number 45 [ 771.785135][ T2154] ftdi_sio 3-1:8.82: device disconnected [ 771.836790][ T2154] ftdi_sio 3-1:8.32: device disconnected [ 771.992535][T14330] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 772.136485][T14330] usb 4-1: device descriptor read/64, error -71 [ 772.370794][T18377] delete_channel: no stack [ 772.432547][T14330] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 772.595370][T14330] usb 4-1: device descriptor read/64, error -71 [ 772.637768][T16311] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 772.727134][T14330] usb usb4-port1: attempt power cycle [ 773.043470][ T6525] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 773.122581][T14330] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 773.187633][T14330] usb 4-1: device descriptor read/8, error -71 [ 773.397996][ T6525] usb 3-1: config 0 has no interfaces? [ 773.416346][ T6525] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 773.426786][ T6525] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.442058][ T6525] usb 3-1: Product: syz [ 773.446534][ T6525] usb 3-1: Manufacturer: syz [ 773.451380][ T6525] usb 3-1: SerialNumber: syz [ 773.464284][ T6525] usb 3-1: config 0 descriptor?? [ 773.474617][T14330] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 773.503009][T14330] usb 4-1: device descriptor read/8, error -71 [ 773.645356][T14330] usb usb4-port1: unable to enumerate USB device [ 773.729675][T18391] binder: BINDER_SET_CONTEXT_MGR already set [ 773.735900][T18391] binder: 18384:18391 ioctl 4018620d 2000000001c0 returned -16 [ 773.923015][ T6525] usb 5-1: USB disconnect, device number 80 [ 773.990729][ T24] mxuport 2-1:0.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 774.020675][ T24] mxuport 2-1:0.0: probe with driver mxuport failed with error -5 [ 774.037955][ T24] usb 2-1: USB disconnect, device number 68 [ 775.005129][T18442] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 775.278314][T18450] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3276'. [ 775.745075][T16311] usb 2-1: new full-speed USB device number 69 using dummy_hcd [ 775.834405][ T6525] usb 3-1: USB disconnect, device number 46 [ 776.049265][T16311] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 776.058192][T16311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 776.122257][T16311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 776.182292][T16311] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 776.226571][T16311] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 101, setting to 64 [ 776.279036][T16311] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 776.312493][T16311] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 776.327624][T16311] usb 2-1: Product: syz [ 776.331798][T16311] usb 2-1: Manufacturer: syz [ 776.392647][T18458] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 776.434508][T16311] cdc_wdm 2-1:1.0: skipping garbage [ 776.439740][T16311] cdc_wdm 2-1:1.0: skipping garbage [ 776.520568][T16311] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 776.551650][T16311] cdc_wdm 2-1:1.0: Unknown control protocol [ 776.685961][T16311] usb 2-1: USB disconnect, device number 69 [ 776.949643][ T5922] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 777.032356][T14330] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 777.152322][ T5922] usb 5-1: Using ep0 maxpacket: 16 [ 777.164863][ T5922] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 777.173108][ T5922] usb 5-1: config 0 has no interface number 0 [ 777.179231][ T5922] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 777.189331][ T5922] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 777.215654][T16311] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 777.235088][T14330] usb 3-1: config 0 has no interfaces? [ 777.240625][ T5922] usb 5-1: config 0 interface 41 has no altsetting 0 [ 777.250769][T14330] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 777.262024][T14330] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.279991][T14330] usb 3-1: Product: syz [ 777.314441][T14330] usb 3-1: Manufacturer: syz [ 777.319111][T14330] usb 3-1: SerialNumber: syz [ 777.333011][T14330] usb 3-1: config 0 descriptor?? [ 777.442893][T16311] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 777.466229][T16311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 777.480987][ T5922] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 777.490234][T16311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 777.500222][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.508838][ T5922] usb 5-1: Product: syz [ 777.513072][T16311] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 777.524073][ T5922] usb 5-1: Manufacturer: syz [ 777.528644][ T5922] usb 5-1: SerialNumber: syz [ 777.534736][T16311] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 777.543859][T16311] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 777.719712][ T5922] usb 5-1: config 0 descriptor?? [ 777.727978][ T6525] hid-generic 0000:0005:0009.0032: unknown main item tag 0x1 [ 777.741467][ T6525] hid-generic 0000:0005:0009.0032: unknown main item tag 0x0 [ 777.753770][T16311] usb 2-1: Product: syz [ 777.765028][T14330] usb 3-1: USB disconnect, device number 47 [ 777.785029][ T6525] hid-generic 0000:0005:0009.0032: unknown main item tag 0x0 [ 777.793065][T18479] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 777.800318][T18479] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 777.808844][T16311] usb 2-1: Manufacturer: syz [ 777.831801][ T6525] hid-generic 0000:0005:0009.0032: hidraw0: HID v0.02 Device [syz0] on syz1 [ 777.856860][T16311] cdc_wdm 2-1:1.0: skipping garbage [ 777.868557][T16311] cdc_wdm 2-1:1.0: skipping garbage [ 777.896306][T16311] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 777.902775][T16311] cdc_wdm 2-1:1.0: Unknown control protocol [ 778.063695][T18479] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 778.097165][T18479] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 778.105267][T18458] tipc: Enabling of bearer rejected, media not registered [ 778.720355][ T5922] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 778.762987][ C1] wdm_int_callback: 26 callbacks suppressed [ 778.763008][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 778.765911][ T5964] usb 2-1: USB disconnect, device number 70 [ 778.768913][ C1] wdm_int_callback: 26 callbacks suppressed [ 778.768930][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 778.793278][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 778.876795][T18512] netlink: 'syz.2.3289': attribute type 1 has an invalid length. [ 779.277274][T14330] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 779.454315][T14330] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 779.491211][T14330] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.522823][T14330] usb 6-1: config 0 descriptor?? [ 779.551367][T14330] gspca_main: spca508-2.14.0 probing 8086:0110 [ 779.738454][T14330] gspca_spca508: reg_read err -71 [ 779.759921][T14330] gspca_spca508: reg_read err -71 [ 779.779286][T14330] gspca_spca508: reg_read err -71 [ 779.791254][T14330] gspca_spca508: reg_read err -71 [ 779.816477][T14330] gspca_spca508: reg_read err -71 [ 779.845243][T14330] gspca_spca508: reg write: error -71 [ 779.879487][ T5922] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 779.882443][T14330] spca508 6-1:0.0: probe with driver spca508 failed with error -71 [ 780.072091][ T5922] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71 [ 780.082135][ T5922] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 780.099027][ T5922] usb 5-1: USB disconnect, device number 81 [ 780.099538][T14330] usb 6-1: USB disconnect, device number 7 [ 780.452525][ T5922] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 780.542608][T16311] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 780.593684][ T5922] usb 5-1: device descriptor read/64, error -71 [ 780.723759][T16311] usb 2-1: config 0 has no interfaces? [ 780.743914][T16311] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 780.774477][T16311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.805035][T16311] usb 2-1: Product: syz [ 780.809220][T16311] usb 2-1: Manufacturer: syz [ 780.827855][T16311] usb 2-1: SerialNumber: syz [ 780.842912][ T5922] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 780.878571][T16311] usb 2-1: config 0 descriptor?? [ 780.992262][T14330] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 781.030819][ T5922] usb 5-1: device descriptor read/64, error -71 [ 781.110342][T18548] veth0_macvtap: left promiscuous mode [ 781.159638][ T5922] usb usb5-port1: attempt power cycle [ 781.172415][T14330] usb 4-1: Using ep0 maxpacket: 16 [ 781.180482][T14330] usb 4-1: too many configurations: 197, using maximum allowed: 8 [ 781.218462][T14330] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 781.238160][T14330] usb 4-1: can't read configurations, error -61 [ 781.287207][T18548] veth0_macvtap: entered promiscuous mode [ 781.307064][ T5906] usb 2-1: USB disconnect, device number 71 [ 781.382520][T14330] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 781.522272][ T5922] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 781.552271][T14330] usb 4-1: Using ep0 maxpacket: 16 [ 781.563170][ T5922] usb 5-1: device descriptor read/8, error -71 [ 781.565357][T14330] usb 4-1: too many configurations: 197, using maximum allowed: 8 [ 781.581181][T14330] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 781.606827][T14330] usb 4-1: can't read configurations, error -61 [ 781.613619][ T6525] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 781.631749][T14330] usb usb4-port1: attempt power cycle [ 781.762380][ T6525] usb 6-1: device descriptor read/64, error -71 [ 781.813279][ T5922] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 781.863818][ T5922] usb 5-1: device descriptor read/8, error -71 [ 781.982312][T14330] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 782.000412][ T5922] usb usb5-port1: unable to enumerate USB device [ 782.032890][ T6525] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 782.057006][T14330] usb 4-1: Using ep0 maxpacket: 16 [ 782.067914][T14330] usb 4-1: too many configurations: 197, using maximum allowed: 8 [ 782.091250][ T2125] veth0_macvtap: left promiscuous mode [ 782.093701][T14330] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 782.123837][T14330] usb 4-1: can't read configurations, error -61 [ 782.192390][ T6525] usb 6-1: device descriptor read/64, error -71 [ 782.262230][T14330] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 782.306828][ T6525] usb usb6-port1: attempt power cycle [ 782.316271][T14330] usb 4-1: Using ep0 maxpacket: 16 [ 782.330860][T14330] usb 4-1: too many configurations: 197, using maximum allowed: 8 [ 782.351845][T14330] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 782.359911][T14330] usb 4-1: can't read configurations, error -61 [ 782.370204][T14330] usb usb4-port1: unable to enumerate USB device [ 782.397514][T18587] sock: sock_timestamping_bind_phc: sock not bind to device [ 782.688663][ T6525] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 782.725191][ T6525] usb 6-1: device descriptor read/8, error -71 [ 782.793414][ T5906] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 782.990874][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.004846][ T6525] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 783.031482][ T5906] usb 3-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 783.048253][ T6525] usb 6-1: device descriptor read/8, error -71 [ 783.057727][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.103904][ T5906] usb 3-1: config 0 descriptor?? [ 783.165857][ T6525] usb usb6-port1: unable to enumerate USB device [ 783.324568][T18589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 783.375477][T18589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 783.400429][T18589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 783.426731][T18589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 783.677414][T18589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 783.677828][T18589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 783.696956][ T5906] usbhid 3-1:0.0: can't add hid device: -71 [ 783.697089][ T5906] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 783.703473][ T5906] usb 3-1: USB disconnect, device number 48 [ 784.282231][ T5906] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 