last executing test programs: 2m47.461896216s ago: executing program 2 (id=707): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r0 = userfaultfd(0x1) socket$inet(0x2, 0x2, 0x0) madvise(&(0x7f0000c89000/0x3000)=nil, 0x3000, 0x17) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 2m45.094433438s ago: executing program 2 (id=717): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) r4 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r5) r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) madvise(&(0x7f0000cc8000/0x3000)=nil, 0x3000, 0x17) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7fffffff, &(0x7f0000000340)=[{0x400, 0x6, 0xffffffffffffeffc}, {0xeb, 0x4, 0x8}], 0x2, 0x201, 0x29, 0x2}) sendmsg$NL80211_CMD_SET_REG(r5, &(0x7f0000000080)={0xfffffffffffffffe, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x20, r6, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4082) 2m43.870670953s ago: executing program 2 (id=722): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000000)=0x7) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x20000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2m41.469731787s ago: executing program 2 (id=728): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) syz_open_dev$radio(0x0, 0x2, 0x2) gettid() open(0x0, 0x44542, 0xc2) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) 2m40.438872991s ago: executing program 2 (id=733): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) write$binfmt_misc(r4, &(0x7f0000000300), 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 2m39.935945093s ago: executing program 2 (id=734): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e", 0x51, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m24.718585065s ago: executing program 32 (id=734): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e", 0x51, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m24.802057694s ago: executing program 1 (id=892): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r4, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x0) syz_usb_connect(0x0, 0x107, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4040004) 1m19.531679019s ago: executing program 1 (id=898): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = syz_io_uring_setup(0x10f, &(0x7f0000000440)={0x0, 0x242, 0x0, 0x2}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) epoll_create1(0x0) r4 = socket$unix(0x1, 0x1, 0x0) close(r4) socket(0x2, 0x6, 0x0) setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x10, 0x7fffffff}, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0xfffffffe}, 0x10) 1m17.464291085s ago: executing program 1 (id=902): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x3f) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) mmap$fb(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000004, 0x13, r2, 0x2b000) connect$netrom(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r3, &(0x7f00005f5000)={0x0, 0x0, 0x0}, 0x0) 1m12.527566624s ago: executing program 1 (id=909): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r4, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x0) syz_usb_connect(0x0, 0x107, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4040004) 1m8.995061457s ago: executing program 1 (id=918): pipe2$9p(0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r3, &(0x7f0000000d40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000040)='\b', 0x1}], 0x1}}], 0x1, 0x1405c891) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000140), 0x4) 1m6.202308721s ago: executing program 1 (id=920): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) socket$inet_udplite(0x2, 0x2, 0x88) socket$kcm(0x10, 0x400000002, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, 0x0, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001180)={&(0x7f00000011c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @loopback, 0x5}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r5, 0x29, 0x41, 0x0, 0x0) eventfd(0x9) r6 = socket(0x2b, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x2, 0x0, 0x1}, 0x20) 50.622949663s ago: executing program 33 (id=920): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) socket$inet_udplite(0x2, 0x2, 0x88) socket$kcm(0x10, 0x400000002, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, 0x0, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001180)={&(0x7f00000011c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @loopback, 0x5}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r5, 0x29, 0x41, 0x0, 0x0) eventfd(0x9) r6 = socket(0x2b, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x2, 0x0, 0x1}, 0x20) 18.303517354s ago: executing program 5 (id=992): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) writev(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) mount(0x0, 0x0, 0x0, 0x100000, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20048840) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f36f0c7eb2700d609bcf41076d88144448ebe7994dd1b33d7c8787734cc315672f62261ceeede940774fd94d2767288cfb3a20882449d601ff878eedd3d57c9eb3a723b62102bd534c8a304a975d752e82cc8d5f969771c94a1d69cfd8694e29b9468fca5df65ece31ed7c209325604001fcd06adc3ac391f60a3523d6d0b4a8a41d39b78057b7b3c16c91cbbadefcf9ec61259915a0e5d03c1403e5fb5424d07d479b047e9a9858276c82b3829ac35ec93de49fc08ecc8ddd27dc63b63ab836f519ac4e7a2769856d1841cd2a8"], 0x310) 18.263249843s ago: executing program 0 (id=993): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc040564a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$audio1(0xffffffffffffff9c, 0x0, 0x129082, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r3, 0x0, 0x0) connect$unix(r3, 0x0, 0x0) bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x50) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a3100000000050001000700"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0) 16.635391073s ago: executing program 5 (id=994): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x81) sendfile(r0, r0, 0x0, 0xb) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000faeba77740f3ff27", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000540)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') ppoll(&(0x7f0000000000)=[{r4, 0x2030}], 0x1, 0x0, 0x0, 0x0) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f00000005c0)={0x8, 0x70, 0x80000, {r4}}, 0x20) 15.36508298s ago: executing program 3 (id=995): r0 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f00000004c0)="183a", 0x2, 0xfffffffffffffffd) keyctl$revoke(0x3, r0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) add_key(&(0x7f0000000640)='user\x00', &(0x7f0000000680)={'syz', 0x1}, &(0x7f00000006c0), 0x0, 0xfffffffffffffffd) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) r5 = syz_io_uring_setup(0xec8, &(0x7f0000000c00)={0x0, 0x0, 0x2}, &(0x7f0000000500)=0x0, &(0x7f0000000100)) r7 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_REGISTER(r7, &(0x7f00000000c0), 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r5, 0x2f67, 0x10a5, 0x3, &(0x7f0000000000), 0x8) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x8000000003, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c707a16c1ca43f80026d1a8554fe581b59ded130e04d72853937f037e57704c6a43cadce5df8a69ea917deb7ba193b3e7772fd29f35239d200", '$\x00'}}) r8 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r8, 0x40086602, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) futex(&(0x7f0000000140), 0xa, 0x0, 0x0, 0x0, 0x1) 14.525812104s ago: executing program 0 (id=997): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0) socket$inet(0x2, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x693, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) sendmsg$nl_generic(r4, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') read$FUSE(r5, &(0x7f00000082c0)={0x2020}, 0x2020) 13.456502803s ago: executing program 0 (id=998): rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8) 12.075057034s ago: executing program 0 (id=1001): openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x801) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f00000002c0)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r3, &(0x7f0000000040)="b9", 0x1, 0x0, 0x0, 0xfffffffffffffe87) 12.073291018s ago: executing program 3 (id=1002): socket$inet(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="8000000002000200080004004400000008001b"], 0x30}}, 0x0) 10.440700556s ago: executing program 4 (id=1003): socket(0x8000000010, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$null(0xffffffffffffff9c, 0x0, 0x200003, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x5}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fanotify_init(0x10, 0x101000) r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x40000) ioctl$VIDIOC_QUERYMENU(r4, 0xc02c5625, &(0x7f00000000c0)={0x5, 0xfff, @name="ba977d2ecf6ec0fa8a2f6b53c453a307e51eaf1cbc7b2096fcdbec95b1d60367"}) socket$inet_tcp(0x2, 0x1, 0x0) 10.41706268s ago: executing program 3 (id=1004): socket$nl_netfilter(0x10, 0x3, 0xc) epoll_create1(0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000002c0), &(0x7f0000000240)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x38, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) syncfs(0xffffffffffffffff) 9.012005961s ago: executing program 5 (id=1005): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r2, 0x0}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1807000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000030000001800000000000000000000000000000095000000000800009500000000000000ae547f68f67f9a5a6182de83da3dd768d58ec424571e194d861602c086e382c4038945a74a0dd202ad2363540e2737a9f2"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x7], [0x0, 0x0, 0x2], [0x0, 0x0, 0x1, 0x1]}) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r6 = dup(r5) sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0) 8.062441934s ago: executing program 4 (id=1006): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) read(r4, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) rename(&(0x7f0000000140)='./file1\x00', 0x0) r5 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, 0x0, &(0x7f00000008c0)) socket$kcm(0x2, 0xa, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x4a301, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r0) 8.050453831s ago: executing program 3 (id=1007): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) socket(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) r2 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) setsockopt$inet_sctp_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0xa) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, r2) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) listen(r4, 0x100003) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) accept4$x25(r3, 0x0, 0x0, 0x80800) 8.042490536s ago: executing program 0 (id=1008): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400000c66d34c80c31b63da93009c3949c71c73a2bc0000"], 0x24}}, 0x40) syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x8000) keyctl$update(0x2, 0x0, &(0x7f0000000580)="4c7b3dc1fc7b35e85ce08fa5b36aa2d6313bb2211213005b447f3e8eed5f2b0fae25b9a1c3d135d36140decc38811b074636356064288d34b862c5985a3bdb17842ee17f2b015f1c02e08cc6634453b0da086701c446d6cb4e65bb16531eb139602c582fa522c9ed2a4b", 0x6a) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0xc048aec8, &(0x7f0000000980)={0x4, 0x0, @pic={0x52, 0x9, 0x2, 0x6, 0xbf, 0x4, 0xb, 0x6, 0x3, 0x1, 0x3, 0x23, 0xf, 0x0, 0x4e, 0x8}}) 5.785906151s ago: executing program 3 (id=1009): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioprio_set$pid(0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xd, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)=@newlink={0x38, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffc0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.563052636s ago: executing program 5 (id=1010): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x9, 0x4, 0x1, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070056060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 5.466157244s ago: executing program 4 (id=1011): rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8) 4.672052361s ago: executing program 0 (id=1012): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r2, 0x0, 0x8, 0x0) sched_setattr(r2, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x3, 0xf, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0xb1}, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x286}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r3, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) 3.819053933s ago: executing program 5 (id=1013): sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r2 = gettid() r3 = epoll_create(0x20003fd) r4 = eventfd(0x0) kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r4, &(0x7f0000000080)={r3, r4}) 3.767869386s ago: executing program 3 (id=1014): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0xfffffffffffffead, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x3}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) 3.6999621s ago: executing program 4 (id=1015): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_getattr(r0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) memfd_create(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 2.706739495s ago: executing program 5 (id=1016): socket$nl_netfilter(0x10, 0x3, 0xc) epoll_create1(0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000002c0), &(0x7f0000000240)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x38, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) syncfs(0xffffffffffffffff) 1.216669899s ago: executing program 4 (id=1017): ioperm(0xa891, 0x20, 0x80007ff) pipe2(0x0, 0x0) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, &(0x7f0000000240)={0x3, @bcast, 0xee00}) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, 0x0) gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x4, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, 0x0, 0x0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) connect$inet6(0xffffffffffffffff, 0x0, 0x0) accept4(r3, 0x0, 0x0, 0x80800) 0s ago: executing program 4 (id=1018): r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0x40405515, &(0x7f0000000000)=0x3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2f, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000700), 0x10000, 0xb5c21415486bcbc2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) syz_io_uring_setup(0x1f87, 0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) socket$key(0xf, 0x3, 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0) kernel console output (not intermixed with test programs): 5][ T5834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.990683][ T5829] Bluetooth: hci2: command tx timeout [ 96.016098][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.026101][ T5825] veth0_vlan: entered promiscuous mode [ 96.041190][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.089516][ T5825] veth1_vlan: entered promiscuous mode [ 96.108408][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.123826][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.169367][ T5828] veth0_macvtap: entered promiscuous mode [ 96.226774][ T5828] veth1_macvtap: entered promiscuous mode [ 96.303026][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.306829][ T5825] veth0_macvtap: entered promiscuous mode [ 96.345436][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.351979][ T5825] veth1_macvtap: entered promiscuous mode [ 96.360694][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.414702][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.444803][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.459496][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.473879][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.487215][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.498284][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.508185][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.518739][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.534358][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.004136][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.015977][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.062889][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.074132][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.084488][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.095304][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.106165][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.117527][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.130679][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.147687][ T5911] tunl0: entered allmulticast mode [ 97.158772][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.170011][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.185920][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.196530][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.206421][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.217849][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.227794][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.238472][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.251833][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.265867][ T5912] tunl0: left allmulticast mode [ 97.286856][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.303736][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.320266][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.329824][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.354075][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.386838][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.393841][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.429124][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.439410][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.452255][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.463656][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.474253][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.485316][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.495881][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.903208][ T5829] Bluetooth: hci0: command tx timeout [ 97.985435][ T5838] Bluetooth: hci4: command tx timeout [ 97.992354][ T5829] Bluetooth: hci3: command tx timeout [ 98.011975][ T5877] IPVS: starting estimator thread 0... [ 98.032922][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.071139][ T5838] Bluetooth: hci1: command tx timeout [ 98.079574][ T5829] Bluetooth: hci2: command tx timeout [ 98.084244][ T5825] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.109963][ T5920] IPVS: using max 27 ests per chain, 64800 per kthread [ 98.127377][ T5825] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.137392][ T5825] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.146901][ T5825] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.345413][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.366216][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.460470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.846595][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.155653][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.164701][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.258146][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.267447][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.641872][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.950805][ T5934] program syz.2.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 100.230278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.239763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 100.894968][ T5948] mmap: syz.1.9 (5948) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.749925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.758590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.767517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 101.844039][ T4138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.868795][ T4138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.764022][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4'. [ 103.535870][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.569195][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.000230][ T5902] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 104.085995][ T5983] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 104.116453][ T5991] netlink: 20 bytes leftover after parsing attributes in process `syz.0.19'. [ 104.151887][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19'. [ 104.190876][ T5902] usb 4-1: Using ep0 maxpacket: 8 [ 104.215782][ T5902] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 104.255398][ T5902] usb 4-1: config 6 has no interface number 0 [ 104.264073][ T5983] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 104.289488][ T5983] usb 2-1: config 0 has no interface number 0 [ 104.447632][ T5829] Bluetooth: hci2: ACL packet too small [ 104.501760][ T5902] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 104.520728][ T5983] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 104.780460][ T5999] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.128685][ T5902] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 105.161299][ T5983] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 105.191635][ T5902] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 105.208709][ T5983] usb 2-1: config 0 interface 255 has no altsetting 0 [ 105.501221][ T6005] xt_TCPMSS: Only works on TCP SYN packets [ 106.061106][ T5902] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 106.098874][ T5983] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 106.122791][ T5902] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 106.122836][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.122858][ T5902] usb 4-1: Product: syz [ 106.122874][ T5902] usb 4-1: Manufacturer: syz [ 106.122890][ T5902] usb 4-1: SerialNumber: syz [ 106.138831][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.138863][ T5983] usb 2-1: Product: syz [ 106.138880][ T5983] usb 2-1: Manufacturer: syz [ 106.138897][ T5983] usb 2-1: SerialNumber: syz [ 106.175136][ T5983] usb 2-1: config 0 descriptor?? [ 106.195543][ T5902] hso 4-1:6.2: Failed to find BULK IN ep [ 106.402618][ T47] usb 4-1: USB disconnect, device number 2 [ 106.417530][ T5902] usb 2-1: USB disconnect, device number 2 [ 106.470533][ T5879] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 106.620086][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 106.636115][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.668347][ T5879] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 106.688675][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.710391][ T5879] usb 5-1: Product: syz [ 106.720154][ T5879] usb 5-1: Manufacturer: syz [ 106.727892][ T5879] usb 5-1: SerialNumber: syz [ 106.743910][ T5879] usb 5-1: config 0 descriptor?? [ 106.774325][ T5879] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 106.790719][ T5879] usb 5-1: selecting invalid altsetting 1 [ 107.224234][ T5902] usb 5-1: USB disconnect, device number 2 [ 107.659992][ T5879] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 107.830849][ T6032] infiniband syz0: set active [ 107.835794][ T6032] infiniband syz0: added bond0 [ 107.870583][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 107.886606][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 108.031132][ T6032] RDS/IB: syz0: added [ 108.041129][ T5879] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 108.042534][ T6032] smc: adding ib device syz0 with port count 1 [ 108.095238][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAE, changing to 0x8E [ 108.114242][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 51986, setting to 1024 [ 108.127435][ T5879] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 108.175582][ T5879] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e [ 108.204178][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.339896][ T5879] usb 4-1: Product: syz [ 108.343670][ T6032] smc: ib device syz0 port 1 has pnetid [ 108.354394][ T5879] usb 4-1: Manufacturer: syz [ 108.359103][ T5879] usb 4-1: SerialNumber: syz [ 108.406538][ T5879] usb 4-1: config 0 descriptor?? [ 108.613766][ T6035] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 108.623083][ T6049] netlink: 'syz.2.30': attribute type 1 has an invalid length. [ 108.654711][ T5879] usbtest 4-1:0.0: Linux user mode test driver [ 108.673044][ T5879] usbtest 4-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 109.413985][ T6051] tty tty29: ldisc open failed (-12), clearing slot 28 [ 109.654526][ T5902] usb 4-1: USB disconnect, device number 3 [ 111.258661][ T6075] netlink: 'syz.0.36': attribute type 1 has an invalid length. [ 111.369972][ T5902] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 111.384855][ T5879] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 111.553481][ T5902] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 111.563431][ T5879] usb 4-1: config 0 has an invalid interface number: 74 but max is 1 [ 111.587534][ T5879] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.588464][ T5902] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.608610][ T5879] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 111.618396][ T5902] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 111.644816][ T5879] usb 4-1: config 0 has no interface number 0 [ 111.663197][ T5879] usb 4-1: config 0 interface 74 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 111.677883][ T5902] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.705746][ T5879] usb 4-1: config 0 interface 74 altsetting 0 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 111.707423][ T5902] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 111.738454][ T5879] usb 4-1: config 0 interface 74 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 111.747795][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 111.768225][ T5902] usb 3-1: Product: syz [ 111.769675][ T5879] usb 4-1: config 0 interface 74 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 111.772956][ T5902] usb 3-1: Manufacturer: syz [ 112.244880][ T5879] usb 4-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=de.66 [ 112.265731][ T5902] cdc_wdm 3-1:1.0: skipping garbage [ 112.271361][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.279212][ T5902] cdc_wdm 3-1:1.0: skipping garbage [ 112.279364][ T5879] usb 4-1: Product: syz [ 112.285258][ T5902] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 112.300262][ T5880] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 112.346003][ T5879] usb 4-1: Manufacturer: syz [ 112.356044][ T5879] usb 4-1: SerialNumber: syz [ 112.375215][ T5879] usb 4-1: config 0 descriptor?? [ 112.499837][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 112.513858][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 112.531397][ T5880] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 112.612835][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x3D, changing to 0xD [ 112.626419][ T5902] usb 3-1: USB disconnect, device number 2 [ 112.639832][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 19, changing to 7 [ 112.661974][ T5879] cypress_m8 4-1:0.74: HID->COM RS232 Adapter converter detected [ 112.688697][ T5880] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e [ 112.728927][ T5879] usb 4-1: HID->COM RS232 Adapter converter now attached to ttyUSB0 [ 112.748636][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.757329][ T5880] usb 1-1: Product: syz [ 112.777348][ T5880] usb 1-1: Manufacturer: syz [ 112.787504][ T5879] usb 4-1: USB disconnect, device number 4 [ 112.793931][ T5880] usb 1-1: SerialNumber: syz [ 112.819473][ T5880] usb 1-1: config 0 descriptor?? [ 112.833043][ T5879] cyphidcom ttyUSB0: HID->COM RS232 Adapter converter now disconnected from ttyUSB0 [ 112.852621][ T5880] usbtest 1-1:0.0: couldn't get endpoints, -22 [ 112.863543][ T5879] cypress_m8 4-1:0.74: device disconnected [ 112.874511][ T5880] usbtest 1-1:0.0: probe with driver usbtest failed with error -22 [ 113.097775][ T5879] usb 1-1: USB disconnect, device number 2 [ 113.338037][ T6118] netlink: 'syz.2.46': attribute type 1 has an invalid length. [ 113.356964][ T6118] netlink: 'syz.2.46': attribute type 2 has an invalid length. [ 113.420015][ T6120] netlink: 24 bytes leftover after parsing attributes in process `syz.4.48'. [ 113.447684][ T6120] netlink: 24 bytes leftover after parsing attributes in process `syz.4.48'. [ 114.447404][ T6130] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.519558][ T6134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.755329][ T6134] bond0: (slave sit0): The slave device specified does not support setting the MAC address [ 114.840347][ T6135] netlink: 16 bytes leftover after parsing attributes in process `syz.0.51'. [ 114.920496][ T6134] bond0: (slave sit0): Error -95 calling set_mac_address [ 115.370037][ T6151] netlink: 'syz.4.58': attribute type 1 has an invalid length. [ 115.472487][ T6130] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 115.484884][ T6130] batman_adv: batadv0: Adding interface: ip6gretap1 [ 115.491616][ T6130] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.517604][ T6130] batman_adv: batadv0: Interface activated: ip6gretap1 [ 115.584601][ T6157] netlink: 'syz.1.59': attribute type 1 has an invalid length. [ 115.664349][ T6161] netlink: 'syz.3.61': attribute type 1 has an invalid length. [ 115.699464][ T6161] netlink: 'syz.3.61': attribute type 2 has an invalid length. [ 115.730976][ T5829] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 115.861432][ T5983] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 116.039803][ T5983] usb 3-1: Using ep0 maxpacket: 32 [ 116.066385][ T5983] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.098889][ T6181] netlink: 'syz.1.67': attribute type 11 has an invalid length. [ 116.103110][ T5983] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.113505][ T6181] netlink: 244 bytes leftover after parsing attributes in process `syz.1.67'. [ 116.160506][ T5983] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 116.187103][ T5983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.245223][ T5983] usb 3-1: config 0 descriptor?? [ 116.272716][ T5983] hub 3-1:0.0: USB hub found [ 116.486392][ T5983] hub 3-1:0.0: 1 port detected [ 116.579749][ T5879] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 116.702671][ T6207] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.714680][ T5983] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 116.714760][ T5983] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 116.720532][ T5983] usbhid 3-1:0.0: can't add hid device: -71 [ 116.789836][ T5879] usb 2-1: Using ep0 maxpacket: 8 [ 116.869360][ T6210] netlink: 80 bytes leftover after parsing attributes in process `syz.4.77'. [ 117.617410][ T5879] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.617451][ T5879] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 117.617471][ T5879] usb 2-1: config 0 interface 0 has no altsetting 0 [ 117.617495][ T5879] usb 2-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 117.617511][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.628744][ T5879] usb 2-1: config 0 descriptor?? [ 117.639658][ T30] audit: type=1326 audit(1743515989.596:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6204 comm="syz.4.77" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x0 [ 117.667680][ T5983] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 117.736970][ T5983] usb 3-1: USB disconnect, device number 3 [ 118.137448][ T6209] tty tty28: ldisc open failed (-12), clearing slot 27 [ 118.144305][ T5879] chicony 0003:04F2:1421.0001: hidraw0: USB HID v0.02 Device [HID 04f2:1421] on usb-dummy_hcd.1-1/input0 [ 118.316766][ T5879] usb 2-1: USB disconnect, device number 3 [ 118.381001][ T5902] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 118.440457][ T6227] netlink: 'syz.0.80': attribute type 1 has an invalid length. [ 118.468515][ T6227] netlink: 'syz.0.80': attribute type 2 has an invalid length. [ 118.550124][ T5902] usb 3-1: Using ep0 maxpacket: 16 [ 118.566348][ T5902] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 118.585733][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.616090][ T5902] usb 3-1: Product: syz [ 118.631589][ T5902] usb 3-1: Manufacturer: syz [ 118.660185][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.82'. [ 118.666861][ T5902] usb 3-1: SerialNumber: syz [ 118.696293][ T5902] r8152-cfgselector 3-1: Unknown version 0x0000 [ 118.719673][ T5902] r8152-cfgselector 3-1: config 0 descriptor?? [ 118.738667][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.82'. [ 118.764983][ T6230] ip6gretap1: entered allmulticast mode [ 118.956306][ T5902] r8152-cfgselector 3-1: Needed 1 retries to read version [ 119.000381][ T5902] r8152-cfgselector 3-1: Unknown version 0x0000 [ 119.007527][ T5902] r8152-cfgselector 3-1: bad CDC descriptors [ 119.164627][ T47] r8152-cfgselector 3-1: USB disconnect, device number 4 [ 119.408339][ T6253] syz.4.88 uses obsolete (PF_INET,SOCK_PACKET) [ 119.820881][ T5829] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 