last executing test programs: 6.801264677s ago: executing program 1 (id=611): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000000500)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0xf0ff, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 6.301457101s ago: executing program 0 (id=618): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) (async, rerun: 64) syz_open_dev$MSR(0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) (async) readv(r2, &(0x7f0000000580)=[{&(0x7f0000000080)}, {&(0x7f0000000180)=""/90}, {&(0x7f0000000200)=""/186}, {&(0x7f0000000500)=""/128}], 0x0) (async) r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000640), 0x800, 0x0) ioctl$CDROMREADAUDIO(r3, 0x5392, 0x0) (async) r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2000}, 0x18, 0x0) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000004000000080000000d8abf573a5554bfe117280387d08aee069e032b8077b3b828fb2c29619f387a8e5cd905ee8dbbd3566dcfca5ea55c4f654283ab"], 0x48) (async) close(0x3) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a0000000800000006ff010002ff0000000000d2", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="000000000000ad00cb080000000000007b8af8ff00000000bfa200000000000007020000f8fffffeb703000008000000b70400000000fbff84000000030000009500000000000000151ffab1259c908f8d80436dd08b1a884204a93ebce9a4ec3d7084f9be0c824c3f225f18a1124547031f937740a5de857ce0f454efd4a7389dc79f2bb96cfe3fca6a5a1ab22098f9115d506529939b49d42ac5d992c5c45f2e59c5e004fc98f3fbe714573c3c7895b5e3ff8f5376f45ae9213ffb35b8f193db6bbfeba6b95a43bbe2e7eeb3d941f2f6f0c80b5c74a469c2aeb0f307a1937c695c9d7b78c743e5c134bf6922770c6fb0184e35a645b74d49e5d45ddfda91edc91f0a0cf95bd912f4813400"/280], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000080)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f00000000c0)=r9, 0x4) (async) sendmsg$unix(r8, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64) io_setup(0x142e, 0x0) (async, rerun: 64) landlock_restrict_self(r4, 0x9) (async) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000340)=0x0) (async) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) (async) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r10, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) (async, rerun: 32) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (rerun: 32) r11 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r11) (async) wait4(r11, 0x0, 0x2, 0x0) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'gre0\x00'}) (rerun: 32) 6.235557813s ago: executing program 0 (id=619): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000009b00000085000000500000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="000000f684e0bcccf999c5fe56f5", 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xf0ffff}, 0x50) 6.172369778s ago: executing program 0 (id=620): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000020601019e560000000000000000000505000100070000000900020073797a31000000001400078008000600ffffffff08001340000000020500050002000000050004000000000013000300686173683a6e65742c6966616365"], 0x60}}, 0x4000820) r1 = socket(0x10, 0x803, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x2000000, 0x0, 0x60, 0x0, 0x0, 0x0) r2 = syz_usb_connect$printer(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mount$nfs4(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6673633d8f"]) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d00), r5) ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000000)) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d40)={0x14, r6, 0x1, 0x70bd2c, 0xa}, 0x14}, 0x1, 0x0, 0x0, 0x4008800}, 0x8080) syz_usb_disconnect(r2) read$char_usb(r3, 0x0, 0x0) socket(0x26, 0x80000, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_cgroup={{0x6d}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x1c) 5.986998961s ago: executing program 1 (id=622): syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fff7ffc}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180)=0x4, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000fd3f00000000000009000000850000007a190001000000000066dbeef1901192a7e5e44bf7a8a068b4d4109306283d63fce3801497fe2c62c2c6c68cc2b9555cd8b0e4c3bd9f3f433e0572ff6e4247da1a3a762bd6a3c9afa16e816b7419621047e396fea4a3ab0d3715c1393688b13ea375be4eb02f8685f569c10790e96b8fcc19e28e6af361c6133bce70"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000440), 0x26400, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x17, 0x24, &(0x7f0000000300)="0200009e1fee13bc0d14fb5c00de2abe4e0972f18b7e9a", &(0x7f0000000340)=""/36, 0x80004000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x4c) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@ifindex, 0x2e, 0x1, 0x9, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000340), &(0x7f00000003c0), 0x0}, 0x40) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRESDEC], 0x5) setreuid(0xee00, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000040), 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1, 0xffffffffffffd2a1, 0x5, 0x3, 0x2, {0x0, 0x800000000000002, 0x20ff, 0x10000001, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xf0b}}}}, 0xa0) syz_io_uring_setup(0x4b5, &(0x7f0000000680)={0x0, 0x35c3, 0x1000, 0x8}, 0x0, 0x0, &(0x7f0000000000)) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) 5.34194817s ago: executing program 3 (id=625): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) syz_clone3(0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0800002c0007012bbd7000000000e508", @ANYRES64=r1], 0x85c}, 0x1, 0x0, 0x0, 0x24048050}, 0xc000) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) fanotify_init(0x200, 0x0) unshare(0x22020600) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20040, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r3, 0x402, 0x1a) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x3, 0x0, {0x0, 0x0, 0x4, 0x0, 0x308}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8044) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r5, 0x1, r0, 0x4}) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='caif0\x00', 0x10) 4.901950367s ago: executing program 1 (id=626): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40004}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYRES64=r0], 0x84}, 0x1, 0x0, 0x0, 0x4000841}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000002000010025bf7000fbdbdf250a000040000000070600000008000d000200000008000e"], 0x2c}, 0x1, 0x0, 0x0, 0x24048860}, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat(0xffffffffffffff9c, 0x0, 0x320800d, 0x31) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi2\x00', 0x1, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl711\x00', [0x140, 0x1f, 0x9, 0x2, 0x10000007, 0x1, 0x7fff, 0x30000002, 0x7, 0xc72d, 0x0, 0x7, 0x3, 0x400008, 0x29, 0x72f0, 0x101, 0x6, 0x6, 0x401, 0x4, 0x484, 0xa2dc, 0x9, 0x9000, 0x80000001, 0x33, 0x0, 0x383, 0x8001, 0x4]}) writev(r5, &(0x7f0000001600)=[{0x0}, {&(0x7f0000000280)="29e3e5864ceda68155960e4b20eb0403a71898733f0dcb64c38849be0185191621d8d87c521201593212da719d600d9262d4ac59dfb5ec2b503053b465b55ae5c7ca58b82c73ad9aa7872d1e4060a6112879a7afe128f10bf20cfdc833e20586afd9a2c4e96bf1", 0x67}, {&(0x7f0000000300)="ac3d900278bc4f673648008b3fd9dafb", 0x10}, {&(0x7f0000000340)="79baf7c80af72c6d074d7aa55d18c2b3f92fb55d09041ffa4b66a0ed18f71e54cc0a5bc1461a6d07e6d4f31058721987ab90040f06c98df9afdd7c6614915beee9a0bea8187c6315a4be760ebc06c000bbe9a766f3752ff9ed8b304d3378bfd1a88dfc510d611a8c13259173a7c957bdd73f4bc320391f6d862cfdd58f6c09abefc7302f22bf6795474455a958f56a17d1551e", 0x93}, {0x0}, {&(0x7f00000004c0)="a407d58cecfb1369d434cee2363e2e667262a9fda651de7eb280ec8ff5087e0036af2fef7939cac0a06e6169aa6caa951a4a9b35e608532fafaa74692296b26bf7525aefeadde445128254deda33cb8622aad1f5aa0ab3ba8a81949805c4de7209102f463431fb613efae16477340300ad74baf9e9dcf19667797369fdeb42", 0x7f}, {&(0x7f00000005c0)}], 0x7) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) r6 = socket$inet6(0xa, 0x2, 0x3a) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r7, 0x29, 0xd4, 0x0, 0x0) connect$inet6(r6, &(0x7f00000005c0)={0xa, 0x4e22, 0x430, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}, 0x1c) openat$zero(0xffffff9c, &(0x7f0000000000), 0x18100, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00') openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) 4.391838639s ago: executing program 3 (id=627): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x170, 0x24, 0xd0f, 0x1ffffd, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x8, 0x3, 0x400, 0x9, 0x7d, 0x101, 0x86a4, 0xc40, 0x7fffffff, 0xfffffffd, 0x1b, 0xb, 0x16, 0x6, 0xca11, 0xffff}}, @TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb0000f1ff00000009e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acdf902703c7bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x845}, 0x24008004) 4.301972346s ago: executing program 3 (id=628): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x10a942, 0x9f667fd378a54ed4) write$P9_RREADLINK(r2, &(0x7f0000000040)={0x10, 0x17, 0x2, {0xffffffffffffffc1, './file0'}}, 0xfffffdab) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0001}]}) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, 0x0, 0x0) syz_io_uring_setup(0x110, 0x0, 0x0, &(0x7f0000000280), &(0x7f0000000000)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioperm(0x2, 0x7ff, 0x8) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r6, 0x1, &(0x7f0000000400), 0x0) r7 = eventfd2(0x0, 0x1) read$eventfd(r7, &(0x7f0000000040), 0x8) close(r5) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000000000001c0012000c00010062"], 0x3c}}, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r9], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)=""/227, 0xe3}], 0x1}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/156, 0x9c}], 0x1}}], 0x2, 0x40000000, 0x0) 3.619090569s ago: executing program 1 (id=629): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4000000000000007910900000000000620000000000000095000000000000009e574bffff1729aba9b39a58e3cd8757e44cf3611b8e327a0279acba1f7791408d1efa42123972"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) r0 = syz_open_dev$video(&(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)=0x0) prlimit64(r1, 0x1, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r5, @ANYBLOB="aa7fdc5b32e0192643a1d3c88278ba5d0d0052c2761b25d685ec477a0dba28c3c9ed949edc6fd3bb8854646b0b8315fbd71fc6830ce440db66d4db501e5a5fe69a31af7929d43ba7baf28f2960ff0be8b6fa7b861d08890550bac58a87a40def209f98e4d9ec938cdd453e99727bce509344dad6ef86675d87a9774c45568c"], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003", 0x4f}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e21, @local}]}, &(0x7f0000000440)=0xc) setsockopt$inet_sctp6_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000100)={r9, 0xd}, 0x8) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000080)={0xa, 0x1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="6a0ac4ff00000000711093000000000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) listns(&(0x7f0000000000)={0x20, 0x0, 0x19, 0x20000, 0x0, 0x5}, 0x0, 0xfffffc90, 0x0) 3.391972389s ago: executing program 3 (id=631): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000002800)={0x2020}, 0x2020) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc2c45513, &(0x7f0000000040)={0xb, 0x3, 0x1, 0x5, 'syz0\x00', 0x6}) futex(0x0, 0x109, 0x0, &(0x7f0000000200)={0x0, 0x3938700}, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0xc0b45545, &(0x7f0000000040)=0x1000) 3.230848346s ago: executing program 3 (id=632): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000001b80)='pimreg1\x00') ioctl$XFS_IOC_FSINUMBERS(r0, 0xc0105867, &(0x7f0000000140)={&(0x7f0000000000)=0x4be, 0x7, &(0x7f0000000040)=[{}], &(0x7f0000000100)}) 3.172117335s ago: executing program 3 (id=633): openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, &(0x7f0000000300)=0xd8}) 2.831633132s ago: executing program 0 (id=634): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x7, 0x543041) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) syz_io_uring_setup(0x3ec3, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a7379b5d1ef7a20303430"], 0x2a, 0x0) r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55) listen(0xffffffffffffffff, 0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000440), 0x8, 0x212000) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$vim2m(0x0, 0x0, 0x2) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) socket$key(0xf, 0x3, 0x2) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000500)={0x48}) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="696e6f646509952c61705672616973655f747970653d696d617369672c6673757569643c65333232626362642d656535622d326238382d61006100386036622c00cd8a7645024587904142ea0000000000"]) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002340)=ANY=[@ANYBLOB], 0x48}}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0) write$dsp(r5, &(0x7f0000000100)="e6ba", 0x2) close(r5) 1.730975709s ago: executing program 0 (id=636): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f0000005e40)="1700efff020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) 1.671151507s ago: executing program 1 (id=637): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r2}, 0xc) openat$kvm(0xffffff9c, &(0x7f0000000000), 0x200200, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd000071187c0000000000c3640000f10000007b0a00fe00000000850000000c00000079a000fe000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x100) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x3, 0x0, 0x3, 0x6}, 0x0, 0xfffffffc, 'id0\x00', 