784.383740][T18640] netlink: 'syz.2.3318': attribute type 1 has an invalid length. [ 784.490991][ T5906] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 784.528859][ T5906] usb 4-1: config 0 has no interfaces? [ 784.545902][ T5906] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 784.580411][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.594814][ T30] audit: type=1326 audit(1750854392.955:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18637 comm="syz.4.3317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x0 [ 784.618212][ T5906] usb 4-1: config 0 descriptor?? [ 784.637164][T18640] 8021q: adding VLAN 0 to HW filter on device bond2 [ 784.682450][ T6525] usb 2-1: new full-speed USB device number 72 using dummy_hcd [ 784.725105][T18649] gretap1: entered promiscuous mode [ 784.759321][T18649] bond2: (slave gretap1): making interface the new active one [ 784.810478][T18649] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 784.875124][ T5922] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 784.891880][ T6525] usb 2-1: unable to get BOS descriptor or descriptor too short [ 784.923050][ T6525] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 784.940838][ T6525] usb 2-1: can't read configurations, error -71 [ 784.968533][T18625] ptrace attach of "./syz-executor exec"[17617] was attempted by "\x09   Af1Q \x0b  BGR4\x07    \x0b X  m@ \x09$ \x0a \x0b  \x09 @  3     $ @   \x0c   , @ ("[18625] [ 785.020307][T18629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 785.038720][ C1] vkms_vblank_simulate: vblank timer overrun [ 785.147304][ T5922] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 785.179485][T18629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 785.202502][ T5922] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 785.235760][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.266653][ T5922] usb 3-1: config 0 descriptor?? [ 785.285026][ T5922] pwc: Askey VC010 type 2 USB webcam detected. [ 785.479467][T18662] fuse: Bad value for 'fd' [ 785.480779][ T5837] Bluetooth: hci0: connection err: -111 [ 785.579969][T18673] fuse: Unknown parameter 'goup_idbE(~0O~' [ 785.721355][T18685] syzkaller0: tun_chr_ioctl cmd 1074812117 [ 785.735330][ T5922] pwc: recv_control_msg error -32 req 02 val 2b00 [ 785.745403][ T5922] pwc: recv_control_msg error -32 req 02 val 2700 [ 785.862716][T16311] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 785.873272][T18691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3325'. [ 785.965051][ T5922] pwc: recv_control_msg error -32 req 04 val 1000 [ 785.981807][ T5922] pwc: recv_control_msg error -71 req 04 val 1300 [ 785.994627][ T5922] pwc: recv_control_msg error -71 req 04 val 1400 [ 786.008283][ T5922] pwc: recv_control_msg error -71 req 02 val 2000 [ 786.016292][ T5922] pwc: recv_control_msg error -71 req 02 val 2100 [ 786.025790][ T5922] pwc: recv_control_msg error -71 req 04 val 1500 [ 786.033534][ T5922] pwc: recv_control_msg error -71 req 02 val 2500 [ 786.042492][T16311] usb 5-1: config 2 has an invalid interface number: 57 but max is 1 [ 786.042518][T16311] usb 5-1: config 2 has an invalid interface number: 174 but max is 1 [ 786.042537][T16311] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 786.042556][T16311] usb 5-1: config 2 has no interface number 0 [ 786.042579][T16311] usb 5-1: config 2 has no interface number 1 [ 786.042631][T16311] usb 5-1: config 2 interface 57 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 786.042657][T16311] usb 5-1: config 2 interface 57 altsetting 9 has a duplicate endpoint with address 0x4, skipping [ 786.042678][T16311] usb 5-1: config 2 interface 57 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 786.042699][T16311] usb 5-1: config 2 interface 57 altsetting 9 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 786.042736][T16311] usb 5-1: config 2 interface 174 altsetting 3 has a duplicate endpoint with address 0x7, skipping [ 786.042756][T16311] usb 5-1: config 2 interface 174 altsetting 3 has a duplicate endpoint with address 0x3, skipping [ 786.042777][T16311] usb 5-1: config 2 interface 174 altsetting 3 has a duplicate endpoint with address 0x7, skipping [ 786.042796][T16311] usb 5-1: config 2 interface 174 altsetting 3 has a duplicate endpoint with address 0x4, skipping [ 786.042814][T16311] usb 5-1: config 2 interface 174 altsetting 3 has a duplicate endpoint with address 0xB, skipping [ 786.042834][T16311] usb 5-1: config 2 interface 174 altsetting 3 has 6 endpoint descriptors, different from the interface descriptor's value: 8 [ 786.042857][T16311] usb 5-1: config 2 interface 57 has no altsetting 0 [ 786.042871][T16311] usb 5-1: config 2 interface 174 has no altsetting 0 [ 786.045239][T16311] usb 5-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice=12.a9 [ 786.045263][T16311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.045274][T16311] usb 5-1: Product: syz [ 786.045282][T16311] usb 5-1: Manufacturer: syz [ 786.045290][T16311] usb 5-1: SerialNumber: syz [ 786.046590][ T5922] pwc: recv_control_msg error -71 req 02 val 2400 [ 786.047006][ T5922] pwc: recv_control_msg error -71 req 02 val 2600 [ 786.063296][ T5922] pwc: recv_control_msg error -71 req 02 val 2900 [ 786.064866][ T5922] pwc: recv_control_msg error -71 req 02 val 2800 [ 786.065539][ T5922] pwc: recv_control_msg error -71 req 04 val 1100 [ 786.068805][ T5922] pwc: recv_control_msg error -71 req 04 val 1200 [ 786.366420][T16311] snd_usb_podhd 5-1:2.57: Line 6 POD HD300 found [ 786.373012][T16311] usb 5-1: selecting invalid altsetting 5 [ 786.378752][T16311] snd_usb_podhd 5-1:2.57: set_interface failed [ 786.401625][T16311] snd_usb_podhd 5-1:2.57: Line 6 POD HD300 now disconnected [ 786.431488][ T5922] pwc: Registered as video103. [ 786.446665][T16311] snd_usb_podhd 5-1:2.57: probe with driver snd_usb_podhd failed with error -22 [ 786.470409][ T5922] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input65 [ 786.508916][T16311] usb 5-1: Found UVC 0.00 device syz (0e41:5057) [ 786.528310][ T5922] usb 3-1: USB disconnect, device number 49 [ 786.541822][T16311] usb 5-1: No valid video chain found. [ 786.602902][T16311] snd_usb_podhd 5-1:2.174: Line 6 POD HD300 found [ 786.642369][T16311] usb 5-1: selecting invalid altsetting 5 [ 786.672906][T16311] snd_usb_podhd 5-1:2.174: set_interface failed [ 786.679375][T16311] snd_usb_podhd 5-1:2.174: Line 6 POD HD300 now disconnected [ 786.713296][T18700] netlink: 'syz.5.3327': attribute type 11 has an invalid length. [ 786.734167][T16311] snd_usb_podhd 5-1:2.174: probe with driver snd_usb_podhd failed with error -22 [ 786.790614][T16311] usb 5-1: USB disconnect, device number 86 [ 786.948028][ T5906] usb 4-1: USB disconnect, device number 70 [ 787.583061][ T6528] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 787.604674][ T6525] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 787.610905][T16311] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 787.778754][ T6528] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 787.806827][ T6525] usb 6-1: Using ep0 maxpacket: 16 [ 787.812121][ T6528] usb 5-1: config 0 interface 0 has no altsetting 0 [ 787.841049][ T6525] usb 6-1: config 0 has an invalid interface number: 49 but max is 0 [ 787.842947][T16311] usb 3-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 8 [ 787.864526][ T6528] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 787.886534][T16311] usb 3-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 787.886536][ T6525] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 787.886563][T16311] usb 3-1: config 1 interface 0 has no altsetting 0 [ 787.905554][ T6528] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 787.941885][ T6525] usb 6-1: config 0 has no interface number 0 [ 787.968649][ T6525] usb 6-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 787.979246][ T6528] usb 5-1: Product: syz [ 787.989341][ T6528] usb 5-1: Manufacturer: syz [ 787.994060][T14330] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 787.997903][T16311] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 788.018276][ T6528] usb 5-1: SerialNumber: syz [ 788.024835][T16311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.032379][ T6525] usb 6-1: config 0 interface 49 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 788.071095][T16311] usb 3-1: Product: syz [ 788.076142][ T6528] usb 5-1: config 0 descriptor?? [ 788.106919][T16311] usb 3-1: Manufacturer:  [ 788.117356][ T6525] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 788.125811][T16311] usb 3-1: SerialNumber: syz [ 788.128899][ T6528] usb 5-1: selecting invalid altsetting 0 [ 788.143630][T18727] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 788.147292][ T6525] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.189651][ T6525] usb 6-1: Product: syz [ 788.208000][T14330] usb 4-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 788.240290][ T6525] usb 6-1: Manufacturer: syz [ 788.258143][T14330] usb 4-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0 [ 788.272050][ T6525] usb 6-1: SerialNumber: syz [ 788.331060][T14330] usb 4-1: config 0 interface 0 has no altsetting 0 [ 788.363379][ T6525] usb 6-1: config 0 descriptor?? [ 788.372106][T14330] usb 4-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 788.388130][T16311] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 50 if 0 alt 4 proto 1 vid 0x0525 pid 0xA4A8 [ 788.406248][T18731] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 788.437218][T14330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.507708][T14330] usb 4-1: config 0 descriptor?? [ 788.516450][T16311] usb 3-1: USB disconnect, device number 50 [ 788.583842][T16311] usblp0: removed [ 788.730717][ T6525] qmi_wwan 6-1:0.49: probe with driver qmi_wwan failed with error -22 [ 788.779934][ T6525] usb 6-1: USB disconnect, device number 12 [ 788.948616][T14330] asus 0003:0B05:1822.0033: hidraw0: USB HID v0.00 Device [HID 0b05:1822] on usb-dummy_hcd.3-1/input0 [ 788.988883][T14330] asus 0003:0B05:1822.0033: Asus input not registered [ 788.992495][T16311] usb 5-1: USB disconnect, device number 87 [ 789.056947][T14330] asus 0003:0B05:1822.0033: probe with driver asus failed with error -12 [ 789.143662][T14329] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 789.295519][T14330] usb 4-1: USB disconnect, device number 71 [ 789.334457][T14329] usb 2-1: Using ep0 maxpacket: 32 [ 789.348125][T14329] usb 2-1: config 0 has an invalid interface number: 202 but max is 1 [ 789.365665][T14329] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 789.378315][T14329] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 789.397983][T14329] usb 2-1: config 0 has no interface number 0 [ 789.415311][T14329] usb 2-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30 [ 789.438100][T14329] usb 2-1: config 0 interface 202 altsetting 87 endpoint 0x2 has invalid maxpacket 255, setting to 64 [ 789.490593][T14329] usb 2-1: config 0 interface 202 altsetting 87 has 1 endpoint descriptor, different from the interface descriptor's value: 182 [ 789.509229][T14329] usb 2-1: config 0 interface 202 has no altsetting 0 [ 789.531083][T14329] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b [ 789.548769][T14329] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.556844][T14329] usb 2-1: Product: syz [ 789.566959][T14329] usb 2-1: Manufacturer: syz [ 789.582024][T14329] usb 2-1: SerialNumber: syz [ 789.632003][T14329] usb 2-1: config 0 descriptor?? [ 789.664879][ T6525] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 789.698937][T14329] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 789.867864][ T6525] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 789.878345][ T6525] usb 3-1: config 0 has no interfaces? [ 789.884659][ T6525] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 789.901359][ T6525] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.901507][T16311] usb 2-1: USB disconnect, device number 74 [ 789.913910][T16713] usb 2-1: Failed to submit usb control message: -71 [ 789.940791][T16713] usb 2-1: unable to send the bmi data to the device: -71 [ 789.967824][T16713] usb 2-1: unable to get target info from device [ 789.976491][T18785] sock: sock_timestamping_bind_phc: sock not bind to device [ 789.998712][ T6525] usb 3-1: config 0 descriptor?? [ 790.008577][T16713] usb 2-1: could not get target info (-71) [ 790.035642][T16713] usb 2-1: could not probe fw (-71) [ 790.241405][T18763] ptrace