last executing test programs: 6.105141643s ago: executing program 3 (id=1394): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_ct={0x34, 0x2, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0x3289}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) userfaultfd(0x80000) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000080)={0x4, 0x1, 0x0, "6cfef8b4b9fdcfc8bf98040c2599e8a8e9f887975c3cc41e122a623eb7c37334", 0x34343459}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x9000000) syz_usb_connect$printer(0x5, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201010200000020f003040040000102030109021b00010104480309040007020701011d09050102ff0307056c6a6dad94f69c253d29cc806de5b1fc0acd26f6bf1fcf345e92ddb5acbe64c9ebb959cce6b612d5dbaa07a69007b893742c5613c9b6a5ba0ea1c098ccfb9e99772b399f8658ad52fd629813e1526dc3efcac0f6874368ff110dd8e189ff8616b96ca6ccd854e0fbace57935594f9bf68a115d21251f53bf04a075c2b151cb3ebbc0f44b2eb230333e40d4e4b67bb707c11f31fdbe7fdfc31e5411afb3bb"], 0x0) acct(&(0x7f0000000040)='./file0\x00') openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x11, 0x800000003, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f0000000540)=ANY=[], 0x8) 5.254593386s ago: executing program 2 (id=1397): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000200)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x13, 0x0, 0x0, 0x10000000}, 0x12cd) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) socket$unix(0x1, 0x1, 0x0) r7 = socket$kcm(0x11, 0x3, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r9 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd26, 0x2, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x10407}]}}]}, 0x44}}, 0x0) sendmsg$kcm(r7, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, 0x0, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00052fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5) 4.532378449s ago: executing program 3 (id=1400): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x54, 0x9, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x9}}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x20040080) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000340), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, r1, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @local}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x24000040) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000480)={{0x7, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r3, 0x9, 0x0) write$tun(r3, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x3) syz_io_uring_setup(0x1e1e, &(0x7f00000000c0)={0x0, 0xc728, 0x10108, 0x1}, &(0x7f0000002000), &(0x7f0000000000)) write$input_event(r2, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x700, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.472216156s ago: executing program 3 (id=1402): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsopen(&(0x7f0000000200)='affs\x00', 0x1) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bond0\x00'}) r3 = socket$inet_udp(0x2, 0x2, 0x0) request_key(&(0x7f0000000340)='id_legacy\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000003c0)='/dev/vsock\x00', 0xfffffffffffffffe) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$zero(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r5, 0x48e9, 0x0, 0x2, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="0431"], 0x9) 4.059594181s ago: executing program 2 (id=1405): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0x7c, 0xf5, 0xfefd, 0x400, 0x134, 0x8000}) io_setup(0x81, &(0x7f0000000000)=0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000000c0)={0x9, r0, 0x2}) io_cancel(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xf, 0x4, 0xffffffffffffffff, &(0x7f0000000080)="9b370a0d3ae41a7f1330be95c7e7c4e6f85de62fb89d4a21de5e1790fee263d958e13684ba9df0d6bed1", 0x2a, 0x0, 0x0, 0x5, r2}, &(0x7f0000000140)) 3.861948828s ago: executing program 2 (id=1409): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r0 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x351a, 0x100, 0x0, 0x0, 0x0) 3.492309059s ago: executing program 2 (id=1410): socket$kcm(0x2, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) socket$inet6(0xa, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_udp(0x2, 0x2, 0x0) userfaultfd(0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="483f000010000304000000000400000000007400", @ANYRES32=r1, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) 3.4019879s ago: executing program 2 (id=1411): r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000841}, 0x20000000) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSBRK(r4, 0x5427) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x5, 0x9, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffff7}, 0x0) setxattr$security_capability(0x0, &(0x7f0000000100), 0x0, 0x0, 0x0) lsetxattr$security_capability(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x3) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r6 = socket(0x8000000010, 0x2, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r8, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff07003506000002000000170600000ee50000bf250000000000002d350000000000006507000002000000070700004c0001fa0f75000000000000bf54000000000000070400000400f9ff3d1401000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c4e704000000000000a04d1ffc187fa1a2ba7ba0c0d507b92de00435fd233cc0f0d9b2c312b68856656ca9caa2ee4dc258d72e690098804de235cf020e35245c9f5526d35df627a64ac7efde50fd7f1d8bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a459db8e7ada8ee987cc0000f6f902b261848d74096636ab6d8c63c8d62861cbc38d1e6bef45e672ac3d3d5243b85b3b15c7499ff39a3dadcbfbea9e050fb6940344dfbeebbf3e7e37d0a9a387518f926fba75479eacd4f51aeb28b6c56a75144ef6df55a275799897ca0000000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) ioctl$sock_inet_SIOCSARP(r7, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, 0x0) setsockopt$MRT_PIM(r6, 0x0, 0xcf, &(0x7f0000000140)=0x3, 0x4) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 3.291677497s ago: executing program 0 (id=1414): r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00', {0xffffffff}, 0x1000}) (async, rerun: 64) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$radio(&(0x7f00000000c0), 0x2, 0x2) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_BLKSECTGET(r3, 0x1267, &(0x7f00000001c0)) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) (async) openat$dlm_monitor(0xffffff9c, 0x0, 0x400801, 0x0) (async, rerun: 64) socket$kcm(0x10, 0x2, 0x0) (async, rerun: 64) syz_open_dev$video4linux(0x0, 0x1000, 0x40041) (async) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) (async) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010004000000010000000900000020000380140002007663616630000000000000005bed37a00800010001000000dd4976532c358d4957ad4b830121a9ed877253f8697a32c4255527c010bb15318c108f3690439efeb655ca055475a426ad9c4a1d3be955540706fa4a49e47a32e077e70a67a3620e95fa7341faa33b7754e750389fbd8b6be8cfd6f1205ad203498ecea4a1ec7cb8bd7edf9f296c637348064e16df54a18f19f97a83b0eecfd7acf68ce5a4015c50e7f0ca39678c8fd021b14361de0f10d795bed6fb956d13e5a12b94f43d4b9acea3f4df0642f1722d63ec1be63919016f9472b7fafda84152f25990040339146bd0ebf50e578d348d20ab3f49ef8a13f8381deb8b025f37cd6b0bec5c3cfacabf34f77f42e73b7c13f48b910fdb"], 0x34}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) (async) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="493084ed4f978daf15624483ca", @ANYRES16=0x0, @ANYBLOB="080026bd7000ffdbdf2504000000100001800c0007000400000004000000080006000500000014000380060007004e200000060004000000000008000500331f0000080004000a0000001c00038008000100010000000800030002000000060007004e23000008000600770200000800060006000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4009054}, 0x20008804) (async) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async) r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x180c00) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) (async, rerun: 32) recvmmsg$unix(r6, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa32, 0x60, 0x0) (rerun: 32) 3.202279189s ago: executing program 0 (id=1415): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x5c, 0xa, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x46}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r4, 0x6, 0x29, 0x0, &(0x7f0000000240)) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0) 3.061105351s ago: executing program 0 (id=1416): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0xffff, 0x880}}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc2c45512, &(0x7f0000002280)={{0x3, 0x2, 0xda, 0x4000}, 0x0, [0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xe3, 0x0, 0x0, 0x4, 0xe79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffd, 0x2, 0x0, 0x1000000, 0x0, 0x0, 0x400000, 0x8, 0x400, 0x4, 0x3, 0x10, 0x4000e, 0x0, 0x0, 0x8, 0x0, 0xffffbfff, 0x1, 0x0, 0x6, 0x0, 0xfffffffe, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc13, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0xffffffff, 0x0, 0xe5d, 0x6, 0x8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x26, 0x0, 0xfffffffe, 0xe, 0x0, 0x8, 0x2000, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1000000]}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0cc5605, &(0x7f0000000100)={0x1, @pix={0x0, 0x0, 0x59455247}}) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180), &(0x7f00000001c0)) syz_open_dev$video(&(0x7f00000005c0), 0x7, 0x40000) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x40440, 0x0) ioctl$TCXONC(r6, 0x540a, 0x0) close(0x3) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) keyctl$dh_compute(0x17, &(0x7f0000000340), 0x0, 0x0, &(0x7f00000008c0)={0x0, &(0x7f00000003c0)="16488a31ec5ff18208c8fbfd34fbe6bb6cc4828fa52d8d60c7c0b7ed804474b8237f458e0547090878c78ee564f9019c8c080000016bffae55160b769cd9b44d06cdf97cb1f82879bb55e70424f87237cf569d57ce1ac5391dadddbcebe60da7ee3f024d1d4c927d8e50776c4663c1183206f992136a5946", 0x78}) sendmsg$NL80211_CMD_SET_MAC_ACL(r5, 0x0, 0x40009d0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) r8 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f00000001c0)={0x2, 0x0, 0x2}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000280)={0x2}) bind$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.772062232s ago: executing program 1 (id=1417): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$dri(&(0x7f00000001c0), 0x6, 0x400140) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=@newsa={0xec, 0x10, 0x633, 0x0, 0x0, {{@in=@broadcast, @in=@multicast2}, {@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {}, {0x0, 0x62c}}}, 0xec}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) socket$kcm(0x2, 0x3, 0x2) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@nfs={0x90, 0x24, {0x8000000, 0x2, 0x3801, 0x80, "225fa0eae15121b9dbec1297171b70871e9a7ae39e2180149f6610381f9c221828c40a94992b83f25c6d6d1406f23a4e99406814e804c4a848a59f96fbe1f517f8f9411dbdc10994f373ae6abe1888fc3cdb81bce28e687b50454f23bc6e34cdcf6c41b46e828073d88d59a4c201df96148b59823a356f117047fe4e4ad9aa5b"}}, 0x200) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) r7 = openat$binderfs(0xffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x803, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000340)={0x44, 0x0, &(0x7f00000002c0)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0xb}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/77, 0x4d, 0x1, 0x36}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) ioctl$BLKRESETZONE(r6, 0x40101283, &(0x7f0000000000)={0x5, 0x2}) 2.612663128s ago: executing program 1 (id=1418): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d07000000374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6bebf5088a2a12dd1a1b14d948aa911cf50968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3a51cc87e068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a881192292469d2d25115be3cfb8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c5a7bd32cb8d3ca303a671a9339e77a"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0], 0x2, 0x6, 0x1, 0x2}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06464ce, &(0x7f0000000c40)={r0, 0x9, 0x5, 0x7fff, 0x3, [], [0x40000000, 0x5817, 0x10000, 0x7f], [0x8, 0xfff, 0xff, 0xdb8b], [0x4, 0x5, 0x7ac, 0x9]}) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$phonet(0x23, 0x2, 0x1) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) socket$inet_mptcp(0x2, 0x1, 0x106) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000cc0)) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.612400481s ago: executing program 1 (id=1419): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0x79}, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x100, 0x1800001d, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0x8, 0x5}, {0xe, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4048005}, 0x20000000) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff038}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$vim2m(0x0, 0x41d3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x0, 0x7, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) syz_clone3(&(0x7f0000000080)={0x1000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_getfd(r7, r7, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x44, 0x18, 0x1, 0x70bd29, 0x25dfdbfd, {0x1d, 0x1, 0x6}, [@CGW_MOD_XOR={0x15, 0x3, {{{0x0, 0x1}, 0x7, 0x0, 0x0, 0x0, "63c36d06f388c8fb"}, 0x2}}, @CGW_MOD_SET={0x15, 0x4, {{{0x3, 0x1, 0x0, 0x1}, 0x0, 0x6, 0x0, 0x0, '\t\x00'}, 0x1}}]}, 0x44}}, 0x0) tee(r0, r1, 0x8f5, 0x100000000000002) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r8) 2.19284406s ago: executing program 0 (id=1420): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1b0000001a005f0414f9f40700090400810000000000342580d200", 0x1b) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000340), r2) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000280)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @broadcast}}, 0x24) sendmmsg(r4, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="100000001001000001"], 0x10, 0x7000000}, 0xf401}], 0x1, 0x0) sendmmsg(r4, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x10, 0x110, 0x1}], 0x10, 0x7000000}, 0xf401}], 0x1, 0x0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r3, 0x830b318aaeefb05f, 0x70bd27, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x2040010) r5 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$CDROMSTOP(r5, 0x5307) 2.131989976s ago: executing program 0 (id=1421): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00') socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x6, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) connect$unix(r0, &(0x7f00000001c0)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) 2.072023687s ago: executing program 0 (id=1422): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="71e67a15cd", 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x80108907, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0xffffffffffffffff, 0x40c}, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408048000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000100000000b703000008"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94) r5 = socket$kcm(0x10, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000400)=r4, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4cc, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x404, 0x3d8, 0x3d8, 0x404, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x28c, 0x2d4, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x3f, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xc8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x528) sendmsg$kcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100000000000000000000000000d4da15", 0xd8}], 0x1}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r7 = socket$rxrpc(0x21, 0x2, 0x2) getsockopt(r7, 0x110, 0x6, 0x0, &(0x7f0000000280)=0x61) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0xf4000000, 0x0, 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5800000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="fab0817dbcb5f31a24001280110001006272696467655f736c617665000000000c09058006001f0009000000000000000000004cd05a90b061"], 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) 1.692525494s ago: executing program 1 (id=1423): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)={{0x14, 0x10, 0x1, 0xf5ff}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x0) 1.612720183s ago: executing program 1 (id=1424): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) creat(&(0x7f0000000100)='./file0\x00', 0x104) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0xffffffff, 0x49cc02) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$SNDCTL_TMR_CONTINUE(r6, 0x5404) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)={0x5c, 0x12, 0x0, 0x70bd26, 0x25dfdbfc, {0x8, 0x6, 0xa, 0x1, {0x4e24, 0x4e23, [0xfffffff8, 0x3, 0x6], [0x400, 0x9, 0x8, 0x9], 0x0, [0x1, 0x3]}, 0x4, 0xb}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "f102dcf29effae15cd"}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0xa8) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x0, 0xb, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda1", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x2c, 0x3e, 0x107, 0xfffffffc, 0x10000, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x14}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 1.333186477s ago: executing program 3 (id=1425): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000c32000/0x4000)=nil, 0x4000}}) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r3 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000080)={0x0, r3}) write$binfmt_script(r0, &(0x7f00000003c0)={'#! ', './file0'}, 0xb) 1.333007827s ago: executing program 3 (id=1426): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000000)={&(0x7f0000000200)="8d", 0x1, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f00000000c0)={r2}) socket$kcm(0x10, 0x2, 0x4) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/bsg/0:0:0:0\x00', 0x141040, 0x0) ioctl$BSG_IO(r3, 0x2285, &(0x7f0000000dc0)={0x51, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc30, 0x30, 0x0, 0x4}) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40000c0) 1.261321714s ago: executing program 3 (id=1427): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$qrtr(0x2a, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r3, 0x400, 0x0) r4 = gettid() timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0x24b9) 354.78157ms ago: executing program 2 (id=1428): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) r1 = io_uring_setup(0x3381, &(0x7f0000000280)={0x0, 0x93d2, 0x4000, 0x2, 0x80363, 0x0, r0}) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000000300)={0x752, 0x3, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) r2 = openat$ipvs(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(essiv(rfc4543(morus1280-avx2),rmd128-generic))\x00'}, 0x58) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'bond0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @hsr={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='dctcp-reno', 0xa) socket$inet_sctp(0x2, 0x5, 0x84) r6 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000000008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd012205000905810308000300fdf5978421f1eb5d3917a5c75353b07371d1902a99e38adce9df686b7e526a23a34c6a748795f981c2c81b8e08b6936ff575ed937d3c0774d3e08fd78e1e0ca81d89b9d210ecdd2164e7a71a60b99a4fc26cc09134939ec4face6457001e3c9eb06b08e337c4775501da71f34c8e53e35d957dac9d9da62da52a75002a452d3228399c9d599cf6f7f7bfea49d005b883a275e6f067de1d12bc53857012e9c6502eace676931a905067bf800807945dce005f22ac9f04eeb51e86e765bffd94f5af56603f2fa4959e7a205061b2693a69614c414833cd3dedff945123d4f09c37e061be3f9357912b5a487818818a62e1"], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io(r6, &(0x7f0000000080)={0x2c, &(0x7f00000012c0)={0x0, 0x22, 0x5, {0x5, 0xc, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) r7 = openat2$dir(0xffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x2000, 0x125, 0x8}, 0x18) mkdirat(r7, 0x0, 0x67) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) openat$ubi_ctrl(0xffffff9c, &(0x7f0000000380), 0x1800c0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r8 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r8, 0x8, &(0x7f0000000240)=0x2) 0s ago: executing program 1 (id=1429): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f00000000c0)=0x47ca, 0x4) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x2512, 0x4) sendmmsg$inet6(r2, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) (async) recvfrom(r2, 0x0, 0x0, 0x22, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) socket$xdp(0x2c, 0x3, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f8900000ec00000000101ff0000000309ff5bffff00c7", 0x48}], 0x1) (async) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000080)={'erspan0\x00', @local}) (async) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0019000000000400000008001a8004000480000000000000040000476ba9ee9ee7960f4d7d70e6b2a12ac01dcee945a40e7f3539553c81e12df14bb5959f8ea221f18ddc3e1c774454235b29295645006da25815b02e3c6d8af84f13fd109450499b87576ebc81063ed53ed0e932772d370bff26736d7140"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x20000084) kernel console output (not intermixed with test programs): cramfs: wrong magic [ 141.098676][ T2293] usbhid 7-1:0.0: can't add hid device: -71 [ 141.101236][ T2293] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 141.117370][ T2293] usb 7-1: USB disconnect, device number 12 [ 141.527190][ T2293] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 141.656733][ T2293] usb 5-1: device descriptor read/64, error -71 [ 141.708264][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 141.708277][ T40] audit: type=1804 audit(1765214840.328:55): pid=7565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.429" name="/newroot/111/bus/bus" dev="overlay" ino=634 res=1 errno=0 [ 141.760891][ T40] audit: type=1804 audit(1765214840.378:56): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.429" name="/newroot/111/bus/bus" dev="overlay" ino=634 res=1 errno=0 [ 141.767209][ T40] audit: type=1800 audit(1765214840.378:57): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.429" name="bus" dev="overlay" ino=634 res=0 errno=0 [ 141.774202][ T40] audit: type=1326 audit(1765214840.388:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7566 comm="syz.1.430" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x0 [ 141.916750][ T2293] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 142.046738][ T2293] usb 5-1: device descriptor read/64, error -71 [ 142.156916][ T2293] usb usb5-port1: attempt power cycle [ 142.606771][ T2293] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 142.627463][ T2293] usb 5-1: device descriptor read/8, error -71 [ 142.866772][ T1323] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 142.963742][ T2293] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 142.987184][ T2293] usb 5-1: device descriptor read/8, error -71 [ 143.038452][ T1323] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 143.042712][ T1323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.046645][ T1323] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.050260][ T1323] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 143.056188][ T1323] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 143.062265][ T1323] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 143.066855][ T1323] usb 6-1: Manufacturer: syz [ 143.074832][ T1323] usb 6-1: config 0 descriptor?? [ 143.096994][ T2293] usb usb5-port1: unable to enumerate USB device [ 143.112300][ T7592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.492146][ T1323] usbhid 6-1:0.0: can't add hid device: -71 [ 143.494222][ T1323] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 143.498859][ T1323] usb 6-1: USB disconnect, device number 12 [ 143.587242][ T60] usb 42-1: device descriptor read/8, error -110 [ 143.978181][ T60] usb usb42-port1: attempt power cycle [ 144.371263][ T7599] ubi: mtd0 is already attached to ubi31 [ 144.506000][ T40] audit: type=1804 audit(1765214843.118:59): pid=7606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.443" name="/newroot/116/bus/bus" dev="overlay" ino=692 res=1 errno=0 [ 144.567149][ T40] audit: type=1804 audit(1765214843.188:60): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.443" name="/newroot/116/bus/bus" dev="overlay" ino=692 res=1 errno=0 [ 144.572021][ T60] usb usb42-port1: unable to enumerate USB device [ 144.588940][ T40] audit: type=1800 audit(1765214843.188:61): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.443" name="bus" dev="overlay" ino=692 res=0 errno=0 [ 144.679031][ T40] audit: type=1326 audit(1765214843.298:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.2.444" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x0 [ 144.887799][ T7611] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 144.890866][ T7611] cramfs: wrong magic [ 145.286687][ T6006] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 145.318403][ T7628] sctp: [Deprecated]: syz.0.449 (pid 7628) Use of struct sctp_assoc_value in delayed_ack socket option. [ 145.318403][ T7628] Use struct sctp_sack_info instead [ 145.459394][ T6006] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 145.464150][ T6006] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.515721][ T6006] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.519863][ T6006] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 145.537097][ T6006] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 145.584558][ T6006] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 145.587176][ T6006] usb 6-1: Manufacturer: syz [ 145.590483][ T6006] usb 6-1: config 0 descriptor?? [ 145.696812][ T1323] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 145.826973][ T1323] usb 7-1: device descriptor read/64, error -71 [ 146.001594][ T6006] usbhid 6-1:0.0: can't add hid device: -71 [ 146.005383][ T6006] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 146.013821][ T6006] usb 6-1: USB disconnect, device number 13 [ 146.066767][ T1323] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 146.206813][ T1323] usb 7-1: device descriptor read/64, error -71 [ 146.317472][ T1323] usb usb7-port1: attempt power cycle [ 146.666886][ T1323] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 146.697422][ T1323] usb 7-1: device descriptor read/8, error -71 [ 146.842190][ T7642] ubi: mtd0 is already attached to ubi31 [ 146.956811][ T1323] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 146.977775][ T1323] usb 7-1: device descriptor read/8, error -71 [ 147.087192][ T1323] usb usb7-port1: unable to enumerate USB device [ 147.125199][ T7648] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 147.132010][ T7648] cramfs: wrong magic [ 147.745165][ T40] audit: type=1326 audit(1765214846.358:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7653 comm="syz.3.458" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 148.687306][ T7677] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 148.690382][ T7677] cramfs: wrong magic [ 148.826971][ T7671] ubi: mtd0 is already attached to ubi31 [ 148.990012][ T7682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 149.212224][ T7664] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 149.216047][ T7664] cramfs: wrong magic [ 149.886718][ T6027] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 150.036719][ T6027] usb 7-1: Using ep0 maxpacket: 8 [ 150.041561][ T6027] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 150.047434][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 150.052236][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 150.056542][ T6027] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.063016][ T6027] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 150.066986][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.283116][ T6027] usb 7-1: usb_control_msg returned -32 [ 150.295069][ T6027] usbtmc 7-1:16.0: can't read capabilities [ 150.366746][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 150.496705][ T9] usb 5-1: device descriptor read/64, error -71 [ 150.675299][ T60] usb 7-1: USB disconnect, device number 17 [ 150.852651][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 150.918182][ T7710] ubi: mtd0 is already attached to ubi31 [ 150.996769][ T9] usb 5-1: device descriptor read/64, error -71 [ 151.117021][ T9] usb usb5-port1: attempt power cycle [ 151.123363][ T7714] overlayfs: failed to clone upperpath [ 151.466813][ T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 151.497453][ T9] usb 5-1: device descriptor read/8, error -71 [ 151.613653][ T7721] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 151.617227][ T7721] UDF-fs: Scanning with blocksize 2048 failed [ 151.622956][ T7721] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 151.626340][ T7721] UDF-fs: Scanning with blocksize 4096 failed [ 151.849212][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 151.877291][ T9] usb 5-1: device descriptor read/8, error -71 [ 151.987383][ T9] usb usb5-port1: unable to enumerate USB device [ 152.003635][ T7729] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 152.005789][ T7729] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 152.009630][ T7729] vhci_hcd vhci_hcd.0: Device attached [ 152.023739][ T7729] random: crng reseeded on system resumption [ 152.069692][ T7729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.296766][ T6005] usb 40-1: SetAddress Request (30) to port 0 [ 152.299060][ T6005] usb 40-1: new SuperSpeed USB device number 30 using vhci_hcd [ 152.759536][ T40] audit: type=1804 audit(1765214851.378:64): pid=7749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.489" name="/newroot/128/bus/bus" dev="overlay" ino=730 res=1 errno=0 [ 152.820544][ T40] audit: type=1804 audit(1765214851.438:65): pid=7750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.489" name="/newroot/128/bus/bus" dev="overlay" ino=730 res=1 errno=0 [ 152.827276][ T40] audit: type=1800 audit(1765214851.438:66): pid=7750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.489" name="bus" dev="overlay" ino=730 res=0 errno=0 [ 153.187413][ T7730] vhci_hcd: connection reset by peer [ 153.189801][ T46] vhci_hcd vhci_hcd.1: stop threads [ 153.191996][ T46] vhci_hcd vhci_hcd.1: release socket [ 153.195293][ T46] vhci_hcd vhci_hcd.1: disconnect device [ 153.303587][ T7754] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.306823][ T7754] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.405663][ T7754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.452804][ T7754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.636532][ T1138] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.640744][ T1138] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.655212][ T7755] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.664044][ T1138] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.483207][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.487965][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.491012][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.493962][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.498050][ T7787] tipc: Enabling of bearer rejected, failed to enable media [ 154.501116][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.504000][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.509000][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.512006][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.514957][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.518443][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.521459][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.524438][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.527501][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.530678][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.533978][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.537417][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.540847][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.544487][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.547142][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.551359][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.554190][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.561251][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.563943][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.566886][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.569664][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.569825][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.572314][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.575370][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.580979][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.581080][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.583774][ T7787] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 154.586547][ T7786] usb usb9: usbfs: process 7786 (syz.2.501) did not claim interface 0 before use [ 154.715183][ T7796] xt_hashlimit: overflow, try lower: 60585/0 [ 154.800217][ T7798] ubi: mtd0 is already attached to ubi31 [ 154.824898][ T7801] overlayfs: failed to clone upperpath [ 155.570557][ T7806] 8021q: VLANs not supported on ipvlan0 [ 155.636850][ T34] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 155.761027][ T7811] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 155.771764][ T7811] cramfs: wrong magic [ 155.788809][ T34] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 155.793360][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.806647][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.811113][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 155.818443][ T34] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 155.823276][ T34] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 155.827302][ T34] usb 6-1: Manufacturer: syz [ 155.837016][ T34] usb 6-1: config 0 descriptor?? [ 156.249408][ T34] usbhid 6-1:0.0: can't add hid device: -71 [ 156.251850][ T34] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 156.268085][ T34] usb 6-1: USB disconnect, device number 14 [ 156.446487][ T7825] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 156.459564][ T7825] Error validating options; rc = [-22] [ 156.809628][ T7831] ubi: mtd0 is already attached to ubi31 [ 157.168976][ T7851] binder: 7850:7851 ioctl c0306201 0 returned -14 [ 157.356786][ T6005] usb 40-1: device descriptor read/8, error -110 [ 157.443163][ T7854] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 157.447324][ T7854] cramfs: wrong magic [ 157.768853][ T6005] usb usb40-port1: attempt power cycle [ 158.127597][ T7874] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 158.236750][ T2293] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 158.252699][ T40] audit: type=1804 audit(1765214856.868:67): pid=7878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.531" name="/newroot/138/bus/bus" dev="overlay" ino=791 res=1 errno=0 [ 158.312813][ T40] audit: type=1804 audit(1765214856.928:68): pid=7880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.531" name="/newroot/138/bus/bus" dev="overlay" ino=791 res=1 errno=0 [ 158.321304][ T40] audit: type=1800 audit(1765214856.928:69): pid=7880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.531" name="bus" dev="overlay" ino=791 res=0 errno=0 [ 158.347517][ T6005] usb usb40-port1: unable to enumerate USB device [ 158.414024][ T2293] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 158.417512][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.421152][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.426660][ T2293] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 158.434971][ T2293] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 158.444648][ T2293] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 158.447208][ T2293] usb 6-1: Manufacturer: syz [ 158.450124][ T2293] usb 6-1: config 0 descriptor?? [ 158.867263][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 158.874064][ T2293] usbhid 6-1:0.0: can't add hid device: -71 [ 158.876195][ T2293] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 158.884396][ T2293] usb 6-1: USB disconnect, device number 15 [ 159.096062][ T7901] befs: (nullb0): No write support. Marking filesystem read-only [ 159.102247][ T7901] befs: (nullb0): invalid magic header [ 159.629017][ T7908] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 159.632779][ T7908] cramfs: wrong magic [ 159.686870][ T6005] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 159.858018][ T6005] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 159.862456][ T6005] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 159.866304][ T6005] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 