'timer0\x00'}) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x4, 0x60000) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r6) bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x19, 0x4, 0x4, 0x2}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x15, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xbf48a36ac9ccce8}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200020}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000500)={{0x2, 0x0, 0x5, 0x3, 0x3ff}}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r7, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) ioctl$MON_IOCT_RING_SIZE(r4, 0x9204, 0x10f0d) 1.670781235s ago: executing program 0 (id=638): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014"], 0x7c}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) shutdown(0xffffffffffffffff, 0x0) timerfd_create(0x8, 0x80000) syz_clone3(&(0x7f0000000080)={0xa690b000, &(0x7f0000000040), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x54, &(0x7f0000000100)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00') socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) 1.352042898s ago: executing program 2 (id=639): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000800)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x2, 0x0, 0x0, 0x11, 0x0, @empty=0x2000, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 1.35160996s ago: executing program 2 (id=640): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e005", 0x26}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93", 0x72}], 0x3, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) (async) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e005", 0x26}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93", 0x72}], 0x3, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800) socket$inet_tcp(0x2, 0x1, 0x0) (async) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = epoll_create1(0x80000) r5 = fcntl$dupfd(r3, 0x406, r3) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000040)={0x20000000}) r6 = syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = getpid() kcmp$KCMP_EPOLL_TFD(r7, r6, 0x7, r5, &(0x7f0000000100)={r4, r5}) (async) kcmp$KCMP_EPOLL_TFD(r7, r6, 0x7, r5, &(0x7f0000000100)={r4, r5}) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f00000002c0)=""/86, 0x56}], 0x2}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="c4000000190001000000000000000000e0000002000000000000000000000000ff02000080000000000000000000000100000000000000000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000feffffffffffffff0000000000000000010000000c001c00", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xc4}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}, @IFLA_BOND_TLB_DYNAMIC_LB={0x5}]}}}]}, 0x44}}, 0x0) 1.230971882s ago: executing program 2 (id=641): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0xd) mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount$cgroup(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), 0x10, &(0x7f0000000140)={[{@clone_children}]}) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x42, &(0x7f0000000000)=ANY=[@ANYBLOB="7af2dee3864a4a00008566ac85", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRES32=r1, @ANYBLOB=',group_id=', @ANYRESHEX=r1]) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan0\x00'}) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x59, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x11) socket$alg(0x26, 0x5, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) landlock_create_ruleset(0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3) sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)=ANY=[], 0x0, 0x0) 726.062753ms ago: executing program 1 (id=642): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000020601019e560000000000000000000505000100070000000900020073797a31000000001400078008000600ffffffff08001340000000020500050002000000050004000000000013000300686173683a6e65742c6966616365"], 0x60}}, 0x4000820) r1 = socket(0x10, 0x803, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x2000000, 0x0, 0x60, 0x0, 0x0, 0x0) r2 = syz_usb_connect$printer(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mount$nfs4(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6673633d8f"]) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d00), r5) ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000000)) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d40)={0x14, r6, 0x1, 0x70bd2c, 0xa}, 0x14}, 0x1, 0x0, 0x0, 0x4008800}, 0x8080) syz_usb_disconnect(r2) read$char_usb(r3, 0x0, 0x0) socket(0x26, 0x80000, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_cgroup={{0x6d}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x1c) 230.679885ms ago: executing program 2 (id=643): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18050000000004000000000000000000850000007b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080)=r0, 0x4) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x401, 0xf0ffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bfde, 0xe1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0) 155.240066ms ago: executing program 2 (id=644): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000540)=[@text32={0x20, 0x0}], 0x1, 0x40, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, 'Me)', 0x18, 0x6, 0xfe, @private1={0xfc, 0x1, '\x00', 0xbf}, @local, {[], {{0x1, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x2, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@local, @in6=@remote}}, {{@in=@multicast1}, 0x0, @in=@dev}}, &(0x7f00000001c0)=0xe8) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x800000000000, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) r2 = socket$key(0xf, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$key(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)=ANY=[@ANYBLOB="020602000200000002000000"], 0x10}}, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c) 0s ago: executing program 2 (id=645): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000340)={'wpan0\x00'}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYRES8=r1, @ANYRES32=r4, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="045c9600", @ANYRESOCT=r5, @ANYBLOB="00022abd7000000000000800030000000002", @ANYRES32=r4, @ANYBLOB="1bb76628602a520500010001040000"], 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x800) r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r7 = socket(0x10, 0x3, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x20008881, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r6, 0x891b, 0x0) r8 = syz_open_dev$loop(&(0x7f0000000040), 0xffffffff80000001, 0x1680a2) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/pm_trace', 0x0, 0x2a) ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000000080)={r9, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dce141802c4dacf162e43ac6126c370ec00000000a04100", [0xffffffff7ffffce8, 0xa]}}) ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r9) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8953, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x80c42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r10 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet_smc(0x2b, 0x1, 0x0) kernel console output (not intermixed with test programs): im netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.554204][ T1159] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.570685][ T1159] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.574341][ T1159] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.578672][ T1159] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.599757][ T1159] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.603177][ T1159] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.619402][ T169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.622598][ T169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.661915][ T169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.665066][ T169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.672988][ T117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.677878][ T117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.703617][ T169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.708883][ T169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.738907][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.742201][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.770945][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.773680][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.857993][ T5900] process 'syz.0.1' launched '/dev/fd/5' with NULL argv: empty string added [ 66.318458][ T5848] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 66.489964][ T5848] usb 5-1: Using ep0 maxpacket: 32 [ 66.496904][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.501557][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.505808][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 66.510527][ T5848] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 66.514219][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.520608][ T5848] usb 5-1: config 0 descriptor?? [ 66.549357][ T5754] Bluetooth: hci2: command tx timeout [ 66.550083][ T5751] Bluetooth: hci0: command tx timeout [ 66.554491][ T5748] Bluetooth: hci3: command tx timeout [ 66.557962][ T5748] Bluetooth: hci1: command tx timeout [ 66.661159][ T5939] ubi31: attaching mtd0 [ 66.665996][ T5939] ubi31: scanning is finished [ 66.668484][ T5939] ubi31: empty MTD device detected [ 66.869596][ T5963] ======================================================= [ 66.869596][ T5963] WARNING: The mand mount option has been deprecated and [ 66.869596][ T5963] and is ignored by this kernel. Remove the mand [ 66.869596][ T5963] option from the mount to silence this warning. [ 66.869596][ T5963] ======================================================= [ 66.882850][ T5963] fuse: Unknown parameter 'zòÞã†JJ' [ 66.909283][ T5939] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 66.915036][ T5963] can0: slcan on ptm0. [ 66.921975][ T5939] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 66.926007][ T5939] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 66.931379][ T5939] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 66.936799][ T5939] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 66.942381][ T5939] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 66.952294][ T5939] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3185088702 [ 66.960559][ T5939] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 66.968029][ T5965] ubi31: background thread "ubi_bgt31d" started, PID 5965 [ 67.001445][ T5848] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input5 [ 67.057153][ T5848] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input6 [ 67.172618][ T5962] can0 (unregistered): slcan off ptm0. [ 67.181762][ T5848] kye 0003:0458:5011.0002: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 67.221237][ T5976] netlink: 'syz.2.8': attribute type 1 has an invalid length. [ 67.316714][ T5981] netlink: 'syz.2.8': attribute type 10 has an invalid length. [ 67.322004][ T5981] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8'. [ 67.334021][ T5981] dummy0: entered promiscuous mode [ 67.595979][ T5992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10'. [ 67.961925][ T5995] binder: 5897:5995 ioctl 40109441 80000240 returned -22 [ 68.079082][ C1] kye 0003:0458:5011.0002: usb_submit_urb(ctrl) failed: -1 [ 68.282921][ T5999] trusted_key: encrypted_key: key user:syµÑïz not found [ 68.286625][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12'. [ 68.291489][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12'. [ 68.393602][ T5999] virtio-fs: tag not found [ 68.501612][ T6002] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11'. [ 68.553515][ T40] audit: type=1326 audit(1779868877.557:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.561904][ T40] audit: type=1326 audit(1779868877.567:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.569295][ T6002] syz.1.11 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 68.576950][ T40] audit: type=1326 audit(1779868877.577:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.585918][ T40] audit: type=1326 audit(1779868877.577:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.594085][ T40] audit: type=1326 audit(1779868877.577:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.603701][ T40] audit: type=1326 audit(1779868877.577:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.611246][ T40] audit: type=1326 audit(1779868877.577:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.619625][ T40] audit: type=1326 audit(1779868877.577:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.633895][ T40] audit: type=1326 audit(1779868877.577:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 68.638405][ T5748] Bluetooth: hci1: command tx timeout [ 68.641754][ T5751] Bluetooth: hci0: command tx timeout [ 68.642651][ T5748] Bluetooth: hci2: command tx timeout [ 68.644291][ T5754] Bluetooth: hci3: command tx timeout [ 68.650471][ T40] audit: type=1326 audit(1779868877.637:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5996 comm="syz.1.11" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 69.119773][ T6015] fuse: Unknown parameter 'zòÞã†JJ' [ 69.271364][ T6019] lo speed is unknown, defaulting to 1000 [ 69.274143][ T6019] lo speed is unknown, defaulting to 1000 [ 69.278675][ T6019] lo speed is unknown, defaulting to 1000 [ 69.282650][ T6019] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 69.288893][ T6019] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 69.294618][ T6019] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 69.300794][ T6019] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 69.311689][ T6019] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 69.333806][ T6019] lo speed is unknown, defaulting to 1000 [ 69.338745][ T6019] lo speed is unknown, defaulting to 1000 [ 69.343721][ T6019] lo speed is unknown, defaulting to 1000 [ 69.353366][ T6019] lo speed is unknown, defaulting to 1000 [ 69.368216][ T29] usb 5-1: USB disconnect, device number 2 [ 69.635295][ T6015] can0: slcan on ptm1. [ 69.789452][ T6012] can0 (unregistered): slcan off ptm1. [ 69.979686][ T6047] fuse: Unknown parameter 'zòÞã†JJ' [ 70.137621][ T5848] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 70.260883][ T6047] can0: slcan on ptm0. [ 70.303375][ T5848] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 70.311664][ T5848] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 70.316133][ T5848] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 70.320752][ T5848] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 70.323989][ T5848] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 70.332182][ T5848] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 70.336447][ T5848] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.339105][ T5848] usb 6-1: Product: syz [ 70.340400][ T5848] usb 6-1: Manufacturer: syz [ 70.341880][ T5848] usb 6-1: SerialNumber: syz [ 70.349007][ T5848] usb 6-1: config 0 descriptor?? [ 70.356171][ T5848] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input7 [ 70.379721][ T6041] can0 (unregistered): slcan off ptm0. [ 70.626636][ T5848] usb 6-1: USB disconnect, device number 2 [ 70.707629][ T5754] Bluetooth: hci2: command tx timeout [ 70.718320][ T5751] Bluetooth: hci0: command tx timeout [ 70.720127][ T5754] Bluetooth: hci3: command tx timeout [ 70.759778][ T6076] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25'. [ 70.786415][ T6078] syzkaller0: entered promiscuous mode [ 70.789110][ T6078] syzkaller0: entered allmulticast mode [ 70.870565][ T6085] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 70.874675][ T5890] team_slave_0: entered promiscuous mode [ 70.876943][ T5890] team_slave_1: entered promiscuous mode [ 71.369400][ T6096] xt_CT: You must specify a L4 protocol and not use inversions on it [ 71.403839][ T6097] fuse: Unknown parameter 'zòÞã†JJ' [ 71.738083][ T5890] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 71.891876][ T6097] can0: slcan on ptm0. [ 71.908079][ T5890] usb 8-1: unable to get BOS descriptor or descriptor too short [ 71.931242][ T5890] usb 8-1: config 129 has an invalid interface number: 241 but max is 0 [ 71.936479][ T5890] usb 8-1: config 129 has no interface number 0 [ 71.938975][ T5890] usb 8-1: config 129 interface 241 altsetting 216 has an endpoint descriptor with address 0x5E, changing to 0xE [ 71.946920][ T5890] usb 8-1: config 129 interface 241 altsetting 216 endpoint 0xE has invalid wMaxPacketSize 0 [ 71.950584][ T5890] usb 8-1: config 129 interface 241 altsetting 216 endpoint 0xA has invalid maxpacket 64255, setting to 1024 [ 71.954182][ T5890] usb 8-1: config 129 interface 241 altsetting 216 bulk endpoint 0xA has invalid maxpacket 1024 [ 71.958114][ T5890] usb 8-1: config 129 interface 241 has no altsetting 0 [ 71.962593][ T5890] usb 8-1: New USB device found, idVendor=0421, idProduct=0486, bcdDevice=83.52 [ 71.966130][ T5890] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.970670][ T5890] usb 8-1: Product: syz [ 71.972331][ T5890] usb 8-1: Manufacturer: syz [ 71.977766][ T5890] usb 8-1: SerialNumber: syz [ 71.989013][ T6096] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 72.180632][ T6130] siw: device registration error -23 [ 72.220340][ T5890] rndis_host 8-1:129.241: ACM capabilities 01, not really RNDIS? [ 72.232363][ T5890] usb 8-1: USB disconnect, device number 2 [ 72.333652][ T6137] Unknown options in mask b7f2 [ 72.340214][ T6137] mmap: syz.0.42 (6137) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 72.478989][ T6093] can0 (unregistered): slcan off ptm0. [ 73.141278][ T6162] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.216572][ T6162] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.334369][ T6162] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.346418][ T6166] trusted_key: encrypted_key: key user:syµÑïz not found [ 73.351252][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.49'. [ 73.359916][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.49'. [ 73.409555][ T6169] fuse: Unknown parameter 'zòÞã†JJ' [ 73.420294][ T6170] virtio-fs: tag not found [ 73.456571][ T6162] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.609636][ T1157] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.640503][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.666363][ T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.684722][ T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.794914][ T6169] can0: slcan on ptm0. [ 73.928226][ T6167] can0 (unregistered): slcan off ptm0. [ 74.095475][ T6194] fuse: Unknown parameter 'zòÞã†JJ' [ 74.275772][ T6194] can0: slcan on ptm0. [ 74.358595][ T6187] can0 (unregistered): slcan off ptm0. [ 75.397710][ T4029] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 75.552415][ T6222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.61'. [ 75.563112][ T4029] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 75.566504][ T4029] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 75.567572][ T6222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.61'. [ 75.569421][ T4029] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 75.577156][ T4029] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 75.584141][ T4029] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 75.590844][ T4029] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 75.596003][ T4029] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 75.598976][ T4029] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.605466][ T4029] usb 8-1: config 0 descriptor?? [ 75.607618][ T6158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 75.981669][ T4029] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 76.003398][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.005789][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.174543][ C0] usblp0: nonzero read bulk status received: -71 [ 76.204638][ T6248] Zero length message leads to an empty skb [ 76.256101][ T1339] usb 8-1: USB disconnect, device number 3 [ 76.647561][ T5848] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 76.799216][ T5848] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.803149][ T5848] usb 7-1: config 0 has no interfaces? [ 76.805334][ T5848] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 76.809041][ T5848] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.818536][ T5848] usb 7-1: config 0 descriptor?? [ 76.879532][ T6277] fuse: Unknown parameter 'permit_directio' [ 76.884092][ T6157] netlink: 16 bytes leftover after parsing attributes in process `syz.3.45'. [ 76.926292][ T6156] usblp0: removed [ 77.086086][ T6281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.091772][ T6281] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.099047][ T29] usb 7-1: USB disconnect, device number 2 [ 77.116653][ T6283] netlink: 12 bytes leftover after parsing attributes in process `syz.1.73'. [ 77.120603][ T6283] netlink: 200 bytes leftover after parsing attributes in process `syz.1.73'. [ 77.124490][ T6283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.73'. [ 77.315169][ T6292] fuse: Unknown parameter 'zòÞã†JJ' [ 77.362850][ T6294] capability: warning: `syz.2.77' uses 32-bit capabilities (legacy support in use) [ 77.707542][ T6292] can0: slcan on ptm0. [ 77.812011][ T6287] can0 (unregistered): slcan off ptm0. [ 78.077550][ T4029] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 78.180659][ T6320] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 78.183503][ T6320] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 78.190032][ T6320] vhci_hcd vhci_hcd.0: Device attached [ 78.237578][ T4029] usb 8-1: Using ep0 maxpacket: 16 [ 78.240135][ T4029] usb 8-1: config 6 has an invalid interface number: 22 but max is 1 [ 78.240150][ T4029] usb 8-1: config 6 has an invalid interface number: 96 but max is 1 [ 78.240161][ T4029] usb 8-1: config 6 has no interface number 0 [ 78.240170][ T4029] usb 8-1: config 6 has no interface number 1 [ 78.240191][ T4029] usb 8-1: config 6 interface 96 altsetting 3 endpoint 0xB has an invalid bInterval 215, changing to 7 [ 78.240206][ T4029] usb 8-1: config 6 interface 96 altsetting 3 endpoint 0x8 has an invalid bInterval 23, changing to 8 [ 78.240223][ T4029] usb 8-1: config 6 interface 96 altsetting 3 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 78.240242][ T4029] usb 8-1: config 6 interface 22 has no altsetting 0 [ 78.240254][ T4029] usb 8-1: config 6 interface 96 has no altsetting 0 [ 78.242201][ T4029] usb 8-1: New USB device found, idVendor=0403, idProduct=f06d, bcdDevice=c1.ae [ 78.242222][ T4029] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.242236][ T4029] usb 8-1: Product: ﹇⪴ྩ㣞糉ᇭ蔨宎啦æ‹çŠã‘„窑憗犥͖摛鎅挳ä’ã¼æ°ì´£ìƒ§ï¡“æ™ä¢µï¤‡ãƒ•ã©¹ì¾ãœ¯ì¸‰ë¼¯ë“™ì”ë´ëª¸ï´°â½¡ë¾œåž“ኙ嚗ᄡ솨脫ࡎ嘫৷䘑㋗∫랜䆚ä¹ç²†ä“¨á—çå§‰ê¸ [ 78.242257][ T4029] usb 8-1: Manufacturer:  [ 78.242268][ T4029] usb 8-1: SerialNumber: 楞뺙얅俭춛兖緭뼩㦀謰䌷èšë‰ˆã´ºê»‚䜢锸譇멙魬ï•á®‰î€¯ì“©à¢¯ïˆ±è‹šç²ã³€â”…眈燹Ѩ퇨듾㔾䪣笅ᮗ쥉肱履矂䮺땙⚵㳛筞á±ä—”푚ꑉ鋧仌뮾æ¶î…¨ÇŸî°³â§£ï©„ꭼ☌儥ᖨ [ 78.467608][ T4029] ftdi_sio 8-1:6.22: FTDI USB Serial Device converter detected [ 78.474441][ T4029] ftdi_sio ttyUSB0: unknown device type: 0xc1ae [ 78.483050][ T4029] ftdi_sio 8-1:6.96: FTDI USB Serial Device converter detected [ 78.488476][ T50] usb 40-1: SetAddress Request (2) to port 0 [ 78.489809][ T4029] ftdi_sio ttyUSB1: unknown device type: 0xc1ae [ 78.490845][ T50] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 78.505262][ T4029] usb 8-1: USB disconnect, device number 4 [ 78.510461][ T4029] ftdi_sio 8-1:6.22: device disconnected [ 78.517801][ T4029] ftdi_sio 8-1:6.96: device disconnected [ 78.771824][ T6322] vhci_hcd: connection reset by peer [ 78.776035][ T1157] vhci_hcd vhci_hcd.1: stop threads [ 78.778684][ T1157] vhci_hcd vhci_hcd.1: release socket [ 78.781078][ T1157] vhci_hcd vhci_hcd.1: disconnect device [ 78.960065][ T6341] fuse: Unknown parameter 'zòÞã†JJ' [ 79.335353][ T6341] can0: slcan on ptm0. [ 79.437739][ T6338] can0 (unregistered): slcan off ptm0. [ 79.565536][ T6352] FAULT_INJECTION: forcing a failure. [ 79.565536][ T6352] name failslab, interval 1, probability 0, space 0, times 1 [ 79.628653][ T6352] CPU: 1 UID: 0 PID: 6352 Comm: syz.2.91 Not tainted syzkaller #0 PREEMPT(full) [ 79.628678][ T6352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 79.628688][ T6352] Call Trace: [ 79.628694][ T6352] [ 79.628714][ T6352] dump_stack_lvl+0x100/0x190 [ 79.628740][ T6352] should_fail_ex.cold+0x5/0xa [ 79.628761][ T6352] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 79.628781][ T6352] should_failslab+0xc2/0x120 [ 79.628800][ T6352] __kmalloc_noprof+0xe0/0x850 [ 79.628822][ T6352] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 79.628846][ T6352] genl_family_rcv_msg_doit+0xc7/0x300 [ 79.628866][ T6352] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 79.628883][ T6352] ? genl_get_cmd+0x3e7/0x760 [ 79.628905][ T6352] ? bpf_lsm_capable+0x9/0x10 [ 79.628924][ T6352] ? security_capable+0x80/0x260 [ 79.628954][ T6352] genl_rcv_msg+0x560/0x800 [ 79.628975][ T6352] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.628992][ T6352] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 79.629014][ T6352] ? __pfx_nl802154_set_pan_id+0x10/0x10 [ 79.629034][ T6352] ? __pfx_nl802154_post_doit+0x10/0x10 [ 79.629055][ T6352] ? __lock_acquire+0x4a5/0x2630 [ 79.629076][ T6352] netlink_rcv_skb+0x159/0x420 [ 79.629106][ T6352] ? __pfx_genl_rcv_msg+0x10/0x10 [ 79.629124][ T6352] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 79.629158][ T6352] ? netlink_deliver_tap+0x1ae/0xcc0 [ 79.629185][ T6352] genl_rcv+0x28/0x40 [ 79.629200][ T6352] netlink_unicast+0x585/0x850 [ 79.629229][ T6352] ? __pfx_netlink_unicast+0x10/0x10 [ 79.629260][ T6352] netlink_sendmsg+0x8b0/0xda0 [ 79.629288][ T6352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.629315][ T6352] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 79.629345][ T6352] ____sys_sendmsg+0x9e1/0xb70 [ 79.629370][ T6352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 79.629396][ T6352] ? __pfx_____sys_sendmsg+0x10/0x10 [ 79.629431][ T6352] ___sys_sendmsg+0x190/0x1e0 [ 79.629449][ T6352] ? __pfx____sys_sendmsg+0x10/0x10 [ 79.629477][ T6352] ? find_held_lock+0x2b/0x80 [ 79.629514][ T6352] __sys_sendmsg+0x170/0x220 [ 79.629535][ T6352] ? __pfx___sys_sendmsg+0x10/0x10 [ 79.629554][ T6352] ? __fget_files+0x21f/0x3d0 [ 79.629581][ T6352] ? ksys_write+0x1ac/0x250 [ 79.629603][ T6352] ? rcu_is_watching+0x12/0xc0 [ 79.629626][ T6352] __do_fast_syscall_32+0xe7/0x950 [ 79.629644][ T6352] ? lockdep_hardirqs_on+0x78/0x100 [ 79.629662][ T6352] do_fast_syscall_32+0x32/0x70 [ 79.629680][ T6352] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 79.629700][ T6352] RIP: 0023:0xf7f68f7c [ 79.629713][ T6352] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 79.629728][ T6352] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 79.629744][ T6352] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0 [ 79.629754][ T6352] RDX: 0000000020044814 RSI: 0000000000000000 RDI: 0000000000000000 [ 79.629763][ T6352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.629772][ T6352] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 79.629781][ T6352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.629803][ T6352] [ 79.858475][ T6355] input: syz0 as /devices/virtual/input/input8 [ 80.151997][ T6363] syzkaller1: entered promiscuous mode [ 80.154042][ T6363] syzkaller1: entered allmulticast mode [ 80.167622][ T4029] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 80.340202][ T4029] usb 6-1: Using ep0 maxpacket: 32 [ 80.349257][ T4029] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 80.354874][ T4029] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 80.361118][ T4029] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 80.376624][ T4029] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 80.383369][ T4029] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 80.390154][ T4029] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 80.400582][ T4029] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 80.405752][ T4029] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.413969][ T4029] usb 6-1: config 0 descriptor?? [ 80.626237][ T4029] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 80.661047][ T6370] binder: 6369:6370 ioctl 40046205 0 returned -22 [ 80.832123][ T4029] usb 6-1: USB disconnect, device number 3 [ 80.852407][ T4029] usblp0: removed [ 81.117663][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 81.270738][ T9] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 81.274689][ T9] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.280852][ T9] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 81.284732][ T9] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 81.289320][ T9] usb 7-1: Product: syz [ 81.291132][ T9] usb 7-1: Manufacturer: syz [ 81.293049][ T9] usb 7-1: SerialNumber: syz [ 81.297091][ T9] usb 7-1: config 0 descriptor?? [ 81.306261][ T9] usb 7-1: selecting invalid altsetting 0 [ 81.441622][ T6374] siw: device registration error -23 [ 81.618271][ T6379] FAT-fs (loop2): unable to read boot sector [ 81.642210][ T6379] warning: `syz.2.98' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.670366][ T6379] tipc: Started in network mode [ 81.672448][ T6379] tipc: Node identity ff000000000000000000000000000001, cluster identity 4711 [ 81.675390][ T6379] tipc: Enabling of bearer rejected, failed to enable media [ 81.680023][ T6379] usb usb8: usbfs: process 6379 (syz.2.98) did not claim interface 0 before use [ 82.407648][ T40] kauditd_printk_skb: 188 callbacks suppressed [ 82.407658][ T40] audit: type=1326 audit(1779868891.407:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.412104][ T6396] netlink: 'syz.0.105': attribute type 1 has an invalid length. [ 82.433991][ T40] audit: type=1326 audit(1779868891.427:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.450432][ T40] audit: type=1326 audit(1779868891.427:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.459493][ T6396] 8021q: adding VLAN 0 to HW filter on device bond1 [ 82.466979][ T40] audit: type=1326 audit(1779868891.467:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.485860][ T40] audit: type=1326 audit(1779868891.467:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.501549][ T40] audit: type=1326 audit(1779868891.467:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.517962][ T40] audit: type=1326 audit(1779868891.487:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.533264][ T6396] 8021q: adding VLAN 0 to HW filter on device bond1 [ 82.535987][ T40] audit: type=1326 audit(1779868891.487:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.543957][ T6396] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 82.549065][ T6396] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 82.552631][ T40] audit: type=1326 audit(1779868891.487:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 82.563388][ T40] audit: type=1326 audit(1779868891.487:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6389 comm="syz.3.104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 83.476958][ T6405] netlink: 12 bytes leftover after parsing attributes in process `syz.3.107'. [ 83.784153][ T50] usb 40-1: device descriptor read/8, error -110 [ 83.900553][ T6400] syz.0.105 (6400): drop_caches: 2 [ 84.188207][ T50] usb usb40-port1: attempt power cycle [ 84.250882][ T10] usb 7-1: USB disconnect, device number 3 [ 84.525931][ T6422] syz.2.112 uses obsolete (PF_INET,SOCK_PACKET) [ 84.606626][ T6424] trusted_key: encrypted_key: key user:syµÑïz not found [ 84.612766][ T6424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.114'. [ 84.619071][ T6424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.114'. [ 84.679467][ T6425] virtio-fs: tag not found [ 84.758109][ T50] usb usb40-port1: unable to enumerate USB device [ 86.099199][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.121'. [ 86.271666][ T6449] Illegal XDP return value 4294967274 on prog (id 14) dev N/A, expect packet loss! [ 86.486295][ T6453] trusted_key: encrypted_key: key user:syµÑïz not found [ 86.491963][ T6453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.124'. [ 86.496839][ T6453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.124'. [ 86.553828][ T6453] virtio-fs: tag not found [ 86.735589][ T842] cfg80211: failed to load regulatory.db [ 87.125590][ T6460] capability: warning: `syz.0.127' uses deprecated v2 capabilities in a way that may be insecure [ 87.341838][ T6463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.126'. [ 87.347566][ T6463] netlink: 200 bytes leftover after parsing attributes in process `syz.2.126'. [ 87.352313][ T6463] netlink: 16 bytes leftover after parsing attributes in process `syz.2.126'. [ 87.469361][ T6473] bond2: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 87.484726][ T6473] bond2 (unregistering): Released all slaves [ 87.575924][ T6484] loop9: detected capacity change from 0 to 7 [ 87.581279][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.584599][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.590515][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.593950][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.598456][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.601997][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.608158][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.611692][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.615949][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.619566][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.623192][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.626753][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.630844][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.633892][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.642124][ T6484] ldm_validate_partition_table(): Disk read failed. [ 87.649171][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.652809][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.658059][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.661620][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.665334][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.668945][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 87.675360][ T6484] Dev loop9: unable to read RDB block 0 [ 87.679977][ T6484] loop9: unable to read partition table [ 87.687632][ T6484] loop9: partition table beyond EOD, truncated [ 87.689923][ T6484] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 87.967400][ T6493] siw: device registration error -23 [ 88.636314][ T6504] xt_NFQUEUE: number of total queues is 0 [ 88.639301][ T6504] 9pnet_virtio: no channels available for device syz [ 88.644382][ T6502] overlay: ./file0 is not a directory [ 88.745557][ T6507] fuse: Unknown parameter 'zòÞã†JJ' [ 88.935341][ T6507] can0: slcan on ptm0. [ 89.149526][ T6505] can0 (unregistered): slcan off ptm0. [ 89.335379][ T6525] trusted_key: encrypted_key: key user:syµÑïz not found [ 89.339135][ T6525] netlink: 12 bytes leftover after parsing attributes in process `syz.2.144'. [ 89.345655][ T6525] netlink: 12 bytes leftover after parsing attributes in process `syz.2.144'. [ 89.436282][ T6525] virtio-fs: tag not found [ 90.537795][ T1036] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 90.717036][ T1036] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 90.726537][ T1036] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 90.737114][ T1036] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 90.751412][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 90.767385][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 90.784589][ T1036] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 90.803080][ T1036] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 90.812376][ T1036] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.936014][ T1036] usb 6-1: config 0 descriptor?? [ 90.940085][ T6485] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 91.215253][ T1036] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 91.251621][ T6552] netlink: 12 bytes leftover after parsing attributes in process `syz.3.152'. [ 91.400494][ C3] usblp0: nonzero read bulk status received: -71 [ 91.408903][ T6482] usblp0: error -71 reading from printer [ 91.421656][ C2] usblp0: nonzero read bulk status received: -71 [ 91.500037][ T6485] netlink: 16 bytes leftover after parsing attributes in process `syz.1.135'. [ 91.510592][ T50] usb 6-1: USB disconnect, device number 4 [ 91.521052][ T50] usblp0: removed [ 92.259598][ T6568] can0: slcan on ptm0. [ 92.358392][ T6566] can0 (unregistered): slcan off ptm0. [ 92.706608][ T6602] netlink: 96 bytes leftover after parsing attributes in process `syz.3.161'. [ 92.942056][ T6603] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 92.948532][ T6603] block device autoloading is deprecated and will be removed. [ 94.149540][ T842] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 94.313447][ T842] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 94.316541][ T842] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 94.323068][ T842] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 94.329938][ T842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 94.332957][ T842] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 94.340209][ T842] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 94.350797][ T842] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 94.353655][ T842] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.364516][ T842] usb 7-1: config 0 descriptor?? [ 94.366670][ T6609] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 94.636584][ T842] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 94.831033][ C3] usblp0: nonzero read bulk status received: -71 [ 94.837022][ T5746] usb 7-1: USB disconnect, device number 4 [ 95.115959][ T6607] netlink: 16 bytes leftover after parsing attributes in process `syz.2.163'. [ 95.121818][ T6605] usblp0: removed [ 95.559580][ T6633] siw: device registration error -23 [ 97.298304][ T6651] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 97.301785][ T6651] block device autoloading is deprecated and will be removed. [ 97.955674][ T6672] FAULT_INJECTION: forcing a failure. [ 97.955674][ T6672] name failslab, interval 1, probability 0, space 0, times 0 [ 97.957691][ T5890] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 97.967572][ T6672] CPU: 1 UID: 0 PID: 6672 Comm: syz.0.182 Not tainted syzkaller #0 PREEMPT(full) [ 97.967588][ T6672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 97.967594][ T6672] Call Trace: [ 97.967598][ T6672] [ 97.967603][ T6672] dump_stack_lvl+0x100/0x190 [ 97.967657][ T6672] should_fail_ex.cold+0x5/0xa [ 97.967672][ T6672] should_failslab+0xc2/0x120 [ 97.967686][ T6672] __kvmalloc_node_noprof+0xfa/0xa00 [ 97.967698][ T6672] ? bpf_uprobe_multi_link_attach+0xe39/0x13d0 [ 97.967715][ T6672] bpf_uprobe_multi_link_attach+0xe39/0x13d0 [ 97.967729][ T6672] ? find_held_lock+0x2b/0x80 [ 97.967747][ T6672] ? __fget_files+0x215/0x3d0 [ 97.967763][ T6672] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 97.967775][ T6672] ? __fget_files+0x21f/0x3d0 [ 97.967791][ T6672] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 97.967815][ T6672] __sys_bpf+0x3faf/0x4b90 [ 97.967829][ T6672] ? __pfx___sys_bpf+0x10/0x10 [ 97.967839][ T6672] ? get_pid_task+0x106/0x250 [ 97.967855][ T6672] ? proc_fail_nth_write+0x9f/0x220 [ 97.967866][ T6672] ? find_held_lock+0x2b/0x80 [ 97.967883][ T6672] ? find_held_lock+0x2b/0x80 [ 97.967897][ T6672] ? ksys_write+0x190/0x250 [ 97.967914][ T6672] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 97.967963][ T6672] ? kernel_write+0x5f3/0x6c0 [ 97.967983][ T6672] ? fput+0x79/0x100 [ 97.967999][ T6672] ? ksys_write+0x1ac/0x250 [ 97.968014][ T6672] __ia32_sys_bpf+0x79/0xf0 [ 97.968026][ T6672] ? lockdep_hardirqs_on+0x78/0x100 [ 97.968036][ T6672] __do_fast_syscall_32+0xe7/0x950 [ 97.968047][ T6672] ? lockdep_hardirqs_on+0x78/0x100 [ 97.968059][ T6672] do_fast_syscall_32+0x32/0x70 [ 97.968071][ T6672] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.968085][ T6672] RIP: 0023:0xf708ef7c [ 97.968094][ T6672] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 97.968104][ T6672] RSP: 002b:00000000f547d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 97.968115][ T6672] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240 [ 97.968122][ T6672] RDX: 000000000000003c RSI: 0000000000000000 RDI: 0000000000000000 [ 97.968128][ T6672] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.968134][ T6672] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 97.968140][ T6672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.968153][ T6672] [ 98.075992][ T6666] lo speed is unknown, defaulting to 1000 [ 98.118847][ T5890] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 98.124732][ T5890] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 98.127666][ T5890] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 98.130484][ T5890] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 98.133496][ T5890] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 98.136914][ T5890] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 98.141630][ T5890] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 98.144478][ T5890] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.148874][ T5890] usb 8-1: config 0 descriptor?? [ 98.151677][ T6624] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 98.374728][ T6683] hfsplus: unable to find HFS+ superblock [ 98.525470][ T5890] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 98.591352][ C2] usblp0: nonzero read bulk status received: -71 [ 98.612700][ T6623] usblp0: error -71 reading from printer [ 98.629037][ C2] usblp0: nonzero read bulk status received: -71 [ 98.712244][ T6624] netlink: 16 bytes leftover after parsing attributes in process `syz.3.167'. [ 98.727919][ T5834] usb 8-1: USB disconnect, device number 5 [ 98.807385][ T5834] usblp0: removed [ 98.992360][ T6684] can0: slcan on ptm0. [ 99.083695][ T6690] netlink: 'syz.0.185': attribute type 1 has an invalid length. [ 99.120309][ T6690] bond2: entered promiscuous mode [ 99.122554][ T6690] bond2: entered allmulticast mode [ 99.125072][ T6690] 8021q: adding VLAN 0 to HW filter on device bond2 [ 99.157931][ T6679] can0 (unregistered): slcan off ptm0. [ 99.180855][ T6690] erspan1: entered allmulticast mode [ 99.184488][ T6690] bond2: (slave erspan1): making interface the new active one [ 99.186805][ T6690] erspan1: entered promiscuous mode [ 99.190892][ T6690] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 99.205948][ T6690] netlink: 16184 bytes leftover after parsing attributes in process `syz.0.185'. [ 99.209552][ T6695] IPv6: NLM_F_CREATE should be specified when creating new route [ 99.231731][ T6690] bond2 (unregistering): (slave erspan1): Releasing active interface [ 99.234954][ T6690] erspan1: left promiscuous mode [ 99.244394][ T6690] bond2 (unregistering): Released all slaves [ 99.438921][ T6708] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 99.732016][ T6718] fuse: Unknown parameter 'zòÞã†JJ' [ 99.785761][ T6720] fuse: Unknown parameter 'zòÞã†JJ' [ 99.786626][ T6721] netlink: 24 bytes leftover after parsing attributes in process `syz.2.196'. [ 99.927065][ T6729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.198'. [ 100.076854][ T6718] can0: slcan on ptm0. [ 100.124361][ T6720] can0: slcan on ptm1. [ 100.158921][ T6714] can0 (unregistered): slcan off ptm0. [ 100.287773][ T6716] can0 (unregistered): slcan off ptm1. [ 100.827617][ T1036] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 100.985265][ T1036] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.989733][ T1036] usb 5-1: config 0 has no interfaces? [ 100.992502][ T1036] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 100.996699][ T1036] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.011635][ T1036] usb 5-1: config 0 descriptor?? [ 101.648509][ T6769] overlayfs: failed to resolve './file1': -2 [ 101.708950][ T4029] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 101.804664][ T6775] FAULT_INJECTION: forcing a failure. [ 101.804664][ T6775] name failslab, interval 1, probability 0, space 0, times 0 [ 101.819178][ T6775] CPU: 3 UID: 0 PID: 6775 Comm: syz.3.209 Not tainted syzkaller #0 PREEMPT(full) [ 101.819196][ T6775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 101.819203][ T6775] Call Trace: [ 101.819207][ T6775] [ 101.819212][ T6775] dump_stack_lvl+0x100/0x190 [ 101.819229][ T6775] should_fail_ex.cold+0x5/0xa [ 101.819243][ T6775] should_failslab+0xc2/0x120 [ 101.819257][ T6775] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 101.819269][ T6775] ? __alloc_skb+0x140/0x710 [ 101.819284][ T6775] __alloc_skb+0x140/0x710 [ 101.819296][ T6775] ? __alloc_skb+0x5b7/0x710 [ 101.819308][ T6775] ? __pfx___alloc_skb+0x10/0x10 [ 101.819322][ T6775] ? netlink_has_listeners+0x21b/0x430 [ 101.819339][ T6775] ? netlink_has_listeners+0x21b/0x430 [ 101.819357][ T6775] alloc_uevent_skb+0x7d/0x210 [ 101.819374][ T6775] kobject_uevent_env+0xd2d/0x18b0 [ 101.819391][ T6775] ? tty_cdev_add+0x191/0x290 [ 101.819449][ T6775] tty_register_device_attr+0x4b6/0x7f0 [ 101.819470][ T6775] ? __pfx_tty_register_device_attr+0x10/0x10 [ 101.819494][ T6775] rfcomm_dev_ioctl+0x179d/0x1db0 [ 101.819512][ T6775] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 101.819529][ T6775] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 101.819547][ T6775] ? do_vfs_ioctl+0x226/0x13e0 [ 101.819560][ T6775] rfcomm_sock_ioctl+0xcc/0xf0 [ 101.819572][ T6775] ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10 [ 101.819584][ T6775] compat_sock_ioctl+0x179/0x760 [ 101.819597][ T6775] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 101.819607][ T6775] ? hook_file_ioctl_common+0x149/0x410 [ 101.819624][ T6775] ? __fget_files+0x21f/0x3d0 [ 101.819640][ T6775] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 101.819651][ T6775] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 101.819665][ T6775] __do_fast_syscall_32+0xe7/0x950 [ 101.819677][ T6775] ? lockdep_hardirqs_on+0x78/0x100 [ 101.819688][ T6775] do_fast_syscall_32+0x32/0x70 [ 101.819700][ T6775] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.819714][ T6775] RIP: 0023:0xf7fe8f7c [ 101.819723][ T6775] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 101.819734][ T6775] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 101.819744][ T6775] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400452c8 [ 101.819751][ T6775] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.819757][ T6775] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.819763][ T6775] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 101.819769][ T6775] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.819787][ T6775] [ 102.041698][ T4029] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 102.044315][ T4029] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 102.046983][ T4029] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 102.049789][ T4029] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.052677][ T4029] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 102.055916][ T4029] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 102.062189][ T4029] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 102.067591][ T4029] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.073756][ T4029] usb 7-1: config 0 descriptor?? [ 102.075871][ T6735] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 102.205903][ T6780] fuse: Unknown parameter 'zòÞã†JJ' [ 102.305481][ T4029] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 102.432661][ T6780] can0: slcan on ptm0. [ 102.488275][ T6778] can0 (unregistered): slcan off ptm0. [ 102.503210][ C3] usblp0: nonzero read bulk status received: -71 [ 102.507062][ T6734] usblp0: error -71 reading from printer [ 102.509285][ C3] usblp0: nonzero read bulk status received: -71 [ 102.584614][ T6735] netlink: 16 bytes leftover after parsing attributes in process `syz.2.199'. [ 102.632964][ T4029] usb 7-1: USB disconnect, device number 5 [ 102.639374][ T4029] usblp0: removed [ 103.414178][ T1036] usb 5-1: USB disconnect, device number 3 [ 103.435985][ C3] sr 2:0:0:0: [sr0] tag#7 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 103.439257][ C3] sr 2:0:0:0: [sr0] tag#7 CDB: Test Unit Ready [ 103.443755][ T6811] netlink: 'syz.1.216': attribute type 4 has an invalid length. [ 103.595381][ T6819] bridge_slave_0: left allmulticast mode [ 103.597191][ T6819] bridge_slave_0: left promiscuous mode [ 103.600158][ T6819] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.607153][ T6819] bridge_slave_1: left allmulticast mode [ 103.610823][ T6819] bridge_slave_1: left promiscuous mode [ 103.613689][ T6819] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.620373][ T6819] bond0: (slave bond_slave_0): Releasing backup interface [ 103.624982][ T6819] bond0: (slave bond_slave_1): Releasing backup interface [ 103.633870][ T6819] team0: Port device team_slave_0 removed [ 103.638182][ T6819] team0: Port device team_slave_1 removed [ 103.640410][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.642663][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.645915][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.655203][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.660951][ T6819] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 103.679360][ T6817] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 103.692468][ T29] lo speed is unknown, defaulting to 1000 [ 104.739970][ T6846] siw: device registration error -23 [ 105.698804][ T6868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.235'. [ 105.783485][ T6868] syzkaller1: entered promiscuous mode [ 105.785379][ T6868] syzkaller1: entered allmulticast mode [ 105.999604][ T6876] fuse: Unknown parameter 'zòÞã†JJ' [ 106.005388][ T6859] can0: slcan on ptm0. [ 106.020133][ T6861] can1: slcan on ptm1. [ 106.128058][ T6853] can0 (unregistered): slcan off ptm0. [ 106.168108][ T6855] can1 (unregistered): slcan off ptm1. [ 107.180399][ T6876] can0: slcan on ptm2. [ 107.329394][ T6874] can0 (unregistered): slcan off ptm2. [ 107.336500][ T6909] Unsupported ieee802154 address type: 0 [ 107.372750][ T6912] netlink: 3596 bytes leftover after parsing attributes in process `syz.3.242'. [ 107.509918][ T6912] binder: BINDER_SET_CONTEXT_MGR already set [ 107.513303][ T6912] binder: 6911:6912 ioctl 4018620d 80000040 returned -16 [ 107.555517][ T6928] netlink: 'syz.0.247': attribute type 20 has an invalid length. [ 107.562526][ T6928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.247'. [ 107.588722][ T1157] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.594759][ T1157] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.599493][ T1157] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.605679][ T1157] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.620660][ T6928] netlink: 'syz.0.247': attribute type 20 has an invalid length. [ 107.625689][ T6928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.247'. [ 107.846977][ T6926] can0: slcan on ptm0. [ 107.871063][ T6938] siw: device registration error -23 [ 107.980700][ T6942] Bluetooth: MGMT ver 1.23 [ 107.991226][ T6921] can0 (unregistered): slcan off ptm0. [ 108.048738][ T6950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'. [ 108.159285][ T6958] FAULT_INJECTION: forcing a failure. [ 108.159285][ T6958] name failslab, interval 1, probability 0, space 0, times 0 [ 108.163968][ T6958] CPU: 3 UID: 0 PID: 6958 Comm: syz.1.254 Not tainted syzkaller #0 PREEMPT(full) [ 108.163983][ T6958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.163990][ T6958] Call Trace: [ 108.163994][ T6958] [ 108.163999][ T6958] dump_stack_lvl+0x100/0x190 [ 108.164016][ T6958] should_fail_ex.cold+0x5/0xa [ 108.164030][ T6958] should_failslab+0xc2/0x120 [ 108.164044][ T6958] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 108.164055][ T6958] ? alloc_pid+0x1bd/0x1910 [ 108.164072][ T6958] ? vhost_task_create+0x1db/0x370 [ 108.164082][ T6958] ? kvm_mmu_post_init_vm+0x1b3/0x370 [ 108.164097][ T6958] ? kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 108.164115][ T6958] alloc_pid+0x1bd/0x1910 [ 108.164135][ T6958] ? __pfx_alloc_pid+0x10/0x10 [ 108.164157][ T6958] ? __lock_acquire+0x4a5/0x2630 [ 108.164175][ T6958] ? fpu_clone+0x226/0x7a0 [ 108.164197][ T6958] ? copy_thread+0x729/0xbe0 [ 108.164210][ T6958] copy_process+0x446d/0x7ed0 [ 108.164234][ T6958] ? __pfx_copy_process+0x10/0x10 [ 108.164252][ T6958] ? lockdep_init_map_type+0x5c/0x250 [ 108.164264][ T6958] ? lockdep_init_map_type+0x5c/0x250 [ 108.164275][ T6958] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 108.164295][ T6958] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 108.164313][ T6958] vhost_task_create+0x1db/0x370 [ 108.164325][ T6958] ? __pfx_vhost_task_create+0x10/0x10 [ 108.164335][ T6958] ? register_lock_class+0x40/0x560 [ 108.164350][ T6958] ? __pfx_vhost_task_fn+0x10/0x10 [ 108.164363][ T6958] ? __pfx___mutex_lock+0x10/0x10 [ 108.164379][ T6958] kvm_mmu_post_init_vm+0x1b3/0x370 [ 108.164395][ T6958] kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 108.164410][ T6958] ? kvm_vcpu_ioctl+0x1546/0x1720 [ 108.164423][ T6958] kvm_vcpu_ioctl+0x730/0x1720 [ 108.164435][ T6958] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 108.164446][ T6958] ? tomoyo_path_number_perm+0x188/0x580 [ 108.164460][ T6958] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.164474][ T6958] ? get_pid_task+0x106/0x250 [ 108.164494][ T6958] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 108.164511][ T6958] ? do_vfs_ioctl+0x226/0x13e0 [ 108.164523][ T6958] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 108.164541][ T6958] kvm_vcpu_compat_ioctl+0x20f/0x3c0 [ 108.164552][ T6958] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 108.164564][ T6958] ? __fget_files+0x21f/0x3d0 [ 108.164581][ T6958] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 108.164592][ T6958] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 108.164605][ T6958] __do_fast_syscall_32+0xe7/0x950 [ 108.164617][ T6958] ? lockdep_hardirqs_on+0x78/0x100 [ 108.164629][ T6958] do_fast_syscall_32+0x32/0x70 [ 