119.829324][ T5829] Bluetooth: hci3: Injecting HCI hardware error event [ 119.837942][ T5829] Bluetooth: hci3: hardware error 0x00 [ 120.403755][ T6292] netlink: 192 bytes leftover after parsing attributes in process `syz.1.103'. [ 120.456586][ T6292] netlink: 48 bytes leftover after parsing attributes in process `syz.1.103'. [ 120.580739][ T5902] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 120.759425][ T5902] usb 5-1: Using ep0 maxpacket: 32 [ 120.778388][ T5902] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.838018][ T5902] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.838092][ T6306] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 120.854555][ T6306] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 120.874225][ T5902] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 120.932219][ T5902] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.941284][ T6306] vhci_hcd vhci_hcd.0: Device attached [ 120.959758][ T47] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 120.972927][ T6307] vhci_hcd: connection closed [ 120.975025][ T5902] hub 5-1:4.0: USB hub found [ 120.991368][ T148] vhci_hcd: stop threads [ 121.003000][ T148] vhci_hcd: release socket [ 121.015605][ T148] vhci_hcd: disconnect device [ 121.144574][ T47] usb 2-1: Using ep0 maxpacket: 32 [ 121.156108][ T47] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 121.168480][ T47] usb 2-1: config 0 has no interface number 0 [ 121.186085][ T47] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.198155][ T5902] hub 5-1:4.0: config failed, hub has too many ports! (err -19) [ 121.216230][ T47] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.256850][ T47] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 121.256888][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.273415][ T47] usb 2-1: config 0 descriptor?? [ 121.387571][ T6321] netlink: 68 bytes leftover after parsing attributes in process `syz.2.110'. [ 121.530170][ T5902] usb 5-1: USB disconnect, device number 3 [ 121.738868][ T6326] netlink: 'syz.2.111': attribute type 9 has an invalid length. [ 121.777763][ T6326] netlink: 'syz.2.111': attribute type 2 has an invalid length. [ 121.799771][ T6326] netlink: 'syz.2.111': attribute type 8 has an invalid length. [ 121.887684][ T47] uclogic 0003:28BD:0094.0002: failed retrieving string descriptor #100: -71 [ 122.006297][ T6331] netlink: 80 bytes leftover after parsing attributes in process `syz.3.112'. [ 122.797378][ T5829] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 122.810255][ T47] uclogic 0003:28BD:0094.0002: failed retrieving pen parameters: -71 [ 122.810304][ T47] uclogic 0003:28BD:0094.0002: pen probing failed: -71 [ 122.810330][ T47] uclogic 0003:28BD:0094.0002: failed probing parameters: -71 [ 122.810444][ T47] uclogic 0003:28BD:0094.0002: probe with driver uclogic failed with error -71 [ 122.847854][ T47] usb 2-1: USB disconnect, device number 4 [ 123.157872][ T5902] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 123.351493][ T5902] usb 3-1: Using ep0 maxpacket: 32 [ 123.381720][ T5902] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.425231][ T5902] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 123.459129][ T6345] ubi31: attaching mtd0 [ 123.466718][ T5902] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.479773][ T6345] ubi31 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80) [ 123.508372][ T5902] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 123.548706][ T5902] usb 3-1: config 1 interface 1 has no altsetting 0 [ 123.577266][ T5902] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.593151][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.618098][ T5902] usb 3-1: Product: syz [ 123.628721][ T5902] usb 3-1: Manufacturer: syz [ 123.644402][ T5902] usb 3-1: SerialNumber: syz [ 123.890367][ T5902] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 124.047042][ T5902] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 124.546695][ T6366] netlink: 'syz.3.126': attribute type 25 has an invalid length. [ 124.588869][ T6366] Zero length message leads to an empty skb [ 124.719825][ T5902] usb 3-1: USB disconnect, device number 5 [ 125.039916][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 125.047617][ T5983] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 125.049234][ T6382] netlink: 'syz.4.132': attribute type 1 has an invalid length. [ 125.102889][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 125.104640][ T6382] netlink: 'syz.4.132': attribute type 2 has an invalid length. [ 125.652879][ T5983] usb 4-1: Using ep0 maxpacket: 16 [ 125.678191][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 125.707127][ T5983] usb 4-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 125.721302][ T10] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 125.732547][ T5983] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.746487][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.798713][ T5983] usb 4-1: Product: syz [ 125.805896][ T10] usb 1-1: Product: syz [ 125.812559][ T5983] usb 4-1: Manufacturer: syz [ 125.819184][ T10] usb 1-1: Manufacturer: syz [ 125.828074][ T5983] usb 4-1: SerialNumber: syz [ 125.836216][ T10] usb 1-1: SerialNumber: syz [ 125.845536][ T5983] usb 4-1: config 0 descriptor?? [ 125.854133][ T10] usb 1-1: config 0 descriptor?? [ 125.867753][ T5983] as10x_usb: device has been detected [ 125.889569][ T5983] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 125.969283][ T5983] usb 4-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 126.033358][ T5983] as10x_usb: error during firmware upload part1 [ 126.041257][ T5983] Registered device Sky IT Digital Key (green led) [ 126.050235][ T978] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 126.062050][ T6390] __vm_enough_memory: pid: 6390, comm: syz.1.135, bytes: 21200602025984 not enough memory for the allocation [ 126.106245][ T6374] random: crng reseeded on system resumption [ 126.335199][ T5983] usb 4-1: USB disconnect, device number 5 [ 126.343632][ T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 126.356292][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 126.374321][ T5983] Unregistered device Sky IT Digital Key (green led) [ 126.376374][ T5983] as10x_usb: device has been disconnected [ 126.397341][ T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 126.408856][ T10] usb 1-1: media controller created [ 126.454222][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 126.470468][ T978] usb 5-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 126.509395][ T978] usb 5-1: config 0 interface 0 has no altsetting 0 [ 126.516327][ T978] usb 5-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 126.525883][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.543004][ T978] usb 5-1: config 0 descriptor?? [ 126.602766][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 126.637349][ T10] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 126.660493][ T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 126.690015][ T10] usb 1-1: USB disconnect, device number 3 [ 126.820589][ T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 126.968843][ T978] waltop 0003:172F:0500.0003: item fetching failed at offset 0/3 [ 127.008693][ T978] waltop 0003:172F:0500.0003: probe with driver waltop failed with error -22 [ 127.179758][ T978] usb 5-1: USB disconnect, device number 4 [ 127.357548][ T6403] netlink: 'syz.1.141': attribute type 8 has an invalid length. [ 127.380381][ T6405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.143'. [ 127.578395][ T6414] netlink: 'syz.3.145': attribute type 1 has an invalid length. [ 127.610393][ T6414] netlink: 'syz.3.145': attribute type 2 has an invalid length. [ 128.067624][ T30] audit: type=1326 audit(1743516000.786:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.129814][ T30] audit: type=1326 audit(1743516000.786:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.217078][ T30] audit: type=1326 audit(1743516000.816:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.308589][ T30] audit: type=1326 audit(1743516000.816:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.396788][ T30] audit: type=1326 audit(1743516000.816:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.423843][ T30] audit: type=1326 audit(1743516000.816:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.496772][ T30] audit: type=1326 audit(1743516000.816:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 128.519919][ T978] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 129.320939][ T6458] netlink: 'syz.3.165': attribute type 1 has an invalid length. [ 129.359838][ T6458] netlink: 'syz.3.165': attribute type 2 has an invalid length. [ 129.398290][ T30] audit: type=1326 audit(1743516000.816:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6435 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff40e18d169 code=0x7ffc0000 [ 129.405038][ T978] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 129.475046][ T978] usb 2-1: config 0 has no interface number 0 [ 129.489751][ T47] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 129.529399][ T978] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=2a.cb [ 129.546259][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.574810][ T978] usb 2-1: Product: syz [ 129.582487][ T6464] netlink: 'syz.3.168': attribute type 1 has an invalid length. [ 129.600098][ T978] usb 2-1: Manufacturer: syz [ 129.604775][ T978] usb 2-1: SerialNumber: syz [ 129.610357][ T6464] netlink: 1268 bytes leftover after parsing attributes in process `syz.3.168'. [ 129.632725][ T978] usb 2-1: config 0 descriptor?? [ 129.650549][ T6466] capability: warning: `syz.0.169' uses deprecated v2 capabilities in a way that may be insecure [ 129.672687][ T978] usb_ehset_test 2-1:0.128: probe with driver usb_ehset_test failed with error -32 [ 129.701809][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 129.720818][ T978] usbhid 2-1:0.128: couldn't find an input interrupt endpoint [ 129.736200][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 129.785011][ T47] usb 5-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00 [ 129.829889][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.849739][ T978] usb 2-1: USB disconnect, device number 5 [ 129.873780][ T47] usb 5-1: config 0 descriptor?? [ 129.945328][ T6473] netlink: 28 bytes leftover after parsing attributes in process `syz.0.172'. [ 130.220386][ T5879] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 130.303999][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.320281][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.327826][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.343334][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.360008][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.375226][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.394269][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.409931][ T47] steelseries 0003:1038:12C2.0004: unknown main item tag 0x0 [ 130.420704][ T5879] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 130.457867][ T5879] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 130.489480][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.503478][ T5880] usb 5-1: USB disconnect, device number 5 [ 130.587530][ T5879] usb 3-1: config 0 descriptor?? [ 130.604358][ T5879] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 130.640434][ T5879] dvb-usb: bulk message failed: -22 (3/0) [ 130.680943][ T5879] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 130.702865][ T5879] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 130.721503][ T5879] usb 3-1: media controller created [ 130.729075][ T5879] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 130.761723][ T5879] dvb-usb: bulk message failed: -22 (6/0) [ 130.767788][ T5879] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 130.803114][ T5879] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 130.823242][ T6478] dvb-usb: bulk message failed: -22 (4/0) [ 130.843597][ T5879] dvb-usb: schedule remote query interval to 150 msecs. [ 130.850964][ T5879] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 130.892319][ T5879] usb 3-1: USB disconnect, device number 6 [ 130.909976][ T5983] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 130.961687][ T5879] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 131.069916][ T5983] usb 4-1: Using ep0 maxpacket: 8 [ 131.089483][ T5983] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 131.100131][ T5880] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 131.112899][ T5983] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 131.123265][ T5983] usb 4-1: Product: syz [ 131.127608][ T5983] usb 4-1: Manufacturer: syz [ 131.135978][ T5983] usb 4-1: SerialNumber: syz [ 131.144870][ T5983] usb 4-1: config 0 descriptor?? [ 131.159368][ T5983] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 131.170930][ T6510] netlink: 'syz.4.189': attribute type 8 has an invalid length. [ 131.264899][ T5880] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 131.277834][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.295290][ T5880] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 131.305519][ T5880] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 131.320135][ T5880] usb 1-1: Manufacturer: syz [ 131.332025][ T5880] usb 1-1: config 0 descriptor?? [ 131.379475][ T6515] netlink: 'syz.4.191': attribute type 1 has an invalid length. [ 131.396254][ T6515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.191'. [ 131.452362][ T5880] rc_core: IR keymap rc-hauppauge not found [ 131.459572][ T5880] Registered IR keymap rc-empty [ 131.474169][ T5880] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 131.490390][ T5880] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 131.557774][ T6520] dvmrp0: renamed from bridge_slave_0 (while UP) [ 131.597715][ T6520] bridge0: port 1(dvmrp0) entered disabled state [ 131.798316][ T5983] gspca_zc3xx: reg_w_i err -71 [ 131.799689][ C1] igorplugusb 1-1:0.0: receive overflow invalid: 33 [ 131.814834][ T5983] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 131.851838][ T5983] usb 4-1: USB disconnect, device number 6 [ 131.946082][ T6530] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 132.023433][ T5880] usb 1-1: USB disconnect, device number 4 [ 132.660066][ T6552] netlink: 28 bytes leftover after parsing attributes in process `syz.1.206'. [ 133.025251][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.032332][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.498179][ T6583] netlink: 'syz.0.218': attribute type 1 has an invalid length. [ 133.535676][ T6583] netlink: 'syz.0.218': attribute type 2 has an invalid length. [ 133.605237][ T6588] netlink: 'syz.1.221': attribute type 1 has an invalid length. [ 133.674337][ T6588] netlink: 'syz.1.221': attribute type 2 has an invalid length. [ 134.470373][ T5879] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 134.532290][ T6623] netlink: 'syz.1.233': attribute type 27 has an invalid length. [ 134.693692][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 134.719658][ T6623] program syz.1.233 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 134.805163][ T5879] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 134.843668][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 134.858399][ T5879] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 134.868582][ T5879] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 134.884123][ T5879] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 134.893609][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.028983][ T6618] loop8: detected capacity change from 0 to 1 [ 135.038405][ T6618] Dev loop8: unable to read RDB block 1 [ 135.044208][ T6618] loop8: unable to read partition table [ 135.050079][ T6618] loop8: partition table beyond EOD, truncated [ 135.056271][ T6618] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 135.157878][ T5879] usb 5-1: usb_control_msg returned -32 [ 135.169431][ T5879] usbtmc 5-1:16.0: can't read capabilities [ 135.201856][ T5879] usb 5-1: USB disconnect, device number 6 [ 135.400878][ T47] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 135.570283][ T47] usb 4-1: Using ep0 maxpacket: 32 [ 135.577221][ T47] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 135.594952][ T978] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 135.602611][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.619384][ T47] usb 4-1: config 0 descriptor?? [ 135.628450][ T47] gspca_main: sq930x-2.14.0 probing 041e:403c [ 135.760360][ T978] usb 2-1: Using ep0 maxpacket: 8 [ 135.767880][ T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.782441][ T5879] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 135.793606][ T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1455, setting to 1024 [ 135.815531][ T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 128, changing to 11 [ 135.848914][ T978] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 135.864223][ T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.875446][ T978] usb 2-1: config 0 descriptor?? [ 135.887376][ T6638] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 135.961870][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 135.990262][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.999340][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 136.007151][ T5879] usb 3-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 136.039773][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.056048][ T5879] usb 3-1: config 0 descriptor?? [ 136.299738][ T47] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 136.305721][ T47] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 136.322513][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.335347][ T47] usb 4-1: USB disconnect, device number 7 [ 136.347866][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.373473][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.384696][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.427304][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.448783][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.456836][ T978] prodikeys 0003:041E:2801.0005: unknown main item tag 0x0 [ 136.460055][ T6666] netlink: 'syz.4.253': attribute type 27 has an invalid length. [ 136.471227][ T978] prodikeys 0003:041E:2801.0005: hidraw0: USB HID v1.ff Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0 [ 136.577939][ T6666] program syz.4.253 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 136.640124][ T978] usb 2-1: USB disconnect, device number 6 [ 136.654206][ T5879] sunplus 0003:04FC:05D8.0006: hidraw1: USB HID v0.07 Device [HID 04fc:05d8] on usb-dummy_hcd.2-1/input0 [ 136.784944][ T5902] usb 3-1: USB disconnect, device number 7 [ 137.257053][ T6665] loop8: detected capacity change from 0 to 1 [ 137.263963][ T6665] Dev loop8: unable to read RDB block 1 [ 137.269565][ T6665] loop8: unable to read partition table [ 137.275659][ T6665] loop8: partition table beyond EOD, truncated [ 137.281890][ T6665] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 137.404172][ T30] audit: type=1326 audit(1743516010.126:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.453565][ T30] audit: type=1326 audit(1743516010.126:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.496447][ T30] audit: type=1326 audit(1743516010.156:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.518904][ T5983] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 137.580073][ T6677] syzkaller0: tun_chr_ioctl cmd 2147767507 [ 137.609766][ T30] audit: type=1326 audit(1743516010.156:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1abb18d1a3 code=0x7ffc0000 [ 137.682238][ T30] audit: type=1326 audit(1743516010.156:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1abb18d1a3 code=0x7ffc0000 [ 137.730894][ T5983] usb 4-1: Using ep0 maxpacket: 16 [ 137.743349][ T5983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 137.759388][ T30] audit: type=1326 audit(1743516010.166:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.791687][ T5983] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 137.817797][ T5983] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 137.834664][ T30] audit: type=1326 audit(1743516010.176:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.856969][ T5983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.871987][ T30] audit: type=1326 audit(1743516010.256:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.899918][ T5983] usb 4-1: config 0 descriptor?? [ 137.928594][ T30] audit: type=1326 audit(1743516010.256:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 137.999886][ T30] audit: type=1326 audit(1743516010.256:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6672 comm="syz.0.256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 138.101969][ T47] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 138.126084][ T978] kernel read not supported for file /usbmon0 (pid: 978 comm: kworker/1:2) [ 138.290858][ T47] usb 2-1: Using ep0 maxpacket: 32 [ 138.308983][ T47] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 138.346483][ T5983] kovaplus 0003:1E7D:2D50.0007: item fetching failed at offset 0/3 [ 138.349673][ T47] usb 2-1: config 0 has no interface number 0 [ 138.375255][ T47] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 138.386503][ T5983] kovaplus 0003:1E7D:2D50.0007: parse failed [ 138.423038][ T47] usb 2-1: config 0 interface 85 has no altsetting 0 [ 138.423417][ T5983] kovaplus 0003:1E7D:2D50.0007: probe with driver kovaplus failed with error -22 [ 138.472660][ T47] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 138.495665][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.524913][ T47] usb 2-1: Product: syz [ 138.549867][ T47] usb 2-1: Manufacturer: syz [ 138.554553][ T47] usb 2-1: SerialNumber: syz [ 138.565735][ T978] usb 4-1: USB disconnect, device number 8 [ 138.602636][ T47] usb 2-1: config 0 descriptor?? [ 139.259571][ T47] appletouch 2-1:0.85: Geyser mode initialized. [ 139.282770][ T47] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input7 [ 139.439694][ T978] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 139.479096][ T47] usb 2-1: USB disconnect, device number 7 [ 139.528821][ T47] appletouch 2-1:0.85: input: appletouch disconnected [ 139.651457][ T978] usb 4-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 139.667819][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.748380][ T978] usb 4-1: Product: syz [ 139.768631][ T978] usb 4-1: Manufacturer: syz [ 139.798053][ T978] usb 4-1: SerialNumber: syz [ 139.814863][ T978] usb 4-1: config 0 descriptor?? [ 139.983339][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.295'. [ 140.061046][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.295'. [ 140.110216][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.295'. [ 140.406720][ T6774] netlink: 40 bytes leftover after parsing attributes in process `syz.0.303'. [ 140.653513][ T978] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 140.673749][ T978] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 140.708368][ T6784] [U] Ž [ 140.720347][ T978] asix 4-1:0.0: probe with driver asix failed with error -71 [ 140.751885][ T978] usb 4-1: USB disconnect, device number 9 [ 141.805271][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.321'. [ 142.451958][ T6832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'. [ 143.059784][ T978] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 143.229737][ T978] usb 4-1: Using ep0 maxpacket: 16 [ 143.239474][ T978] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.259639][ T978] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.291404][ T978] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 143.313618][ T978] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0 [ 143.327911][ T978] usb 4-1: config 7 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 143.342111][ T5877] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 143.363420][ T978] usb 4-1: config 7 interface 0 has no altsetting 0 [ 143.374322][ T978] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 143.384718][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.389715][ T5902] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 143.504347][ T6868] netlink: 'syz.2.343': attribute type 1 has an invalid length. [ 143.512492][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 143.524951][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.537257][ T5877] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 143.549860][ T5902] usb 5-1: Using ep0 maxpacket: 8 [ 143.560461][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.562182][ T5902] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 143.583660][ T5877] usb 2-1: config 0 descriptor?? [ 143.605642][ T5902] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 143.636345][ T5902] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x3D, changing to 0xD [ 143.659538][ T5902] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 19, changing to 7 [ 143.680889][ T5902] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e [ 143.695614][ T30] audit: type=1326 audit(1743516016.406:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6869 comm="syz.2.344" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f014798d169 code=0x0 [ 143.721173][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.729304][ T5902] usb 5-1: Product: syz [ 143.733711][ T5902] usb 5-1: Manufacturer: syz [ 143.738449][ T5902] usb 5-1: SerialNumber: syz [ 143.747796][ T5902] usb 5-1: config 0 descriptor?? [ 143.766677][ T5902] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 143.775145][ T5902] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 143.874470][ T978] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.0/0003:0458:5010.0008/input/input8 [ 143.971526][ T978] kye 0003:0458:5010.0008: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 144.031557][ T5902] usb 5-1: USB disconnect, device number 7 [ 144.039042][ T5877] asus 0003:0B05:17E0.0009: hidraw1: USB HID v9.7d Device [HID 0b05:17e0] on usb-dummy_hcd.1-1/input0 [ 144.067173][ T5877] asus 0003:0B05:17E0.0009: Asus input not registered [ 144.088733][ T5877] asus 0003:0B05:17E0.0009: probe with driver asus failed with error -12 [ 144.156696][ T5877] usb 4-1: USB disconnect, device number 10 [ 144.280381][ T978] usb 2-1: USB disconnect, device number 8 [ 144.927095][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.355'. [ 145.261106][ T6903] netlink: 192 bytes leftover after parsing attributes in process `syz.2.359'. [ 145.346925][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.361'. [ 145.358625][ T6903] netlink: 48 bytes leftover after parsing attributes in process `syz.2.359'. [ 145.709478][ T6916] netlink: 12 bytes leftover after parsing attributes in process `syz.3.366'. [ 145.890184][ T5877] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 146.045680][ T6925] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 146.079975][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 146.110780][ T5877] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.151717][ T5877] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.194121][ T5877] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 146.249693][ T5877] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0 [ 146.279837][ T5877] usb 2-1: config 7 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 146.329961][ T5877] usb 2-1: config 7 interface 0 has no altsetting 0 [ 146.336641][ T5877] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 146.379672][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.360642][ T5877] input: HID 0458:5010 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.0/0003:0458:5010.000A/input/input9 [ 147.504076][ T5877] kye 0003:0458:5010.000A: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0 [ 147.577160][ T5877] usb 2-1: USB disconnect, device number 9 [ 147.849066][ T6730] syz.2.282 (6730) used greatest stack depth: 19208 bytes left [ 148.891273][ T6976] netlink: 8 bytes leftover after parsing attributes in process `syz.2.393'. [ 149.166426][ T6984] loop6: detected capacity change from 0 to 524287999 [ 149.198803][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.208117][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.230168][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.239514][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.252044][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.261793][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.270275][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.279528][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.289699][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.298855][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.307710][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.316957][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.328023][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.337232][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.346552][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.355885][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.365108][ T6984] ldm_validate_partition_table(): Disk read failed. [ 149.373940][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.383341][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.393806][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 149.403184][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 149.422344][ T6984] Dev loop6: unable to read RDB block 0 [ 149.443614][ T6984] loop6: unable to read partition table [ 149.499495][ T6984] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 149.700794][ T6989] netlink: 'syz.1.398': attribute type 1 has an invalid length. [ 149.708519][ T6989] netlink: 'syz.1.398': attribute type 8 has an invalid length. [ 150.239944][ T7012] netlink: 64 bytes leftover after parsing attributes in process `syz.2.409'. [ 150.719735][ T5986] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 150.919699][ T5986] usb 3-1: Using ep0 maxpacket: 8 [ 150.947868][ T5986] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 150.986416][ T5986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.016851][ T5986] usb 3-1: Product: syz [ 151.045241][ T5986] usb 3-1: Manufacturer: syz [ 151.077787][ T5986] usb 3-1: SerialNumber: syz [ 151.111732][ T5986] usb 3-1: config 0 descriptor?? [ 151.143578][ T5986] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244) [ 151.587170][ T7069] netlink: 206628 bytes leftover after parsing attributes in process `syz.1.431'. [ 151.745419][ T978] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 151.767510][ T5986] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 151.777981][ T5986] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 151.795515][ T5986] usb 3-1: USB disconnect, device number 8 [ 151.928613][ T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.975305][ T978] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 152.002400][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.026349][ T978] usb 5-1: config 0 descriptor?? [ 152.286545][ T7077] macvlan0: entered promiscuous mode [ 152.294730][ T7077] batadv0: entered promiscuous mode [ 152.458851][ T7082] netlink: 32 bytes leftover after parsing attributes in process `syz.3.436'. [ 152.486198][ T978] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor [ 152.551794][ T978] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000B/input/input10 [ 152.876864][ T978] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 152.909160][ T30] audit: type=1326 audit(1743516025.626:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7096 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 152.911796][ T7097] loop8: detected capacity change from 0 to 7 [ 152.982993][ T30] audit: type=1326 audit(1743516025.666:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7096 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 153.000923][ T7097] Dev loop8: unable to read RDB block 7 [ 153.039742][ T7097] loop8: unable to read partition table [ 153.078227][ T5902] usb 5-1: USB disconnect, device number 8 [ 153.088055][ T7097] loop8: partition table beyond EOD, truncated [ 153.115101][ T30] audit: type=1326 audit(1743516025.666:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7096 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 153.128379][ T7097] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 153.193831][ T30] audit: type=1326 audit(1743516025.666:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7096 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 153.285641][ T30] audit: type=1326 audit(1743516025.666:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7096 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x7ffc0000 [ 153.310129][ T5877] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 153.480660][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 153.510344][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 153.518094][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 153.565055][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 153.604911][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 