159.870704][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.875811][ T7907] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 159.886258][ T6005] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 160.081719][ T7907] sctp: [Deprecated]: syz.1.540 (pid 7907) Use of int in max_burst socket option deprecated. [ 160.081719][ T7907] Use struct sctp_assoc_value instead [ 160.612156][ T34] usb 6-1: USB disconnect, device number 16 [ 161.307270][ T40] audit: type=1326 audit(1765214859.928:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7917 comm="syz.2.543" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x0 [ 161.726257][ T40] audit: type=1326 audit(1765214860.338:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7925 comm="syz.3.544" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 161.841863][ T40] audit: type=1804 audit(1765214860.458:72): pid=7933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.545" name="/newroot/134/bus/bus" dev="overlay" ino=798 res=1 errno=0 [ 161.896203][ T40] audit: type=1804 audit(1765214860.508:73): pid=7935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.545" name="/newroot/134/bus/bus" dev="overlay" ino=798 res=1 errno=0 [ 161.906035][ T40] audit: type=1800 audit(1765214860.508:74): pid=7935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.545" name="bus" dev="overlay" ino=798 res=0 errno=0 [ 162.081237][ T7937] netlink: 830 bytes leftover after parsing attributes in process `syz.2.546'. [ 162.090730][ T7937] net veth1_virt_wifi »»»»»»: renamed from virt_wifi0 [ 162.386825][ T1323] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 162.538276][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 162.541677][ T1323] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 162.544419][ T1323] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 162.548044][ T1323] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.552061][ T1323] usb 7-1: config 0 descriptor?? [ 162.676686][ T2293] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 162.832097][ T2293] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 162.838525][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.844255][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 162.852622][ T2293] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 162.860208][ T2293] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 162.863173][ T2293] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 162.865824][ T2293] usb 6-1: Manufacturer: syz [ 162.873994][ T2293] usb 6-1: config 0 descriptor?? [ 163.219844][ T7958] ubi: mtd0 is already attached to ubi31 [ 163.293280][ T2293] usbhid 6-1:0.0: can't add hid device: -71 [ 163.296158][ T2293] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 163.302782][ T2293] usb 6-1: USB disconnect, device number 17 [ 163.700311][ T7964] overlayfs: failed to clone upperpath [ 164.796510][ T7983] overlayfs: failed to clone upperpath [ 164.870783][ T40] audit: type=1326 audit(1765214863.488:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7979 comm="syz.1.560" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x0 [ 165.096759][ T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 165.148964][ T1323] usb 7-1: USB disconnect, device number 18 [ 165.227514][ T7996] netlink: 24 bytes leftover after parsing attributes in process `syz.2.565'. [ 165.230412][ T7996] netlink: 24 bytes leftover after parsing attributes in process `syz.2.565'. [ 165.248122][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 165.251500][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.254974][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.258396][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 165.263207][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 165.266327][ T9] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 165.269100][ T9] usb 5-1: Manufacturer: syz [ 165.271752][ T9] usb 5-1: config 0 descriptor?? [ 165.680190][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 165.682909][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 165.684918][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 165.693029][ T9] usb 5-1: USB disconnect, device number 17 [ 165.996856][ T8017] netlink: 48 bytes leftover after parsing attributes in process `syz.2.571'. [ 166.835361][ T8029] ubi: mtd0 is already attached to ubi31 [ 167.026752][ T6005] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 167.042356][ T8037] overlayfs: failed to clone upperpath [ 167.178482][ T6005] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.182012][ T6005] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 167.186427][ T6005] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 167.189746][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.197009][ T6005] usb 6-1: config 0 descriptor?? [ 167.203862][ T6005] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 167.292826][ T8040] random: crng reseeded on system resumption [ 167.474042][ T40] audit: type=1326 audit(1765214866.088:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8044 comm="syz.2.579" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x0 [ 167.656697][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 167.808076][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 167.811906][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.815592][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.820085][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 167.825345][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 167.828462][ T9] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 167.831859][ T9] usb 5-1: Manufacturer: syz [ 167.841309][ T9] usb 5-1: config 0 descriptor?? [ 168.107335][ T8056] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 168.111645][ T8056] Error validating options; rc = [-22] [ 168.461237][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 168.475238][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 168.486083][ T9] usb 5-1: USB disconnect, device number 18 [ 169.470508][ T8089] overlayfs: failed to clone upperpath [ 169.761454][ T34] usb 6-1: USB disconnect, device number 18 [ 170.098144][ T8094] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 170.102251][ T8094] cramfs: wrong magic [ 170.406721][ T6006] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 170.578168][ T6006] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 170.581667][ T6006] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.585122][ T6006] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.588961][ T6006] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 170.594236][ T6006] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 170.597913][ T6006] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 170.599988][ T8103] overlayfs: failed to clone upperpath [ 170.601255][ T6006] usb 5-1: Manufacturer: syz [ 170.603575][ T6006] usb 5-1: config 0 descriptor?? [ 170.821393][ T8104] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 170.827112][ T8104] Error validating options; rc = [-22] [ 171.221541][ T6006] usbhid 5-1:0.0: can't add hid device: -71 [ 171.227885][ T6006] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 171.241223][ T6006] usb 5-1: USB disconnect, device number 19 [ 171.710482][ T8130] dlm: no local IP address has been set [ 171.713838][ T8130] dlm: cannot start dlm midcomms -107 [ 171.720817][ T8130] validate_nla: 12 callbacks suppressed [ 171.720829][ T8130] netlink: 'syz.2.601': attribute type 12 has an invalid length. [ 172.587209][ T40] audit: type=1804 audit(1765214871.208:77): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.605" name="/newroot/160/bus/bus" dev="overlay" ino=918 res=1 errno=0 [ 172.639635][ T40] audit: type=1804 audit(1765214871.258:78): pid=8142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.605" name="/newroot/160/bus/bus" dev="overlay" ino=918 res=1 errno=0 [ 172.647023][ T40] audit: type=1800 audit(1765214871.258:79): pid=8142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.605" name="bus" dev="overlay" ino=918 res=0 errno=0 [ 172.807813][ T8144] netlink: 'syz.0.607': attribute type 1 has an invalid length. [ 172.827463][ T8144] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:20001 [ 173.268721][ T8158] netlink: 'syz.3.609': attribute type 4 has an invalid length. [ 173.292465][ T8158] netlink: 'syz.3.609': attribute type 4 has an invalid length. [ 173.402102][ T8162] openvswitch: netlink: Duplicate or invalid key (type 0). [ 173.404413][ T8162] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 173.498698][ T8168] fuse: Bad value for 'fd' [ 173.503744][ T8168] netlink: 24 bytes leftover after parsing attributes in process `syz.0.613'. [ 173.534245][ T8168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.613'. [ 173.543340][ T8166] xt_CT: You must specify a L4 protocol and not use inversions on it [ 173.544483][ T8166] netlink: 188 bytes leftover after parsing attributes in process `syz.1.610'. [ 173.666644][ T34] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 173.723756][ T8171] netlink: 'syz.0.614': attribute type 3 has an invalid length. [ 173.726070][ T8171] netlink: 'syz.0.614': attribute type 1 has an invalid length. [ 173.728689][ T8171] netlink: 228 bytes leftover after parsing attributes in process `syz.0.614'. [ 173.818035][ T8171] binder: 8170:8171 ioctl c0306201 80000440 returned -14 [ 173.828312][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 173.831796][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.835915][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.840675][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 173.848215][ T34] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 173.851944][ T34] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 173.855335][ T34] usb 7-1: Manufacturer: syz [ 173.860661][ T34] usb 7-1: config 0 descriptor?? [ 173.866947][ T8174] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 173.869217][ T8174] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 173.871756][ T8174] vhci_hcd vhci_hcd.0: Device attached [ 173.873743][ T8176] vhci_hcd: connection closed [ 173.874110][ T46] vhci_hcd vhci_hcd.0: stop threads [ 173.878725][ T46] vhci_hcd vhci_hcd.0: release socket [ 173.881166][ T46] vhci_hcd vhci_hcd.0: disconnect device [ 174.472024][ T34] usbhid 7-1:0.0: can't add hid device: -71 [ 174.474011][ T34] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 174.489458][ T34] usb 7-1: USB disconnect, device number 19 [ 174.680758][ T8188] ubi: mtd0 is already attached to ubi31 [ 174.900611][ T8191] overlayfs: failed to clone upperpath [ 175.021349][ T8194] FAULT_INJECTION: forcing a failure. [ 175.021349][ T8194] name failslab, interval 1, probability 0, space 0, times 0 [ 175.025305][ T8194] CPU: 1 UID: 0 PID: 8194 Comm: syz.2.621 Tainted: G L syzkaller #0 PREEMPT(full) [ 175.025323][ T8194] Tainted: [L]=SOFTLOCKUP [ 175.025327][ T8194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.025333][ T8194] Call Trace: [ 175.025338][ T8194] [ 175.025343][ T8194] dump_stack_lvl+0x16c/0x1f0 [ 175.025380][ T8194] should_fail_ex+0x512/0x640 [ 175.025400][ T8194] ? fs_reclaim_acquire+0xae/0x150 [ 175.025418][ T8194] should_failslab+0xc2/0x120 [ 175.025435][ T8194] __kmalloc_noprof+0xeb/0x910 [ 175.025448][ T8194] ? tomoyo_encode2+0x100/0x3e0 [ 175.025461][ T8194] ? tomoyo_encode2+0x100/0x3e0 [ 175.025470][ T8194] tomoyo_encode2+0x100/0x3e0 [ 175.025481][ T8194] tomoyo_encode+0x29/0x50 [ 175.025491][ T8194] tomoyo_realpath_from_path+0x18f/0x6e0 [ 175.025505][ T8194] tomoyo_mount_acl+0x1ae/0x850 [ 175.025523][ T8194] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 175.025543][ T8194] ? kernel_text_address+0x8d/0x100 [ 175.025556][ T8194] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 175.025574][ T8194] ? arch_stack_walk+0xa6/0x100 [ 175.025608][ T8194] ? tomoyo_domain+0xba/0x150 [ 175.025620][ T8194] ? tomoyo_profile+0x47/0x60 [ 175.025633][ T8194] tomoyo_mount_permission+0x16d/0x420 [ 175.025649][ T8194] ? tomoyo_mount_permission+0x14f/0x420 [ 175.025667][ T8194] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 175.025692][ T8194] security_sb_mount+0x9b/0x260 [ 175.025707][ T8194] path_mount+0x158/0x23a0 [ 175.025719][ T8194] ? rcu_is_watching+0x12/0xc0 [ 175.025736][ T8194] ? __pfx_path_mount+0x10/0x10 [ 175.025746][ T8194] ? kmem_cache_free+0x2d8/0x770 [ 175.025760][ T8194] ? putname+0xf5/0x1a0 [ 175.025772][ T8194] ? putname+0xf5/0x1a0 [ 175.025783][ T8194] ? __ia32_sys_mount+0x291/0x310 [ 175.025792][ T8194] __ia32_sys_mount+0x291/0x310 [ 175.025803][ T8194] ? __pfx___ia32_sys_mount+0x10/0x10 [ 175.025814][ T8194] ? do_user_addr_fault+0x843/0x1370 [ 175.025830][ T8194] __do_fast_syscall_32+0xe8/0x680 [ 175.025844][ T8194] do_fast_syscall_32+0x32/0x80 [ 175.025857][ T8194] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.025871][ T8194] RIP: 0023:0xf707d579 [ 175.025880][ T8194] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 175.025891][ T8194] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 175.025902][ T8194] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000440 [ 175.025909][ T8194] RDX: 0000000080000480 RSI: 0000000000000084 RDI: 0000000080000300 [ 175.025916][ T8194] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 175.025922][ T8194] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 175.025928][ T8194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.025942][ T8194] [ 175.025955][ T8194] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.254853][ T8200] netlink: 'syz.2.624': attribute type 3 has an invalid length. [ 175.258203][ T8200] netlink: 'syz.2.624': attribute type 1 has an invalid length. [ 175.261386][ T8200] netlink: 228 bytes leftover after parsing attributes in process `syz.2.624'. [ 175.386143][ T8200] binder: 8199:8200 ioctl c0306201 80000440 returned -14 [ 175.695422][ T8208] ubi: mtd0 is already attached to ubi31 [ 175.758199][ T8214] sctp: [Deprecated]: syz.3.628 (pid 8214) Use of struct sctp_assoc_value in delayed_ack socket option. [ 175.758199][ T8214] Use struct sctp_sack_info instead [ 175.780647][ T40] audit: type=1804 audit(1765214874.398:80): pid=8215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.635" name="/newroot/159/bus/bus" dev="overlay" ino=939 res=1 errno=0 [ 175.835425][ T40] audit: type=1804 audit(1765214874.448:81): pid=8217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.635" name="/newroot/159/bus/bus" dev="overlay" ino=939 res=1 errno=0 [ 175.871155][ T40] audit: type=1800 audit(1765214874.448:82): pid=8217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.635" name="bus" dev="overlay" ino=939 res=0 errno=0 [ 176.424035][ T8224] warning: `syz.1.630' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 176.598688][ T9] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 176.747464][ T8231] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 176.748097][ T9] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 176.749678][ T8231] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 176.749926][ T8231] vhci_hcd vhci_hcd.0: Device attached [ 176.759231][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.766292][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.770475][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 176.777239][ T9] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 176.781120][ T9] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 176.784380][ T9] usb 7-1: Manufacturer: syz [ 176.788224][ T9] usb 7-1: config 0 descriptor?? [ 176.937542][ T6006] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 176.996662][ T6006] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 177.198041][ T9] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 177.203924][ T9] appleir 0003:05AC:8243.0010: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 177.423782][ T8232] vhci_hcd: connection reset by peer [ 177.427155][ T1137] vhci_hcd vhci_hcd.0: stop threads [ 177.436710][ T1137] vhci_hcd vhci_hcd.0: release socket [ 177.446851][ T1137] vhci_hcd vhci_hcd.0: disconnect device [ 177.563509][ T8238] ubi: mtd0 is already attached to ubi31 [ 179.156727][ T1323] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 179.317826][ T1323] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.321250][ T1323] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 179.325551][ T1323] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 179.328720][ T1323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.332963][ T1323] usb 5-1: config 0 descriptor?? [ 179.337483][ T1323] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 179.369023][ T34] usb 7-1: USB disconnect, device number 20 [ 180.105831][ T8274] capability: warning: `syz.3.644' uses 32-bit capabilities (legacy support in use) [ 180.124834][ T8274] 9p: Unknown Cache mode or invalid value sscache [ 180.469803][ T5943] Bluetooth: hci2: command 0x0406 tx timeout [ 180.471977][ T5953] Bluetooth: hci3: command 0x0406 tx timeout [ 180.474369][ T5942] Bluetooth: hci0: command 0x0401 tx timeout [ 181.579287][ T8293] sctp: [Deprecated]: syz.3.649 (pid 8293) Use of int in max_burst socket option deprecated. [ 181.579287][ T8293] Use struct sctp_assoc_value instead [ 181.703409][ T8299] netlink: 84 bytes leftover after parsing attributes in process `syz.3.652'. [ 181.756927][ T6005] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 181.901444][ T34] usb 5-1: USB disconnect, device number 20 [ 181.958526][ T6005] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 181.964601][ T6005] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.968382][ T6005] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.971477][ T6005] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 181.981854][ T6005] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 181.984845][ T6005] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 181.989694][ T6005] usb 7-1: Manufacturer: syz [ 182.001487][ T6005] usb 7-1: config 0 descriptor?? [ 182.066761][ T5300] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 182.070510][ T5300] Bluetooth: hci2: Injecting HCI hardware error event [ 182.072120][ T40] audit: type=1804 audit(1765214880.688:83): pid=8310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.654" name="/newroot/164/bus/bus" dev="overlay" ino=973 res=1 errno=0 [ 182.073532][ T5300] Bluetooth: hci2: hardware error 0x00 [ 