attach of "./syz-executor exec"[16936] was attempted by "\x09   Af1Q \x0b  BGR4\x07    \x0b X  m@ \x09$ \x0a \x0b  \x09 @  3     $ @   \x0c   , @ ("[18763] [ 790.311559][ C1] vkms_vblank_simulate: vblank timer overrun [ 790.438686][T18767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.457062][T18767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.789045][T18800] pimreg: entered allmulticast mode [ 791.362254][ T5906] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 791.725530][ T5906] usb 2-1: config 0 has no interfaces? [ 791.734672][ T5906] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 791.744373][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.778788][ T5906] usb 2-1: Product: syz [ 791.799918][ T5906] usb 2-1: Manufacturer: syz [ 791.811317][ T5906] usb 2-1: SerialNumber: syz [ 791.841604][ T5906] usb 2-1: config 0 descriptor?? [ 792.217725][ T5906] usb 3-1: USB disconnect, device number 51 [ 792.223982][T16311] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 792.317800][T18808] pimreg: entered allmulticast mode [ 792.427774][T16311] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 792.448188][T16311] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 792.528935][T16311] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 792.594391][T16311] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 792.634074][ T5922] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 792.651757][T16311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.703777][T18818] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 792.793136][ T5922] usb 6-1: Using ep0 maxpacket: 16 [ 792.811936][ T5922] usb 6-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 792.825776][ T5922] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.857728][ T5922] usb 6-1: Product: syz [ 792.871118][ T5922] usb 6-1: Manufacturer: syz [ 792.890058][ T5922] usb 6-1: SerialNumber: syz [ 792.935580][T16311] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 792.979133][T16311] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input67 [ 793.008057][ T5922] usb 6-1: config 0 descriptor?? [ 793.028323][ T5922] ums-onetouch 6-1:0.0: USB Mass Storage device detected [ 793.255226][T16311] usb 5-1: USB disconnect, device number 88 [ 793.261156][ C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 794.009051][ T6525] usb 2-1: USB disconnect, device number 75 [ 794.122727][T16311] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 794.292210][T16311] usb 5-1: Using ep0 maxpacket: 16 [ 794.306894][T16311] usb 5-1: config 0 has an invalid interface number: 49 but max is 0 [ 794.320990][T16311] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 794.361495][T16311] usb 5-1: config 0 has no interface number 0 [ 794.403800][T16311] usb 5-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 794.522247][T16311] usb 5-1: config 0 interface 49 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 794.691456][T16311] usb 5-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 795.124472][T16311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.156927][T16311] usb 5-1: Product: syz [ 795.167219][T16311] usb 5-1: Manufacturer: syz [ 795.203707][ T2154] usb 6-1: USB disconnect, device number 13 [ 795.238194][T16311] usb 5-1: SerialNumber: syz [ 795.332415][T16311] usb 5-1: config 0 descriptor?? [ 795.338129][T18842] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 795.591192][T16311] qmi_wwan 5-1:0.49: probe with driver qmi_wwan failed with error -22 [ 795.603067][ T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 795.687032][T16311] usb 5-1: USB disconnect, device number 89 [ 795.762339][ T24] usb 2-1: device descriptor read/64, error -71 [ 796.052535][ T24] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 796.092764][T18864] loop2: detected capacity change from 0 to 7 [ 796.106864][ T5952] Dev loop2: unable to read RDB block 7 [ 796.125017][ T5952] loop2: AHDI p1 p2 p3 [ 796.142720][ T5952] loop2: partition table partially beyond EOD, truncated [ 796.192472][ T24] usb 2-1: device descriptor read/64, error -71 [ 796.212227][ T5922] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 796.213325][ T5952] loop2: p1 start 1601398130 is beyond EOD, truncated [ 796.323003][ T5952] loop2: p2 start 1702059890 is beyond EOD, truncated [ 796.342770][T18864] Dev loop2: unable to read RDB block 7 [ 796.348347][T18864] loop2: AHDI p1 p2 p3 [ 796.354385][ T24] usb usb2-port1: attempt power cycle [ 796.359852][T18864] loop2: partition table partially beyond EOD, truncated [ 796.367455][T18864] loop2: p1 start 1601398130 is beyond EOD, truncated [ 796.390504][T18864] loop2: p2 start 1702059890 is beyond EOD, truncated [ 796.397310][ T5922] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 796.397353][ T5922] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.397376][ T5922] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 796.397396][ T5922] usb 4-1: config 0 interface 0 has no altsetting 0 [ 796.397435][ T5922] usb 4-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 796.397456][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.413357][ T5922] usb 4-1: config 0 descriptor?? [ 796.551994][T18873] xt_hashlimit: size too large, truncated to 1048576 [ 796.560113][ T30] audit: type=1326 audit(1750854404.895:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 796.588603][T18873] xt_hashlimit: Unknown mode mask 368, kernel too old? [ 796.621768][ T30] audit: type=1326 audit(1750854404.895:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 796.719675][ T30] audit: type=1326 audit(1750854404.895:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 796.722355][ T24] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 796.794704][ T24] usb 2-1: device descriptor read/8, error -71 [ 796.864239][ T30] audit: type=1326 audit(1750854404.895:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 796.898528][ T5922] kye 0003:0458:5015.0034: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 796.922990][ T5922] kye 0003:0458:5015.0034: item fetching failed at offset 3/7 [ 796.964403][ T30] audit: type=1326 audit(1750854404.895:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 796.964704][ T5922] kye 0003:0458:5015.0034: parse failed [ 797.018541][T18879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3364'. [ 797.029056][ T5922] kye 0003:0458:5015.0034: probe with driver kye failed with error -22 [ 797.039918][ T30] audit: type=1326 audit(1750854404.895:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 797.052325][ T24] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 797.097028][T18868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 797.111149][ T24] usb 2-1: device descriptor read/8, error -71 [ 797.119315][T18868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 797.130029][ T30] audit: type=1326 audit(1750854404.895:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 797.171148][ T5922] usb 4-1: USB disconnect, device number 72 [ 797.242607][ T24] usb usb2-port1: unable to enumerate USB device [ 797.252233][ T30] audit: type=1326 audit(1750854404.895:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 797.347331][ T30] audit: type=1326 audit(1750854404.895:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 797.408750][ T30] audit: type=1326 audit(1750854404.895:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18872 comm="syz.4.3361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f90c612ab19 code=0x7ffc0000 [ 797.702593][ T5922] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 797.742231][ T24] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 797.873490][ T5922] usb 5-1: too many configurations: 151, using maximum allowed: 8 [ 797.908863][ T5922] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 797.918748][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 797.932291][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 797.956471][ T5922] usb 5-1: Product: syz [ 797.961538][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 797.972926][ T5922] usb 5-1: Manufacturer: syz [ 797.980706][ T24] usb 4-1: config 2 has an invalid interface number: 9 but max is 0 [ 797.996228][ T5922] usb 5-1: SerialNumber: syz [ 798.011280][ T24] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 798.030042][ T5922] usb 5-1: config 0 descriptor?? [ 798.045820][ T24] usb 4-1: config 2 has no interface number 0 [ 798.053905][ T24] usb 4-1: config 2 interface 9 altsetting 10 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 798.071675][ T5922] ims_pcu 5-1:0.0: Zero length descriptor [ 798.083059][ T5922] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22 [ 798.094846][ T24] usb 4-1: config 2 interface 9 altsetting 10 bulk endpoint 0x8E has invalid maxpacket 32 [ 798.134654][ T24] usb 4-1: config 2 interface 9 altsetting 10 endpoint 0xA has invalid wMaxPacketSize 0 [ 798.160379][ T24] usb 4-1: config 2 interface 9 altsetting 10 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 798.187471][ T24] usb 4-1: config 2 interface 9 has no altsetting 0 [ 798.197646][ T24] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=6f.97 [ 798.207059][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 798.215758][ T24] usb 4-1: Product: syz [ 798.219999][ T24] usb 4-1: Manufacturer: syz [ 798.225693][ T24] usb 4-1: SerialNumber: syz [ 798.234986][T18901] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 798.269570][ T5922] usb 5-1: USB disconnect, device number 90 [ 798.327619][T16718] bridge_slave_1: left allmulticast mode [ 798.336176][T16718] bridge_slave_1: left promiscuous mode [ 798.341915][T16718] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.354164][T16718] bridge_slave_0: left allmulticast mode [ 798.359809][T16718] bridge_slave_0: left promiscuous mode [ 798.367608][T16718] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.382387][ T6528] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 798.451294][T18901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 798.460389][T18901] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.487988][ T24] pn533_usb 4-1:2.9: NFC: Could not find bulk-in or bulk-out endpoint [ 798.525322][ T24] usb 4-1: USB disconnect, device number 73 [ 798.552622][ T6528] usb 3-1: Using ep0 maxpacket: 32 [ 798.559512][T16718] bond3 (unregistering): (slave ip6gre1): Releasing backup interface [ 798.571752][ T6528] usb 3-1: no configurations [ 798.589344][ T6528] usb 3-1: can't read configurations, error -22 [ 798.722509][ T6528] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 798.903610][ T6528] usb 3-1: Using ep0 maxpacket: 32 [ 798.910368][ T6528] usb 3-1: no configurations [ 798.917508][ T6528] usb 3-1: can't read configurations, error -22 [ 798.932000][ T6528] usb usb3-port1: attempt power cycle [ 799.295094][ T6528] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 799.343005][ T6528] usb 3-1: Using ep0 maxpacket: 32 [ 799.359358][ T6528] usb 3-1: no configurations [ 799.366958][ T6528] usb 3-1: can't read configurations, error -22 [ 799.480098][T16718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 799.495153][ T6525] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 799.505703][T16718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 799.523131][ T6528] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 799.524192][T16718] bond0 (unregistering): Released all slaves [ 799.542247][ T24] usb 4-1: new full-speed USB device number 74 using dummy_hcd [ 799.571368][ T6528] usb 3-1: Using ep0 maxpacket: 32 [ 799.579879][ T6528] usb 3-1: no configurations [ 799.584924][ T6528] usb 3-1: can't read configurations, error -22 [ 799.600185][ T6528] usb usb3-port1: unable to enumerate USB device [ 799.620823][T16718] bond1 (unregistering): Released all slaves [ 799.647977][T16718] bond2 (unregistering): Released all slaves [ 799.698819][T18934] trusted_key: encrypted_key: master key parameter is missing [ 799.710069][ T6525] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 799.720184][ T6525] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.733756][ T6525] usb 5-1: config 0 descriptor?? [ 799.750220][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 799.760828][ T24] usb 4-1: config 0 has no interfaces? [ 799.766700][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 799.776257][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.792984][ T24] usb 4-1: config 0 descriptor?? [ 799.821535][T16718] bond3 (unregistering): Released all slaves [ 799.839546][T16718] bond4 (unregistering): Released all slaves [ 799.860231][T18933] mac80211_hwsim hwsim29 wlan0: entered promiscuous mode [ 799.871053][T18933] mac80211_hwsim hwsim29 wlan0: left promiscuous mode [ 799.954385][T16718] : left promiscuous mode [ 800.016324][T16718] : left promiscuous mode [ 800.051210][T18919] ptrace attach of "./syz-executor exec"[17617] was attempted by "\x09   Af1Q \x0b  BGR4\x07    \x0b X  m@ \x09$ \x0a \x0b  \x09 @  3     $ @   \x0c   , @ ("[18919] [ 800.121375][ C1] vkms_vblank_simulate: vblank timer overrun [ 800.130048][T18921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 800.145013][T18921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 800.166451][T18938] netlink: 'syz.1.3380': attribute type 10 has an invalid length. [ 800.171430][T18937] ptrace attach of "./syz-executor exec"[17951] was attempted by "./syz-executor exec"[18937] [ 800.202715][T18938] batman_adv: batadv0: Adding interface: team0 [ 800.222688][T18938] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 800.267181][T18938] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 800.287212][T16718] tipc: Left network mode [ 800.585713][T16718] hsr_slave_0: left promiscuous mode [ 800.591616][T16718] hsr_slave_1: left promiscuous mode [ 800.597756][T16718] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 800.608081][T16718] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 800.702366][T14329] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 800.703979][T16311] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 800.852508][T14329] usb 6-1: Using ep0 maxpacket: 8 [ 800.869053][T14329] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 800.880058][T16311] usb 2-1: New USB device found, idVendor=0c45, idProduct=62a0, bcdDevice=a8.22 [ 800.884082][T14329] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.899327][T16311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.902976][T14329] usb 6-1: Product: syz [ 800.912420][T14329] usb 6-1: Manufacturer: syz [ 800.917111][T14329] usb 6-1: SerialNumber: syz [ 800.924579][T16311] usb 2-1: config 0 descriptor?? [ 800.936971][T14329] usb 6-1: config 0 descriptor?? [ 800.975468][T16311] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:62a0 [ 801.131600][T16311] gspca_sn9c20x: Write register 1000 failed -71 [ 801.139637][T16311] gspca_sn9c20x: Device initialization failed [ 801.160127][T16311] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 801.165261][T14329] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 801.211766][T16311] usb 2-1: USB disconnect, device number 80 [ 801.250671][T18950] netlink: 'syz.2.3385': attribute type 10 has an invalid length. [ 801.302131][T18951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3385'. [ 801.305444][T18952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3385'. [ 801.397640][T14329] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 801.431049][T14329] usb 6-1: USB disconnect, device number 14 [ 801.587800][T18950] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.595383][T18950] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.625004][T18950] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.632229][T18950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 801.639679][T18950] bridge0: port 1(bridge_slave_0) entered blocking state [ 801.646867][T18950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 801.658948][T18950] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 801.668258][T18952] bridge_slave_1: left allmulticast mode [ 801.674096][T18952] bridge_slave_1: left promiscuous mode [ 801.679848][T18952] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.693999][T18952] bridge_slave_0: left allmulticast mode [ 801.699720][T18952] bridge_slave_0: left promiscuous mode [ 801.705678][T18952] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.738566][T18952] bond0: (slave bridge0): Releasing backup interface [ 802.142609][T16311] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 802.234939][ T5922] usb 4-1: USB disconnect, device number 74 [ 802.327812][T16311] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 802.346935][T16311] usb 3-1: config 0 has no interface number 0 [ 802.362320][T16311] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 802.397811][T16311] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 802.423500][T16311] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 802.442419][T16311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 802.489861][ T6525] usb 5-1: Cannot set autoneg [ 802.495475][ T6525] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 802.520154][T16311] usb 3-1: Product: syz [ 802.531637][T16311] usb 3-1: Manufacturer: syz [ 802.539423][ T6525] usb 5-1: USB disconnect, device number 91 [ 802.561533][T16311] usb 3-1: SerialNumber: syz [ 802.641565][T16311] usb 3-1: config 0 descriptor?? [ 802.864203][T16311] usbtouchscreen 3-1:0.214: Failed to read FW rev: -71 [ 802.872287][T14329] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 802.891547][T16311] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 802.932401][T16311] usb 3-1: USB disconnect, device number 56 [ 803.145872][T18980] loop2: detected capacity change from 0 to 7 [ 803.155654][T18980] Dev loop2: unable to read RDB block 7 [ 803.162202][T18980] loop2: AHDI p1 p2 p3 [ 803.167332][T18980] loop2: partition table partially beyond EOD, truncated [ 803.175402][T18980] loop2: p1 start 1601398130 is beyond EOD, truncated [ 803.192519][T18980] loop2: p2 start 1702059890 is beyond EOD, truncated [ 803.220757][T14329] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 803.238275][T14329] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 803.254777][T14329] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 803.268627][T14329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.279624][T14329] usb 6-1: config 0 descriptor?? [ 803.606933][T18991] Failed to get privilege flags for destination (handle=0x2:0x8) [ 803.935982][T19009] syzkaller0: entered allmulticast mode [ 804.053905][ T2154] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 804.224078][ T2154] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 804.260291][ T2154] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 804.295380][ T2154] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 804.322739][ T2154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.367668][T18999] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 804.398245][ T2154] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 804.719047][ T2154] usb 5-1: USB disconnect, device number 92 [ 804.812318][T19031] loop2: detected capacity change from 0 to 7 [ 804.842607][ T5952] Dev loop2: unable to read RDB block 7 [ 804.856180][ T5952] loop2: AHDI p1 p2 p3 [ 804.864943][T14330] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 804.874605][ T5952] loop2: partition table partially beyond EOD, truncated [ 804.882132][ T5952] loop2: p1 start 1601398130 is beyond EOD, truncated [ 804.894535][ T5952] loop2: p2 start 1702059890 is beyond EOD, truncated [ 804.907056][T19031] Dev loop2: unable to read RDB block 7 [ 804.913719][T19031] loop2: AHDI p1 p2 p3 [ 804.918000][T19031] loop2: partition table partially beyond EOD, truncated [ 804.927824][T19031] loop2: p1 start 1601398130 is beyond EOD, truncated [ 804.934745][T14329] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 804.947401][T19031] loop2: p2 start 1702059890 is beyond EOD, truncated [ 805.028449][T14330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 805.051211][T14330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 805.065364][T14330] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 805.078698][T14330] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 805.093520][T14330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.106406][T14330] usb 2-1: config 0 descriptor?? [ 805.115692][T14329] usb 3-1: Using ep0 maxpacket: 8 [ 805.127605][T14329] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 805.135933][T14329] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 805.146014][T14329] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 805.157745][T14329] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 805.167746][T14329] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 805.180814][T14329] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 805.190089][T14329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.332523][ T6528] usb 4-1: new full-speed USB device number 75 using dummy_hcd [ 805.360423][T19037] netlink: 'syz.4.3411': attribute type 5 has an invalid length. [ 805.368362][T19037] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3411'. [ 805.410173][T14329] usb 3-1: usb_control_msg returned -32 [ 805.432272][T14329] usbtmc 3-1:16.0: can't read capabilities [ 805.494631][ T6528] usb 4-1: not running at top speed; connect to a high speed hub [ 805.504479][ T6528] usb 4-1: config 39 has an invalid interface number: 162 but max is 3 [ 805.516135][ T5837] Bluetooth: hci5: command 0x0406 tx timeout [ 805.530561][ T6528] usb 4-1: config 39 has an invalid interface number: 130 but max is 3 [ 805.545928][ T6528] usb 4-1: config 39 has an invalid descriptor of length 0, skipping remainder of the config [ 805.556591][ T6528] usb 4-1: config 39 has 2 interfaces, different from the descriptor's value: 4 [ 805.624239][T14330] plantronics 0003:047F:FFFF.0035: ignoring exceeding usage max [ 805.632365][ T6528] usb 4-1: config 39 has no interface number 0 [ 805.642084][ T6528] usb 4-1: config 39 has no interface number 1 [ 805.649797][T14330] plantronics 0003:047F:FFFF.0035: item fetching failed at offset 6/15 [ 805.658891][ T6528] usb 4-1: config 39 interface 162 altsetting 7 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 805.673315][T14330] plantronics 0003:047F:FFFF.0035: parse failed [ 805.679690][T14330] plantronics 0003:047F:FFFF.0035: probe with driver plantronics failed with error -22 [ 805.692309][ T6528] usb 4-1: config 39 interface 130 altsetting 6 endpoint 0xF has invalid maxpacket 1544, setting to 64 [ 805.700618][T16311] usb 6-1: USB disconnect, device number 15 [ 805.755541][ T6528] usb 4-1: config 39 interface 130 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 805.774835][ T6528] usb 4-1: config 39 interface 162 has no altsetting 0 [ 805.781987][ T6528] usb 4-1: config 39 interface 130 has no altsetting 0 [ 805.791864][ T6528] usb 4-1: New USB device found, idVendor=7e13, idProduct=a656, bcdDevice=e2.aa [ 805.821725][ T6528] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.830089][ T6528] usb 4-1: Product: syz [ 805.834634][ T6528] usb 4-1: Manufacturer: 碇讥メ迼抇︷爀㝡衹∀౱턺䏬ꥅ⊼摅䓄嚣꩔㪤ქ᷅㭢䮫㌹둚븈鸭䙹䴧摡듣闟땍귢֓ൠ箆쫚↕켳ꚞま饳㪷祝෪ࣛ䣌喛賎멗ᭆ瞡溻뤱挆搇서륟㨮Ꮥ땹쌛̥⠁훚闡ﹷ퀬喙ꫭ脊舥⼴곬墁ྡ弐፮ꄅ鍱ऺ汐 [ 805.867127][T14329] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 805.882115][ T6528] usb 4-1: SerialNumber: syz [ 805.922013][T19033] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 806.036490][T14329] usb 5-1: config 0 has no interfaces? [ 806.078051][T14329] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 806.098526][T14329] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.116568][T14329] usb 5-1: Product: syz [ 806.120842][T14329] usb 5-1: Manufacturer: syz [ 806.138559][ T6528] cdc_wdm 4-1:39.162: probe with driver cdc_wdm failed with error -22 [ 806.150166][T14329] usb 5-1: SerialNumber: syz [ 806.164866][T14329] usb 5-1: config 0 descriptor?? [ 806.184174][T19050] SET target dimension over the limit! [ 806.197851][T19050] usbtmc 3-1:16.0: INITIATE_CLEAR returned 0 [ 806.220485][ T6528] usb 4-1: USB disconnect, device number 75 [ 806.400590][T19041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 806.421991][T19041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 807.418850][T16311] usb 2-1: USB disconnect, device number 81 [ 807.542421][T14329] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 807.687870][T19065] loop2: detected capacity change from 0 to 7 [ 807.703678][T19065] Dev loop2: unable to read RDB block 7 [ 807.711793][T19065] loop2: AHDI p1 p2 p3 [ 807.718711][T14329] usb 6-1: Using ep0 maxpacket: 16 [ 807.740866][T14329] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 807.752542][T19065] loop2: partition table partially beyond EOD, truncated [ 807.766001][T19065] loop2: p1 start 1601398130 is beyond EOD, truncated [ 807.796675][T14329] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 