108.164640][ T6958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 108.164655][ T6958] RIP: 0023:0xf703ef7c [ 108.164664][ T6958] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 108.164674][ T6958] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 108.164684][ T6958] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80 [ 108.164691][ T6958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.164697][ T6958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 108.164703][ T6958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.164709][ T6958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 108.164722][ T6958] [ 108.777580][ T5746] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 108.938958][ T5746] usb 7-1: Using ep0 maxpacket: 32 [ 108.943099][ T5746] usb 7-1: unable to get BOS descriptor or descriptor too short [ 108.949682][ T5746] usb 7-1: config 8 has an invalid interface number: 188 but max is 0 [ 108.953498][ T5746] usb 7-1: config 8 has no interface number 0 [ 108.955345][ T5746] usb 7-1: config 8 interface 188 has no altsetting 0 [ 108.963931][ T5746] usb 7-1: string descriptor 0 read error: -22 [ 108.971413][ T5746] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 108.979084][ T5746] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.980578][ T6981] fuse: Unknown parameter 'zòÞã†JJ' [ 108.997162][ T5746] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 108.999667][ T5746] dw2102: su3000_power_ctrl: 1, initialized 0 [ 109.002464][ T5746] dvb-usb: bulk message failed: -22 (2/0) [ 109.028845][ T5746] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 109.033892][ T5746] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 109.039357][ T5746] usb 7-1: media controller created [ 109.042042][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.046240][ T5746] dw2102: i2c transfer failed. [ 109.047835][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.049488][ T5746] dw2102: i2c transfer failed. [ 109.050819][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.052359][ T5746] dw2102: i2c transfer failed. [ 109.053847][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.055748][ T5746] dw2102: i2c transfer failed. [ 109.059069][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.061052][ T5746] dw2102: i2c transfer failed. [ 109.062369][ T5746] dvb-usb: bulk message failed: -22 (6/0) [ 109.064086][ T5746] dw2102: i2c transfer failed. [ 109.065530][ T5746] dvb-usb: MAC address: 02:02:02:02:02:02 [ 109.075078][ T5746] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 109.107309][ T5746] dvb-usb: bulk message failed: -22 (3/0) [ 109.111150][ T5746] dw2102: command 0x0e transfer failed. [ 109.114881][ T5746] dvb-usb: bulk message failed: -22 (3/0) [ 109.116916][ T5746] dw2102: command 0x0e transfer failed. [ 109.176600][ T6987] xt_HMARK: proto mask must be zero with L3 mode [ 109.242191][ T6981] can0: slcan on ptm0. [ 109.248255][ T6991] syz_tun: entered allmulticast mode [ 109.259882][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 109.259895][ T40] audit: type=1326 audit(1779868918.257:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.273496][ T40] audit: type=1326 audit(1779868918.257:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.282794][ T40] audit: type=1326 audit(1779868918.257:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.307565][ T40] audit: type=1326 audit(1779868918.257:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.314682][ T40] audit: type=1326 audit(1779868918.257:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.326572][ T40] audit: type=1326 audit(1779868918.257:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.334352][ T40] audit: type=1326 audit(1779868918.257:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.341060][ T40] audit: type=1326 audit(1779868918.257:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.347857][ T40] audit: type=1326 audit(1779868918.257:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.354551][ T40] audit: type=1326 audit(1779868918.257:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6966 comm="syz.2.255" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f68f7c code=0x7ffc0000 [ 109.388174][ T6979] can0 (unregistered): slcan off ptm0. [ 109.440782][ T5746] dvb-usb: bulk message failed: -22 (3/0) [ 109.453292][ T5746] dw2102: command 0x0e transfer failed. [ 109.461296][ T5746] dvb-usb: bulk message failed: -22 (3/0) [ 109.470481][ T5746] dw2102: command 0x0e transfer failed. [ 109.472984][ T5746] dvb-usb: bulk message failed: -22 (1/0) [ 109.475669][ T5746] dw2102: command 0x51 transfer failed. [ 109.483080][ T6967] dw2102: i2c wr: len=66 is too big! [ 109.483080][ T6967] [ 109.527430][ T5746] DVB: Unable to find symbol ds3000_attach() [ 109.530630][ T5746] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3' [ 109.658628][ T7018] siw: device registration error -23 [ 109.707577][ T5746] rc_core: IR keymap rc-su3000 not found [ 109.862355][ T7002] can0: slcan on ptm2. [ 110.126907][ T5746] Registered IR keymap rc-empty [ 110.148213][ T6994] can0 (unregistered): slcan off ptm2. [ 110.424774][ T5746] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0 [ 110.430198][ T5746] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.2/usb7/7-1/rc/rc0/input11 [ 110.533333][ T7037] syz_tun: entered allmulticast mode [ 110.571676][ T5746] dvb-usb: schedule remote query interval to 150 msecs. [ 110.576529][ T5746] dw2102: su3000_power_ctrl: 0, initialized 1 [ 110.584115][ T5746] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected. [ 110.598279][ T5746] usb 7-1: USB disconnect, device number 6 [ 110.652465][ T5746] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully deinitialized and disconnected. [ 110.758156][ T7040] all (unregistering): Released all slaves [ 112.185072][ T7060] fuse: Unknown parameter 'zòÞã†JJ' [ 112.202889][ T7057] nfs4: Bad value for 'source' [ 112.244977][ T7061] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 112.247001][ T7061] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 112.256809][ T7061] vhci_hcd vhci_hcd.0: Device attached [ 112.393111][ T7067] fuse: Unknown parameter 'grou00000000000000000000' [ 112.557670][ T1036] usb 40-1: SetAddress Request (6) to port 0 [ 112.573568][ T1036] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 112.592212][ T7060] can0: slcan on ptm0. [ 112.699374][ T7058] can0 (unregistered): slcan off ptm0. [ 112.713676][ T7062] vhci_hcd: connection reset by peer [ 112.720317][ T13] vhci_hcd vhci_hcd.1: stop threads [ 112.722054][ T13] vhci_hcd vhci_hcd.1: release socket [ 112.723966][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 112.944669][ T7096] comedi comedi2: adq12b: I/O base address or length out of range [ 113.638127][ T7113] binder: 7112:7113 ioctl c0306201 80000180 returned -11 [ 113.887612][ T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 113.924707][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.932548][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.937429][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.941281][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.944586][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.947724][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.950610][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.953430][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.956959][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.960212][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.963121][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.966003][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.969295][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.972163][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.975058][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.980239][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.983122][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.985978][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.989049][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.991930][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 113.994779][ T7121] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 114.041986][ T10] usb 7-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99 [ 114.047143][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 114.059099][ T10] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 114.062601][ T10] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 114.067221][ T10] usb 7-1: Product: syz [ 114.068588][ T10] usb 7-1: Manufacturer: syz [ 114.070045][ T10] usb 7-1: SerialNumber: syz [ 114.077169][ T10] usb 7-1: config 0 descriptor?? [ 114.080170][ T7113] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 114.086375][ T10] usb 7-1: selecting invalid altsetting 0 [ 114.766964][ T7137] netlink: 88 bytes leftover after parsing attributes in process `syz.3.297'. [ 114.797360][ T7139] 9p: Bad value for 'rfdno' [ 114.927920][ T7151] syzkaller0: entered promiscuous mode [ 114.930272][ T7151] syzkaller0: entered allmulticast mode [ 115.277599][ T5820] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 115.466541][ T5820] usb 8-1: unable to get BOS descriptor or descriptor too short [ 115.470832][ T5820] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 115.473815][ T5820] usb 8-1: can't read configurations, error -71 [ 116.685249][ T40] kauditd_printk_skb: 140 callbacks suppressed [ 116.685266][ T40] audit: type=1400 audit(1779868925.687:390): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7166 comm="syz.3.308" [ 116.787602][ T10] usb 7-1: USB disconnect, device number 7 [ 116.905234][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.310'. [ 116.992718][ T7176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.311'. [ 117.005558][ T7176] 8021q: adding VLAN 0 to HW filter on device bond1 [ 117.194966][ T7183] fuse: Unknown parameter 'zòÞã†JJ' [ 117.400595][ T7186] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 117.413148][ T7186] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 117.417144][ T7186] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 117.420673][ T7186] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 117.531139][ T7183] can0: slcan on ptm0. [ 117.600196][ T7181] can0 (unregistered): slcan off ptm0. [ 117.660895][ T40] audit: type=1326 audit(1779868926.667:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 117.668769][ T1036] usb 40-1: device descriptor read/8, error -110 [ 117.669474][ T40] audit: type=1326 audit(1779868926.667:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 117.688012][ T40] audit: type=1326 audit(1779868926.667:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 117.698320][ T40] audit: type=1326 audit(1779868926.667:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 117.706343][ T40] audit: type=1326 audit(1779868926.667:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 117.718828][ T40] audit: type=1326 audit(1779868926.677:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.1.315" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 118.137457][ T1036] usb usb40-port1: attempt power cycle [ 118.185247][ T7230] lo speed is unknown, defaulting to 1000 [ 118.924916][ T7238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 119.331465][ T1036] usb usb40-port1: unable to enumerate USB device [ 119.362980][ T7241] xt_CT: You must specify a L4 protocol and not use inversions on it [ 119.368016][ T7242] xt_CT: You must specify a L4 protocol and not use inversions on it [ 119.407399][ T7245] netlink: 232 bytes leftover after parsing attributes in process `syz.2.327'. [ 119.411986][ T7245] netlink: 56 bytes leftover after parsing attributes in process `syz.2.327'. [ 119.424087][ T7242] netlink: 24 bytes leftover after parsing attributes in process `syz.0.326'. [ 119.546782][ T5751] Bluetooth: hci3: link tx timeout [ 119.550058][ T5751] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 119.554539][ T5754] block nbd0: Receive control failed (result -32) [ 119.691965][ T7262] fuse: Unknown parameter 'zòÞã†JJ' [ 119.979647][ T5820] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 120.028209][ T7262] can0: slcan on ptm0. [ 120.348993][ T7259] can0 (unregistered): slcan off ptm0. [ 120.823879][ T7272] can0: slcan on ptm1. [ 120.930403][ T7272] can0 (unregistered): slcan off ptm1. [ 121.328545][ T7283] can0: slcan on ptm0. [ 121.375110][ T7304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.338'. [ 121.512006][ T7280] can0 (unregistered): slcan off ptm0. [ 121.588663][ T5754] Bluetooth: hci3: command 0x0406 tx timeout [ 121.648023][ T7312] netlink: 40 bytes leftover after parsing attributes in process `syz.0.341'. [ 130.334834][ T7353] fuse: Unknown parameter 'zòÞã†JJ' [ 130.407382][ T7357] siw: device registration error -23 [ 130.424254][ T7356] fuse: Unknown parameter 'zòÞã†JJ' [ 130.617549][ T7364] comedi comedi3: comedi_config --init_data is deprecated [ 130.815709][ T7353] can0: slcan on ptm0. [ 130.930145][ T7345] can0 (unregistered): slcan off ptm0. [ 130.962425][ T7356] can0: slcan on ptm1. [ 132.268166][ T7346] can0 (unregistered): slcan off ptm1. [ 132.378483][ T7377] netlink: 'syz.1.350': attribute type 29 has an invalid length. [ 132.499455][ T7382] binder: BINDER_SET_CONTEXT_MGR already set [ 132.503627][ T7382] binder: 7380:7382 ioctl 4018620d 80000100 returned -16 [ 132.517122][ T7382] binder: BINDER_SET_CONTEXT_MGR already set [ 132.528705][ T7382] binder: 7380:7382 ioctl 4018620d 80004a80 returned -16 [ 132.535590][ T7382] FAULT_INJECTION: forcing a failure. [ 132.535590][ T7382] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 132.547849][ T7382] CPU: 2 UID: 0 PID: 7382 Comm: syz.3.352 Not tainted syzkaller #0 PREEMPT(full) [ 132.547874][ T7382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 132.547886][ T7382] Call Trace: [ 132.547892][ T7382] [ 132.547899][ T7382] dump_stack_lvl+0x100/0x190 [ 132.547926][ T7382] should_fail_ex.cold+0x5/0xa [ 132.547952][ T7382] _copy_from_user+0x2e/0xd0 [ 132.547974][ T7382] ? __pfx_binder_ioctl+0x10/0x10 [ 132.547999][ T7382] binder_ioctl+0x4cb/0x7550 [ 132.548030][ T7382] ? find_held_lock+0x2b/0x80 [ 132.548055][ T7382] ? tomoyo_path_number_perm+0x28f/0x580 [ 132.548077][ T7382] ? tomoyo_path_number_perm+0x28f/0x580 [ 132.548102][ T7382] ? tomoyo_path_number_perm+0x188/0x580 [ 132.548126][ T7382] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 132.548148][ T7382] ? __pfx_binder_ioctl+0x10/0x10 [ 132.548180][ T7382] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 132.548210][ T7382] ? do_vfs_ioctl+0x226/0x13e0 [ 132.548231][ T7382] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 132.548258][ T7382] ? find_held_lock+0x2b/0x80 [ 132.548281][ T7382] ? __fget_files+0x215/0x3d0 [ 132.548302][ T7382] ? hook_file_ioctl_common+0x149/0x410 [ 132.548336][ T7382] ? __fget_files+0x21f/0x3d0 [ 132.548361][ T7382] ? __pfx_binder_ioctl+0x10/0x10 [ 132.548388][ T7382] compat_ptr_ioctl+0x6e/0xa0 [ 132.548406][ T7382] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 132.548426][ T7382] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 132.548449][ T7382] __do_fast_syscall_32+0xe7/0x950 [ 132.548470][ T7382] ? lockdep_hardirqs_on+0x78/0x100 [ 132.548492][ T7382] do_fast_syscall_32+0x32/0x70 [ 132.548513][ T7382] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.548538][ T7382] RIP: 0023:0xf7fe8f7c [ 132.548554][ T7382] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 132.548572][ T7382] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 132.548590][ T7382] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 132.548603][ T7382] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.548613][ T7382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.548624][ T7382] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 132.548635][ T7382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.548660][ T7382] [ 132.548669][ T7382] binder: 7380:7382 ioctl c0306201 800001c0 returned -14 [ 132.555950][ T7389] pim6reg: entered allmulticast mode [ 132.670587][ T7389] netlink: 'syz.0.354': attribute type 3 has an invalid length. [ 132.673047][ T7389] netlink: 'syz.0.354': attribute type 1 has an invalid length. [ 132.675692][ T7389] netlink: 224 bytes leftover after parsing attributes in process `syz.0.354'. [ 132.679195][ T7389] NCSI netlink: No device for ifindex 0 [ 132.689612][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.0.354'. [ 132.692368][ T7389] netlink: 'syz.0.354': attribute type 30 has an invalid length. [ 132.917143][ T7404] siw: device registration error -23 [ 133.059052][ T7408] trusted_key: encrypted_key: key user:syµÑïz not found [ 133.071749][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.1.358'. [ 133.078592][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.1.358'. [ 133.085977][ T7408] virtio-fs: tag not found [ 133.124617][ T7409] 9p: Bad value for 'wfdno' [ 133.243566][ T7412] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.249300][ T7412] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.327793][ T7412] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.331477][ T7412] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.406513][ T7412] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.411028][ T7412] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.497564][ T1478] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 133.498712][ T7412] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.504822][ T7412] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.667628][ T1478] usb 5-1: Using ep0 maxpacket: 16 [ 133.673839][ T5751] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 133.673876][ T5751] Bluetooth: hci0: Malformed LE Event: 0x0d [ 133.682134][ T1478] usb 5-1: unable to get BOS descriptor or descriptor too short [ 133.687427][ T1478] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 133.690070][ T1478] usb 5-1: can't read configurations, error -71 [ 133.753209][ T46] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.757086][ T46] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.764867][ T7415] netlink: 'syz.1.362': attribute type 1 has an invalid length. [ 133.770793][ T46] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.774463][ T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.810554][ T7415] ip6gretap1: entered promiscuous mode [ 133.815012][ T7415] ip6gretap1: entered allmulticast mode [ 133.820306][ T7415] bond1: (slave ip6gretap1): making interface the new active one [ 133.823103][ T7415] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 133.826104][ T7415] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 133.828699][ T7415] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 133.831500][ T46] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.837194][ T46] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.843247][ T46] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.845851][ T46] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.888719][ T7418] netlink: 'syz.2.361': attribute type 29 has an invalid length. [ 133.890769][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.363'. [ 133.891882][ T7418] netlink: 148 bytes leftover after parsing attributes in process `syz.2.361'. [ 133.891900][ T7418] netlink: 59 bytes leftover after parsing attributes in process `syz.2.361'. [ 133.902842][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.363'. [ 133.965181][ T7426] trusted_key: encrypted_key: master key parameter '' is invalid [ 135.079362][ T7441] netlink: 36 bytes leftover after parsing attributes in process `syz.3.370'. [ 135.091370][ T7441] netlink: 36 bytes leftover after parsing attributes in process `syz.3.370'. [ 135.307556][ T7446] loop6: detected capacity change from 0 to 8 [ 135.565216][ T7446] loop6: detected capacity change from 8 to 7 [ 135.621974][ C1] blk_print_req_error: 15 callbacks suppressed [ 135.621987][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 135.626751][ C1] buffer_io_error: 15 callbacks suppressed [ 135.626760][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 135.633112][ T7449] loop6: detected capacity change from 7 to 0 [ 135.635760][ T7446] ldm_validate_partition_table(): Disk read failed. [ 135.638256][ T7446] Dev loop6: unable to read RDB block 0 [ 135.639977][ T7446] loop6: unable to read partition table [ 135.641803][ T7446] loop6: partition table beyond EOD, truncated [ 135.644116][ T7446] loop_reread_partitions: partition scan of loop6 (ÛuêƒG Ÿ­Ü±.:ˆÊåë0„Çñ™Àü¿Ð [ 135.644116][ T7446] å’ not found [ 143.771978][ T7667] trusted_key: syz.3.419 sent an empty control message without MSG_MORE. [ 144.304680][ T7681] lo speed is unknown, defaulting to 1000 [ 144.531592][ T7699] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 144.534525][ T7699] [U] J"—e:ÀÆ" [ 146.213748][ T7718] siw: device registration error -23 [ 146.227084][ T7719] siw: device registration error -23 [ 147.407656][ T5848] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 147.559957][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 147.564979][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 147.573238][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 147.583617][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 147.590087][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 147.606399][ T5848] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 147.612717][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.621259][ T5848] usb 5-1: Product: syz [ 147.623044][ T5848] usb 5-1: Manufacturer: syz [ 147.633059][ T5848] usb 5-1: SerialNumber: syz [ 147.645127][ T5848] usb 5-1: config 0 descriptor?? [ 147.656351][ T5848] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input12 [ 147.928104][ T7741] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 148.112262][ T7747] trusted_key: encrypted_key: key user:syµÑïz not found [ 148.163050][ T7747] virtio-fs: tag not found [ 148.822063][ T7755] siw: device registration error -23 [ 148.844084][ T1036] usb 5-1: USB disconnect, device number 6 [ 149.107159][ T7758] __nla_validate_parse: 5 callbacks suppressed [ 149.107172][ T7758] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.447'. [ 150.023725][ T7770] netlink: 20 bytes leftover after parsing attributes in process `syz.1.450'. [ 150.038114][ T7770] netlink: 16 bytes leftover after parsing attributes in process `syz.1.450'. [ 150.042513][ T7770] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 150.046089][ T7770] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 150.052388][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 150.055045][ T7772] trusted_key: encrypted_key: key user:syµÑïz not found [ 150.092671][ T7772] virtio-fs: tag not found [ 150.163036][ T7776] fuse: Unknown parameter 'zòÞã†JJ' [ 150.499991][ T7776] can0: slcan on ptm0. [ 150.571077][ T7773] can0 (unregistered): slcan off ptm0. [ 151.122938][ T7829] netlink: 32 bytes leftover after parsing attributes in process `syz.3.467'. [ 152.012351][ T7842] trusted_key: encrypted_key: key user:syµÑïz not found [ 152.064426][ T7842] virtio-fs: tag not found [ 152.118432][ T7846] netlink: 'syz.3.474': attribute type 2 has an invalid length. [ 152.232804][ T7855] siw: device registration error -23 [ 152.836661][ T7847] can0: slcan on ptm0. [ 152.862061][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.480'. [ 152.949295][ T7873] smc: net device wlan0 applied user defined pnetid SYZ0 [ 152.996838][ T7843] can0 (unregistered): slcan off ptm0. [ 153.068900][ T7871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.139862][ T7879] binder: 7878:7879 ioctl 40106e80 800003c0 returned -22 [ 153.292267][ T7880] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.342782][ T7883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'. [ 153.361439][ T7880] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.606640][ T7880] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.720811][ T7890] fuse: Unknown parameter 'zòÞã†JJ' [ 153.722166][ T7880] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.871593][ T7613] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.896142][ T7613] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.915573][ T7613] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.936522][ T7613] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.967571][ T1036] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 154.047903][ T7890] can0: slcan on ptm0. [ 154.153078][ T1036] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 154.158333][ T1036] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 154.160283][ T7888] can0 (unregistered): slcan off ptm0. [ 154.167549][ T1036] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 154.170585][ T1036] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 154.177646][ T1036] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 154.189509][ T1036] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 154.195461][ T1036] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 154.203465][ T1036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.209547][ T1036] usb 7-1: config 0 descriptor?? [ 154.213738][ T7870] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 154.324548][ T7919] fuse: Unknown parameter 'zòÞã†JJ' [ 154.464010][ T1036] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 154.614671][ T7919] can0: slcan on ptm1. [ 154.622949][ T7917] can1: slcan on ptm0. [ 154.664695][ C3] usblp0: nonzero read bulk status received: -71 [ 154.672944][ T4029] usb 7-1: USB disconnect, device number 10 [ 154.682042][ T7910] can1 (unregistered): slcan off ptm0. [ 154.748008][ T7913] can0 (unregistered): slcan off ptm1. [ 154.998735][ T7870] netlink: 16 bytes leftover after parsing attributes in process `syz.2.479'. [ 155.153288][ T7868] usblp0: removed [ 155.969323][ T7960] fuse: Unknown parameter 'zòÞã†JJ' [ 156.126971][ T7963] sch_tbf: burst 32852 is lower than device lo mtu (65550) ! [ 156.192369][ T7960] can0: slcan on ptm0. [ 156.298236][ T7958] can0 (unregistered): slcan off ptm0. [ 156.422000][ T7968] can0: slcan on ptm1. [ 156.551542][ T7966] can0 (unregistered): slcan off ptm1. [ 156.639553][ T7972] can0: slcan on ptm0. [ 156.768178][ T7970] can0 (unregistered): slcan off ptm0. [ 156.828978][ T39] libceph: connect (1)[c::]:6789 error -101 [ 156.833924][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 156.843275][ T39] libceph: connect (1)[c::]:6789 error -101 [ 156.846043][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 157.108533][ T4029] libceph: connect (1)[c::]:6789 error -101 [ 157.111115][ T4029] libceph: mon0 (1)[c::]:6789 connect error [ 157.141724][ T8003] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 157.143811][ T8003] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 157.146489][ T8003] vhci_hcd vhci_hcd.0: Device attached [ 157.151352][ T8004] vhci_hcd: connection closed [ 157.153624][ T7611] vhci_hcd vhci_hcd.2: stop threads [ 157.156985][ T7611] vhci_hcd vhci_hcd.2: release socket [ 157.158847][ T7611] vhci_hcd vhci_hcd.2: disconnect device [ 157.616460][ T7998] syz.0.504 (7998) used greatest stack