182.135703][ T40] audit: type=1804 audit(1765214880.748:84): pid=8314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.654" name="/newroot/164/bus/bus" dev="overlay" ino=973 res=1 errno=0 [ 182.146699][ T6006] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 182.207674][ T40] audit: type=1800 audit(1765214880.768:85): pid=8314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.654" name="bus" dev="overlay" ino=973 res=0 errno=0 [ 182.418959][ T6005] appleir 0003:05AC:8243.0011: unknown main item tag 0x0 [ 182.424420][ T6005] appleir 0003:05AC:8243.0011: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 183.091507][ T8333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.659'. [ 183.129421][ T40] audit: type=1326 audit(1765214881.748:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.140634][ T40] audit: type=1326 audit(1765214881.748:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.149814][ T40] audit: type=1326 audit(1765214881.758:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.159829][ T8338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.660'. [ 183.161007][ T40] audit: type=1326 audit(1765214881.758:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.172697][ T40] audit: type=1326 audit(1765214881.758:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.181225][ T40] audit: type=1326 audit(1765214881.768:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 183.189137][ T40] audit: type=1326 audit(1765214881.768:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.0.660" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x7ffc0000 [ 184.179082][ T5300] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 184.181340][ T8359] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 184.185096][ T8359] cramfs: wrong magic [ 184.470151][ T6005] usb 7-1: USB disconnect, device number 21 [ 184.594315][ T8370] erofs (device nullb0): cannot find valid erofs superblock [ 186.107812][ T6005] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 186.116741][ T34] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 186.278530][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 186.282989][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.288257][ T6005] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.288963][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.291838][ T6005] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 186.295489][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 186.300509][ T6005] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 186.305751][ T34] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 186.307873][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.311382][ T34] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 186.315119][ T6005] usb 6-1: config 0 descriptor?? [ 186.316708][ T34] usb 7-1: Manufacturer: syz [ 186.322245][ T34] usb 7-1: config 0 descriptor?? [ 186.323382][ T6005] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 186.735369][ T34] appleir 0003:05AC:8243.0012: unknown main item tag 0x0 [ 186.740408][ T34] appleir 0003:05AC:8243.0012: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 186.877714][ T8403] overlayfs: failed to clone upperpath [ 188.300644][ T40] kauditd_printk_skb: 25 callbacks suppressed [ 188.300655][ T40] audit: type=1326 audit(1765214886.918:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.0.684" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x0 [ 188.773475][ T8453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.688'. [ 188.849872][ T6005] usb 6-1: USB disconnect, device number 19 [ 188.894881][ T34] usb 7-1: USB disconnect, device number 22 [ 189.107048][ T8459] netlink: 36 bytes leftover after parsing attributes in process `syz.1.689'. [ 189.994272][ T8471] ubi: mtd0 is already attached to ubi31 [ 191.116712][ T6005] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 191.268622][ T6005] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.272797][ T6005] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 191.278185][ T6005] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 191.281832][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.287359][ T6005] usb 6-1: config 0 descriptor?? [ 191.297924][ T6005] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 191.742224][ T8507] ubi: mtd0 is already attached to ubi31 [ 192.514141][ T8515] loop8: detected capacity change from 0 to 7 [ 192.521660][ T5948] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 192.524369][ T5948] loop8: partition table partially beyond EOD, truncated [ 192.528102][ T5948] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 192.533721][ T5948] loop8: p2 start 956478 is beyond EOD, truncated [ 192.559862][ T8515] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 192.566628][ T8515] loop8: partition table partially beyond EOD, truncated [ 192.572517][ T8515] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 192.578794][ T8515] loop8: p2 start 956478 is beyond EOD, truncated [ 192.604593][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 192.617537][ T5948] udevd[5948]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 192.938532][ T8522] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 192.941142][ T8522] cramfs: wrong magic [ 193.652357][ T5947] Bluetooth: hci0: hardware error 0x03 [ 193.881084][ T24] usb 6-1: USB disconnect, device number 20 [ 193.924715][ T8531] netlink: 104 bytes leftover after parsing attributes in process `syz.1.710'. [ 193.926786][ T6005] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 193.928015][ T8531] netlink: 104 bytes leftover after parsing attributes in process `syz.1.710'. [ 194.078936][ T6005] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 194.083397][ T6005] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.087830][ T6005] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.092001][ T6005] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 194.098704][ T6005] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 194.102510][ T6005] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 194.105890][ T6005] usb 7-1: Manufacturer: syz [ 194.110456][ T6005] usb 7-1: config 0 descriptor?? [ 194.522341][ T6005] appleir 0003:05AC:8243.0013: unknown main item tag 0x0 [ 194.527277][ T6005] appleir 0003:05AC:8243.0013: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 194.780377][ T34] IPVS: starting estimator thread 0... [ 194.877122][ T8543] IPVS: using max 24 ests per chain, 57600 per kthread [ 194.949859][ T8547] binder: Unknown parameter 'wtatl' [ 195.679904][ T5947] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 195.681980][ T5947] Bluetooth: hci0: hardware error 0x03 [ 196.613465][ T8566] netlink: 36 bytes leftover after parsing attributes in process `syz.0.722'. [ 196.617160][ T8566] netlink: 12 bytes leftover after parsing attributes in process `syz.0.722'. [ 196.727007][ T6006] usb 7-1: USB disconnect, device number 23 [ 196.866274][ T8581] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 196.868464][ T8581] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 196.885780][ T8581] vhci_hcd vhci_hcd.0: Device attached [ 197.053274][ T8579] gtp0: entered promiscuous mode [ 197.055081][ T8579] gtp0: entered allmulticast mode [ 197.126706][ T34] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 197.448482][ T8582] vhci_hcd: connection reset by peer [ 197.453391][ T213] vhci_hcd vhci_hcd.0: stop threads [ 197.455528][ T213] vhci_hcd vhci_hcd.0: release socket [ 197.457913][ T213] vhci_hcd vhci_hcd.0: disconnect device [ 197.746688][ T5947] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 198.119148][ T8596] netlink: 124 bytes leftover after parsing attributes in process `syz.2.726'. [ 198.123289][ T8593] block device autoloading is deprecated and will be removed. [ 198.356768][ T60] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 198.508645][ T60] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 198.513431][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.518358][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.522776][ T60] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 198.530030][ T60] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 198.534051][ T60] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 198.537868][ T60] usb 5-1: Manufacturer: syz [ 198.542699][ T60] usb 5-1: config 0 descriptor?? [ 198.869817][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.872279][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.962407][ T60] appleir 0003:05AC:8243.0014: unknown main item tag 0x0 [ 198.971707][ T60] appleir 0003:05AC:8243.0014: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 199.026918][ T40] audit: type=1326 audit(1765214897.638:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.732" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 199.846656][ T6005] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 199.998003][ T6005] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 200.001950][ T6005] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 200.007545][ T6005] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 200.011280][ T6005] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.015920][ T6005] usb 7-1: config 0 descriptor?? [ 200.019873][ T6005] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 200.086886][ T9] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 200.236718][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 200.240907][ T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 200.244533][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 200.249044][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 200.253161][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 4128, setting to 1024 [ 200.259279][ T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 200.264641][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 200.270590][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 200.274634][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.486972][ T9] usb 6-1: usb_control_msg returned -32 [ 200.489632][ T9] usbtmc 6-1:16.0: can't read capabilities [ 200.889694][ T40] audit: type=1804 audit(1765214899.508:120): pid=8632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.738" name="/newroot/182/bus/bus" dev="overlay" ino=1076 res=1 errno=0 [ 200.942993][ T40] audit: type=1804 audit(1765214899.558:121): pid=8635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.738" name="/newroot/182/bus/bus" dev="overlay" ino=1076 res=1 errno=0 [ 200.952823][ T40] audit: type=1800 audit(1765214899.558:122): pid=8635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.738" name="bus" dev="overlay" ino=1076 res=0 errno=0 [ 201.047954][ T6029] usb 5-1: USB disconnect, device number 21 [ 201.728852][ T8639] netlink: 4 bytes leftover after parsing attributes in process `syz.0.740'. [ 201.950110][ T40] audit: type=1326 audit(1765214900.568:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8643 comm="syz.3.743" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 202.226879][ T34] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 202.587521][ T2293] usb 7-1: USB disconnect, device number 24 [ 202.641664][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.745'. [ 202.918622][ T6027] usb 6-1: USB disconnect, device number 21 [ 203.023328][ T40] audit: type=1804 audit(1765214901.638:124): pid=8667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.749" name="/newroot/186/bus/bus" dev="overlay" ino=1105 res=1 errno=0 [ 203.085151][ T40] audit: type=1804 audit(1765214901.698:125): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.749" name="/newroot/186/bus/bus" dev="overlay" ino=1105 res=1 errno=0 [ 203.092880][ T40] audit: type=1800 audit(1765214901.698:126): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.749" name="bus" dev="overlay" ino=1105 res=0 errno=0 [ 203.480486][ T8683] binder: Unknown parameter 'wtatl' [ 204.369320][ T40] audit: type=1326 audit(1765214902.988:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8688 comm="syz.0.755" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x0 [ 204.847727][ T8696] FAULT_INJECTION: forcing a failure. [ 204.847727][ T8696] name failslab, interval 1, probability 0, space 0, times 0 [ 204.852603][ T8696] CPU: 2 UID: 0 PID: 8696 Comm: syz.1.757 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.852631][ T8696] Tainted: [L]=SOFTLOCKUP [ 204.852637][ T8696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 204.852646][ T8696] Call Trace: [ 204.852653][ T8696] [ 204.852659][ T8696] dump_stack_lvl+0x16c/0x1f0 [ 204.852682][ T8696] should_fail_ex+0x512/0x640 [ 204.852703][ T8696] ? __kmalloc_cache_noprof+0x5f/0x800 [ 204.852722][ T8696] should_failslab+0xc2/0x120 [ 204.852746][ T8696] __kmalloc_cache_noprof+0x80/0x800 [ 204.852762][ T8696] ? xa_load+0x153/0x2c0 [ 204.852779][ T8696] ? cma_alloc_port+0x9a/0x620 [ 204.852799][ T8696] ? cma_alloc_port+0x9a/0x620 [ 204.852814][ T8696] cma_alloc_port+0x9a/0x620 [ 204.852833][ T8696] rdma_bind_addr_dst+0x2349/0x2d20 [ 204.852858][ T8696] ? lockdep_unlock+0x64/0xd0 [ 204.852877][ T8696] ? __lock_acquire+0x12c2/0x2890 [ 204.852892][ T8696] cma_bind_addr+0x2b5/0x300 [ 204.852911][ T8696] ? __pfx_cma_bind_addr+0x10/0x10 [ 204.852948][ T8696] ? mark_held_locks+0x49/0x80 [ 204.852961][ T8696] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 204.852988][ T8696] rdma_resolve_addr+0x143/0x2110 [ 204.853006][ T8696] ? ucma_resolve_ip+0x12d/0x220 [ 204.853024][ T8696] ? xa_load+0x153/0x2c0 [ 204.853040][ T8696] ? __pfx_xa_load+0x10/0x10 [ 204.853059][ T8696] ? ucma_get_ctx+0xc7/0x270 [ 204.853078][ T8696] ? __pfx_rdma_resolve_addr+0x10/0x10 [ 204.853105][ T8696] ? __pfx_ucma_get_ctx+0x10/0x10 [ 204.853131][ T8696] ? ucma_resolve_ip+0x15f/0x220 [ 204.853149][ T8696] ucma_resolve_ip+0x15f/0x220 [ 204.853171][ T8696] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 204.853198][ T8696] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 204.853218][ T8696] ucma_write+0x1fb/0x330 [ 204.853237][ T8696] ? __pfx_ucma_write+0x10/0x10 [ 204.853260][ T8696] ? bpf_lsm_file_permission+0x9/0x10 [ 204.853277][ T8696] ? security_file_permission+0x71/0x210 [ 204.853301][ T8696] ? rw_verify_area+0xcf/0x6c0 [ 204.853321][ T8696] ? __pfx_ucma_write+0x10/0x10 [ 204.853338][ T8696] vfs_write+0x2a0/0x11d0 [ 204.853363][ T8696] ? __pfx_vfs_write+0x10/0x10 [ 204.853382][ T8696] ? find_held_lock+0x2b/0x80 [ 204.853401][ T8696] ? __fget_files+0x204/0x3c0 [ 204.853425][ T8696] ? __fget_files+0x20e/0x3c0 [ 204.853453][ T8696] ksys_write+0x1f8/0x250 [ 204.853473][ T8696] ? __pfx_ksys_write+0x10/0x10 [ 204.853495][ T8696] ? do_user_addr_fault+0x843/0x1370 [ 204.853518][ T8696] __do_fast_syscall_32+0xe8/0x680 [ 204.853540][ T8696] do_fast_syscall_32+0x32/0x80 [ 204.853558][ T8696] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 204.853579][ T8696] RIP: 0023:0xf706d579 [ 204.853594][ T8696] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 204.853608][ T8696] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 204.853624][ T8696] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 204.853634][ T8696] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.853643][ T8696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 204.853652][ T8696] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 204.853661][ T8696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 204.853681][ T8696] [ 205.306817][ T2293] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 205.430625][ T40] audit: type=1326 audit(1765214904.048:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8728 comm="syz.2.768" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x0 [ 205.468166][ T2293] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 205.471826][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.475347][ T2293] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.478653][ T2293] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 205.487259][ T2293] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 205.490373][ T2293] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 205.493051][ T2293] usb 6-1: Manufacturer: syz [ 205.497528][ T2293] usb 6-1: config 0 descriptor?? [ 205.907800][ T2293] appleir 0003:05AC:8243.0015: unknown main item tag 0x0 [ 205.918981][ T2293] appleir 0003:05AC:8243.0015: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 206.409203][ T8753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.777'. [ 206.607336][ T8756] ubi: mtd0 is already attached to ubi31 [ 206.858511][ T8761] team0: Port device team_slave_0 removed [ 207.097608][ T40] audit: type=1326 audit(1765214905.718:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8763 comm="syz.0.780" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x0 [ 207.928117][ T9] usb 6-1: USB disconnect, device number 22 [ 208.089794][ T6006] IPVS: starting estimator thread 0... [ 208.176718][ T8790] IPVS: using max 42 ests per chain, 100800 per kthread [ 208.721741][ T8809] fuse: Bad value for 'fd' [ 209.104145][ T40] audit: type=1326 audit(1765214907.718:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8810 comm="syz.3.793" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 209.533236][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.535738][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.542674][ T8826] binder_alloc: 8825: binder_alloc_buf, no vma [ 209.598297][ T8830] overlayfs: conflicting lowerdir path [ 211.086730][ T40] audit: type=1326 audit(1765214909.698:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.811" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f84579 code=0x0 [ 211.497126][ T8873] FAULT_INJECTION: forcing a failure. [ 211.497126][ T8873] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 211.501397][ T8873] CPU: 1 UID: 0 PID: 8873 Comm: syz.2.812 Tainted: G L syzkaller #0 PREEMPT(full) [ 211.501416][ T8873] Tainted: [L]=SOFTLOCKUP [ 211.501420][ T8873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 211.501427][ T8873] Call Trace: [ 211.501433][ T8873] [ 211.501437][ T8873] dump_stack_lvl+0x16c/0x1f0 [ 211.501454][ T8873] should_fail_ex+0x512/0x640 [ 211.501472][ T8873] _copy_from_user+0x2e/0xd0 [ 211.501487][ T8873] io_register_rsrc_update+0xba/0x180 [ 211.501502][ T8873] ? __pfx_io_register_rsrc_update+0x10/0x10 [ 211.501520][ T8873] __do_sys_io_uring_register+0x130c/0x2600 [ 211.501536][ T8873] ? __pfx___do_sys_io_uring_register+0x10/0x10 [ 211.501548][ T8873] ? __fget_files+0x20e/0x3c0 [ 211.501566][ T8873] ? fput+0x70/0xf0 [ 211.501576][ T8873] ? ksys_write+0x1ac/0x250 [ 211.501591][ T8873] ? __pfx_ksys_write+0x10/0x10 [ 211.501607][ T8873] ? do_user_addr_fault+0x843/0x1370 [ 211.501623][ T8873] __do_fast_syscall_32+0xe8/0x680 [ 211.501638][ T8873] do_fast_syscall_32+0x32/0x80 [ 211.501651][ T8873] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 211.501665][ T8873] RIP: 0023:0xf707d579 [ 211.501674][ T8873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 211.501685][ T8873] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001ab [ 211.501696][ T8873] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000010 [ 211.501702][ T8873] RDX: 00000000800003c0 RSI: 0000000000000020 RDI: 0000000000000000 [ 211.501709][ T8873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 211.501715][ T8873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 211.501721][ T8873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 211.501735][ T8873] [ 212.206701][ T1323] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 212.357788][ T1323] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 212.361498][ T1323] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 212.364772][ T1323] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 212.368004][ T1323] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.373653][ T8891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 212.380505][ T1323] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 212.579764][ T34] usb 7-1: USB disconnect, device number 25 [ 213.328193][ T8897] bridge0: port 3(syz_tun) entered blocking state [ 213.330917][ T8897] bridge0: port 3(syz_tun) entered disabled state [ 213.333301][ T8897] syz_tun: entered allmulticast mode [ 213.336197][ T8897] syz_tun: entered promiscuous mode [ 213.413485][ T8902] netlink: 14 bytes leftover after parsing attributes in process `syz.0.820'. [ 213.487704][ T8899] tipc: Started in network mode [ 213.490008][ T8899] tipc: Node identity 8, cluster identity 4711 [ 213.492619][ T8899] tipc: Node number set to 8 [ 213.948096][ T8914] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 214.119609][ T40] audit: type=1326 audit(1765214912.738:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8915 comm="syz.3.827" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 215.062920][ T8947] netlink: 'syz.3.837': attribute type 11 has an invalid length. [ 215.089693][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.836'. [ 215.092206][ T8947] : entered promiscuous mode [ 215.340147][ T8960] netlink: 44 bytes leftover after parsing attributes in process `syz.0.836'. [ 215.496857][ T40] audit: type=1804 audit(1765214914.108:133): pid=8966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.838" name="/newroot/212/bus/bus" dev="overlay" ino=1206 res=1 errno=0 [ 215.707993][ T40] audit: type=1326 audit(1765214914.328:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8968 comm="syz.3.839" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 216.315373][ T8978] overlayfs: failed to decode file handle (len=6, type=213, flags=0, err=-22) [ 216.613191][ T8989] 9p: Bad value for 'rfdno' [ 216.983365][ T40] audit: type=1804 audit(1765214915.598:135): pid=9002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.849" name="/newroot/215/bus/bus" dev="overlay" ino=1265 res=1 errno=0 [ 217.588325][ T40] audit: type=1326 audit(1765214916.208:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9013 comm="syz.3.854" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 218.177074][ T9032] netlink: 28 bytes leftover after parsing attributes in process `syz.1.858'. [ 218.199828][ T9032] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 218.202148][ T9032] overlayfs: failed to set xattr on upper [ 218.203989][ T9032] overlayfs: ...falling back to redirect_dir=nofollow. [ 218.206129][ T9032] overlayfs: ...falling back to index=off. [ 218.208087][ T9032] overlayfs: ...falling back to uuid=null. [ 218.675596][ T9046] overlayfs: failed to clone upperpath [ 219.617665][ T9076] Driver unsupported XDP return value 0 on prog (id 144) dev N/A, expect packet loss! [ 219.773852][ T9086] netlink: 24 bytes leftover after parsing attributes in process `syz.3.876'. [ 219.779032][ T9086] netlink: 24 bytes leftover after parsing attributes in process `syz.3.876'. [ 219.860811][ T9094] /dev/sg0: Can't lookup blockdev [ 220.293235][ T40] audit: type=1804 audit(1765214918.908:137): pid=9106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.880" name="/newroot/184/bus/bus" dev="overlay" ino=1031 res=1 errno=0 [ 220.355937][ T40] audit: type=1804 audit(1765214918.968:138): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.880" name="/newroot/184/bus/bus" dev="overlay" ino=1031 res=1 errno=0 [ 220.364887][ T40] audit: type=1800 audit(1765214918.968:139): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.880" name="bus" dev="overlay" ino=1031 res=0 errno=0 [ 221.314517][ T9137] FAULT_INJECTION: forcing a failure. [ 221.314517][ T9137] name failslab, interval 1, probability 0, space 0, times 0 [ 221.319559][ T9137] CPU: 1 UID: 0 PID: 9137 Comm: syz.1.889 Tainted: G L syzkaller #0 PREEMPT(full) [ 221.319579][ T9137] Tainted: [L]=SOFTLOCKUP [ 221.319583][ T9137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 221.319590][ T9137] Call Trace: [ 221.319594][ T9137] [ 221.319598][ T9137] dump_stack_lvl+0x16c/0x1f0 [ 221.319615][ T9137] should_fail_ex+0x512/0x640 [ 221.319630][ T9137] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 221.319646][ T9137] should_failslab+0xc2/0x120 [ 221.319662][ T9137] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 221.319676][ T9137] ? __d_alloc+0x35/0xa80 [ 221.319695][ T9137] ? __d_alloc+0x35/0xa80 [ 221.319710][ T9137] __d_alloc+0x35/0xa80 [ 221.319728][ T9137] d_alloc_parallel+0x111/0x1510 [ 221.319742][ T9137] ? kasan_save_track+0x14/0x30 [ 221.319756][ T9137] ? kasan_save_free_info+0x3b/0x60 [ 221.319767][ T9137] ? kfree+0x2f8/0x6e0 [ 221.319777][ T9137] ? link_path_walk+0x160a/0x1c70 [ 221.319790][ T9137] ? path_openat+0x1bd/0x3140 [ 221.319805][ T9137] ? do_sys_openat2+0x11f/0x280 [ 221.319817][ T9137] ? __do_fast_syscall_32+0xe8/0x680 [ 221.319829][ T9137] ? do_fast_syscall_32+0x32/0x80 [ 221.319841][ T9137] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 221.319884][ T9137] ? __pfx_d_alloc_parallel+0x10/0x10 [ 221.319906][ T9137] ? lockdep_init_map_type+0x5c/0x270 [ 221.319921][ T9137] ? lockdep_init_map_type+0x5c/0x270 [ 221.319935][ T9137] __lookup_slow+0x193/0x460 [ 221.319947][ T9137] ? __pfx___lookup_slow+0x10/0x10 [ 221.319971][ T9137] lookup_slow+0x50/0x70 [ 221.319982][ T9137] link_path_walk+0x12d8/0x1c70 [ 221.320001][ T9137] path_openat+0x1bd/0x3140 [ 221.320016][ T9137] ? __do_fast_syscall_32+0xe8/0x680 [ 221.320027][ T9137] ? do_fast_syscall_32+0x32/0x80 [ 221.320043][ T9137] ? __pfx_path_openat+0x10/0x10 [ 221.320061][ T9137] ? __lock_acquire+0x436/0x2890 [ 221.320073][ T9137] do_filp_open+0x20b/0x470 [ 221.320089][ T9137] ? __pfx_do_filp_open+0x10/0x10 [ 221.320110][ T9137] ? __pfx_kfree_link+0x10/0x10 [ 221.320127][ T9137] ? _raw_spin_unlock+0x28/0x50 [ 221.320144][ T9137] ? alloc_fd+0x471/0x7d0 [ 221.320163][ T9137] do_sys_openat2+0x11f/0x280 [ 221.320175][ T9137] ? __pfx_do_sys_openat2+0x10/0x10 [ 221.320194][ T9137] ? __fget_files+0x20e/0x3c0 [ 221.320212][ T9137] __ia32_compat_sys_openat+0x16d/0x210 [ 221.320225][ T9137] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 221.320238][ T9137] ? ksys_write+0x1ac/0x250 [ 221.320255][ T9137] ? do_user_addr_fault+0x843/0x1370 [ 221.320271][ T9137] __do_fast_syscall_32+0xe8/0x680 [ 221.320284][ T9137] do_fast_syscall_32+0x32/0x80 [ 221.320296][ T9137] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 221.320310][ T9137] RIP: 0023:0xf706d579 [ 221.320319][ T9137] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 221.320330][ T9137] RSP: 002b:00000000f545d490 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 221.320340][ T9137] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f545d4e0 [ 221.320348][ T9137] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7406ff4 [ 221.320354][ T9137] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 221.320360][ T9137] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 221.320367][ T9137] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 221.320380][ T9137] [ 221.722465][ T9152] overlayfs: failed to clone upperpath [ 221.836709][ T6047] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 221.986678][ T6047] usb 6-1: Using ep0 maxpacket: 32 [ 221.989965][ T6047] usb 6-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config [ 221.993213][ T6047] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 9 [ 222.000752][ T6047] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 222.003815][ T6047] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.006684][ T6047] usb 6-1: Product: syz [ 222.008207][ T6047] usb 6-1: Manufacturer: syz [ 222.009794][ T6047] usb 6-1: SerialNumber: syz [ 222.227246][ T9147] netlink: 80 bytes leftover after parsing attributes in process `syz.1.894'. [ 222.250750][ T6047] usb 6-1: USB disconnect, device number 23 [ 222.835288][ T9184] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 222.897718][ T9184] netlink: 'syz.0.902': attribute type 3 has an invalid length. [ 222.943984][ T9190] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 222.998846][ T9192] netlink: 20 bytes leftover after parsing attributes in process `syz.0.905'. [ 223.001673][ T9192] netlink: 20 bytes leftover after parsing attributes in process `syz.0.905'. [ 224.043289][ T9225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.918'. [ 224.305792][ T9235] overlayfs: failed to clone upperpath [ 224.595532][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.926'. [ 224.596765][ T6027] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 224.598447][ T9250] netlink: 28 bytes leftover after parsing attributes in process `syz.0.926'. [ 224.756655][ T6027] usb 7-1: Using ep0 maxpacket: 8 [ 224.759749][ T6027] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 224.763409][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 224.766795][ T6027] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 224.770038][ T6027] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.774274][ T6027] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 224.777347][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.866666][ T9] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 224.985696][ T6027] usb 7-1: GET_CAPABILITIES returned 0 [ 224.987703][ T6027] usbtmc 7-1:16.0: can't read capabilities [ 225.018866][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.022238][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 225.025125][ T9] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 225.028262][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.033224][ T9] usb 5-1: config 0 descriptor?? [ 225.038129][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 225.040567][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 225.047977][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 225.052292][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 225.055562][ T9] usb 5-1: media controller created [ 225.059741][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 225.068875][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 225.071940][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 225.076696][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input8 [ 225.087682][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 225.090252][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 225.190855][ C0] usbtmc 7-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 225.248192][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 225.250530][ T9] dvb-usb: error while querying for an remote control event. [ 225.390343][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.929'. [ 225.395437][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.929'. [ 225.402669][ T9261] netlink: 60 bytes leftover after parsing attributes in process `syz.1.929'. [ 225.454769][ T9262] sp0: Synchronizing with TNC [ 225.871576][ T1323] usb 5-1: USB disconnect, device number 22 [ 225.923914][ T1323] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 226.468076][ T9272] fuse: Bad value for 'group_id' [ 226.469771][ T9272] fuse: Bad value for 'group_id' [ 226.690414][ T9278] dvmrp0: entered allmulticast mode [ 226.986844][ T1323] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 227.147900][ T1323] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.151105][ T1323] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 227.155065][ T1323] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 227.158142][ T1323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.162105][ T1323] usb 5-1: config 0 descriptor?? [ 227.165523][ T1323] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 227.648430][ T9259] [U] è [ 227.734741][ T9] usb 7-1: USB disconnect, device number 26 [ 227.777074][ T40] audit: type=1326 audit(1765214926.398:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.785199][ T40] audit: type=1326 audit(1765214926.398:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.793977][ T40] audit: type=1326 audit(1765214926.398:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.801303][ T40] audit: type=1326 audit(1765214926.398:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.810027][ T40] audit: type=1326 audit(1765214926.398:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.816478][ T40] audit: type=1326 audit(1765214926.398:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.823398][ T40] audit: type=1326 audit(1765214926.398:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.830266][ T40] audit: type=1326 audit(1765214926.398:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.837338][ T40] audit: type=1326 audit(1765214926.398:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.844064][ T40] audit: type=1326 audit(1765214926.398:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.1.936" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 227.910203][ T1323] hid-generic 1000:000F:0007.0016: item fetching failed at offset 0/71 [ 227.913160][ T1323] hid-generic 1000:000F:0007.0016: probe with driver hid-generic failed with error -22 [ 228.196145][ T9305] ubi: mtd0 is already attached to ubi31 [ 228.819658][ T9315] ubi: mtd0 is already attached to ubi31 [ 229.725937][ T6027] usb 5-1: USB disconnect, device number 23 [ 231.897063][ T9355] overlayfs: failed to resolve 'audit': -2 [ 232.466670][ T2293] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 232.526768][ T6027] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 232.638404][ T2293] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.646669][ T2293] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 232.652084][ T2293] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 232.661198][ T2293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.665202][ T2293] usb 5-1: config 0 descriptor?? [ 232.671852][ T2293] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 232.688177][ T6027] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 232.692145][ T6027] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.695697][ T6027] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.698895][ T6027] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 232.704097][ T6027] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 232.708939][ T6027] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 232.711691][ T6027] usb 6-1: Manufacturer: syz [ 232.716555][ T6027] usb 6-1: config 0 descriptor?? [ 232.770193][ T5947] Bluetooth: min 12 > max 0 [ 233.127881][ T6027] appleir 0003:05AC:8243.0017: unknown main item tag 0x0 [ 233.137435][ T6027] appleir 0003:05AC:8243.0017: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 233.171470][ T9388] vlan0: entered promiscuous mode [ 233.174379][ T9388] vlan0: entered allmulticast mode [ 233.176448][ T9388] hsr_slave_1: entered allmulticast mode [ 233.238340][ T9385] devtmpfs: Unknown parameter 'nr_ino' [ 233.962262][ T9398] input: syz0 as /devices/virtual/input/input9 [ 234.047676][ T9399] syzkaller0: entered promiscuous mode [ 234.050073][ T9399] syzkaller0: entered allmulticast mode [ 234.786694][ T5947] Bluetooth: hci3: command 0x0406 tx timeout [ 235.228250][ T6005] usb 6-1: USB disconnect, device number 24 [ 235.318030][ T9404] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.321088][ T9404] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.419939][ T9404] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 235.431484][ T9404] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 235.456670][ T6027] usb 5-1: USB disconnect, device number 24 [ 235.565294][ T9404] vlan0: left promiscuous mode [ 235.567831][ T9404] vlan0: left allmulticast mode [ 235.569420][ T9404] hsr_slave_1: left allmulticast mode [ 235.581981][ T213] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.585018][ T213] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.609937][ T9408] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.627998][ T213] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.658719][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 235.658732][ T40] audit: type=1804 audit(1765214934.278:160): pid=9429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.975" name="/newroot/240/bus/bus" dev="overlay" ino=1370 res=1 errno=0 [ 235.712574][ T40] audit: type=1804 audit(1765214934.328:161): pid=9432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.975" name="/newroot/240/bus/bus" dev="overlay" ino=1370 res=1 errno=0 [ 235.721551][ T40] audit: type=1800 audit(1765214934.338:162): pid=9432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.975" name="bus" dev="overlay" ino=1370 res=0 errno=0 [ 236.756653][ T34] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 236.908584][ T34] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 236.913212][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.917961][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.922629][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 236.929583][ T34] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 236.933354][ T34] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 236.936861][ T34] usb 7-1: Manufacturer: syz [ 236.941069][ T34] usb 7-1: config 0 descriptor?? [ 237.351542][ T34] appleir 0003:05AC:8243.0018: unknown main item tag 0x0 [ 237.356280][ T34] appleir 0003:05AC:8243.0018: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 237.578035][ T40] audit: type=1804 audit(1765214936.198:163): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.980" name="/newroot/241/bus/bus" dev="overlay" ino=1407 res=1 errno=0 [ 237.631419][ T40] audit: type=1804 audit(1765214936.248:164): pid=9448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.980" name="/newroot/241/bus/bus" dev="overlay" ino=1407 res=1 errno=0 [ 237.638377][ T40] audit: type=1800 audit(1765214936.248:165): pid=9448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.980" name="bus" dev="overlay" ino=1407 res=0 errno=0 [ 237.826764][ T34] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 237.998447][ T34] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.001895][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 238.006045][ T34] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 238.009517][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.016998][ T34] usb 6-1: config 0 descriptor?? [ 238.023209][ T34] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 238.776702][ T34] usb 7-1: reset high-speed USB device number 27 using dummy_hcd [ 239.557772][ T6047] usb 7-1: USB disconnect, device number 27 [ 239.622041][ T9473] ubi: mtd0 is already attached to ubi31 [ 240.196642][ T6047] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 240.368193][ T6047] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 240.371718][ T6047] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.375097][ T6047] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.378311][ T6047] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 240.383286][ T6047] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 240.386409][ T6047] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 240.389172][ T6047] usb 5-1: Manufacturer: syz [ 240.391941][ T6047] usb 5-1: config 0 descriptor?? [ 240.600330][ T9] usb 6-1: USB disconnect, device number 25 [ 240.802452][ T6047] appleir 0003:05AC:8243.0019: unknown main item tag 0x0 [ 240.808384][ T6047] appleir 0003:05AC:8243.0019: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 241.007249][ T9512] overlayfs: failed to clone upperpath [ 241.119199][ T40] audit: type=1326 audit(1765214939.728:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9508 comm="syz.1.1002" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x0 [ 242.834877][ T9531] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 242.837757][ T9531] cramfs: wrong magic [ 243.091964][ T9538] overlayfs: failed to clone upperpath [ 243.196684][ T9] usb 5-1: reset high-speed USB device number 25 using dummy_hcd [ 243.357221][ T9] usb 5-1: device firmware changed [ 243.361076][ T6027] usb 5-1: USB disconnect, device number 25 [ 243.517888][ T6027] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 243.677853][ T6027] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 243.681717][ T6027] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 243.685964][ T6027] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 243.689432][ T6027] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.733531][ T6027] usb 5-1: config 0 descriptor?? [ 243.737703][ T6027] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 243.766027][ T9544] overlayfs: failed to decode file handle (len=6, type=213, flags=0, err=-22) [ 244.123520][ T40] audit: type=1326 audit(1765214942.738:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9552 comm="syz.3.1016" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x0 [ 245.087146][ T2293] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 245.368656][ T2293] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 245.372580][ T2293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.376488][ T2293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 245.380120][ T2293] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 245.385289][ T2293] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 245.388626][ T2293] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 245.392211][ T2293] usb 7-1: Manufacturer: syz [ 245.396679][ T2293] usb 7-1: config 0 descriptor?? [ 245.724442][ T6027] usb 5-1: USB disconnect, device number 26 [ 245.768197][ T9571] fuse: Unknown parameter 'grou00000000000000000000' [ 245.809387][ T2293] appleir 0003:05AC:8243.001A: unknown main item tag 0x0 [ 245.826917][ T2293] appleir 0003:05AC:8243.001A: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 245.873226][ T9576] tipc: Enabling of bearer rejected, failed to enable media [ 245.932417][ T9576] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1022'. [ 246.113952][ T40] audit: type=1804 audit(1765214944.728:168): pid=9592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1023" name="/newroot/219/bus/bus" dev="overlay" ino=1231 res=1 errno=0 [ 246.166832][ T40] audit: type=1804 audit(1765214944.778:169): pid=9595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1023" name="/newroot/219/bus/bus" dev="overlay" ino=1231 res=1 errno=0 [ 246.173685][ T40] audit: type=1800 audit(1765214944.788:170): pid=9595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1023" name="bus" dev="overlay" ino=1231 res=0 errno=0 [ 247.102078][ T9607] lo speed is unknown, defaulting to 1000 [ 247.104095][ T9607] lo speed is unknown, defaulting to 1000 [ 247.106727][ T6005] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 247.111750][ T9607] lo speed is unknown, defaulting to 1000 [ 247.124034][ T9607] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 247.140843][ T9607] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 247.263217][ T34] usb 7-1: reset high-speed USB device number 28 using dummy_hcd [ 247.303866][ T9607] lo speed is unknown, defaulting to 1000 [ 247.310403][ T9607] lo speed is unknown, defaulting to 1000 [ 247.317922][ T9607] lo speed is unknown, defaulting to 1000 [ 247.330099][ T9607] lo speed is unknown, defaulting to 1000 [ 247.406952][ T34] usb 7-1: device descriptor read/64, error -32 [ 247.806528][ T9611] fuse: Unknown parameter 'group_i00000000000000000000' [ 248.018112][ T6005] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.021795][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 248.025991][ T6005] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 248.029121][ T6005] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.032957][ T6005] usb 5-1: config 0 descriptor?? [ 248.037218][ T6005] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 248.287385][ T6047] usb 7-1: USB disconnect, device number 28 [ 249.858513][ T9640] fuse: Unknown parameter 'group_i00000000000000000000' [ 249.978679][ T9645] netlink: 'syz.2.1043': attribute type 4 has an invalid length. [ 249.979111][ T6005] usb 5-1: USB disconnect, device number 27 [ 249.981439][ T9645] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1043'. [ 250.013344][ T9645] Unknown options in mask b7f2 [ 250.337673][ T6005] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 250.489424][ T6005] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 250.494219][ T6005] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.499185][ T6005] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.503196][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 250.510859][ T6005] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 250.514767][ T6005] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 250.518384][ T6005] usb 5-1: Manufacturer: syz [ 250.522477][ T6005] usb 5-1: config 0 descriptor?? [ 250.660183][ T9660] ªªªªª2: renamed from veth0_vlan [ 250.933085][ T6005] appleir 0003:05AC:8243.001B: unknown main item tag 0x0 [ 250.939305][ T6005] appleir 0003:05AC:8243.001B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 251.144044][ T40] audit: type=1804 audit(1765214949.758:171): pid=9665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1049" name="/newroot/226/bus/bus" dev="overlay" ino=1276 res=1 errno=0 [ 251.197084][ T40] audit: type=1804 audit(1765214949.818:172): pid=9666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1049" name="/newroot/226/bus/bus" dev="overlay" ino=1276 res=1 errno=0 [ 251.205869][ T40] audit: type=1800 audit(1765214949.818:173): pid=9666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1049" name="bus" dev="overlay" ino=1276 res=0 errno=0 [ 251.762716][ T9669] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1050'. [ 252.055519][ T9678] fuse: Unknown parameter 'group_i00000000000000000000' [ 252.206677][ T6005] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 252.358451][ T6005] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.362541][ T6005] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 252.366793][ T6005] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 252.369570][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.373442][ T6005] usb 6-1: config 0 descriptor?? [ 252.380410][ T6005] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 252.917648][ T24] usb 5-1: USB disconnect, device number 28 [ 253.379279][ T9698] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 253.381352][ T9698] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 253.384479][ T9698] vhci_hcd vhci_hcd.0: Device attached [ 253.646866][ T24] usb 42-1: SetAddress Request (26) to port 0 [ 253.648953][ T24] usb 42-1: new SuperSpeed USB device number 26 using vhci_hcd [ 253.741174][ T40] audit: type=1804 audit(1765214952.358:174): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1060" name="/newroot/256/bus/bus" dev="overlay" ino=1495 res=1 errno=0 [ 253.780834][ T9708] Option 'TX¼÷Æ®€' to dns_resolver key: bad/missing value [ 253.800829][ T40] audit: type=1804 audit(1765214952.418:175): pid=9710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1060" name="/newroot/256/bus/bus" dev="overlay" ino=1495 res=1 errno=0 [ 253.808230][ T40] audit: type=1800 audit(1765214952.418:176): pid=9710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1060" name="bus" dev="overlay" ino=1495 res=0 errno=0 [ 253.836765][ T9712] fuse: Unknown parameter 'group_id00000000000000000000' [ 253.916054][ T9715] RDS: rds_bind could not find a transport for fe80::34, load rds_tcp or rds_rdma? [ 254.090218][ T9699] vhci_hcd: connection reset by peer [ 254.093131][ T213] vhci_hcd vhci_hcd.2: stop threads [ 254.095523][ T213] vhci_hcd vhci_hcd.2: release socket [ 254.098003][ T213] vhci_hcd vhci_hcd.2: disconnect device [ 254.786855][ T2293] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 254.899866][ T9723] lo speed is unknown, defaulting to 1000 [ 254.972144][ T6027] usb 6-1: USB disconnect, device number 26 [ 254.987859][ T2293] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 254.991466][ T2293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.994840][ T2293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.001404][ T2293] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 255.006305][ T2293] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 255.009469][ T2293] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 255.012002][ T2293] usb 5-1: Manufacturer: syz [ 255.020652][ T2293] usb 5-1: config 0 descriptor?? [ 255.092632][ T9739] fuse: Unknown parameter 'group_id00000000000000000000' [ 255.237970][ T40] audit: type=1804 audit(1765214953.858:177): pid=9744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1073" name="/newroot/262/bus/bus" dev="overlay" ino=1493 res=1 errno=0 [ 255.298286][ T40] audit: type=1804 audit(1765214953.918:178): pid=9745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1073" name="/newroot/262/bus/bus" dev="overlay" ino=1493 res=1 errno=0 [ 255.308415][ T40] audit: type=1800 audit(1765214953.928:179): pid=9745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1073" name="bus" dev="overlay" ino=1493 res=0 errno=0 [ 255.432149][ T2293] appleir 0003:05AC:8243.001C: unknown main item tag 0x0 [ 255.442053][ T9747] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1072'. [ 255.452546][ T2293] appleir 0003:05AC:8243.001C: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 257.432876][ T34] usb 5-1: USB disconnect, device number 29 [ 257.824663][ T9776] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 257.828135][ T9776] cramfs: wrong magic [ 257.845503][ T9781] fuse: Unknown parameter 'group_id00000000000000000000' [ 258.716775][ T24] usb 42-1: device descriptor read/8, error -110 [ 259.108011][ T24] usb usb42-port1: attempt power cycle [ 259.545860][ T9829] fuse: Bad value for 'user_id' [ 259.548248][ T9829] fuse: Bad value for 'user_id' [ 259.680333][ T24] usb usb42-port1: unable to enumerate USB device [ 259.817747][ T9839] syzkaller0: entered promiscuous mode [ 259.819575][ T9839] syzkaller0: entered allmulticast mode [ 259.925443][ T9836] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 259.929030][ T9836] cramfs: wrong magic [ 260.309657][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.312028][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.462133][ T9849] overlayfs: failed to clone upperpath [ 260.849729][ T9857] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1101'. [ 260.853484][ T9857] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1101'. [ 260.856871][ T9857] netlink: 19 bytes leftover after parsing attributes in process `syz.3.1101'. [ 261.011565][ T9861] fuse: Bad value for 'user_id' [ 261.013290][ T9861] fuse: Bad value for 'user_id' [ 261.559637][ T9871] tipc: Started in network mode [ 261.561352][ T9871] tipc: Node identity aa990a2804b7, cluster identity 4711 [ 261.564998][ T9871] tipc: Enabled bearer , priority 0 [ 261.568166][ T9873] tipc: Enabling of bearer rejected, already enabled [ 261.573279][ T9871] syzkaller0: entered promiscuous mode [ 261.575253][ T9871] syzkaller0: entered allmulticast mode [ 261.621163][ T9871] tipc: Resetting bearer [ 261.630953][ T9870] tipc: Resetting bearer [ 261.644938][ T9870] tipc: Disabling bearer [ 262.672413][ T9896] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1115'. [ 262.676262][ T9896] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1115'. [ 263.462070][ T9929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1124'. [ 263.465921][ T9929] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1124'. [ 263.471043][ T9929] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1124'. [ 263.481303][ T9929] netlink: 512 bytes leftover after parsing attributes in process `syz.1.1124'. [ 263.766687][ T24] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 263.918740][ T24] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 263.923348][ T24] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 263.928327][ T24] usb 6-1: config 0 interface 0 has no altsetting 0 [ 263.933487][ T24] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 263.937580][ T24] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 263.941532][ T24] usb 6-1: Product: syz [ 263.943327][ T24] usb 6-1: Manufacturer: syz [ 263.945326][ T24] usb 6-1: SerialNumber: syz [ 263.952229][ T24] usb 6-1: config 0 descriptor?? [ 263.964416][ T24] usb 6-1: selecting invalid altsetting 0 [ 264.090047][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1126'. [ 264.102852][ T9940] syz_tun: left allmulticast mode [ 264.104591][ T9940] syz_tun: left promiscuous mode [ 264.107673][ T9940] bridge0: port 3(syz_tun) entered disabled state [ 264.113468][ T9940] bridge_slave_1: left allmulticast mode [ 264.115344][ T9940] bridge_slave_1: left promiscuous mode [ 264.118175][ T9940] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.121812][ T9940] bridge_slave_0: left allmulticast mode [ 264.123672][ T9940] bridge_slave_0: left promiscuous mode [ 264.125583][ T9940] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.201781][ T9931] usb 6-1: cannot submit urb 0, error -2: endpoint not enabled [ 264.211507][ T24] usb 6-1: USB disconnect, device number 27 [ 264.276185][ T5947] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 264.963372][ T9948] fuse: Bad value for 'user_id' [ 264.965830][ T9948] fuse: Bad value for 'user_id' [ 265.091658][ T9950] netlink: 'syz.3.1130': attribute type 33 has an invalid length. [ 265.752485][ T9968] syzkaller0: entered promiscuous mode [ 265.754303][ T9968] syzkaller0: entered allmulticast mode [ 265.874584][ T40] audit: type=1326 audit(1765214964.488:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.881912][ T40] audit: type=1326 audit(1765214964.498:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.889041][ T40] audit: type=1326 audit(1765214964.508:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.897320][ T40] audit: type=1326 audit(1765214964.508:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.904647][ T40] audit: type=1326 audit(1765214964.508:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.911845][ T40] audit: type=1326 audit(1765214964.508:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.918959][ T40] audit: type=1326 audit(1765214964.508:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.926676][ T40] audit: type=1326 audit(1765214964.508:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.934184][ T40] audit: type=1326 audit(1765214964.508:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.942570][ T40] audit: type=1326 audit(1765214964.508:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9969 comm="syz.1.1137" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x7ffc0000 [ 265.966482][ T9973] fuse: Bad value for 'fd' [ 266.145521][ T9976] fuse: Bad value for 'fd' [ 266.597761][ T9987] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 266.601298][ T9987] cramfs: wrong magic [ 266.652718][ T9990] __nla_validate_parse: 2 callbacks suppressed [ 266.652733][ T9990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1143'. [ 266.659213][ T9990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1143'. [ 266.677907][ T9993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1144'. [ 266.694036][ T9993] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1144'. [ 266.697776][ T9993] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1144'. [ 267.396148][ T9807] tipc: Subscription rejected, illegal request [ 267.618167][T10017] usb 2-1: USB disconnect, device number 2 [ 