807.809571][ T6528] usb 3-1: USB disconnect, device number 57 [ 807.819238][T19065] loop2: p2 start 1702059890 is beyond EOD, truncated [ 807.865351][T14329] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.207284][T14329] usb 6-1: Product: syz [ 808.240679][T14329] usb 6-1: Manufacturer: syz [ 808.337984][T14329] usb 6-1: SerialNumber: syz [ 808.399698][T14329] usb 6-1: config 0 descriptor?? [ 808.426510][T14329] hub 6-1:0.0: bad descriptor, ignoring hub [ 808.443750][T14329] hub 6-1:0.0: probe with driver hub failed with error -5 [ 808.473146][T14329] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input69 [ 808.574510][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.580898][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.790191][T16311] usb 5-1: USB disconnect, device number 93 [ 808.797840][ T6528] usb 3-1: new full-speed USB device number 58 using dummy_hcd [ 809.028412][ T6528] usb 3-1: config 0 has no interfaces? [ 809.053450][ T6528] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 809.053478][ T6528] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.053497][ T6528] usb 3-1: Product: syz [ 809.053509][ T6528] usb 3-1: Manufacturer: syz [ 809.053523][ T6528] usb 3-1: SerialNumber: syz [ 809.056876][ T6528] usb 3-1: config 0 descriptor?? [ 809.241158][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 809.241174][ T30] audit: type=1326 audit(1750854417.585:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19082 comm="syz.1.3423" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6bac38e929 code=0x0 [ 809.296267][T19072] loop6: detected capacity change from 0 to 63 [ 809.296697][T19072] buffer_io_error: 10 callbacks suppressed [ 809.296706][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.296820][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.296875][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.296929][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.296983][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297048][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297111][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297165][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297201][T19072] ldm_validate_partition_table(): Disk read failed. [ 809.297227][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297283][T19072] Buffer I/O error on dev loop6, logical block 0, async page read [ 809.297412][T19072] Dev loop6: unable to read RDB block 0 [ 809.297674][T19072] loop6: unable to read partition table [ 809.297787][T19072] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 810.759775][ T2154] usb 6-1: USB disconnect, device number 16 [ 810.943135][T19087] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3423'. [ 811.144542][ T2154] usb 6-1: new full-speed USB device number 17 using dummy_hcd [ 811.144591][T14329] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 811.282785][ T6525] usb 3-1: USB disconnect, device number 58 [ 811.382213][T14329] usb 4-1: Using ep0 maxpacket: 16 [ 811.391528][T14329] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 811.434406][ T2154] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 811.450748][T14329] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 811.470202][T14329] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.491546][T14329] usb 4-1: Product: syz [ 811.501644][T14329] usb 4-1: Manufacturer: syz [ 811.520832][T14329] usb 4-1: SerialNumber: syz [ 811.528704][ T2154] usb 6-1: config 0 has no interfaces? [ 811.539596][T14329] usb 4-1: config 0 descriptor?? [ 811.654230][ T2154] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 811.826712][T19106] loop4: detected capacity change from 0 to 7 [ 811.844261][T19106] Dev loop4: unable to read RDB block 7 [ 811.849855][T19106] loop4: unable to read partition table [ 811.871093][T19116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3430'. [ 811.931681][ T2154] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.971791][ T2154] usb 6-1: config 0 descriptor?? [ 812.125159][T19115] loop2: detected capacity change from 0 to 7 [ 812.132124][T19106] loop4: partition table beyond EOD, truncated [ 812.185498][T19098] ptrace attach of "./syz-executor exec"[17951] was attempted by "\x09     \x0b  BGR4\x07    \x0b X  m@ \x09$ \x0a \x0b  \x09 @  3     $ @   \x0c   , @ ("[19098] [ 812.255582][ C0] vkms_vblank_simulate: vblank timer overrun [ 812.329214][T19106] loop_reread_partitions: partition scan of loop4 (3 ) failed (rc=-5) [ 812.338375][T19115] Dev loop2: unable to read RDB block 7 [ 812.344041][T19115] loop2: AHDI p1 p2 p3 [ 812.348252][T19115] loop2: partition table partially beyond EOD, truncated [ 812.355576][T19115] loop2: p1 start 1601398130 is beyond EOD, truncated [ 812.362935][T19115] loop2: p2 start 1702059890 is beyond EOD, truncated [ 812.379157][T19098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 812.387960][T19098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 812.712047][T19121] mmap: syz.2.3434 (19121): VmData 37781504 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data. [ 813.001490][T19132] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3438'. [ 813.155901][T14329] usb 4-1: USB disconnect, device number 76 [ 813.264893][T16311] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 813.272624][ T2154] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 813.374531][ T24] usb 2-1: new full-speed USB device number 82 using dummy_hcd [ 813.460875][ T2154] usb 5-1: device descriptor read/64, error -71 [ 813.467199][T16311] usb 3-1: Using ep0 maxpacket: 16 [ 813.475265][T16311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 813.487194][T16311] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 813.496318][T16311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.504600][T16311] usb 3-1: Product: syz [ 813.508897][T16311] usb 3-1: Manufacturer: syz [ 813.513573][T16311] usb 3-1: SerialNumber: syz [ 813.520377][T16311] usb 3-1: config 0 descriptor?? [ 813.530913][T16311] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 813.541059][ T24] usb 2-1: device descriptor read/64, error -71 [ 813.547794][T16311] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 813.632384][T14329] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 813.678962][ T5922] usb 6-1: USB disconnect, device number 17 [ 813.722760][ T2154] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 813.785091][T14329] usb 4-1: device descriptor read/64, error -71 [ 813.792448][ T24] usb 2-1: new full-speed USB device number 83 using dummy_hcd [ 813.872983][ T2154] usb 5-1: device descriptor read/64, error -71 [ 813.932453][ T24] usb 2-1: device descriptor read/64, error -71 [ 813.993713][ T2154] usb usb5-port1: attempt power cycle [ 814.053724][ T24] usb usb2-port1: attempt power cycle [ 814.062686][T14329] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 814.252651][T14329] usb 4-1: device descriptor read/64, error -71 [ 814.342240][ T2154] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 814.369248][T14329] usb usb4-port1: attempt power cycle [ 814.386731][ T2154] usb 5-1: device descriptor read/8, error -71 [ 814.432505][ T24] usb 2-1: new full-speed USB device number 84 using dummy_hcd [ 814.463174][ T24] usb 2-1: device descriptor read/8, error -71 [ 814.542671][T16311] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 814.616547][T16311] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 814.638365][T16311] em28xx 3-1:0.0: board has no eeprom [ 814.644008][ T2154] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 814.676149][ T2154] usb 5-1: device descriptor read/8, error -71 [ 814.715155][T19156] loop2: detected capacity change from 0 to 7 [ 814.721408][T16311] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 814.729802][ T24] usb 2-1: new full-speed USB device number 85 using dummy_hcd [ 814.738568][T19156] Dev loop2: unable to read RDB block 7 [ 814.742203][T16311] em28xx 3-1:0.0: dvb set to bulk mode. [ 814.749790][T19156] loop2: AHDI p1 p2 p3 [ 814.755666][T19156] loop2: partition table partially beyond EOD, truncated [ 814.762987][T19156] loop2: p1 start 1601398130 is beyond EOD, truncated [ 814.772761][T14329] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 814.772945][T19142] em28xx 3-1:0.0: Binding DVB extension [ 814.800211][ T24] usb 2-1: device descriptor read/8, error -71 [ 814.809823][T16311] usb 3-1: USB disconnect, device number 59 [ 814.818332][T19156] loop2: p2 start 1702059890 is beyond EOD, truncated [ 814.832097][T14329] usb 4-1: device descriptor read/8, error -71 [ 814.832630][ T2154] usb usb5-port1: unable to enumerate USB device [ 814.846344][T16311] em28xx 3-1:0.0: Disconnecting em28xx [ 814.914758][T19142] em28xx 3-1:0.0: Registering input extension [ 814.936062][ T24] usb usb2-port1: unable to enumerate USB device [ 814.976647][T16311] em28xx 3-1:0.0: Closing input extension [ 815.030020][T16311] em28xx 3-1:0.0: Freeing device [ 815.092473][T14329] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 815.145227][T14329] usb 4-1: device descriptor read/8, error -71 [ 815.282629][T14329] usb usb4-port1: unable to enumerate USB device [ 815.802371][T14329] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 815.975334][T14329] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 815.984488][T14329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.004478][T14329] usb 3-1: config 0 descriptor?? [ 816.029617][T14329] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 816.052240][T14330] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 816.165734][T19180] sctp: [Deprecated]: syz.1.3454 (pid 19180) Use of int in maxseg socket option. [ 816.165734][T19180] Use struct sctp_assoc_value instead [ 816.209290][T19180] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 816.214255][T14330] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 816.215811][T19180] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 816.232324][T14330] usb 6-1: config 0 has no interfaces? [ 816.239074][T14330] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 816.251743][T14330] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.264615][T14330] usb 6-1: config 0 descriptor?? [ 816.281535][T19180] vhci_hcd vhci_hcd.0: Device attached [ 816.358705][T19182] vhci_hcd: connection closed [ 816.358974][T16718] vhci_hcd: stop threads [ 816.376753][T16718] vhci_hcd: release socket [ 816.381192][T16718] vhci_hcd: disconnect device [ 816.432384][T16311] usb 5-1: new low-speed USB device number 98 using dummy_hcd [ 816.457242][T19171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 816.470482][T19171] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 816.485730][T19175] ptrace attach of "./syz-executor exec"[17951] was attempted by "\x09     \x0b  BGR4\x07    \x0b X  m@ \x09$ \x0a \x0b  \x09 @  3     $ @   \x0c   , @ ("[19175] [ 816.559732][T14329] cpia1 3-1:0.0: unexpected state after lo power cmd: 00 [ 816.582467][T19175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 816.602365][T16311] usb 5-1: Invalid ep0 maxpacket: 64 [ 816.645605][T19175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 816.742606][T16311] usb 5-1: new low-speed USB device number 99 using dummy_hcd [ 816.761402][T14329] gspca_cpia1: usb_control_msg 01, error -71 [ 816.769824][T14329] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 816.792383][T14329] usb 3-1: USB disconnect, device number 60 [ 816.885810][T19196] netlink: 'syz.3.3458': attribute type 10 has an invalid length. [ 816.902742][T16311] usb 5-1: Invalid ep0 maxpacket: 64 [ 816.917335][T16311] usb usb5-port1: attempt power cycle [ 816.927013][T19196] 8021q: adding VLAN 0 to HW filter on device team0 [ 816.957771][T19196] bond0: (slave team0): Enslaving as an active interface with an up link [ 817.065608][T19198] loop2: detected capacity change from 0 to 7 [ 817.168067][ T5952] Dev loop2: unable to read RDB block 7 [ 817.173679][ T5952] loop2: AHDI p1 p2 p3 [ 817.177927][ T5952] loop2: partition table partially beyond EOD, truncated [ 817.188564][ T5952] loop2: p1 start 1601398130 is beyond EOD, truncated [ 817.196008][ T5952] loop2: p2 start 1702059890 is beyond EOD, truncated [ 817.258852][T19198] Dev loop2: unable to read RDB block 7 [ 817.272352][T16311] usb 5-1: new low-speed USB device number 100 using dummy_hcd [ 817.299043][T19198] loop2: AHDI p1 p2 p3 [ 817.303489][T19198] loop2: partition table partially beyond EOD, truncated [ 817.310785][T19198] loop2: p1 start 1601398130 is beyond EOD, truncated [ 817.318079][T19198] loop2: p2 start 1702059890 is beyond EOD, truncated [ 817.331420][T16311] usb 5-1: Invalid ep0 maxpacket: 64 [ 817.455267][ T5201] Dev loop2: unable to read RDB block 7 [ 817.463346][T16311] usb 5-1: new low-speed USB device number 101 using dummy_hcd [ 817.510348][ T2154] usb 4-1: new full-speed USB device number 81 using dummy_hcd [ 817.523318][ T5201] loop2: AHDI p1 p2 p3 [ 817.527628][ T5201] loop2: partition table partially beyond EOD, truncated [ 817.541978][ T5201] loop2: p1 start 1601398130 is beyond EOD, truncated [ 817.546323][T16311] usb 5-1: Invalid ep0 maxpacket: 64 [ 817.556328][T16311] usb usb5-port1: unable to enumerate USB device [ 817.608126][ T5201] loop2: p2 start 1702059890 is beyond EOD, truncated [ 817.806993][ T2154] usb 4-1: config 4 has an invalid descriptor of length 1, skipping remainder of the config [ 817.828550][ T2154] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 817.850597][ T2154] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 817.859992][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.032244][T14329] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 818.209335][T14329] usb 3-1: Using ep0 maxpacket: 8 [ 818.237699][T14329] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 818.275752][T14329] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 818.310871][ T2154] usb 4-1: string descriptor 0 read error: -71 [ 818.331774][ T2154] hub 4-1:4.0: bad descriptor, ignoring hub [ 818.344461][T14329] usb 3-1: config 0 has no interfaces? [ 818.347765][ T2154] hub 4-1:4.0: probe with driver hub failed with error -5 [ 818.362281][T14329] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 818.371335][T14329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.393646][ T2154] usb 4-1: USB disconnect, device number 81 [ 818.455585][T14329] usb 3-1: config 0 descriptor?? [ 818.865354][ T6525] usb 6-1: USB disconnect, device number 18 [ 819.582740][T16311] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 819.802539][T19142] usb 5-1: new full-speed USB device number 102 using dummy_hcd [ 819.814676][T16311] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 819.874681][T16311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 819.946384][T16311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 819.999121][T16311] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 820.056730][T16311] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 820.102762][T16311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.142639][T16311] usb 4-1: config 0 descriptor?? [ 820.174308][T19231] netlink: 'syz.4.3471': attribute type 64 has an invalid length. [ 820.208313][T19231] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3471'. [ 820.562759][ T24] usb 3-1: USB disconnect, device number 61 [ 820.876372][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 822.626584][T19267] sock: sock_timestamping_bind_phc: sock not bind to device [ 822.642748][T19264] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3480'. [ 822.708945][T16311] usbhid 4-1:0.0: can't add hid device: -71 [ 822.745593][T16311] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 822.806422][T16311] usb 4-1: USB disconnect, device number 82 [ 823.421672][T19280] netlink: 'syz.2.3483': attribute type 13 has an invalid length. [ 824.291974][T19288] openvswitch: netlink: IP tunnel dst address not specified [ 824.316651][T19292] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3488'. [ 824.443800][T19280] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 824.690252][T19299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3491'. [ 824.785195][T14329] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 825.797218][T14329] usb 2-1: Using ep0 maxpacket: 16 [ 825.805661][T14329] usb 2-1: config 166 has an invalid interface number: 177 but max is 1 [ 825.814653][T14329] usb 2-1: config 166 has an invalid interface number: 34 but max is 1 [ 825.842396][T14329] usb 2-1: config 166 has no interface number 0 [ 825.898855][T14329] usb 2-1: config 166 has no interface number 1 [ 825.913250][T14329] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 826.024717][T14329] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 826.322251][T14329] usb 2-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 826.342223][T14329] usb 2-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 826.432593][T14329] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 826.461354][T14329] usb 2-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 826.481594][T19318] sock: sock_timestamping_bind_phc: sock not bind to device [ 826.496719][T14329] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 826.643294][T14329] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 826.738602][T14329] usb 2-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 826.922416][T14329] usb 2-1: config 166 interface 177 has no altsetting 0 [ 826.944619][T19328] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3497'. [ 826.946134][T14329] usb 2-1: config 166 interface 34 has no altsetting 0 [ 827.012515][T14329] usb 2-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 827.021843][T14329] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.029951][T14329] usb 2-1: Product: syz [ 827.034273][T14329] usb 2-1: Manufacturer: syz [ 827.038928][T14329] usb 2-1: SerialNumber: syz [ 827.275846][T14329] ums-realtek 2-1:166.177: USB Mass Storage device detected [ 827.599020][T14329] ums-realtek 2-1:166.34: USB Mass Storage device detected [ 827.858153][T14329] ums-realtek 2-1:166.34: probe with driver ums-realtek failed with error -5 [ 827.999212][T14329] usb 2-1: Found UVC 0.00 device syz (0bda:0138) [ 828.029890][T14329] usb 2-1: No valid video chain found. [ 828.042349][T19142] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 828.082107][T14329] usb 2-1: USB disconnect, device number 86 [ 828.142282][ T24] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 828.183014][ T2154] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 828.213203][T19142] usb 6-1: Using ep0 maxpacket: 16 [ 828.223832][T19142] usb 6-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 828.242402][T19142] usb 6-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 828.262202][T19142] usb 6-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 828.286678][T19142] usb 6-1: config 0 interface 0 has no altsetting 0 [ 828.293722][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 828.309147][T19142] usb 6-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 828.327090][T19142] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.346468][ T24] usb 3-1: New USB device found, idVendor=093b, idProduct=a102, bcdDevice= 0.01 [ 828.355578][ T2154] usb 4-1: Using ep0 maxpacket: 16 [ 828.361479][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 828.370532][T19142] usb 6-1: config 0 descriptor?? [ 828.382628][ T2154] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 828.394256][ T24] usb 3-1: Product: syz [ 828.412220][ T24] usb 3-1: Manufacturer: syz [ 828.416845][ T24] usb 3-1: SerialNumber: syz [ 828.422643][ T2154] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 828.442808][ T2154] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 828.453722][ T24] usb 3-1: config 0 descriptor?? [ 828.461713][ T24] go7007 3-1:0.0: probe with driver go7007 failed with error -12 [ 828.473173][ T2154] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 828.504457][ T2154] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 828.522227][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 828.530264][ T2154] usb 4-1: SerialNumber: syz [ 828.570951][ T2154] hub 4-1:1.0: bad descriptor, ignoring hub [ 828.577203][ T2154] hub 4-1:1.0: probe with driver hub failed with error -5 [ 828.597064][ T2154] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 828.665113][T19347] tun0: tun_chr_ioctl cmd 1074025675 [ 828.670543][T19347] tun0: persist enabled [ 828.675608][T19347] tun0: tun_chr_ioctl cmd 1074025675 [ 828.681000][T19347] tun0: persist enabled [ 828.687585][T19347] veth0: entered promiscuous mode [ 828.696576][ T30] audit: type=1326 audit(1750854437.055:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 828.750816][ T30] audit: type=1326 audit(1750854437.055:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4a22d8d290 code=0x7ffc0000 [ 828.808187][ T30] audit: type=1326 audit(1750854437.055:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 828.861141][ T30] audit: type=1326 audit(1750854437.055:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 828.943130][T19142] hid-alps 0003:044E:120B.0036: item fetching failed at offset 0/3 [ 828.969697][T19142] hid-alps 0003:044E:120B.0036: parse failed [ 828.985891][T19360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3503'. [ 828.995325][T19142] hid-alps 0003:044E:120B.0036: probe with driver hid-alps failed with error -22 [ 829.010683][ T30] audit: type=1326 audit(1750854437.055:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 829.111065][ T30] audit: type=1326 audit(1750854437.055:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 829.142697][ T6525] usb 6-1: USB disconnect, device number 19 [ 829.155655][ T30] audit: type=1326 audit(1750854437.055:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 829.183049][ T30] audit: type=1326 audit(1750854437.055:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f4a22d8e929 code=0x7ffc0000 [ 829.205965][ T30] audit: type=1326 audit(1750854437.055:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4a22d858e7 code=0x7ffc0000 [ 829.330811][T19361] net veth1_virt_wifi : renamed from virt_wifi0 [ 829.338492][ T30] audit: type=1326 audit(1750854437.055:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19346 comm="syz.2.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4a22d2ab19 code=0x7ffc0000 [ 829.600026][T19361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3501'. [ 830.710486][ T24] usb 3-1: USB disconnect, device number 62 [ 831.253496][ T24] usb 4-1: USB disconnect, device number 83 [ 831.348339][T19390] xt_hashlimit: size too large, truncated to 1048576 [ 831.479328][T19392] : renamed from vxcan1 (while UP) [ 832.053708][T19406] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3524'. [ 833.462269][ T6525] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 833.652414][ T6525] usb 4-1: device descriptor read/64, error -71 [ 833.690618][T19452] netlink: 'syz.2.3545': attribute type 1 has an invalid length. [ 833.817190][T19452] 8021q: adding VLAN 0 to HW filter on device bond3 [ 833.835423][T19454] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3545'. [ 833.892240][ T6525] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 834.042346][ T6525] usb 4-1: device descriptor read/64, error -71 [ 834.173692][ T6525] usb usb4-port1: attempt power cycle [ 834.284081][T19454] bond3 (unregistering): Released all slaves [ 834.526387][ T6525] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 834.586613][ T6525] usb 4-1: device descriptor read/8, error -71 [ 834.838265][ T2154] IPVS: starting estimator thread 0... [ 834.852364][ T6525] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 834.893087][ T6525] usb 4-1: device descriptor read/8, error -71 [ 834.956381][T19469] IPVS: using max 33 ests per chain, 79200 per kthread [ 835.012615][ T6525] usb usb4-port1: unable to enumerate USB device [ 835.243483][T19477] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 835.428271][T19481] input: syz1 as /devices/virtual/input/input71 [ 836.623545][T19507] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3561'. [ 837.027854][T19509] usb usb8: usbfs: process 19509 (syz.3.3560) did not claim interface 0 before use [ 837.781701][T19520] netlink: del zone limit has 4 unknown bytes [ 838.725587][T19536] IPv6: NLM_F_CREATE should be specified when creating new route [ 840.962478][T19142] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 841.140693][T19142] usb 2-1: Using ep0 maxpacket: 8 [ 841.166487][T19142] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 841.188086][T19142] usb 2-1: config 179 has no interface number 0 [ 841.197881][T19142] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 841.219404][T19142] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 841.241034][T19142] usb 2-1: config 179 interface 65 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 