153.636473][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 153.674937][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 153.694563][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 153.719999][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 153.743681][ T30] audit: type=1326 audit(1743516026.466:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7115 comm="syz.2.449" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f014798d169 code=0x0 [ 153.749658][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 153.785821][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 153.812503][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 153.840320][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 153.860617][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 153.879724][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 153.907794][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 153.943876][ T5877] usb 4-1: string descriptor 0 read error: -22 [ 153.950782][ T5877] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 153.963603][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.999438][ T5877] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 155.579838][ T5879] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 156.084571][ T5879] usb 3-1: device descriptor read/64, error -71 [ 156.146086][ T5902] usb 4-1: USB disconnect, device number 11 [ 156.600131][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 156.800360][ T10] usb 2-1: device descriptor read/64, error -71 [ 156.834334][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.462'. [ 156.880223][ T5879] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 157.019790][ T5879] usb 3-1: device descriptor read/64, error -71 [ 157.069712][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 157.137504][ T5879] usb usb3-port1: attempt power cycle [ 157.212674][ T10] usb 2-1: device descriptor read/64, error -71 [ 157.330132][ T10] usb usb2-port1: attempt power cycle [ 157.351988][ T5986] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 157.491096][ T5879] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 157.510977][ T5879] usb 3-1: device descriptor read/8, error -71 [ 157.512788][ T5986] usb 1-1: Using ep0 maxpacket: 8 [ 157.524878][ T7180] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 157.545317][ T5986] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 157.565916][ T5986] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.578359][ T5986] usb 1-1: Product: syz [ 157.584650][ T5986] usb 1-1: Manufacturer: syz [ 157.600379][ T5986] usb 1-1: SerialNumber: syz [ 157.617560][ T5986] usb 1-1: config 0 descriptor?? [ 157.633366][ T5986] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 157.669919][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 157.700588][ T10] usb 2-1: device descriptor read/8, error -71 [ 157.786033][ T5879] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 157.860177][ T5879] usb 3-1: device descriptor read/8, error -71 [ 157.998007][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 158.010275][ T5879] usb usb3-port1: unable to enumerate USB device [ 158.030489][ T10] usb 2-1: device descriptor read/8, error -71 [ 158.145205][ T10] usb usb2-port1: unable to enumerate USB device [ 158.261428][ T7200] input: syz1 as /devices/virtual/input/input12 [ 158.473866][ T5986] gspca_sonixj: reg_r err -71 [ 158.479671][ T5986] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 158.497338][ T5986] usb 1-1: USB disconnect, device number 5 [ 158.680183][ T5877] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 158.839884][ T5877] usb 5-1: Using ep0 maxpacket: 8 [ 158.944693][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 158.964326][ T5877] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 158.975864][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.987319][ T5877] usb 5-1: config 0 descriptor?? [ 159.083024][ T5986] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 159.202423][ T5877] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 159.259218][ T5986] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 159.283268][ T5986] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 159.308773][ T5986] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 159.334518][ T5986] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 159.369558][ T5986] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 159.384936][ T5983] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 159.410788][ T5986] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 159.426969][ T5986] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 159.435339][ T5986] usb 3-1: Product: syz [ 159.439538][ T5986] usb 3-1: Manufacturer: syz [ 159.458593][ T5986] cdc_wdm 3-1:1.0: skipping garbage [ 159.475833][ T5986] cdc_wdm 3-1:1.0: skipping garbage [ 159.486302][ T5986] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 159.496401][ T5986] cdc_wdm 3-1:1.0: Unknown control protocol [ 159.553497][ T5983] usb 2-1: Using ep0 maxpacket: 16 [ 159.572949][ T5983] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 159.590414][ T5983] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 159.606334][ T5983] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 159.636918][ T5983] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 159.646772][ T5986] usb 5-1: USB disconnect, device number 9 [ 159.662959][ T5983] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 159.682441][ T5983] usb 2-1: config 0 has no interface number 0 [ 159.696776][ T5983] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 159.726073][ T5983] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 159.755968][ T5983] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 159.779673][ T5983] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 159.795493][ T5983] usb 2-1: config 0 interface 125 has no altsetting 0 [ 159.812040][ T5983] usb 2-1: config 0 interface 125 has no altsetting 2 [ 159.832669][ T5983] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 159.845876][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.867346][ T5983] usb 2-1: Product: syz [ 159.871965][ T5983] usb 2-1: Manufacturer: syz [ 159.876595][ T5983] usb 2-1: SerialNumber: syz [ 159.892046][ T5983] usb 2-1: config 0 descriptor?? [ 159.916499][ T5983] usb 2-1: selecting invalid altsetting 2 [ 159.939290][ T7243] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only [ 160.634745][ T5902] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 160.940347][ T5902] usb 4-1: device descriptor read/64, error -71 [ 161.001095][ T5983] usb 2-1: USB disconnect, device number 14 [ 161.184712][ T5902] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 161.320057][ T5902] usb 4-1: device descriptor read/64, error -71 [ 161.651001][ T5902] usb usb4-port1: attempt power cycle [ 161.877540][ T5986] usb 3-1: USB disconnect, device number 13 [ 162.009704][ T5902] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 162.086204][ T5902] usb 4-1: device descriptor read/8, error -71 [ 162.369757][ T5902] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 162.395382][ T5902] usb 4-1: device descriptor read/8, error -71 [ 162.530191][ T5902] usb usb4-port1: unable to enumerate USB device [ 162.629798][ T7278] netlink: 'syz.2.514': attribute type 4 has an invalid length. [ 162.919173][ T5829] block nbd4: Receive control failed (result -104) [ 162.930040][ T7273] block nbd4: shutting down sockets [ 165.439846][ T7341] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 165.995588][ T7358] Bluetooth: MGMT ver 1.23 [ 166.354793][ T30] audit: type=1326 audit(1743516039.076:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7361 comm="syz.0.548" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1abb18d169 code=0x0 [ 167.458601][ T7384] netlink: 40 bytes leftover after parsing attributes in process `syz.3.556'. [ 167.531102][ T5983] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 167.654355][ T7392] syzkaller0: entered promiscuous mode [ 167.660266][ T7392] syzkaller0: entered allmulticast mode [ 167.689721][ T5983] usb 1-1: Using ep0 maxpacket: 8 [ 167.709349][ T5983] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 167.717294][ T5983] usb 1-1: can't read configurations, error -61 [ 167.871262][ T5983] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 168.060116][ T5983] usb 1-1: Using ep0 maxpacket: 8 [ 168.115275][ T5983] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 168.129848][ T5983] usb 1-1: can't read configurations, error -61 [ 168.153502][ T5983] usb usb1-port1: attempt power cycle [ 168.520705][ T5983] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 168.630478][ T5983] usb 1-1: Using ep0 maxpacket: 8 [ 168.636283][ T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 168.696290][ T5983] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 168.825354][ T5983] usb 1-1: can't read configurations, error -61 [ 168.885444][ T10] usb 2-1: device descriptor read/64, error -71 [ 169.071926][ T5983] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 169.111543][ T5983] usb 1-1: Using ep0 maxpacket: 8 [ 169.120029][ T5983] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 169.127900][ T5983] usb 1-1: can't read configurations, error -61 [ 169.135418][ T5983] usb usb1-port1: unable to enumerate USB device [ 169.189892][ T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 169.334242][ T10] usb 2-1: device descriptor read/64, error -71 [ 169.454358][ T10] usb usb2-port1: attempt power cycle [ 169.799717][ T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 169.827702][ T10] usb 2-1: device descriptor read/8, error -71 [ 170.069716][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 170.092865][ T10] usb 2-1: device descriptor read/8, error -71 [ 170.201066][ T10] usb usb2-port1: unable to enumerate USB device [ 170.394627][ T7438] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 170.408367][ T7438] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 170.416077][ T5983] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 170.510928][ T7442] bond_slave_0: entered promiscuous mode [ 170.516811][ T7442] bond_slave_1: entered promiscuous mode [ 170.533308][ T7442] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 170.543547][ T7442] team0: Port device macvlan2 added [ 170.579704][ T5983] usb 5-1: Using ep0 maxpacket: 8 [ 170.589672][ T5983] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 170.610390][ T5983] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 170.649801][ T5983] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 170.676805][ T5983] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 170.698873][ T5983] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 170.727867][ T5983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.172406][ T5983] usb 5-1: GET_CAPABILITIES returned 0 [ 171.177984][ T5983] usbtmc 5-1:16.0: can't read capabilities [ 171.272568][ T7461] netlink: 24 bytes leftover after parsing attributes in process `syz.2.582'. [ 171.297515][ T7461] netlink: 'syz.2.582': attribute type 4 has an invalid length. [ 171.388291][ T10] usb 5-1: USB disconnect, device number 10 [ 171.530092][ T5879] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 171.690097][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 171.721448][ T5879] usb 1-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 171.759303][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.773917][ T5879] usb 1-1: Product: syz [ 171.778214][ T5879] usb 1-1: Manufacturer: syz [ 171.798988][ T5879] usb 1-1: SerialNumber: syz [ 171.813659][ T5879] usb 1-1: config 0 descriptor?? [ 171.838348][ T5879] as10x_usb: device has been detected [ 171.864046][ T5879] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 171.999789][ T5879] usb 1-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 172.024776][ T5879] as10x_usb: error during firmware upload part1 [ 172.040047][ T7460] random: crng reseeded on system resumption [ 172.079883][ T5879] Registered device Sky IT Digital Key (green led) [ 172.717781][ T10] usb 1-1: USB disconnect, device number 10 [ 172.818080][ T10] Unregistered device Sky IT Digital Key (green led) [ 172.823893][ T10] as10x_usb: device has been disconnected [ 173.429773][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 173.929757][ T10] usb 5-1: device descriptor read/64, error -71 [ 174.065762][ T7504] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 174.072347][ T7504] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 174.112012][ T7504] vhci_hcd vhci_hcd.0: Device attached [ 174.202778][ T7505] vhci_hcd: connection closed [ 174.205307][ T148] vhci_hcd: stop threads [ 174.221874][ T148] vhci_hcd: release socket [ 174.229520][ T148] vhci_hcd: disconnect device [ 174.289690][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 174.290079][ T5877] vhci_hcd: vhci_device speed not set [ 174.479746][ T10] usb 5-1: device descriptor read/64, error -71 [ 174.610016][ T10] usb usb5-port1: attempt power cycle [ 174.833003][ T7525] netlink: 24 bytes leftover after parsing attributes in process `syz.0.604'. [ 174.969889][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 174.990491][ T10] usb 5-1: device descriptor read/8, error -71 [ 175.371414][ T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 175.400591][ T10] usb 5-1: device descriptor read/8, error -71 [ 175.520151][ T10] usb usb5-port1: unable to enumerate USB device [ 176.559715][ T5902] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 176.573130][ T5983] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 176.740784][ T5983] usb 4-1: Using ep0 maxpacket: 8 [ 176.751593][ T5902] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 176.780136][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.796863][ T5902] usb 5-1: Product: syz [ 176.803103][ T5983] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 176.811685][ T5983] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.821859][ T5902] usb 5-1: Manufacturer: syz [ 176.826579][ T5983] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.836676][ T5902] usb 5-1: SerialNumber: syz [ 176.858592][ T5983] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.870186][ T5902] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 176.895017][ T5983] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.917648][ T5983] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.927030][ T5983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.939906][ T10] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 177.123062][ T47] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 177.131306][ T5877] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 177.145760][ T7574] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 177.163652][ T5983] usb 4-1: usb_control_msg returned -32 [ 177.196007][ T7574] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 177.298308][ T5983] usbtmc 4-1:16.0: can't read capabilities [ 177.341832][ T7574] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 177.350297][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 177.355526][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 177.366915][ T7574] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 177.385884][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 177.399661][ T47] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 177.453425][ T7574] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 177.463529][ T47] usb 3-1: config 0 has no interface number 0 [ 177.471526][ T5877] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 177.489201][ T47] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 177.502151][ T7574] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 177.510374][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.527072][ T7574] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.539337][ T7574] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 177.548587][ T47] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 177.565292][ T7574] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 177.577038][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.589248][ T47] usb 3-1: Product: syz [ 177.602265][ T7574] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 177.621448][ T7574] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 177.627473][ T47] usb 3-1: Manufacturer: syz [ 177.638144][ T5877] usb 1-1: config 0 descriptor?? [ 177.657277][ T47] usb 3-1: SerialNumber: syz [ 177.666925][ T7574] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 177.684392][ T47] usb 3-1: config 0 descriptor?? [ 177.868233][ T5877] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 178.316670][ T47] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 178.363686][ T47] usb 3-1: USB disconnect, device number 14 [ 178.793629][ T7587] syz_tun: entered allmulticast mode [ 178.823386][ T7585] syz_tun: left allmulticast mode [ 179.182256][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 179.295119][ T7590] wg2: entered promiscuous mode [ 179.326861][ T7590] wg2: entered allmulticast mode [ 179.511324][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 179.589849][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.676285][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 179.725350][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.630'. [ 179.971608][ T24] usb 1-1: USB disconnect, device number 11 [ 180.060323][ T10] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 180.067732][ T10] ath9k_htc: Failed to initialize the device [ 181.149810][ T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 181.701579][ T7605] sched: DL replenish lagged too much [ 181.704529][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 181.716049][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 181.722497][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 181.752026][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 183.617091][ T5983] usb 4-1: USB disconnect, device number 16 [ 183.750632][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 183.756813][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 183.763284][ T5139] Bluetooth: hci1: command 0x0c1a tx timeout [ 185.683001][ T10] usb 5-1: ath9k_htc: USB layer deinitialized [ 185.710352][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 185.723445][ T5902] usb 5-1: USB disconnect, device number 15 [ 186.244116][ T5902] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 187.342078][ T5879] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 187.532311][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 187.542842][ T5879] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 187.556304][ T5879] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 187.575710][ T5879] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 187.594531][ T5879] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.608816][ T5879] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 187.619135][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.206023][ T7645] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.218169][ T7645] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.245570][ T7645] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 188.269109][ T7645] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 188.319630][ T5879] usb 4-1: GET_CAPABILITIES returned 0 [ 188.325279][ T5879] usbtmc 4-1:16.0: can't read capabilities [ 188.474478][ T7659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.650'. [ 188.527252][ T7663] bridge_slave_1: left allmulticast mode [ 188.618859][ T7663] bridge_slave_1: left promiscuous mode [ 188.660220][ T7663] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.373862][ T5879] usb 4-1: USB disconnect, device number 17 [ 189.502232][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 190.219914][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 190.309779][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 190.315867][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 190.960169][ T7607] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 192.029658][ T7607] usb 5-1: Using ep0 maxpacket: 16 [ 192.045169][ T7607] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.057605][ T7607] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.068679][ T7607] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22 [ 192.152536][ T7607] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 192.172813][ T7607] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 192.214645][ T7607] usb 5-1: SerialNumber: syz [ 192.708863][ T7607] cdc_acm 5-1:1.0: skipping garbage [ 192.734658][ T7607] usb 5-1: USB disconnect, device number 17 [ 193.230065][ T5902] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 193.423988][ T5902] usb 2-1: Using ep0 maxpacket: 8 [ 193.461231][ T5902] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 193.469361][ T5902] usb 2-1: config 0 has no interface number 0 [ 193.485707][ T5902] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 193.506867][ T7607] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 193.536829][ T5902] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 193.585148][ T5902] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 193.606519][ T5902] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 193.629920][ T5902] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 193.654714][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.734097][ T5902] usb 2-1: config 0 descriptor?? [ 193.742303][ T7607] usb 1-1: Using ep0 maxpacket: 32 [ 193.758223][ T7607] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 193.794572][ T5902] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 193.813142][ T7607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 193.861731][ T7607] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 193.871335][ T7607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.888908][ T7607] usb 1-1: Product: syz [ 193.899451][ T7607] usb 1-1: Manufacturer: syz [ 193.916153][ T7607] usb 1-1: SerialNumber: syz [ 193.937523][ T7607] usb 1-1: config 0 descriptor?? [ 193.976803][ T7607] usb 1-1: no audio or video endpoints found [ 194.032157][ T7692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.050170][ T7692] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.156003][ T5902] usb 2-1: USB disconnect, device number 20 [ 194.185960][ T5902] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 194.211412][ T7607] usb 1-1: USB disconnect, device number 13 [ 194.229239][ T47] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 194.263441][ T47] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 194.464671][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.471239][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.284573][ T7777] ptrace attach of "./syz-executor exec"[5833] was attempted by ""[7777] [ 198.657340][ T7785] netlink: 'syz.1.692': attribute type 1 has an invalid length. [ 198.953479][ T7788] bond1 (unregistering): Released all slaves [ 206.450646][ T24] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 206.751749][ T24] usb 5-1: config 0 has no interfaces? [ 206.820959][ T24] usb 5-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 206.849932][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.872263][ T24] usb 5-1: Product: syz [ 206.885630][ T24] usb 5-1: Manufacturer: syz [ 206.901951][ T7912] kvm: kvm [7911]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 206.910765][ T24] usb 5-1: SerialNumber: syz [ 207.004262][ T24] usb 5-1: config 0 descriptor?? [ 209.213358][ T7932] netlink: 32 bytes leftover after parsing attributes in process `syz.1.730'. [ 209.320076][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 209.405529][ T7934] input: syz0 as /devices/virtual/input/input14 [ 209.500112][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 209.509093][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 209.521861][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 209.536839][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 209.558899][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.858032][ T24] usb 1-1: Product: syz [ 209.876034][ T24] usb 1-1: Manufacturer: syz [ 209.899290][ T24] usb 1-1: SerialNumber: syz [ 209.924139][ T24] usb 1-1: config 0 descriptor?? [ 209.940838][ T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 209.978516][ T24] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 210.543666][ T5902] usb 5-1: USB disconnect, device number 18 [ 210.550603][ T24] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 210.559345][ T24] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 210.954531][ T7954] netlink: 'syz.4.737': attribute type 1 has an invalid length. [ 210.962389][ T7954] netlink: 'syz.4.737': attribute type 2 has an invalid length. [ 211.786341][ T7945] syzkaller0: entered promiscuous mode [ 212.329543][ T7945] syzkaller0: entered allmulticast mode [ 212.431839][ T24] em28xx 1-1:0.0: AC97 vendor ID = 0x00fc00fe [ 212.635279][ T24] em28xx 1-1:0.0: Unknown AC97 audio processor detected! [ 212.685049][ T24] em28xx 1-1:0.0: couldn't setup AC97 register 2 [ 212.699453][ T24] em28xx 1-1:0.0: couldn't setup AC97 register 4 [ 212.727370][ T24] em28xx 1-1:0.0: couldn't setup AC97 register 6 [ 212.749284][ T24] em28xx 1-1:0.0: couldn't setup AC97 register 54 [ 212.759250][ T24] em28xx 1-1:0.0: couldn't setup AC97 register 56 [ 212.796331][ T24] usb 1-1: USB disconnect, device number 14 [ 215.738370][ T30] audit: type=1326 audit(1743516088.456:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 215.920738][ T30] audit: type=1326 audit(1743516088.496:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 215.995865][ T30] audit: type=1326 audit(1743516088.496:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.032603][ T30] audit: type=1326 audit(1743516088.496:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.054480][ T30] audit: type=1326 audit(1743516088.496:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.079184][ T30] audit: type=1326 audit(1743516088.506:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.100732][ T30] audit: type=1326 audit(1743516088.506:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.122138][ T30] audit: type=1326 audit(1743516088.506:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.148577][ T30] audit: type=1326 audit(1743516088.506:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 216.170863][ T30] audit: type=1326 audit(1743516088.506:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 218.688500][ T8001] netlink: 'syz.3.747': attribute type 1 has an invalid length. [ 219.508624][ T8001] 8021q: adding VLAN 0 to HW filter on device bond1 [ 219.543959][ T8002] bond1: (slave ip6gretap1): making interface the new active one [ 219.554999][ T8002] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 219.592804][ T8003] vlan0: entered promiscuous mode [ 219.598143][ T8003] bond1: entered promiscuous mode [ 219.604168][ T8003] ip6gretap1: entered promiscuous mode [ 219.611111][ T8003] vlan0: entered allmulticast mode [ 219.616362][ T8003] bond1: entered allmulticast mode [ 219.621864][ T8003] ip6gretap1: entered allmulticast mode [ 221.239700][ T8029] input: syz0 as /devices/virtual/input/input15 [ 221.645638][ T5829] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 223.519318][ T47] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 223.596927][ T8047] tipc: Started in network mode [ 223.612925][ T8047] tipc: Node identity 965aaef3d082, cluster identity 4711 [ 223.628372][ T8047] tipc: Enabled bearer , priority 0 [ 223.653525][ T8051] team_slave_0: entered promiscuous mode [ 223.659605][ T8051] team_slave_1: entered promiscuous mode [ 223.666767][ T8051] macsec1: entered promiscuous mode [ 223.672512][ T8051] team0: entered promiscuous mode [ 223.686610][ T8051] team0: left promiscuous mode [ 223.694479][ T8051] team_slave_0: left promiscuous mode [ 223.699985][ T8051] team_slave_1: left promiscuous mode [ 223.713337][ T47] usb 4-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea [ 223.725115][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.736406][ T47] usb 4-1: config 0 descriptor?? [ 223.746005][ T47] usb 4-1: Invalid firmware size=18. [ 223.756029][ T8045] tipc: Resetting bearer [ 224.051372][ T5983] usb 4-1: USB disconnect, device number 18 [ 225.216058][ T24] tipc: Node number set to 1188605683 [ 227.081497][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 227.090967][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 227.105508][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 227.119142][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 227.127935][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 227.210990][ T8073] kvm: pic: level sensitive irq not supported [ 227.213527][ T8073] kvm: pic: level sensitive irq not supported [ 227.223731][ T8073] kvm: pic: level sensitive irq not supported [ 227.234664][ T8073] kvm: pic: single mode not supported [ 227.241641][ T8073] kvm: pic: single mode not supported [ 227.247063][ T8073] kvm: pic: level sensitive irq not supported [ 227.253322][ T8073] kvm: pic: level sensitive irq not supported [ 228.218660][ T8045] tipc: Disabling bearer [ 229.179868][ T5829] Bluetooth: hci5: command tx timeout [ 230.621267][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 230.629673][ T5983] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 231.039896][ T5983] usb 1-1: Using ep0 maxpacket: 16 [ 231.057699][ T5983] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 231.149961][ T24] usb 5-1: device descriptor read/64, error -71 [ 231.269772][ T5829] Bluetooth: hci5: command tx timeout [ 231.280094][ T5983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 231.377150][ T5983] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 231.406855][ T5983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.429980][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 231.449833][ T5983] usb 1-1: Product: syz [ 231.454068][ T5983] usb 1-1: Manufacturer: syz [ 231.494474][ T5983] usb 1-1: SerialNumber: syz [ 231.559658][ T24] usb 5-1: device descriptor read/64, error -71 [ 231.576568][ T8112] ip6t_srh: unknown srh invflags 7D00 [ 231.714753][ T24] usb usb5-port1: attempt power cycle [ 232.209884][ T24] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 232.312863][ T5983] usb 1-1: config 0 descriptor?? [ 232.318911][ T5983] usb 1-1: can't set config #0, error -71 [ 232.325895][ T5983] usb 1-1: USB disconnect, device number 15 [ 233.050593][ T8074] chnl_net:caif_netlink_parms(): no params data found [ 233.349944][ T5829] Bluetooth: hci5: command tx timeout [ 233.608394][ T24] usb 5-1: device descriptor read/8, error -71 [ 235.435903][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.757670][ T5829] Bluetooth: hci5: command tx timeout [ 237.298648][ T8074] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.330455][ T8074] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.392496][ T8074] bridge_slave_0: entered allmulticast mode [ 237.449967][ T8074] bridge_slave_0: entered promiscuous mode [ 237.506481][ T8074] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.520062][ T8074] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.557454][ T8074] bridge_slave_1: entered allmulticast mode [ 237.572513][ T8074] bridge_slave_1: entered promiscuous mode [ 237.800056][ T8074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.878340][ T8074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.149512][ T8160] tipc: Started in network mode [ 238.200735][ T8160] tipc: Node identity 1e812e4f8f22, cluster identity 4711 [ 238.209341][ T8160] tipc: Enabled bearer , priority 0 [ 238.993861][ T8074] team0: Port device team_slave_0 added [ 239.053098][ T8074] team0: Port device team_slave_1 added [ 239.252438][ T8156] tipc: Disabling bearer [ 239.279094][ T5829] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 239.293125][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000 [ 239.322234][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.336626][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.347935][ T8074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.350614][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.378518][ T8074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.404644][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.411110][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.427716][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.442059][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.463273][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.534501][ T8074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.585217][ T8171] kvm: kvm [8169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0xb400 [ 239.603404][ T8074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.610985][ T5902] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 239.650703][ T8074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.447200][ T5902] usb 1-1: device descriptor read/64, error -71 [ 240.453672][ T8074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.690116][ T5902] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 240.726915][ T8074] hsr_slave_0: entered