267.866047][T10029] overlayfs: overlapping lowerdir path [ 267.920790][T10035] FAULT_INJECTION: forcing a failure. [ 267.920790][T10035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.925955][T10035] CPU: 0 UID: 0 PID: 10035 Comm: syz.1.1155 Tainted: G L syzkaller #0 PREEMPT(full) [ 267.925974][T10035] Tainted: [L]=SOFTLOCKUP [ 267.925978][T10035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 267.925985][T10035] Call Trace: [ 267.925989][T10035] [ 267.925994][T10035] dump_stack_lvl+0x16c/0x1f0 [ 267.926010][T10035] should_fail_ex+0x512/0x640 [ 267.926029][T10035] _copy_from_user+0x2e/0xd0 [ 267.926045][T10035] get_compat_msghdr+0xa7/0x170 [ 267.926063][T10035] ? __pfx_get_compat_msghdr+0x10/0x10 [ 267.926084][T10035] ___sys_sendmsg+0x1ae/0x1d0 [ 267.926103][T10035] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.926125][T10035] ? find_held_lock+0x2b/0x80 [ 267.926148][T10035] __sys_sendmsg+0x16d/0x220 [ 267.926165][T10035] ? __pfx___sys_sendmsg+0x10/0x10 [ 267.926187][T10035] ? do_user_addr_fault+0x843/0x1370 [ 267.926203][T10035] __do_fast_syscall_32+0xe8/0x680 [ 267.926217][T10035] do_fast_syscall_32+0x32/0x80 [ 267.926230][T10035] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 267.926244][T10035] RIP: 0023:0xf706d579 [ 267.926253][T10035] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 267.926264][T10035] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 267.926275][T10035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800013c0 [ 267.926282][T10035] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 267.926289][T10035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 267.926295][T10035] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 267.926301][T10035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 267.926314][T10035] [ 268.036150][T10040] lo speed is unknown, defaulting to 1000 [ 268.292587][T10046] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 268.295109][T10046] cramfs: wrong magic [ 268.306712][ T5947] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 268.310643][ T5947] Bluetooth: hci3: Injecting HCI hardware error event [ 268.314496][ T5947] Bluetooth: hci3: hardware error 0x00 [ 268.486280][T10049] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 269.040637][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.043181][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.056417][T10091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.142705][T10097] binder: 10094:10097 ioctl 8933 80000100 returned -22 [ 269.731981][T10119] overlayfs: failed to clone upperpath [ 269.862408][T10125] netlink: 'syz.2.1174': attribute type 1 has an invalid length. [ 269.865181][T10125] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1174'. [ 269.981722][T10134] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 269.985342][T10134] cramfs: wrong magic [ 270.396774][ T5947] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 270.534454][T10152] fuse: Bad value for 'fd' [ 270.704384][T10144] infiniband syz1: set down [ 270.710350][T10144] infiniband syz1: added syz_tun [ 270.738991][T10155] overlayfs: failed to decode file handle (len=6, type=213, flags=0, err=-22) [ 270.804153][T10144] RDS/IB: syz1: added [ 270.813319][T10144] smc: adding ib device syz1 with port count 1 [ 270.818520][T10144] smc: ib device syz1 port 1 has no pnetid [ 270.869390][T10160] syzkaller0: entered promiscuous mode [ 270.871857][T10160] syzkaller0: entered allmulticast mode [ 270.925303][T10162] fuse: Bad value for 'fd' [ 272.319192][T10186] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 272.324493][T10186] cramfs: wrong magic [ 273.113801][T10192] fuse: Bad value for 'fd' [ 273.179749][T10196] xt_hashlimit: size too large, truncated to 1048576 [ 273.182781][T10196] xt_hashlimit: Unknown mode mask FFFFFFE, kernel too old? [ 273.569930][T10214] syzkaller0: entered promiscuous mode [ 273.571836][T10214] syzkaller0: entered allmulticast mode [ 273.699477][T10216] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 273.702163][T10216] cramfs: wrong magic [ 274.604538][T10230] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 274.956692][ T9] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 275.127399][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 275.132460][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.136065][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.140088][ T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 275.143725][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.155548][ T9] usb 7-1: config 0 descriptor?? [ 275.590853][ T9] savu 0003:1E7D:2D5A.001D: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 275.723496][T10268] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 275.726313][T10268] cramfs: wrong magic [ 275.859021][ T24] usb 7-1: USB disconnect, device number 29 [ 276.350008][T10271] comedi comedi3: bad chanlist[0]=0x00000008 chan=8 range length=1 [ 276.402806][T10274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.695483][T10290] overlayfs: failed to resolve './file1': -2 [ 276.959923][T10298] MTD: Couldn't look up '/dev/nullb0': -15 [ 276.963488][T10298] /dev/nullb0: Can't lookup blockdev [ 277.390406][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1229'. [ 277.618115][T10314] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1231'. [ 277.686420][T10318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1231'. [ 278.430785][T10317] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 278.483777][T10327] syzkaller0: entered promiscuous mode [ 278.485682][T10327] syzkaller0: entered allmulticast mode [ 279.024417][T10344] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 279.595657][T10356] wg1: entered promiscuous mode [ 280.163485][T10373] fuse: Invalid rootmode [ 280.383458][T10389] netlink: 'syz.3.1254': attribute type 32 has an invalid length. [ 280.386673][T10389] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1254'. [ 280.402095][T10389] bond2: Setting coupled_control to off (0) [ 280.436961][T10392] ufs: You didn't specify the type of your ufs filesystem [ 280.436961][T10392] [ 280.436961][T10392] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 280.436961][T10392] [ 280.436961][T10392] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 280.452073][T10392] ufs: ufstype=old is supported read-only [ 280.461397][T10392] vlan3: entered promiscuous mode [ 280.463296][T10392] batadv0: entered promiscuous mode [ 281.636682][ T34] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 281.798948][ T34] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 281.803643][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.808049][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 281.811518][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 281.818416][ T34] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 281.822079][ T34] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 281.825443][ T34] usb 6-1: Manufacturer: syz [ 281.829314][ T34] usb 6-1: config 0 descriptor?? [ 281.958633][T10432] xt_policy: output policy not valid in PREROUTING and INPUT [ 282.245708][ T34] appleir 0003:05AC:8243.001E: unknown main item tag 0x0 [ 282.252013][ T34] appleir 0003:05AC:8243.001E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 282.603217][T10448] 9pnet_fd: Insufficient options for proto=fd [ 282.860385][T10456] syzkaller0: entered promiscuous mode [ 282.862296][T10456] syzkaller0: entered allmulticast mode [ 283.488882][T10466] fuse: Bad value for 'rootmode' [ 283.640041][T10471] overlayfs: failed to clone upperpath [ 283.705696][T10476] overlayfs: failed to resolve './file0': -2 [ 283.811358][T10482] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1281'. [ 283.944655][T10462] Process accounting resumed [ 284.013965][T10495] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 284.145303][T10504] xt_CT: You must specify a L4 protocol and not use inversions on it [ 284.328431][ T24] usb 6-1: USB disconnect, device number 28 [ 284.824799][T10525] tipc: Enabling of bearer rejected, failed to enable media [ 285.065046][T10537] overlayfs: failed to resolve './file0': -2 [ 285.403305][T10552] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 285.559025][T10555] ieee802154 phy0 wpan0: encryption failed: -22 [ 286.189019][T10568] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1308'. [ 286.234602][ T9799] Bluetooth: hci4: Frame reassembly failed (-84) [ 286.251354][T10568] fuse: Bad value for 'fd' [ 286.257266][T10568] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 286.791688][T10582] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 287.551163][T10604] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1320'. [ 288.141633][T10615] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13) [ 288.143777][T10615] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 288.146826][T10615] vhci_hcd vhci_hcd.0: Device attached [ 288.307036][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 288.308631][ T5300] Bluetooth: hci4: command 0x1003 tx timeout [ 288.426950][ T24] usb 40-1: SetAddress Request (34) to port 0 [ 288.429954][ T24] usb 40-1: new SuperSpeed USB device number 34 using vhci_hcd [ 288.768308][T10616] vhci_hcd: connection reset by peer [ 288.771178][ T9798] vhci_hcd vhci_hcd.1: stop threads [ 288.773685][ T9798] vhci_hcd vhci_hcd.1: release socket [ 288.776182][ T9798] vhci_hcd vhci_hcd.1: disconnect device [ 289.054744][T10625] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1324'. [ 289.058348][T10625] fuse: Unknown parameter 'veth0_to_team' [ 289.125525][T10628] binder: 10627:10628 unknown command 0 [ 289.127501][T10628] binder: 10627:10628 ioctl c0306201 80000080 returned -22 [ 289.138857][T10630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1326'. [ 289.144808][T10630] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1326'. [ 289.480494][T10649] fuse: Unknown parameter 'use00000000000000000000' [ 289.568668][T10652] netlink: 'syz.3.1335': attribute type 8 has an invalid length. [ 291.608028][T10692] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1348'. [ 291.792883][T10705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1350'. [ 292.003133][T10694] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 292.600834][T10724] overlayfs: failed to clone upperpath [ 293.075453][T10732] syzkaller0: entered promiscuous mode [ 293.078704][T10732] syzkaller0: entered allmulticast mode [ 293.396090][T10751] syzkaller0: entered promiscuous mode [ 293.399376][T10751] syzkaller0: entered allmulticast mode [ 293.466408][T10754] random: crng reseeded on system resumption [ 293.516840][ T24] usb 40-1: device descriptor read/8, error -110 [ 293.607861][ T2293] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 293.756740][ T2293] usb 7-1: Using ep0 maxpacket: 32 [ 293.761566][ T2293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.766503][ T2293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.770776][ T2293] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 293.773960][ T2293] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.793368][ T2293] usb 7-1: config 0 descriptor?? [ 293.907666][ T24] usb usb40-port1: attempt power cycle [ 294.202341][ T2293] usbhid 7-1:0.0: can't add hid device: -71 [ 294.204553][ T2293] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 294.217330][ T2293] usb 7-1: USB disconnect, device number 30 [ 294.469591][ T24] usb usb40-port1: unable to enumerate USB device [ 294.897883][T10771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.984204][T10797] lo speed is unknown, defaulting to 1000 [ 296.032061][T10798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1379'. [ 296.036090][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 296.036107][ T40] audit: type=1326 audit(1765214994.648:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.039874][T10798] lo: entered promiscuous mode [ 296.048523][ T40] audit: type=1326 audit(1765214994.658:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.048568][ T40] audit: type=1326 audit(1765214994.658:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.048604][ T40] audit: type=1326 audit(1765214994.658:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.050661][T10798] lo: entered allmulticast mode [ 296.057605][ T40] audit: type=1326 audit(1765214994.658:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.082217][ T9] lo speed is unknown, defaulting to 1000 [ 296.084616][ T40] audit: type=1326 audit(1765214994.658:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.086738][ T9] syz0: Port: 1 Link ACTIVE [ 296.092241][ T40] audit: type=1326 audit(1765214994.658:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.103203][ T40] audit: type=1326 audit(1765214994.658:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.113028][ T40] audit: type=1326 audit(1765214994.698:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.123031][ T40] audit: type=1326 audit(1765214994.698:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10796 comm="syz.3.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05579 code=0x7ffc0000 [ 296.598436][T10821] fuse: Unknown parameter 'user_id00000000000000000000' [ 296.701746][T10825] syzkaller0: entered promiscuous mode [ 296.703545][T10825] syzkaller0: entered allmulticast mode [ 298.205096][T10889] syzkaller0: entered promiscuous mode [ 298.207392][T10889] syzkaller0: entered allmulticast mode [ 298.212234][T10856] syz.1.1395 (10856) used greatest stack depth: 19160 bytes left [ 298.611204][T10896] fuse: Bad value for 'fd' [ 299.541772][T10937] fuse: Bad value for 'fd' [ 300.196711][ T6047] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 300.389661][ T6047] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 300.393326][ T6047] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.396527][ T6047] usb 7-1: Product: syz [ 300.406929][ T6047] usb 7-1: Manufacturer: syz [ 300.408841][ T6047] usb 7-1: SerialNumber: syz [ 300.417581][ T6047] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 300.449619][ T6047] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 300.620837][T10962] binder: 10961:10962 ioctl 40101283 80000000 returned -22 [ 301.402752][T10980] xt_CT: You must specify a L4 protocol and not use inversions on it [ 301.411712][T10980] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1422'. [ 301.485607][T10982] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1422'. [ 301.488650][T10982] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1422'. [ 301.516800][ T6047] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 301.626616][ T6047] ath9k_htc: Failed to initialize the device [ 301.652800][ T6047] usb 7-1: ath9k_htc: USB layer deinitialized [ 301.996371][T11000] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 301.998948][T11000] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 302.011517][T11000] vhci_hcd vhci_hcd.0: Device attached [ 302.151291][T11000] : entered promiscuous mode [ 302.276834][ T24] usb 40-1: SetAddress Request (38) to port 0 [ 302.278847][ T24] usb 40-1: new SuperSpeed USB device number 38 using vhci_hcd [ 302.708851][T11001] vhci_hcd: connection reset by peer [ 302.711280][ T1137] vhci_hcd vhci_hcd.1: stop threads [ 302.713044][ T1137] vhci_hcd vhci_hcd.1: release socket [ 302.714902][ T1137] vhci_hcd vhci_hcd.1: disconnect device [ 303.007923][ T1323] usb 7-1: USB disconnect, device number 31 [ 303.386636][ T1323] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 303.496295][ C1] ------------[ cut here ]------------ [ 303.498889][ C1] WARNING: net/mptcp/subflow.c:1527 at subflow_data_ready+0x40b/0x790, CPU#1: kworker/u32:6/1137 [ 303.503023][ C1] Modules linked in: [ 303.504983][ C1] CPU: 1 UID: 0 PID: 1137 Comm: kworker/u32:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 303.509358][ C1] Tainted: [L]=SOFTLOCKUP [ 303.511066][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 303.515276][ C1] Workqueue: krdsd rds_send_worker [ 303.517383][ C1] RIP: 0010:subflow_data_ready+0x40b/0x790 [ 303.519732][ C1] Code: 89 ee e8 d8 5b 5e f6 40 84 ed 75 21 e8 8e 61 5e f6 44 89 fe bf 07 00 00 00 e8 21 5c 5e f6 41 83 ff 07 74 09 e8 76 61 5e f6 90 <0f> 0b 90 e8 6d 61 5e f6 48 89 df e8 f5 ac ff ff 31 ff 89 c5 89 c6 [ 303.526179][ C1] RSP: 0018:ffffc9000058f9e8 EFLAGS: 00010246 [ 303.528228][ C1] RAX: 0000000000000000 RBX: ffff88804ddeea00 RCX: ffffffff8b5ff51f [ 303.530961][ C1] RDX: ffff888027f00000 RSI: ffffffff8b5ff52a RDI: 0000000000000005 [ 303.533497][ C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007 [ 303.535949][ C1] R10: 0000000000000005 R11: ffff888027f00b30 R12: ffff88806e8e9900 [ 303.538569][ C1] R13: 1ffff920000b1f3d R14: ffff88804f81dc00 R15: 0000000000000005 [ 303.541227][ C1] FS: 0000000000000000(0000) GS:ffff88809780e000(0000) knlGS:0000000000000000 [ 303.544014][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 303.546136][ C1] CR2: 00000000f50c0f37 CR3: 000000000e184000 CR4: 0000000000352ef0 [ 303.548879][ C1] Call Trace: [ 303.550270][ C1] [ 303.551254][ C1] ? __pfx_subflow_data_ready+0x10/0x10 [ 303.553071][ C1] ? tcp_data_ecn_check+0x54/0x740 [ 303.554732][ C1] tcp_data_ready+0x114/0x5a0 [ 303.556278][ C1] tcp_data_queue+0x1ac2/0x4ff0 [ 303.557982][ C1] ? tcp_urg+0x10f/0xb80 [ 303.559410][ C1] ? __pfx_tcp_data_queue+0x10/0x10 [ 303.561080][ C1] ? tcp_try_undo_loss+0x7f0/0x860 [ 303.562682][ C1] ? __pfx_subflow_sched_work_if_closed+0x10/0x10 [ 303.564733][ C1] tcp_rcv_state_process+0xfb6/0x6540 [ 303.566520][ C1] ? __tcp_send_ack.part.0+0x4ca/0x910 [ 303.568403][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 303.570465][ C1] ? __lock_acquire+0x436/0x2890 [ 303.572087][ C1] ? sk_filter_trim_cap+0x11a/0xde0 [ 303.573790][ C1] ? lock_acquire+0x179/0x330 [ 303.575374][ C1] ? tcp_v6_do_rcv+0x7b8/0x1dc0 [ 303.577023][ C1] tcp_v6_do_rcv+0x7b8/0x1dc0 [ 303.578555][ C1] tcp_v6_rcv+0x2ab5/0x48f0 [ 303.580158][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.582237][ C1] ? __pfx_ipvlan_skb_to_addr+0x10/0x10 [ 303.584617][ C1] ? __pfx_raw6_local_deliver+0x10/0x10 [ 303.587064][ C1] ? find_held_lock+0x2b/0x80 [ 303.589100][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.591180][ C1] ip6_protocol_deliver_rcu+0x188/0x1520 [ 303.593586][ C1] ip6_input_finish+0x1e4/0x4b0 [ 303.595698][ C1] ip6_input+0x105/0x2f0 [ 303.597485][ C1] ip6_rcv_finish+0x1ac/0x580 [ 303.599500][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.601690][ C1] ? __pfx_ip_sabotage_in+0x10/0x10 [ 303.603910][ C1] ip_sabotage_in+0x21e/0x290 [ 303.605919][ C1] nf_hook_slow+0xbe/0x200 [ 303.607951][ C1] nf_hook.constprop.0+0x424/0x750 [ 303.610133][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.612373][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 303.614747][ C1] ? ip6_rcv_core+0xbd4/0x1c30 [ 303.616881][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.619076][ C1] ? ip6_rcv_core+0xc70/0x1c30 [ 303.620845][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 303.622415][ C1] ipv6_rcv+0xa4/0x650 [ 303.623768][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 303.625402][ C1] __netif_receive_skb_one_core+0x12d/0x1e0 [ 303.627306][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 303.629482][ C1] ? lock_acquire+0x179/0x330 [ 303.631427][ C1] __netif_receive_skb+0x1d/0x160 [ 303.633375][ C1] netif_receive_skb+0x137/0x760 [ 303.634987][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 303.637122][ C1] ? br_netif_receive_skb+0xff/0x200 [ 303.638854][ C1] br_pass_frame_up+0x346/0x490 [ 303.640484][ C1] br_handle_frame_finish+0x12fe/0x1f00 [ 303.642276][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.644209][ C1] ? ip6t_do_table+0xc25/0x1c30 [ 303.645826][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 303.647611][ C1] ? nf_hook_slow+0x132/0x200 [ 303.649136][ C1] br_nf_hook_thresh+0x307/0x410 [ 303.650742][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.652689][ C1] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 303.654469][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.656386][ C1] ? __pfx_nf_nat_ipv6_in+0x10/0x10 [ 303.658107][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.660057][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.661955][ C1] br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 [ 303.663909][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.665798][ C1] br_nf_pre_routing_ipv6+0x3cd/0x8c0 [ 303.667613][ C1] ? __pfx_br_nf_pre_routing_ipv6+0x10/0x10 [ 303.669513][ C1] ? lock_acquire+0x179/0x330 [ 303.671037][ C1] ? __pfx_br_nf_pre_routing_finish_ipv6+0x10/0x10 [ 303.673111][ C1] ? net_generic+0xea/0x2a0 [ 303.674592][ C1] br_nf_pre_routing+0x860/0x15b0 [ 303.676239][ C1] br_handle_frame+0xb28/0x14e0 [ 303.677905][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 303.679613][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.681483][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 303.683207][ C1] __netif_receive_skb_core.constprop.0+0x6b3/0x35b0 [ 303.685347][ C1] ? __pfx_raw6_local_deliver+0x10/0x10 [ 303.687191][ C1] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 303.689492][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.691063][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.692642][ C1] ? ip6_protocol_deliver_rcu+0xcda/0x1520 [ 303.694544][ C1] ? find_held_lock+0x2b/0x80 [ 303.696089][ C1] ? __lock_acquire+0x436/0x2890 [ 303.697757][ C1] ? process_backlog+0x450/0x1650 [ 303.699394][ C1] __netif_receive_skb_one_core+0xb0/0x1e0 [ 303.701289][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 303.703375][ C1] ? lock_acquire+0x179/0x330 [ 303.704901][ C1] ? process_backlog+0x450/0x1650 [ 303.706553][ C1] __netif_receive_skb+0x1d/0x160 [ 303.708312][ C1] process_backlog+0x4a2/0x1650 [ 303.709934][ C1] __napi_poll.constprop.0+0xb3/0x540 [ 303.711686][ C1] net_rx_action+0x9f9/0xfa0 [ 303.713177][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 303.714822][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 303.716514][ C1] ? sched_clock+0x38/0x60 [ 303.718017][ C1] ? sched_clock_cpu+0x6c/0x530 [ 303.719622][ C1] ? mark_held_locks+0x49/0x80 [ 303.721162][ C1] handle_softirqs+0x219/0x950 [ 303.722714][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 303.724415][ C1] ? irqtime_account_irq+0x18d/0x2e0 [ 303.726101][ C1] ? __dev_queue_xmit+0x782/0x4650 [ 303.727862][ C1] do_softirq+0xb2/0xf0 [ 303.729213][ C1] [ 303.730144][ C1] [ 303.731059][ C1] __local_bh_enable_ip+0x100/0x120 [ 303.732744][ C1] ? __dev_queue_xmit+0x782/0x4650 [ 303.734390][ C1] __dev_queue_xmit+0x797/0x4650 [ 303.736025][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 303.737842][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 303.739553][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 303.741249][ C1] ? __lock_acquire+0x436/0x2890 [ 303.742845][ C1] ? nf_nat_ipv6_fn+0xff/0x2e0 [ 303.744424][ C1] ? find_held_lock+0x2b/0x80 [ 303.745949][ C1] ? __asan_memcpy+0x3c/0x60 [ 303.747547][ C1] ? eth_header+0x11c/0x1f0 [ 303.749025][ C1] neigh_resolve_output+0x53a/0x940 [ 303.750674][ C1] ip6_finish_output2+0xad1/0x1cf0 [ 303.752334][ C1] __ip6_finish_output+0x3cd/0x1010 [ 303.754012][ C1] ip6_output+0x253/0x710 [ 303.755443][ C1] ip6_xmit+0x1512/0x23f0 [ 303.756950][ C1] ? ip6_dst_check+0x352/0x950 [ 303.758503][ C1] ? __pfx_ip6_xmit+0x10/0x10 [ 303.760024][ C1] ? __sk_dst_check+0xa6/0x350 [ 303.761584][ C1] inet6_csk_xmit+0x444/0x7f0 [ 303.763119][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 303.764799][ C1] ? csum_ipv6_magic+0x299/0x320 [ 303.766408][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 303.768178][ C1] __tcp_transmit_skb+0x1d67/0x48b0 [ 303.769868][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 303.771657][ C1] ? __build_skb_around+0x278/0x390 [ 303.773334][ C1] ? get_page+0x12b/0x270 [ 303.774745][ C1] tcp_write_xmit+0x12aa/0x8710 [ 303.776444][ C1] __tcp_push_pending_frames+0xaf/0x3c0 [ 303.778274][ C1] tcp_push+0x225/0x700 [ 303.779659][ C1] tcp_sendmsg_locked+0x18a0/0x42a0 [ 303.781347][ C1] ? __lock_acquire+0x436/0x2890 [ 303.782948][ C1] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 303.784761][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 303.786389][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 303.788196][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 303.789899][ C1] tcp_sendmsg+0x2e/0x50 [ 303.791287][ C1] ? __pfx_tcp_sendmsg+0x10/0x10 [ 303.792889][ C1] inet6_sendmsg+0xb9/0x140 [ 303.794386][ C1] sock_sendmsg+0x2b3/0x470 [ 303.795865][ C1] ? __pfx_sock_sendmsg+0x10/0x10 [ 303.797566][ C1] rds_tcp_xmit+0x352/0xc40 [ 303.799037][ C1] ? __pfx_rds_tcp_xmit+0x10/0x10 [ 303.800664][ C1] ? lockdep_init_map_type+0x5c/0x270 [ 303.802377][ C1] ? __asan_memset+0x23/0x50 [ 303.803902][ C1] ? __pfx_rds_tcp_xmit+0x10/0x10 [ 303.805546][ C1] rds_send_xmit+0xfa0/0x25c0 [ 303.807166][ C1] ? __pfx_rds_send_xmit+0x10/0x10 [ 303.808843][ C1] rds_send_worker+0x8f/0x2e0 [ 303.810371][ C1] process_one_work+0x9ba/0x1b20 [ 303.811994][ C1] ? __pfx_rds_tcp_accept_worker+0x10/0x10 [ 303.813894][ C1] ? __pfx_process_one_work+0x10/0x10 [ 303.815635][ C1] ? assign_work+0x1a0/0x250 [ 303.817426][ C1] worker_thread+0x6c8/0xf10 [ 303.819159][ C1] ? __kthread_parkme+0x19e/0x250 [ 303.820836][ C1] ? __pfx_worker_thread+0x10/0x10 [ 303.822561][ C1] kthread+0x3c5/0x780 [ 303.823911][ C1] ? __pfx_kthread+0x10/0x10 [ 303.825414][ C1] ? rcu_is_watching+0x12/0xc0 [ 303.827053][ C1] ? __pfx_kthread+0x10/0x10 [ 303.828577][ C1] ret_from_fork+0x983/0xb10 [ 303.830075][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 303.831735][ C1] ? __switch_to+0x7af/0x10d0 [ 303.833281][ C1] ? __pfx_kthread+0x10/0x10 [ 303.834768][ C1] ret_from_fork_asm+0x1a/0x30 [ 303.836333][ C1] [ 303.837406][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 303.839729][ C1] CPU: 1 UID: 0 PID: 1137 Comm: kworker/u32:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 303.843222][ C1] Tainted: [L]=SOFTLOCKUP [ 303.844613][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 303.848114][ C1] Workqueue: krdsd rds_send_worker [ 303.849747][ C1] Call Trace: [ 303.850815][ C1] [ 303.851771][ C1] dump_stack_lvl+0x3d/0x1f0 [ 303.853226][ C1] vpanic+0x640/0x6f0 [ 303.854794][ C1] ? subflow_data_ready+0x40b/0x790 [ 303.856715][ C1] panic+0xca/0xd0 [ 303.857912][ C1] ? __pfx_panic+0x10/0x10 [ 303.859349][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 303.861345][ C1] check_panic_on_warn+0xab/0xb0 [ 303.863354][ C1] __warn+0x108/0x3c0 [ 303.864657][ C1] __report_bug+0x2a0/0x520 [ 303.866126][ C1] ? subflow_data_ready+0x40b/0x790 [ 303.867839][ C1] ? __pfx___report_bug+0x10/0x10 [ 303.869516][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.871391][ C1] ? mptcp_get_options+0x19c/0x2c50 [ 303.873276][ C1] ? __pfx_tcp_ack_update_rtt+0x10/0x10 [ 303.875311][ C1] ? subflow_data_ready+0x40b/0x790 [ 303.877012][ C1] report_bug+0xb2/0x220 [ 303.878393][ C1] ? subflow_data_ready+0x40b/0x790 [ 303.880255][ C1] handle_bug+0x127/0x260 [ 303.881987][ C1] exc_invalid_op+0x17/0x50 [ 303.883503][ C1] asm_exc_invalid_op+0x1a/0x20 [ 303.885078][ C1] RIP: 0010:subflow_data_ready+0x40b/0x790 [ 303.887016][ C1] Code: 89 ee e8 d8 5b 5e f6 40 84 ed 75 21 e8 8e 61 5e f6 44 89 fe bf 07 00 00 00 e8 21 5c 5e f6 41 83 ff 07 74 09 e8 76 61 5e f6 90 <0f> 0b 90 e8 6d 61 5e f6 48 89 df e8 f5 ac ff ff 31 ff 89 c5 89 c6 [ 303.893165][ C1] RSP: 0018:ffffc9000058f9e8 EFLAGS: 00010246 [ 303.895159][ C1] RAX: 0000000000000000 RBX: ffff88804ddeea00 RCX: ffffffff8b5ff51f [ 303.897729][ C1] RDX: ffff888027f00000 RSI: ffffffff8b5ff52a RDI: 0000000000000005 [ 303.900273][ C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000007 [ 303.902807][ C1] R10: 0000000000000005 R11: ffff888027f00b30 R12: ffff88806e8e9900 [ 303.905354][ C1] R13: 1ffff920000b1f3d R14: ffff88804f81dc00 R15: 0000000000000005 [ 303.907970][ C1] ? subflow_data_ready+0x3ff/0x790 [ 303.909676][ C1] ? subflow_data_ready+0x40a/0x790 [ 303.911771][ C1] ? subflow_data_ready+0x40a/0x790 [ 303.913884][ C1] ? __pfx_subflow_data_ready+0x10/0x10 [ 303.916138][ C1] ? tcp_data_ecn_check+0x54/0x740 [ 303.917946][ C1] tcp_data_ready+0x114/0x5a0 [ 303.919512][ C1] tcp_data_queue+0x1ac2/0x4ff0 [ 303.921103][ C1] ? tcp_urg+0x10f/0xb80 [ 303.922466][ C1] ? __pfx_tcp_data_queue+0x10/0x10 [ 303.924139][ C1] ? tcp_try_undo_loss+0x7f0/0x860 [ 303.925773][ C1] ? __pfx_subflow_sched_work_if_closed+0x10/0x10 [ 303.927882][ C1] tcp_rcv_state_process+0xfb6/0x6540 [ 303.929632][ C1] ? __tcp_send_ack.part.0+0x4ca/0x910 [ 303.931413][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 303.933319][ C1] ? __lock_acquire+0x436/0x2890 [ 303.934926][ C1] ? sk_filter_trim_cap+0x11a/0xde0 [ 303.936648][ C1] ? lock_acquire+0x179/0x330 [ 303.938177][ C1] ? tcp_v6_do_rcv+0x7b8/0x1dc0 [ 303.939774][ C1] tcp_v6_do_rcv+0x7b8/0x1dc0 [ 303.941315][ C1] tcp_v6_rcv+0x2ab5/0x48f0 [ 303.942809][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.944432][ C1] ? __pfx_ipvlan_skb_to_addr+0x10/0x10 [ 303.946219][ C1] ? __pfx_raw6_local_deliver+0x10/0x10 [ 303.948060][ C1] ? find_held_lock+0x2b/0x80 [ 303.949588][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 303.951177][ C1] ip6_protocol_deliver_rcu+0x188/0x1520 [ 303.953015][ C1] ip6_input_finish+0x1e4/0x4b0 [ 303.954600][ C1] ip6_input+0x105/0x2f0 [ 303.956000][ C1] ip6_rcv_finish+0x1ac/0x580 [ 303.957561][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.959272][ C1] ? __pfx_ip_sabotage_in+0x10/0x10 [ 303.960970][ C1] ip_sabotage_in+0x21e/0x290 [ 303.962539][ C1] nf_hook_slow+0xbe/0x200 [ 303.964020][ C1] nf_hook.constprop.0+0x424/0x750 [ 303.965674][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.967404][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 303.969204][ C1] ? ip6_rcv_core+0xbd4/0x1c30 [ 303.970776][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 303.972475][ C1] ? ip6_rcv_core+0xc70/0x1c30 [ 303.974021][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 303.975569][ C1] ipv6_rcv+0xa4/0x650 [ 303.976928][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 303.978457][ C1] __netif_receive_skb_one_core+0x12d/0x1e0 [ 303.980384][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 303.982417][ C1] ? lock_acquire+0x179/0x330 [ 303.983963][ C1] __netif_receive_skb+0x1d/0x160 [ 303.985610][ C1] netif_receive_skb+0x137/0x760 [ 303.987285][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 303.989063][ C1] ? br_netif_receive_skb+0xff/0x200 [ 303.990769][ C1] br_pass_frame_up+0x346/0x490 [ 303.992361][ C1] br_handle_frame_finish+0x12fe/0x1f00 [ 303.994134][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 303.996061][ C1] ? ip6t_do_table+0xc25/0x1c30 [ 303.997665][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 303.999324][ C1] ? nf_hook_slow+0x132/0x200 [ 304.000839][ C1] br_nf_hook_thresh+0x307/0x410 [ 304.002436][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 304.004366][ C1] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 304.006121][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 304.008072][ C1] ? __pfx_nf_nat_ipv6_in+0x10/0x10 [ 304.009775][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 304.011707][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 304.013608][ C1] br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 [ 304.015551][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 304.017450][ C1] br_nf_pre_routing_ipv6+0x3cd/0x8c0 [ 304.019197][ C1] ? __pfx_br_nf_pre_routing_ipv6+0x10/0x10 [ 304.021117][ C1] ? lock_acquire+0x179/0x330 [ 304.022654][ C1] ? __pfx_br_nf_pre_routing_finish_ipv6+0x10/0x10 [ 304.024750][ C1] ? net_generic+0xea/0x2a0 [ 304.026253][ C1] br_nf_pre_routing+0x860/0x15b0 [ 304.027956][ C1] br_handle_frame+0xb28/0x14e0 [ 304.029542][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 304.031271][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 304.033201][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 304.034918][ C1] __netif_receive_skb_core.constprop.0+0x6b3/0x35b0 [ 304.037107][ C1] ? __pfx_raw6_local_deliver+0x10/0x10 [ 304.038907][ C1] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 304.041180][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 304.042766][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 304.044393][ C1] ? ip6_protocol_deliver_rcu+0xcda/0x1520 [ 304.046284][ C1] ? find_held_lock+0x2b/0x80 [ 304.047847][ C1] ? __lock_acquire+0x436/0x2890 [ 304.049511][ C1] ? process_backlog+0x450/0x1650 [ 304.051132][ C1] __netif_receive_skb_one_core+0xb0/0x1e0 [ 304.053051][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 304.055118][ C1] ? lock_acquire+0x179/0x330 [ 304.056692][ C1] ? process_backlog+0x450/0x1650 [ 304.058349][ C1] __netif_receive_skb+0x1d/0x160 [ 304.059989][ C1] process_backlog+0x4a2/0x1650 [ 304.061699][ C1] __napi_poll.constprop.0+0xb3/0x540 [ 304.063894][ C1] net_rx_action+0x9f9/0xfa0 [ 304.065465][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 304.067210][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 304.068883][ C1] ? sched_clock+0x38/0x60 [ 304.070349][ C1] ? sched_clock_cpu+0x6c/0x530 [ 304.071958][ C1] ? mark_held_locks+0x49/0x80 [ 304.073543][ C1] handle_softirqs+0x219/0x950 [ 304.075100][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 304.076873][ C1] ? irqtime_account_irq+0x18d/0x2e0 [ 304.078691][ C1] ? __dev_queue_xmit+0x782/0x4650 [ 304.080542][ C1] do_softirq+0xb2/0xf0 [ 304.081923][ C1] [ 304.082896][ C1] [ 304.083894][ C1] __local_bh_enable_ip+0x100/0x120 [ 304.085573][ C1] ? __dev_queue_xmit+0x782/0x4650 [ 304.087292][ C1] __dev_queue_xmit+0x797/0x4650 [ 304.088945][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 304.090678][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 304.092409][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 304.094112][ C1] ? __lock_acquire+0x436/0x2890 [ 304.095759][ C1] ? nf_nat_ipv6_fn+0xff/0x2e0 [ 304.097343][ C1] ? find_held_lock+0x2b/0x80 [ 304.098876][ C1] ? __asan_memcpy+0x3c/0x60 [ 304.100401][ C1] ? eth_header+0x11c/0x1f0 [ 304.101907][ C1] neigh_resolve_output+0x53a/0x940 [ 304.103611][ C1] ip6_finish_output2+0xad1/0x1cf0 [ 304.105281][ C1] __ip6_finish_output+0x3cd/0x1010 [ 304.107039][ C1] ip6_output+0x253/0x710 [ 304.108470][ C1] ip6_xmit+0x1512/0x23f0 [ 304.109879][ C1] ? ip6_dst_check+0x352/0x950 [ 304.111462][ C1] ? __pfx_ip6_xmit+0x10/0x10 [ 304.113005][ C1] ? __sk_dst_check+0xa6/0x350 [ 304.114577][ C1] inet6_csk_xmit+0x444/0x7f0 [ 304.116119][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 304.117830][ C1] ? csum_ipv6_magic+0x299/0x320 [ 304.119480][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 304.121153][ C1] __tcp_transmit_skb+0x1d67/0x48b0 [ 304.122849][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 304.124739][ C1] ? __build_skb_around+0x278/0x390 [ 304.126533][ C1] ? get_page+0x12b/0x270 [ 304.128565][ C1] tcp_write_xmit+0x12aa/0x8710 [ 304.130740][ C1] __tcp_push_pending_frames+0xaf/0x3c0 [ 304.133169][ C1] tcp_push+0x225/0x700 [ 304.134998][ C1] tcp_sendmsg_locked+0x18a0/0x42a0 [ 304.137264][ C1] ? __lock_acquire+0x436/0x2890 [ 304.139377][ C1] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 304.141714][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 304.143917][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 304.146388][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 304.148657][ C1] tcp_sendmsg+0x2e/0x50 [ 304.150450][ C1] ? __pfx_tcp_sendmsg+0x10/0x10 [ 304.152613][ C1] inet6_sendmsg+0xb9/0x140 [ 304.154571][ C1] sock_sendmsg+0x2b3/0x470 [ 304.156585][ C1] ? __pfx_sock_sendmsg+0x10/0x10 [ 304.158782][ C1] rds_tcp_xmit+0x352/0xc40 [ 304.160365][ C1] ? __pfx_rds_tcp_xmit+0x10/0x10 [ 304.161962][ C1] ? lockdep_init_map_type+0x5c/0x270 [ 304.163676][ C1] ? __asan_memset+0x23/0x50 [ 304.165160][ C1] ? __pfx_rds_tcp_xmit+0x10/0x10 [ 304.166808][ C1] rds_send_xmit+0xfa0/0x25c0 [ 304.168329][ C1] ? __pfx_rds_send_xmit+0x10/0x10 [ 304.169963][ C1] rds_send_worker+0x8f/0x2e0 [ 304.171470][ C1] process_one_work+0x9ba/0x1b20 [ 304.173048][ C1] ? __pfx_rds_tcp_accept_worker+0x10/0x10 [ 304.174893][ C1] ? __pfx_process_one_work+0x10/0x10 [ 304.176639][ C1] ? assign_work+0x1a0/0x250 [ 304.178122][ C1] worker_thread+0x6c8/0xf10 [ 304.179616][ C1] ? __kthread_parkme+0x19e/0x250 [ 304.181329][ C1] ? __pfx_worker_thread+0x10/0x10 [ 304.182995][ C1] kthread+0x3c5/0x780 [ 304.184352][ C1] ? __pfx_kthread+0x10/0x10 [ 304.185845][ C1] ? rcu_is_watching+0x12/0xc0 [ 304.187435][ C1] ? __pfx_kthread+0x10/0x10 [ 304.188914][ C1] ret_from_fork+0x983/0xb10 [ 304.190401][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 304.192042][ C1] ? __switch_to+0x7af/0x10d0 [ 304.193544][ C1] ? __pfx_kthread+0x10/0x10 [ 304.195016][ C1] ret_from_fork_asm+0x1a/0x30 [ 304.196606][ C1] [ 304.198357][ C1] Kernel Offset: disabled [ 304.199750][ C1] Rebooting in 86400 seconds..