841.262467][T19142] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 841.281660][T19142] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 841.302402][T19142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 841.357158][T19573] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 841.745992][ T30] kauditd_printk_skb: 416 callbacks suppressed [ 841.746009][ T30] audit: type=1326 audit(1750854450.105:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 841.823983][ T30] audit: type=1326 audit(1750854450.135:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 841.912302][ T30] audit: type=1326 audit(1750854450.145:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 841.964045][ T30] audit: type=1326 audit(1750854450.145:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 842.070024][ T30] audit: type=1326 audit(1750854450.145:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 842.188219][ T30] audit: type=1326 audit(1750854450.145:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 842.443385][ T30] audit: type=1326 audit(1750854450.145:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 842.451324][T19616] program syz.3.3599 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 842.486439][ T30] audit: type=1326 audit(1750854450.145:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19592 comm="syz.4.3591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 843.727827][T14329] usb 2-1: USB disconnect, device number 87 [ 843.956352][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056d30800: rx timeout, send abort [ 844.456896][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056d32400: rx timeout, send abort [ 844.465681][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056d30800: abort rx timeout. Force session deactivation [ 844.965156][ C1] vcan0: j1939_tp_rxtimer: 0xffff888056d32400: abort rx timeout. Force session deactivation [ 845.897421][ T30] audit: type=1326 audit(1750854454.245:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19654 comm="syz.5.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f1b8e929 code=0x7ffc0000 [ 845.982262][ T30] audit: type=1326 audit(1750854454.245:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19654 comm="syz.5.3612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f1b8e929 code=0x7ffc0000 [ 846.020861][T15679] Bluetooth: hci1: unexpected event for opcode 0x0405 [ 846.472390][T15679] Bluetooth: hci3: command 0x0406 tx timeout [ 846.675313][T19673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3618'. [ 846.688114][T19673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3618'. [ 847.868075][T19679] netlink: 388 bytes leftover after parsing attributes in process `syz.1.3619'. [ 848.342856][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 848.342872][ T30] audit: type=1326 audit(1750854456.705:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.439683][ T30] audit: type=1326 audit(1750854456.735:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.530990][ T30] audit: type=1326 audit(1750854456.735:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.582499][ T30] audit: type=1326 audit(1750854456.735:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.676022][ T30] audit: type=1326 audit(1750854456.735:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.726469][ T30] audit: type=1326 audit(1750854456.735:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.761189][T19713] netlink: 'syz.1.3634': attribute type 9 has an invalid length. [ 848.780167][T19713] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3634'. [ 848.901021][T19721] ip6gre1: entered promiscuous mode [ 848.906317][T19721] ip6gre1: entered allmulticast mode [ 848.940541][ T30] audit: type=1326 audit(1750854456.735:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.964013][ T30] audit: type=1326 audit(1750854456.745:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 848.986848][ T30] audit: type=1326 audit(1750854456.745:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19697 comm="syz.4.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c618e929 code=0x7ffc0000 [ 849.282217][T16311] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 849.402401][T19142] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 849.442250][T16311] usb 3-1: Using ep0 maxpacket: 8 [ 849.452487][T16311] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 849.461102][T16311] usb 3-1: config 179 has no interface number 0 [ 849.474524][T16311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 849.486208][T16311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 849.513692][T16311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 849.532317][T16311] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 849.570028][T19142] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 849.596019][T19142] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 849.697800][T16311] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 849.862834][T19142] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 849.871906][T19142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 849.880224][T16311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 849.900492][T19722] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 849.930201][T19724] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 849.945663][T19142] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 850.075586][ T5837] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 850.084320][ T5837] Bluetooth: hci1: Injecting HCI hardware error event [ 850.094274][T15679] Bluetooth: hci1: hardware error 0x00 [ 850.240539][T19142] usb 2-1: USB disconnect, device number 88 [ 850.334682][T16311] usb 3-1: USB disconnect, device number 63 [ 850.334740][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 850.334789][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 851.136655][T19756] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3644'. [ 852.242350][T15679] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 852.541176][T19772] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 856.879288][T19853] usb usb8: usbfs: process 19853 (syz.3.3681) did not claim interface 0 before use [ 856.938778][T19856] [ 856.941138][T19856] ===================================================== [ 856.948069][T19856] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 856.955541][T19856] 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 Not tainted [ 856.962650][T19856] ----------------------------------------------------- [ 856.969581][T19856] syz.1.3682/19856 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 856.977303][T19856] ffff8880553572b8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 856.986033][T19856] [ 856.986033][T19856] and this task is already holding: [ 856.993397][T19856] ffff888033942028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 857.003158][T19856] which would create a new lock dependency: [ 857.009030][T19856] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 857.017122][T19856] [ 857.017122][T19856] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 857.026560][T19856] (&dev->event_lock#2){..-.}-{3:3} [ 857.026591][T19856] [ 857.026591][T19856] ... which became SOFTIRQ-irq-safe at: [ 857.039450][T19856] lock_acquire+0x120/0x360 [ 857.044033][T19856] _raw_spin_lock_irqsave+0xa7/0xf0 [ 857.049306][T19856] input_inject_event+0xab/0x320 [ 857.054320][T19856] led_trigger_event+0x138/0x210 [ 857.059327][T19856] kbd_bh+0x1c6/0x2e0 [ 857.063383][T19856] tasklet_action_common+0x36c/0x580 [ 857.068742][T19856] handle_softirqs+0x286/0x870 [ 857.073582][T19856] do_softirq+0xec/0x180 [ 857.077903][T19856] __local_bh_enable_ip+0x17d/0x1c0 [ 857.083210][T19856] rawv6_sendmsg+0x1311/0x17f0 [ 857.088066][T19856] __sock_sendmsg+0x19c/0x270 [ 857.092823][T19856] ____sys_sendmsg+0x52d/0x830 [ 857.097660][T19856] ___sys_sendmsg+0x21f/0x2a0 [ 857.102420][T19856] __sys_sendmmsg+0x227/0x430 [ 857.107183][T19856] __x64_sys_sendmmsg+0xa0/0xc0 [ 857.112110][T19856] do_syscall_64+0xfa/0x3b0 [ 857.116695][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.122660][T19856] [ 857.122660][T19856] to a SOFTIRQ-irq-unsafe lock: [ 857.129657][T19856] (tasklist_lock){.+.+}-{3:3} [ 857.129681][T19856] [ 857.129681][T19856] ... which became SOFTIRQ-irq-unsafe at: [ 857.142279][T19856] ... [ 857.142288][T19856] lock_acquire+0x120/0x360 [ 857.149432][T19856] _raw_read_lock+0x36/0x50 [ 857.154011][T19856] __do_wait+0xde/0x740 [ 857.158240][T19856] do_wait+0x1f8/0x520 [ 857.162422][T19856] kernel_wait+0xab/0x170 [ 857.166845][T19856] call_usermodehelper_exec_work+0xbe/0x230 [ 857.172819][T19856] process_scheduled_works+0xae1/0x17b0 [ 857.178443][T19856] worker_thread+0x8a0/0xda0 [ 857.183112][T19856] kthread+0x70e/0x8a0 [ 857.187258][T19856] ret_from_fork+0x3fc/0x770 [ 857.191920][T19856] ret_from_fork_asm+0x1a/0x30 [ 857.196757][T19856] [ 857.196757][T19856] other info that might help us debug this: [ 857.196757][T19856] [ 857.206969][T19856] Chain exists of: [ 857.206969][T19856] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 857.206969][T19856] [ 857.220526][T19856] Possible interrupt unsafe locking scenario: [ 857.220526][T19856] [ 857.228835][T19856] CPU0 CPU1 [ 857.234185][T19856] ---- ---- [ 857.239530][T19856] lock(tasklist_lock); [ 857.243761][T19856] local_irq_disable(); [ 857.250500][T19856] lock(&dev->event_lock#2); [ 857.257692][T19856] lock(&client->buffer_lock); [ 857.265048][T19856] [ 857.268485][T19856] lock(&dev->event_lock#2); [ 857.273331][T19856] [ 857.273331][T19856] *** DEADLOCK *** [ 857.273331][T19856] [ 857.281456][T19856] 7 locks held by syz.1.3682/19856: [ 857.286638][T19856] #0: ffff88802a0b2118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 857.295768][T19856] #1: ffff888029cb1230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 857.305857][T19856] #2: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 857.315504][T19856] #3: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 857.325061][T19856] #4: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 857.334191][T19856] #5: ffff888033942028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 857.344357][T19856] #6: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 857.353404][T19856] [ 857.353404][T19856] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 857.363792][T19856] -> (&dev->event_lock#2){..-.}-{3:3} { [ 857.369435][T19856] IN-SOFTIRQ-W at: [ 857.373491][T19856] lock_acquire+0x120/0x360 [ 857.379810][T19856] _raw_spin_lock_irqsave+0xa7/0xf0 [ 857.386821][T19856] input_inject_event+0xab/0x320 [ 857.393573][T19856] led_trigger_event+0x138/0x210 [ 857.400318][T19856] kbd_bh+0x1c6/0x2e0 [ 857.406115][T19856] tasklet_action_common+0x36c/0x580 [ 857.413207][T19856] handle_softirqs+0x286/0x870 [ 857.419783][T19856] do_softirq+0xec/0x180 [ 857.425838][T19856] __local_bh_enable_ip+0x17d/0x1c0 [ 857.432849][T19856] rawv6_sendmsg+0x1311/0x17f0 [ 857.439422][T19856] __sock_sendmsg+0x19c/0x270 [ 857.445910][T19856] ____sys_sendmsg+0x52d/0x830 [ 857.452482][T19856] ___sys_sendmsg+0x21f/0x2a0 [ 857.458966][T19856] __sys_sendmmsg+0x227/0x430 [ 857.465452][T19856] __x64_sys_sendmmsg+0xa0/0xc0 [ 857.472115][T19856] do_syscall_64+0xfa/0x3b0 [ 857.478435][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.486136][T19856] INITIAL USE at: [ 857.490108][T19856] lock_acquire+0x120/0x360 [ 857.496339][T19856] _raw_spin_lock_irqsave+0xa7/0xf0 [ 857.503263][T19856] input_inject_event+0xab/0x320 [ 857.509923][T19856] kbd_led_trigger_activate+0xbc/0x100 [ 857.517107][T19856] led_trigger_set+0x52a/0x950 [ 857.523592][T19856] led_trigger_set_default+0x260/0x2a0 [ 857.530769][T19856] led_classdev_register_ext+0x73d/0x930 [ 857.538125][T19856] input_leds_connect+0x517/0x790 [ 857.544876][T19856] input_register_device+0xcee/0x10b0 [ 857.551964][T19856] atkbd_connect+0x70e/0x9c0 [ 857.558276][T19856] serio_driver_probe+0x7f/0xa0 [ 857.564847][T19856] really_probe+0x26a/0x9a0 [ 857.571072][T19856] __driver_probe_device+0x18c/0x2f0 [ 857.578081][T19856] driver_probe_device+0x4f/0x430 [ 857.584834][T19856] __driver_attach+0x452/0x700 [ 857.591317][T19856] bus_for_each_dev+0x230/0x2b0 [ 857.597896][T19856] serio_handle_event+0x1a2/0x860 [ 857.604643][T19856] process_scheduled_works+0xae1/0x17b0 [ 857.611914][T19856] worker_thread+0x8a0/0xda0 [ 857.618230][T19856] kthread+0x70e/0x8a0 [ 857.624024][T19856] ret_from_fork+0x3fc/0x770 [ 857.630336][T19856] ret_from_fork_asm+0x1a/0x30 [ 857.636822][T19856] } [ 857.639391][T19856] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 857.648489][T19856] -> (&client->buffer_lock){....