promiscuous mode [ 240.764414][ T8074] hsr_slave_1: entered promiscuous mode [ 240.796341][ T8074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.853529][ T5902] usb 1-1: device descriptor read/64, error -71 [ 240.856941][ T8074] Cannot create hsr debugfs directory [ 241.850306][ T5902] usb usb1-port1: attempt power cycle [ 242.210092][ T5902] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 243.298209][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 243.298229][ T30] audit: type=1804 audit(1743516116.016:97): pid=8204 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.804" name="/newroot/157/bus/file1" dev="overlay" ino=821 res=1 errno=0 [ 243.335902][ T8074] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 243.389989][ T8074] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 243.503626][ T8074] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 243.792138][ T8074] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 244.169691][ T5902] usb 1-1: device descriptor read/8, error -71 [ 244.437466][ T8074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.638745][ T8074] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.706369][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.713899][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.465303][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.472521][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.975260][ T5902] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 246.918158][ T5902] usb 1-1: device descriptor read/8, error -71 [ 247.140135][ T5902] usb usb1-port1: unable to enumerate USB device [ 248.478651][ T8074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.728781][ T5983] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 250.129707][ T5983] usb 5-1: device descriptor read/64, error -71 [ 250.370401][ T5983] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 250.467041][ T8277] program syz.3.822 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 250.521962][ T5983] usb 5-1: device descriptor read/64, error -71 [ 250.596394][ T8074] veth0_vlan: entered promiscuous mode [ 250.640350][ T5983] usb usb5-port1: attempt power cycle [ 250.660651][ T8074] veth1_vlan: entered promiscuous mode [ 251.392002][ T8074] veth0_macvtap: entered promiscuous mode [ 251.402689][ T8074] veth1_macvtap: entered promiscuous mode [ 251.423628][ T5983] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 251.453253][ T5983] usb 5-1: device descriptor read/8, error -71 [ 251.469457][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.533876][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.554227][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.575529][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.585851][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.606881][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.642806][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 251.679770][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.842068][ T5983] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 252.349955][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.386891][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.418797][ T8074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 253.123398][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.140031][ T47] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 253.144502][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.163381][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.175767][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.188765][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.199340][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.209326][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.220170][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.230057][ T8074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 253.270009][ T8074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.270103][ T5983] usb 5-1: device not accepting address 26, error -71 [ 253.287934][ T5983] usb usb5-port1: unable to enumerate USB device [ 253.306453][ T8074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.323322][ T47] usb 4-1: device descriptor read/64, error -71 [ 253.384693][ T8074] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.397300][ T8074] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.413836][ T8074] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.423934][ T8074] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.742692][ T7052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.769700][ T47] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 253.773859][ T7052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.180319][ T47] usb 4-1: device descriptor read/64, error -71 [ 254.439792][ T47] usb usb4-port1: attempt power cycle [ 254.801274][ T8321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.831'. [ 254.811143][ T8321] netlink: 5 bytes leftover after parsing attributes in process `syz.4.831'. [ 254.856236][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.912382][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.903047][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.130261][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.611723][ T8346] netlink: 'syz.3.838': attribute type 8 has an invalid length. [ 258.840107][ T47] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 259.196402][ T47] usb 1-1: device descriptor read/64, error -71 [ 260.706776][ T47] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 261.000962][ T8374] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 261.007568][ T8374] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 261.015338][ T8374] vhci_hcd vhci_hcd.0: Device attached [ 262.080277][ T5902] vhci_hcd: vhci_device speed not set [ 262.893908][ T8375] vhci_hcd: connection closed [ 263.574433][ T5902] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 263.586733][ T148] vhci_hcd: stop threads [ 263.586775][ T148] vhci_hcd: release socket [ 263.586833][ T148] vhci_hcd: disconnect device [ 263.746764][ T8390] netlink: 28 bytes leftover after parsing attributes in process `syz.1.848'. [ 263.757479][ T8390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.848'. [ 263.766937][ T8390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.848'. [ 264.156246][ T5902] usb 43-1: enqueue for inactive port 0 [ 264.249724][ T5902] vhci_hcd: vhci_device speed not set [ 265.319934][ T8399] hsr0: entered promiscuous mode [ 265.381552][ T5877] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 265.505774][ T8393] hsr0: left promiscuous mode [ 265.849801][ T5877] usb 5-1: Using ep0 maxpacket: 16 [ 265.935450][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.958889][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.990477][ T5877] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 266.974206][ T5877] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 267.000073][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.155381][ T5877] usb 5-1: config 0 descriptor?? [ 268.165589][ T5877] usb 5-1: can't set config #0, error -71 [ 268.172857][ T5877] usb 5-1: USB disconnect, device number 27 [ 269.330421][ T5877] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 269.754913][ T7607] usb 1-1: new low-speed USB device number 22 using dummy_hcd [ 269.819904][ T5877] usb 2-1: device descriptor read/64, error -71 [ 269.925758][ T7607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 269.954458][ T7607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 269.968412][ T7607] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 270.000394][ T7607] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 270.042813][ T7607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.080520][ T7607] usb 1-1: config 0 descriptor?? [ 270.260312][ T5877] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 270.296473][ T8432] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 271.315638][ T7607] usbhid 1-1:0.0: can't add hid device: -71 [ 271.329716][ T7607] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 271.355332][ T7607] usb 1-1: USB disconnect, device number 22 [ 271.389769][ T5877] usb 2-1: device descriptor read/64, error -71 [ 271.568042][ T5877] usb usb2-port1: attempt power cycle [ 279.267990][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.5.877'. [ 279.490799][ T5877] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 279.690701][ T5877] usb 4-1: device descriptor read/64, error -71 [ 280.012030][ T5877] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 280.331924][ T5877] usb 4-1: device descriptor read/64, error -71 [ 281.045662][ T5877] usb usb4-port1: attempt power cycle [ 281.047962][ T8509] xt_recent: Unsupported userspace flags (000000da) [ 285.232544][ T8541] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 287.129941][ T8541] kvm: pic: non byte read [ 287.134602][ T8541] kvm: pic: level sensitive irq not supported [ 287.134673][ T8541] kvm: pic: non byte read [ 288.385916][ T7602] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 288.731355][ T7602] usb 2-1: device descriptor read/64, error -71 [ 289.822530][ T5829] Bluetooth: hci5: command tx timeout [ 292.579711][ T5902] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 292.739810][ T5902] usb 6-1: Invalid ep0 maxpacket: 64 [ 294.708236][ T8609] xt_CT: No such helper "snmp" [ 294.719617][ T5902] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 295.037410][ T5902] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 295.052950][ T5902] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 295.065107][ T5902] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 295.077052][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=3, SerialNumber=0 [ 295.085277][ T5902] usb 6-1: Product: syz [ 295.101856][ T8604] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 295.347480][ T8604] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 295.992827][ T5902] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 297.195307][ T5879] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 297.370891][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 297.396799][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.424655][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.449133][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 297.472981][ T5879] usb 4-1: New USB device found, idVendor=056a, idProduct=00b5, bcdDevice= 0.00 [ 297.492019][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.544288][ T5879] usb 4-1: config 0 descriptor?? [ 297.967301][ T5879] usbhid 4-1:0.0: can't add hid device: -71 [ 297.969640][ T7602] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 297.973360][ T5879] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 297.991882][ T5879] usb 4-1: USB disconnect, device number 25 [ 298.109856][ T7602] usb 2-1: device descriptor read/64, error -71 [ 298.349906][ T7602] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 298.356253][ T978] usb 6-1: USB disconnect, device number 3 [ 299.211401][ T7602] usb 2-1: device descriptor read/64, error -71 [ 299.348905][ T7602] usb usb2-port1: attempt power cycle [ 300.410017][ T7602] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 300.870087][ T7602] usb 2-1: device descriptor read/8, error -71 [ 300.970551][ T8649] syz.4.913 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 302.690449][ T8663] MTD: Couldn't look up 'Ÿë': -2 [ 313.048597][ T8719] capability: warning: `syz.0.932' uses 32-bit capabilities (legacy support in use) [ 313.742349][ T8721] syz.0.932 (8721) used greatest stack depth: 19128 bytes left [ 317.610174][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.623756][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.409086][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 323.423191][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 323.431227][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 323.439787][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 323.447508][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 323.713916][ T8789] trusted_key: syz.3.951 sent an empty control message without MSG_MORE. [ 325.389662][ T8797] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 325.599734][ T5838] Bluetooth: hci6: command tx timeout [ 328.285429][ T5838] Bluetooth: hci6: command tx timeout [ 330.451034][ T5838] Bluetooth: hci6: command tx timeout [ 330.618831][ T8782] chnl_net:caif_netlink_parms(): no params data found [ 331.448631][ T8842] veth0_vlan: entered allmulticast mode [ 331.489763][ T8782] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.496970][ T8782] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.778067][ T8782] bridge_slave_0: entered allmulticast mode [ 331.785844][ T8782] bridge_slave_0: entered promiscuous mode [ 332.741654][ T5838] Bluetooth: hci6: command tx timeout [ 332.771207][ T8782] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.778388][ T8782] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.880739][ T8847] xt_hashlimit: size too large, truncated to 1048576 [ 332.919690][ T8782] bridge_slave_1: entered allmulticast mode [ 333.108523][ T8782] bridge_slave_1: entered promiscuous mode [ 335.704561][ T8782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 335.733436][ T8782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 335.964971][ T8870] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 337.692145][ T8782] team0: Port device team_slave_0 added [ 337.779255][ T8782] team0: Port device team_slave_1 added [ 339.206743][ T8782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.224003][ T8782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.299719][ T8782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.332176][ T8882] lo speed is unknown, defaulting to 1000 [ 339.339851][ T8882] lo speed is unknown, defaulting to 1000 [ 339.347138][ T8882] lo speed is unknown, defaulting to 1000 [ 339.509086][ T8882] infiniband sz1: set active [ 339.513900][ T8882] infiniband sz1: added lo [ 339.519604][ T8882] sz1: rxe_create_cq: returned err = -12 [ 339.525465][ T8882] infiniband sz1: Couldn't create ib_mad CQ [ 339.532366][ T8882] infiniband sz1: Couldn't open port 1 [ 339.547012][ T978] lo speed is unknown, defaulting to 1000 [ 339.554314][ T8782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.632687][ T8882] RDS/IB: sz1: added [ 339.636781][ T8882] smc: adding ib device sz1 with port count 1 [ 339.638556][ T8782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.644022][ T8882] smc: ib device sz1 port 1 has pnetid [ 339.779664][ T8782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.797554][ T8882] lo speed is unknown, defaulting to 1000 [ 339.914478][ T8882] lo speed is unknown, defaulting to 1000 [ 340.030235][ T8882] lo speed is unknown, defaulting to 1000 [ 340.146099][ T8882] lo speed is unknown, defaulting to 1000 [ 340.265141][ T8882] lo speed is unknown, defaulting to 1000 [ 340.381672][ T8882] lo speed is unknown, defaulting to 1000 [ 340.497844][ T8882] lo speed is unknown, defaulting to 1000 [ 340.685202][ T978] lo speed is unknown, defaulting to 1000 [ 341.676576][ T8782] hsr_slave_0: entered promiscuous mode [ 341.903239][ T8782] hsr_slave_1: entered promiscuous mode [ 341.930490][ T8782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 341.938090][ T8782] Cannot create hsr debugfs directory [ 342.193924][ T8907] netlink: 'syz.3.978': attribute type 3 has an invalid length. [ 342.201737][ T8907] netlink: 'syz.3.978': attribute type 2 has an invalid length. [ 342.209393][ T8907] netlink: 'syz.3.978': attribute type 3 has an invalid length. [ 342.217072][ T8907] netlink: 'syz.3.978': attribute type 4 has an invalid length. [ 347.047116][ T8782] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 347.229994][ T8782] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 347.618695][ T30] audit: type=1326 audit(1743516220.306:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8924 comm="syz.3.