}-{3:3} { [ 857.654214][T19856] INITIAL USE at: [ 857.658097][T19856] lock_acquire+0x120/0x360 [ 857.664154][T19856] _raw_spin_lock+0x2e/0x40 [ 857.670204][T19856] evdev_pass_values+0xb9/0xbd0 [ 857.676605][T19856] evdev_events+0x1aa/0x340 [ 857.682658][T19856] input_pass_values+0x1c2/0x890 [ 857.689145][T19856] input_event_dispose+0x330/0x6b0 [ 857.695806][T19856] input_inject_event+0x1fe/0x320 [ 857.702381][T19856] evdev_write+0x2fc/0x480 [ 857.708347][T19856] vfs_write+0x27e/0xa90 [ 857.714142][T19856] ksys_write+0x145/0x250 [ 857.720016][T19856] do_syscall_64+0xfa/0x3b0 [ 857.726063][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.733506][T19856] } [ 857.735987][T19856] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 857.744127][T19856] ... acquired at: [ 857.747909][T19856] lock_acquire+0x120/0x360 [ 857.752572][T19856] _raw_spin_lock+0x2e/0x40 [ 857.757232][T19856] evdev_pass_values+0xb9/0xbd0 [ 857.762247][T19856] evdev_events+0x1aa/0x340 [ 857.766917][T19856] input_pass_values+0x1c2/0x890 [ 857.772008][T19856] input_event_dispose+0x330/0x6b0 [ 857.777280][T19856] input_inject_event+0x1fe/0x320 [ 857.782466][T19856] evdev_write+0x2fc/0x480 [ 857.787042][T19856] vfs_write+0x27e/0xa90 [ 857.791447][T19856] ksys_write+0x145/0x250 [ 857.795932][T19856] do_syscall_64+0xfa/0x3b0 [ 857.800592][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.806640][T19856] [ 857.808944][T19856] [ 857.808944][T19856] the dependencies between the lock to be acquired [ 857.808953][T19856] and SOFTIRQ-irq-unsafe lock: [ 857.822432][T19856] -> (tasklist_lock){.+.+}-{3:3} { [ 857.827720][T19856] HARDIRQ-ON-R at: [ 857.831857][T19856] lock_acquire+0x120/0x360 [ 857.838348][T19856] _raw_read_lock+0x36/0x50 [ 857.844834][T19856] __do_wait+0xde/0x740 [ 857.850974][T19856] do_wait+0x1f8/0x520 [ 857.857027][T19856] kernel_wait+0xab/0x170 [ 857.863337][T19856] call_usermodehelper_exec_work+0xbe/0x230 [ 857.871216][T19856] process_scheduled_works+0xae1/0x17b0 [ 857.878746][T19856] worker_thread+0x8a0/0xda0 [ 857.885327][T19856] kthread+0x70e/0x8a0 [ 857.891376][T19856] ret_from_fork+0x3fc/0x770 [ 857.897955][T19856] ret_from_fork_asm+0x1a/0x30 [ 857.904703][T19856] SOFTIRQ-ON-R at: [ 857.908839][T19856] lock_acquire+0x120/0x360 [ 857.915338][T19856] _raw_read_lock+0x36/0x50 [ 857.921840][T19856] __do_wait+0xde/0x740 [ 857.927988][T19856] do_wait+0x1f8/0x520 [ 857.934041][T19856] kernel_wait+0xab/0x170 [ 857.940356][T19856] call_usermodehelper_exec_work+0xbe/0x230 [ 857.948235][T19856] process_scheduled_works+0xae1/0x17b0 [ 857.955768][T19856] worker_thread+0x8a0/0xda0 [ 857.962345][T19856] kthread+0x70e/0x8a0 [ 857.968395][T19856] ret_from_fork+0x3fc/0x770 [ 857.974969][T19856] ret_from_fork_asm+0x1a/0x30 [ 857.981719][T19856] INITIAL USE at: [ 857.985773][T19856] lock_acquire+0x120/0x360 [ 857.992183][T19856] _raw_write_lock_irq+0xa2/0xf0 [ 857.999027][T19856] copy_process+0x224f/0x3c00 [ 858.005606][T19856] kernel_clone+0x21e/0x870 [ 858.012005][T19856] user_mode_thread+0xdd/0x140 [ 858.018664][T19856] rest_init+0x23/0x300 [ 858.024718][T19856] start_kernel+0x47d/0x500 [ 858.031113][T19856] x86_64_start_reservations+0x24/0x30 [ 858.038472][T19856] x86_64_start_kernel+0x143/0x1c0 [ 858.045480][T19856] common_startup_64+0x13e/0x147 [ 858.052318][T19856] INITIAL READ USE at: [ 858.056807][T19856] lock_acquire+0x120/0x360 [ 858.063641][T19856] _raw_read_lock+0x36/0x50 [ 858.070473][T19856] __do_wait+0xde/0x740 [ 858.076958][T19856] do_wait+0x1f8/0x520 [ 858.083357][T19856] kernel_wait+0xab/0x170 [ 858.090018][T19856] call_usermodehelper_exec_work+0xbe/0x230 [ 858.098255][T19856] process_scheduled_works+0xae1/0x17b0 [ 858.106149][T19856] worker_thread+0x8a0/0xda0 [ 858.113079][T19856] kthread+0x70e/0x8a0 [ 858.119480][T19856] ret_from_fork+0x3fc/0x770 [ 858.126403][T19856] ret_from_fork_asm+0x1a/0x30 [ 858.133499][T19856] } [ 858.136159][T19856] ... key at: [] tasklist_lock+0x18/0x40 [ 858.144039][T19856] ... acquired at: [ 858.147996][T19856] lock_acquire+0x120/0x360 [ 858.152664][T19856] _raw_read_lock+0x36/0x50 [ 858.157330][T19856] send_sigurg+0x12b/0x420 [ 858.161910][T19856] sk_send_sigurg+0x6c/0x2e0 [ 858.166662][T19856] queue_oob+0x490/0x5a0 [ 858.171066][T19856] unix_stream_sendmsg+0xaf9/0xc90 [ 858.176342][T19856] __sock_sendmsg+0x219/0x270 [ 858.181185][T19856] ____sys_sendmsg+0x505/0x830 [ 858.186112][T19856] ___sys_sendmsg+0x21f/0x2a0 [ 858.190951][T19856] __x64_sys_sendmsg+0x19b/0x260 [ 858.196053][T19856] do_syscall_64+0xfa/0x3b0 [ 858.200716][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.206764][T19856] [ 858.209073][T19856] -> (&f_owner->lock){....}-{3:3} { [ 858.214363][T19856] INITIAL USE at: [ 858.218333][T19856] lock_acquire+0x120/0x360 [ 858.224568][T19856] _raw_write_lock_irq+0xa2/0xf0 [ 858.231231][T19856] __f_setown+0x67/0x370 [ 858.237196][T19856] generic_setlease+0xd60/0x1240 [ 858.243863][T19856] fcntl_setlease+0x3a2/0x4c0 [ 858.250264][T19856] do_fcntl+0x6a9/0x1910 [ 858.256234][T19856] __se_sys_fcntl+0xc8/0x150 [ 858.262553][T19856] do_syscall_64+0xfa/0x3b0 [ 858.268776][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.276390][T19856] INITIAL READ USE at: [ 858.280791][T19856] lock_acquire+0x120/0x360 [ 858.287455][T19856] _raw_read_lock_irqsave+0xaf/0x100 [ 858.294903][T19856] send_sigio+0x38/0x370 [ 858.301304][T19856] kill_fasync+0x24d/0x4d0 [ 858.307877][T19856] lease_break_callback+0x26/0x30 [ 858.315065][T19856] __break_lease+0x6a2/0x1620 [ 858.321901][T19856] do_dentry_open+0xd62/0x1970 [ 858.328822][T19856] vfs_open+0x3b/0x340 [ 858.335049][T19856] path_openat+0x2ee5/0x3830 [ 858.341798][T19856] do_filp_open+0x1fa/0x410 [ 858.348460][T19856] do_sys_openat2+0x121/0x1c0 [ 858.355300][T19856] __x64_sys_openat+0x138/0x170 [ 858.362313][T19856] do_syscall_64+0xfa/0x3b0 [ 858.368977][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.377022][T19856] } [ 858.379590][T19856] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 858.388508][T19856] ... acquired at: [ 858.392380][T19856] lock_acquire+0x120/0x360 [ 858.397046][T19856] _raw_read_lock_irqsave+0xaf/0x100 [ 858.402492][T19856] send_sigio+0x38/0x370 [ 858.406894][T19856] kill_fasync+0x24d/0x4d0 [ 858.411472][T19856] lease_break_callback+0x26/0x30 [ 858.416662][T19856] __break_lease+0x6a2/0x1620 [ 858.421497][T19856] do_dentry_open+0xd62/0x1970 [ 858.426421][T19856] vfs_open+0x3b/0x340 [ 858.430650][T19856] path_openat+0x2ee5/0x3830 [ 858.435399][T19856] do_filp_open+0x1fa/0x410 [ 858.440061][T19856] do_sys_openat2+0x121/0x1c0 [ 858.444896][T19856] __x64_sys_openat+0x138/0x170 [ 858.449906][T19856] do_syscall_64+0xfa/0x3b0 [ 858.454563][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.460615][T19856] [ 858.462921][T19856] -> (&new->fa_lock){....}-{3:3} { [ 858.468034][T19856] INITIAL USE at: [ 858.471910][T19856] lock_acquire+0x120/0x360 [ 858.477965][T19856] _raw_write_lock_irq+0xa2/0xf0 [ 858.484454][T19856] fasync_insert_entry+0xc3/0x270 [ 858.491039][T19856] lease_setup+0x86/0x110 [ 858.496918][T19856] generic_setlease+0xd60/0x1240 [ 858.503405][T19856] fcntl_setlease+0x3a2/0x4c0 [ 858.509631][T19856] do_fcntl+0x6a9/0x1910 [ 858.515424][T19856] __se_sys_fcntl+0xc8/0x150 [ 858.521562][T19856] do_syscall_64+0xfa/0x3b0 [ 858.527610][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.535049][T19856] INITIAL READ USE at: [ 858.539360][T19856] lock_acquire+0x120/0x360 [ 858.545845][T19856] _raw_read_lock_irqsave+0xaf/0x100 [ 858.553116][T19856] kill_fasync+0x199/0x4d0 [ 858.559514][T19856] lease_break_callback+0x26/0x30 [ 858.566525][T19856] __break_lease+0x6a2/0x1620 [ 858.573185][T19856] do_dentry_open+0xd62/0x1970 [ 858.579933][T19856] vfs_open+0x3b/0x340 [ 858.585987][T19856] path_openat+0x2ee5/0x3830 [ 858.592564][T19856] do_filp_open+0x1fa/0x410 [ 858.599053][T19856] do_sys_openat2+0x121/0x1c0 [ 858.605720][T19856] __x64_sys_openat+0x138/0x170 [ 858.612555][T19856] do_syscall_64+0xfa/0x3b0 [ 858.619039][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.626913][T19856] } [ 858.629393][T19856] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 858.638056][T19856] ... acquired at: [ 858.641841][T19856] lock_acquire+0x120/0x360 [ 858.646506][T19856] _raw_read_lock_irqsave+0xaf/0x100 [ 858.651951][T19856] kill_fasync+0x199/0x4d0 [ 858.656527][T19856] evdev_pass_values+0x627/0xbd0 [ 858.661623][T19856] evdev_events+0x1e6/0x340 [ 858.666282][T19856] input_pass_values+0x288/0x890 [ 858.671377][T19856] input_event_dispose+0x330/0x6b0 [ 858.676647][T19856] input_inject_event+0x1fe/0x320 [ 858.681835][T19856] evdev_write+0x2fc/0x480 [ 858.686407][T19856] vfs_write+0x27e/0xa90 [ 858.690811][T19856] ksys_write+0x145/0x250 [ 858.695294][T19856] do_syscall_64+0xfa/0x3b0 [ 858.699953][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.706004][T19856] [ 858.708309][T19856] [ 858.708309][T19856] stack backtrace: [ 858.714180][T19856] CPU: 0 UID: 0 PID: 19856 Comm: syz.1.3682 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 858.714197][T19856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 858.714207][T19856] Call Trace: [ 858.714213][T19856] [ 858.714219][T19856] dump_stack_lvl+0x189/0x250 [ 858.714241][T19856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 858.714267][T19856] ? __pfx__printk+0x10/0x10 [ 858.714283][T19856] validate_chain+0x1f05/0x2140 [ 858.714303][T19856] __lock_acquire+0xab9/0xd20 [ 858.714322][T19856] ? kill_fasync+0x199/0x4d0 [ 858.714339][T19856] lock_acquire+0x120/0x360 [ 858.714355][T19856] ? kill_fasync+0x199/0x4d0 [ 858.714376][T19856] _raw_read_lock_irqsave+0xaf/0x100 [ 858.714393][T19856] ? kill_fasync+0x199/0x4d0 [ 858.714409][T19856] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 858.714425][T19856] ? do_raw_spin_lock+0x121/0x290 [ 858.714442][T19856] kill_fasync+0x199/0x4d0 [ 858.714458][T19856] ? kill_fasync+0x53/0x4d0 [ 858.714475][T19856] evdev_pass_values+0x627/0xbd0 [ 858.714491][T19856] ? evdev_pass_values+0x5c1/0xbd0 [ 858.714507][T19856] evdev_events+0x1e6/0x340 [ 858.714520][T19856] ? evdev_events+0x79/0x340 [ 858.714533][T19856] ? input_pass_values+0x8d/0x890 [ 858.714546][T19856] input_pass_values+0x288/0x890 [ 858.714561][T19856] ? input_handle_event+0x70c/0xf30 [ 858.714579][T19856] input_event_dispose+0x330/0x6b0 [ 858.714599][T19856] input_inject_event+0x1fe/0x320 [ 858.714617][T19856] ? input_inject_event+0xbc/0x320 [ 858.714635][T19856] evdev_write+0x2fc/0x480 [ 858.714651][T19856] ? __pfx_evdev_write+0x10/0x10 [ 858.714665][T19856] ? bpf_lsm_file_permission+0x9/0x20 [ 858.714682][T19856] ? security_file_permission+0x75/0x290 [ 858.714697][T19856] ? rw_verify_area+0x258/0x650 [ 858.714715][T19856] ? __pfx_evdev_write+0x10/0x10 [ 858.714728][T19856] vfs_write+0x27e/0xa90 [ 858.714749][T19856] ? __pfx_vfs_write+0x10/0x10 [ 858.714768][T19856] ? __fget_files+0x2a/0x420 [ 858.714782][T19856] ? __fget_files+0x2a/0x420 [ 858.714796][T19856] ? __fget_files+0x3a0/0x420 [ 858.714808][T19856] ? __fget_files+0x2a/0x420 [ 858.714824][T19856] ksys_write+0x145/0x250 [ 858.714836][T19856] ? __pfx_ksys_write+0x10/0x10 [ 858.714847][T19856] ? rcu_is_watching+0x15/0xb0 [ 858.714867][T19856] ? do_syscall_64+0xbe/0x3b0 [ 858.714880][T19856] do_syscall_64+0xfa/0x3b0 [ 858.714891][T19856] ? lockdep_hardirqs_on+0x9c/0x150 [ 858.714908][T19856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.714921][T19856] ? clear_bhb_loop+0x60/0xb0 [ 858.714935][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.714948][T19856] RIP: 0033:0x7f6bac38e929 [ 858.714961][T19856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 858.714974][T19856] RSP: 002b:00007f6bad24d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 858.715002][T19856] RAX: ffffffffffffffda RBX: 00007f6bac5b5fa0 RCX: 00007f6bac38e929 [ 858.715012][T19856] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 858.715021][T19856] RBP: 00007f6bac410b39 R08: 0000000000000000 R09: 0000000000000000 [ 858.715030][T19856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 858.715039][T19856] R13: 0000000000000000 R14: 00007f6bac5b5fa0 R15: 00007f6bac6dfa28 [ 858.715053][T19856] [ 859.340846][T19859] netlink: 'syz.3.3683': attribute type 4 has an invalid length. [ 861.842422][T15679] Bluetooth: hci4: command 0x0406 tx timeout