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c61d8d169 code=0x7fc00000 [ 347.664251][ T8936] No source specified [ 347.858823][ T8782] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 347.879120][ T8782] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 349.540397][ T8944] netlink: 'syz.4.987': attribute type 9 has an invalid length. [ 349.548438][ T8944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.987'. [ 351.391158][ T8782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.412920][ T8782] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.573241][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.580452][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.630217][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.637452][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.929899][ T8965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.991'. [ 353.938823][ T8965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.991'. [ 353.947784][ T8965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.991'. [ 354.893097][ T8968] netlink: 44 bytes leftover after parsing attributes in process `syz.0.993'. [ 355.340836][ T8971] misc userio: No port type given on /dev/userio [ 355.452270][ T8979] loop6: detected capacity change from 0 to 524287999 [ 356.437555][ C0] blk_print_req_error: 7 callbacks suppressed [ 356.437573][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 356.459827][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.469003][ C0] buffer_io_error: 7 callbacks suppressed [ 356.469021][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 356.482728][ C0] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.491926][ C0] Buffer I/O error on dev loop6, logical block 1, async page read [ 356.499865][ C0] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.509104][ C0] Buffer I/O error on dev loop6, logical block 2, async page read [ 356.517045][ C0] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.526341][ C0] Buffer I/O error on dev loop6, logical block 3, async page read [ 356.581853][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.591278][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 356.599353][ C0] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.608553][ C0] Buffer I/O error on dev loop6, logical block 1, async page read [ 356.616575][ C0] I/O error, dev loop6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.625860][ C0] Buffer I/O error on dev loop6, logical block 2, async page read [ 356.633813][ C0] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.643100][ C0] Buffer I/O error on dev loop6, logical block 3, async page read [ 357.802192][ T8782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 360.832654][ T7054] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.062104][ T7054] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.430005][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 364.261988][ T7054] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.123903][ T7054] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.166679][ T8782] veth0_vlan: entered promiscuous mode [ 366.200768][ T8782] veth1_vlan: entered promiscuous mode [ 368.857261][ T8782] veth0_macvtap: entered promiscuous mode [ 368.902958][ T8782] veth1_macvtap: entered promiscuous mode [ 368.991103][ T7054] bridge_slave_0: left allmulticast mode [ 368.997056][ T7054] bridge_slave_0: left promiscuous mode [ 369.047937][ T7054] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.472530][ T31] INFO: task syz-executor:5834 blocked for more than 143 seconds. [ 370.651363][ T31] Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 [ 370.658714][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 370.694088][ T31] task:syz-executor state:D stack:20840 pid:5834 tgid:5834 ppid:1 task_flags:0x400140 flags:0x00004004 [ 370.726594][ T31] Call Trace: [ 370.734620][ T31] [ 370.742455][ T31] __schedule+0x1b33/0x51f0 [ 370.758183][ T31] ? schedule+0x163/0x360 [ 370.767126][ T31] ? __pfx___schedule+0x10/0x10 [ 370.782366][ T31] ? schedule+0x90/0x360 [ 370.793740][ T31] ? schedule+0x90/0x360 [ 370.818283][ T31] schedule+0x163/0x360 [ 370.833159][ T31] v9fs_evict_inode+0x17e/0x370 [ 370.852235][ T31] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 370.879542][ T31] ? __pfx_var_wake_function+0x10/0x10 [ 370.885081][ T31] ? do_raw_spin_unlock+0x13c/0x8b0 [ 370.958760][ T31] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 370.996644][ T31] evict+0x4f9/0x9b0 [ 371.022164][ T31] ? __pfx_evict+0x10/0x10 [ 371.043312][ T31] ? iput+0x713/0xa50 [ 371.067377][ T31] __dentry_kill+0x20d/0x630 [ 371.097850][ T31] ? dput+0x37/0x2b0 [ 371.107953][ T31] dput+0x19f/0x2b0 [ 371.120086][ T31] shrink_dcache_for_umount+0xb4/0x180 [ 371.139421][ T31] generic_shutdown_super+0x6a/0x2d0 [ 371.155061][ T31] kill_anon_super+0x3b/0x70 [ 371.169829][ T31] v9fs_kill_super+0x4c/0x90 [ 371.196452][ T31] deactivate_locked_super+0xc4/0x130 [ 371.230295][ T31] cleanup_mnt+0x422/0x4c0 [ 371.244372][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 371.266645][ T31] task_work_run+0x251/0x310 [ 371.284086][ T31] ? __pfx_task_work_run+0x10/0x10 [ 371.295915][ T31] ? syscall_exit_to_user_mode+0xa3/0x340 [ 371.310753][ T31] syscall_exit_to_user_mode+0x13f/0x340 [ 371.333444][ T31] do_syscall_64+0x100/0x230 [ 371.353714][ T31] ? clear_bhb_loop+0x45/0xa0 [ 371.365428][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.386418][ T31] RIP: 0033:0x7f014798e497 [ 371.401792][ T31] RSP: 002b:00007ffda7580c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 371.437762][ T31] RAX: 0000000000000000 RBX: 00007f0147a0e08c RCX: 00007f014798e497 [ 371.462790][ T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda7580d20 [ 371.492133][ T31] RBP: 00007ffda7580d20 R08: 0000000000000000 R09: 0000000000000000 [ 371.521084][ T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda7581db0 [ 371.561728][ T31] R13: 00007f0147a0e08c R14: 00000000000333b7 R15: 00007ffda7581df0 [ 371.590011][ T31] [ 371.593235][ T31] [ 371.593235][ T31] Showing all locks held in the system: [ 371.664157][ T31] 4 locks held by kworker/0:1/10: [ 371.669284][ T31] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 371.758709][ T31] #1: ffffc900000f7c60 ((work_completion)(&smcibdev->port_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 371.786730][ T31] #2: ffff88802f23d258 (&rxe->usdev_lock){+.+.}-{4:4}, at: rxe_query_port+0x7e/0x3b0 [ 371.797907][ T31] #3: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x163/0x850 [ 371.807503][ T31] 1 lock held by khungtaskd/31: [ 371.812524][ T31] #0: ffffffff8ed3b560 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 [ 371.829393][ T31] 2 locks held by kworker/u8:2/36: [ 371.834664][ T31] #0: ffff88801b089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 371.846585][ T31] #1: ffffc90000ad7c60 ((work_completion)(&rreq->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 371.929944][ T31] 2 locks held by kworker/u8:3/53: [ 371.935191][ T31] #0: ffff88801f71b948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 371.946769][ T31] #1: ffffc90000be7c60 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 371.959691][ T31] 2 locks held by getty/5584: [ 371.980059][ T31] #0: ffff88814d0cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 371.990064][ T31] #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x53d/0x16b0 [ 372.000423][ T31] 1 lock held by syz-executor/5834: [ 372.007540][ T31] #0: ffff88804ec2a0e0 (&type->s_umount_key#64){+.+.}-{4:4}, at: deactivate_super+0xb5/0xf0 [ 372.017920][ T31] 3 locks held by kworker/1:3/5877: [ 372.035827][ T31] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 372.056846][ T31] #1: ffffc9000411fc60 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 372.069957][ T31] #2: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 372.080781][ T31] 3 locks held by kworker/u8:12/7049: [ 372.086390][ T31] #0: ffff88801b089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 372.098284][ T31] #1: ffffc9000b77fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 372.109707][ T31] #2: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 372.118811][ T31] 4 locks held by kworker/u8:14/7052: [ 372.124293][ T31] 3 locks held by kworker/u8:15/7053: [ 372.129816][ T31] #0: ffff88814cf0d148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 372.143127][ T31] #1: ffffc9000aec7c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 372.156101][ T31] #2: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x110/0x16a0 [ 372.165694][ T31] 5 locks held by kworker/u8:16/7054: [ 372.171220][ T31] #0: ffff88801bef3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 372.182309][ T31] #1: ffffc9000adafc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 372.193037][ T31] #2: ffffffff900d8d90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 372.202567][ T31] #3: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: cleanup_net+0x6c1/0xd60 [ 372.211554][ T31] #4: ffffffff8ed40a78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x384/0x830 [ 372.222655][ T31] 1 lock held by syz-executor/8782: [ 372.227873][ T31] #0: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x7da/0xf40 [ 372.237483][ T31] 2 locks held by syz.4.1018/9071: [ 372.242673][ T31] #0: ffffffff8f8553e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250 [ 372.252325][ T31] #1: ffffffff900e59c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0 [ 372.276656][ T31] [ 372.279005][ T31] ============================================= [ 372.279005][ T31] [ 372.287597][ T31] NMI backtrace for cpu 0 [ 372.287624][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 372.287648][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.287660][ T31] Call Trace: [ 372.287668][ T31] [ 372.287676][ T31] dump_stack_lvl+0x241/0x360 [ 372.287711][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.287738][ T31] ? __pfx__printk+0x10/0x10 [ 372.287775][ T31] nmi_cpu_backtrace+0x4ab/0x4e0 [ 372.287811][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 372.287839][ T31] ? _printk+0xd5/0x120 [ 372.287866][ T31] ? __wake_up_klogd+0xcc/0x110 [ 372.287895][ T31] ? __pfx__printk+0x10/0x10 [ 372.287925][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 372.287947][ T31] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 372.287981][ T31] watchdog+0x1058/0x10a0 [ 372.288002][ T31] ? watchdog+0x1ea/0x10a0 [ 372.288026][ T31] ? __pfx_watchdog+0x10/0x10 [ 372.288044][ T31] kthread+0x7b7/0x940 [ 372.288074][ T31] ? __pfx_watchdog+0x10/0x10 [ 372.288094][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288117][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288143][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288169][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288195][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 372.288213][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 372.288234][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288262][ T31] ret_from_fork+0x4b/0x80 [ 372.288280][ T31] ? __pfx_kthread+0x10/0x10 [ 372.288305][ T31] ret_from_fork_asm+0x1a/0x30 [ 372.288347][ T31] [ 372.288363][ T31] Sending NMI from CPU 0 to CPUs 1: [ 372.449585][ C1] NMI backtrace for cpu 1 [ 372.449608][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 372.449630][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.449640][ C1] RIP: 0010:match_held_lock+0x2/0xb0 [ 372.449664][ C1] Code: 10 5b 41 5c 41 5e 41 5f c3 cc cc cc cc e8 f6 f8 ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 53 01 00 00 00 48 39 77 10 74 67 48 89 fb 81 7f 20 00 00 20 00 72 [ 372.449678][ C1] RSP: 0018:ffffc90000a08830 EFLAGS: 00000083 [ 372.449694][ C1] RAX: 0000000000000005 RBX: ffff88801d6e6590 RCX: dffffc0000000000 [ 372.449707][ C1] RDX: 0000000000000000 RSI: ffff8880b8639998 RDI: ffff88801d6e6590 [ 372.449718][ C1] RBP: 0000000000000004 R08: ffff88801d6e5a07 R09: 1ffff11003adcb40 [ 372.449730][ C1] R10: dffffc0000000000 R11: ffffed1003adcb41 R12: ffff88801d6e5a00 [ 372.449743][ C1] R13: 0000000000000046 R14: 00000000ffffffff R15: ffff8880b8639998 [ 372.449755][ C1] FS: 0000000000000000(0000) GS:ffff8881250e2000(0000) knlGS:0000000000000000 [ 372.449769][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 372.449780][ C1] CR2: 00007f1abb378ab8 CR3: 0000000035e4a000 CR4: 00000000003526f0 [ 372.449795][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 372.449806][ C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 372.449816][ C1] Call Trace: [ 372.449822][ C1] [ 372.449830][ C1] lock_is_held_type+0xae/0x1a0 [ 372.449850][ C1] wakeup_preempt+0x1f9/0x2c0 [ 372.449873][ C1] ttwu_do_activate+0x233/0x8e0 [ 372.449898][ C1] try_to_wake_up+0x93a/0x15d0 [ 372.449925][ C1] ? __pfx_try_to_wake_up+0x10/0x10 [ 372.449955][ C1] kick_pool+0x45c/0x620 [ 372.449975][ C1] __queue_work+0xdb0/0x10a0 [ 372.449994][ C1] ? __queue_work+0x115/0x10a0 [ 372.450014][ C1] call_timer_fn+0x189/0x650 [ 372.450031][ C1] ? call_timer_fn+0xc2/0x650 [ 372.450046][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 372.450065][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 372.450082][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 372.450102][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 372.450125][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 372.450144][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 372.450164][ C1] __run_timer_base+0x699/0x8e0 [ 372.450193][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 372.450220][ C1] ? seqcount_lockdep_reader_access+0x1c3/0x230 [ 372.450247][ C1] run_timer_softirq+0xb7/0x170 [ 372.450272][ C1] handle_softirqs+0x2d6/0x9b0 [ 372.450291][ C1] ? __irq_exit_rcu+0xfb/0x220 [ 372.450307][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 372.450324][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 372.450349][ C1] __irq_exit_rcu+0xfb/0x220 [ 372.450364][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 372.450384][ C1] irq_exit_rcu+0x9/0x30 [ 372.450398][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 372.450414][ C1] [ 372.450420][ C1] [ 372.450426][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 372.450444][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 372.450466][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 08 e0 63 93 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 55 e5 83 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 372.450480][ C1] RSP: 0018:ffffc90000197d08 EFLAGS: 00000246 [ 372.450500][ C1] RAX: ffff88801d6e5a00 RBX: ffff8881412d7864 RCX: ffffffff8c2656cc [ 372.450513][ C1] RDX: 0000000000000001 RSI: ffff8881412d7800 RDI: ffff8881412d7864 [ 372.450524][ C1] RBP: ffffffff93653af8 R08: ffff8880b8732b5b R09: 1ffff110170e656b [ 372.450536][ C1] R10: dffffc0000000000 R11: ffffffff8c2671a0 R12: ffff88801f70f000 [ 372.450548][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f535e40 [ 372.450562][ C1] ? __pfx_acpi_idle_enter+0x10/0x10 [ 372.450584][ C1] ? ct_kernel_exit+0x12c/0x1a0 [ 372.450605][ C1] acpi_idle_enter+0xe4/0x140 [ 372.450627][ C1] cpuidle_enter_state+0x111/0x480 [ 372.450647][ C1] ? __pfx_menu_select+0x10/0x10 [ 372.450672][ C1] cpuidle_enter+0x5d/0xa0 [ 372.450691][ C1] do_idle+0x374/0x5d0 [ 372.450712][ C1] ? __pfx_do_idle+0x10/0x10 [ 372.450737][ C1] cpu_startup_entry+0x42/0x60 [ 372.450755][ C1] start_secondary+0xfe/0x100 [ 372.450770][ C1] common_startup_64+0x13e/0x147 [ 372.450799][ C1] [ 372.451693][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 372.879568][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 372.891063][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.901124][ T31] Call Trace: [ 372.904407][ T31] [ 372.907341][ T31] dump_stack_lvl+0x241/0x360 [ 372.912039][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.917249][ T31] ? __pfx__printk+0x10/0x10 [ 372.921855][ T31] ? vscnprintf+0x5d/0x90 [ 372.926198][ T31] panic+0x349/0x880 [ 372.930102][ T31] ? __pfx_preempt_schedule+0x10/0x10 [ 372.935483][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 372.941653][ T31] ? __pfx_panic+0x10/0x10 [ 372.946077][ T31] ? tick_nohz_tick_stopped+0x82/0xb0 [ 372.951463][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 372.956852][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 372.963020][ T31] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 372.969188][ T31] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 372.975369][ T31] watchdog+0x1097/0x10a0 [ 372.979711][ T31] ? watchdog+0x1ea/0x10a0 [ 372.984144][ T31] ? __pfx_watchdog+0x10/0x10 [ 372.988824][ T31] kthread+0x7b7/0x940 [ 372.992909][ T31] ? __pfx_watchdog+0x10/0x10 [ 372.997594][ T31] ? __pfx_kthread+0x10/0x10 [ 373.002191][ T31] ? __pfx_kthread+0x10/0x10 [ 373.006788][ T31] ? __pfx_kthread+0x10/0x10 [ 373.011391][ T31] ? __pfx_kthread+0x10/0x10 [ 373.015991][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 373.021190][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 373.026396][ T31] ? __pfx_kthread+0x10/0x10 [ 373.030994][ T31] ret_from_fork+0x4b/0x80 [ 373.035413][ T31] ? __pfx_kthread+0x10/0x10 [ 373.040009][ T31] ret_from_fork_asm+0x1a/0x30 [ 373.044792][ T31] [ 373.048130][ T31] Kernel Offset: disabled [ 373.052463][ T31] Rebooting in 86400 seconds..