depth: 18936 bytes left [ 157.621723][ T5834] libceph: connect (1)[c::]:6789 error -101 [ 157.623829][ T5834] libceph: mon0 (1)[c::]:6789 connect error [ 157.640092][ T7992] ceph: No mds server is up or the cluster is laggy [ 157.814193][ T8013] siw: device registration error -23 [ 157.897279][ T8016] netlink: 8 bytes leftover after parsing attributes in process `syz.3.511'. [ 157.925227][ T8015] fuse: Unknown parameter 'zòÞã†JJ' [ 158.701149][ T8027] usb usb7: usbfs: process 8027 (syz.1.514) did not claim interface 0 before use [ 159.149166][ T8015] can0: slcan on ptm0. [ 159.279149][ T8015] can0 (unregistered): slcan off ptm0. [ 159.291994][ T8050] netlink: 16 bytes leftover after parsing attributes in process `syz.3.520'. [ 159.323416][ T8052] netlink: 'syz.3.522': attribute type 7 has an invalid length. [ 159.341715][ T8052] : entered promiscuous mode [ 159.555038][ T8064] netlink: 24 bytes leftover after parsing attributes in process `syz.2.526'. [ 159.589370][ T8070] netlink: 24 bytes leftover after parsing attributes in process `syz.2.528'. [ 159.759821][ T8079] netlink: 16 bytes leftover after parsing attributes in process `syz.1.532'. [ 160.002236][ T8090] input: syz0 as /devices/virtual/input/input13 [ 160.875826][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 160.875843][ T40] audit: type=1326 audit(1779868969.877:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.900331][ T40] audit: type=1326 audit(1779868969.897:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.914804][ T40] audit: type=1326 audit(1779868969.897:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.924338][ T40] audit: type=1326 audit(1779868969.897:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.932743][ T40] audit: type=1326 audit(1779868969.897:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.942557][ T40] audit: type=1326 audit(1779868969.897:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 160.950856][ T40] audit: type=1326 audit(1779868969.897:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz.1.539" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef7c code=0x7ffc0000 [ 162.025580][ T8132] lo speed is unknown, defaulting to 1000 [ 162.140101][ T8135] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 162.143333][ T8135] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 162.162923][ T8135] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 162.170748][ T8135] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 162.173329][ T8135] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 162.181043][ T8135] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 162.185014][ T8135] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 162.187456][ T8135] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 162.192615][ T8135] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 162.196752][ T8135] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 162.201892][ T8135] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 162.247628][ T9] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 162.429207][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 162.432144][ T9] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 162.436325][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 162.440588][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 162.444624][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 162.449390][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 162.452438][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 162.454915][ T9] usb 7-1: Product: syz [ 162.456193][ T9] usb 7-1: Manufacturer: syz [ 162.460218][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 162.464382][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 162.467224][ T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 162.469294][ T9] cdc_wdm 7-1:1.0: Unknown control protocol [ 162.477552][ T7107] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 162.639076][ T7107] usb 8-1: unable to get BOS descriptor or descriptor too short [ 162.642376][ T7107] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 162.647276][ T7107] usb 8-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40 [ 162.650175][ T7107] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.652685][ T7107] usb 8-1: Product: syz [ 162.654055][ T7107] usb 8-1: Manufacturer: syz [ 162.655566][ T7107] usb 8-1: SerialNumber: syz [ 162.669930][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.672073][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.674129][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.676146][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.678264][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.680258][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.682330][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.684363][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.687999][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.690076][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.692131][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.694163][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.696502][ T1036] usb 7-1: USB disconnect, device number 11 [ 162.698871][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 162.698882][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 162.698890][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 162.866644][ T8139] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size. [ 162.897205][ T8134] 9p: Bad value for 'wfdno' [ 162.903119][ T7107] usb 8-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 162.921921][ T7107] usb 8-1: parse_audio_format_rates_v2v3(): unable to retrieve number of sample rates (clock 0) [ 162.941787][ T7107] usb 8-1: USB disconnect, device number 9 [ 162.985740][ T7856] udevd[7856]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.293034][ T5754] Bluetooth: hci0: unexpected event for opcode 0x0406 [ 163.763541][ T8160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.554'. [ 163.767225][ T8160] netlink: 348 bytes leftover after parsing attributes in process `syz.0.554'. [ 163.770725][ T8160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.554'. [ 163.773800][ T8160] netlink: 348 bytes leftover after parsing attributes in process `syz.0.554'. [ 163.777315][ T8160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.554'. [ 163.898353][ T8176] FAULT_INJECTION: forcing a failure. [ 163.898353][ T8176] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.902640][ T8176] CPU: 1 UID: 0 PID: 8176 Comm: syz.2.559 Not tainted syzkaller #0 PREEMPT(full) [ 163.902656][ T8176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.902663][ T8176] Call Trace: [ 163.902666][ T8176] [ 163.902671][ T8176] dump_stack_lvl+0x100/0x190 [ 163.902720][ T8176] should_fail_ex.cold+0x5/0xa [ 163.902736][ T8176] _copy_from_iter+0x1f4/0x1690 [ 163.902769][ T8176] ? __asan_memset+0x23/0x50 [ 163.902787][ T8176] ? __pfx__copy_from_iter+0x10/0x10 [ 163.902799][ T8176] ? __pfx___alloc_skb+0x10/0x10 [ 163.902838][ T8176] netlink_sendmsg+0x808/0xda0 [ 163.902859][ T8176] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.902879][ T8176] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 163.902899][ T8176] ____sys_sendmsg+0x9e1/0xb70 [ 163.902916][ T8176] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.902934][ T8176] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.902958][ T8176] ___sys_sendmsg+0x190/0x1e0 [ 163.902970][ T8176] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.902987][ T8176] ? find_held_lock+0x2b/0x80 [ 163.903010][ T8176] __sys_sendmsg+0x170/0x220 [ 163.903025][ T8176] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.903041][ T8176] ? __fget_files+0x21f/0x3d0 [ 163.903058][ T8176] ? ksys_write+0x1ac/0x250 [ 163.903073][ T8176] ? rcu_is_watching+0x12/0xc0 [ 163.903089][ T8176] __do_fast_syscall_32+0xe7/0x950 [ 163.903120][ T8176] ? lockdep_hardirqs_on+0x78/0x100 [ 163.903132][ T8176] do_fast_syscall_32+0x32/0x70 [ 163.903144][ T8176] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 163.903159][ T8176] RIP: 0023:0xf7f68f7c [ 163.903168][ T8176] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 163.903179][ T8176] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 163.903190][ T8176] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000000 [ 163.903196][ T8176] RDX: 0000000004000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 163.903203][ T8176] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 163.903209][ T8176] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 163.903215][ T8176] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 163.903229][ T8176] [ 163.912197][ T8176] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 164.026045][ T40] audit: type=1326 audit(1779868973.027:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.3.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 164.026080][ T40] audit: type=1326 audit(1779868973.027:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.3.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 164.026102][ T40] audit: type=1326 audit(1779868973.027:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.3.560" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 164.228085][ T5754] Bluetooth: hci3: command 0x0406 tx timeout [ 164.228145][ T5748] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.234807][ T5751] Bluetooth: hci2: command 0x0c1a tx timeout [ 164.494294][ T8196] ptrace attach of "/syz-executor exec"[8197] was attempted by "/syz-executor exec"[8196] [ 164.777650][ T5848] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 165.789902][ T5848] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.308428][ T5748] Bluetooth: hci1: command 0x0c1a tx timeout [ 166.310350][ T5748] Bluetooth: hci3: command 0x0406 tx timeout [ 166.312418][ T5751] Bluetooth: hci2: command 0x0c1a tx timeout [ 166.649712][ T40] kauditd_printk_skb: 188 callbacks suppressed [ 166.649724][ T40] audit: type=1326 audit(1779868975.657:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.3.560" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 166.663154][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 166.666856][ T40] audit: type=1326 audit(1779868975.667:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.3.560" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf7fe8f7c code=0x7ffc0000 [ 166.675719][ T5848] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 166.776236][ T8200] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.803508][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.815929][ T5848] usb 5-1: config 0 descriptor?? [ 166.826408][ T5848] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 166.835386][ T5848] dvb-usb: bulk message failed: -22 (3/0) [ 166.835902][ T8200] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.856404][ T5848] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 166.866171][ T5848] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 166.872598][ T5848] usb 5-1: media controller created [ 166.884159][ T5848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 166.901361][ T8200] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.903442][ T5848] dvb-usb: bulk message failed: -22 (6/0) [ 166.917104][ T8204] tmpfs: Bad value for 'mpol' [ 166.920235][ T5848] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 166.973034][ T8200] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.976848][ T5848] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input14 [ 166.987892][ T5848] dvb-usb: schedule remote query interval to 150 msecs. [ 166.991128][ T5848] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 167.029527][ T8199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.034816][ T8199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.046151][ T4029] usb 5-1: USB disconnect, device number 7 [ 167.059775][ T71] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.071199][ T71] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.080324][ T71] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.088528][ T71] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.213449][ T4029] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 167.351207][ T5754] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 167.357996][ T5754] Bluetooth: hci0: Injecting HCI hardware error event [ 167.361418][ T8211] Invalid ELF header len 9 [ 167.362279][ T5754] Bluetooth: hci0: hardware error 0x00 [ 168.111037][ T8223] can0: slcan on ptm0. [ 168.197991][ T8222] can0 (unregistered): slcan off ptm0. [ 168.334362][ T8245] siw: device registration error -23 [ 168.388072][ T5748] Bluetooth: hci1: command 0x0c1a tx timeout [ 168.391043][ T5751] Bluetooth: hci2: command 0x0c1a tx timeout [ 168.414129][ T8232] can0: slcan on ptm1. [ 168.567926][ T8230] can0 (unregistered): slcan off ptm1. [ 169.429673][ T5754] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 169.757581][ T1036] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 169.909611][ T1036] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 169.914392][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 169.918828][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 169.925213][ T1036] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 169.928868][ T1036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.931922][ T1036] usb 6-1: Product: syz [ 169.933664][ T1036] usb 6-1: Manufacturer: syz [ 169.935493][ T1036] usb 6-1: SerialNumber: syz [ 169.940486][ T1036] usb 6-1: config 0 descriptor?? [ 169.945473][ T8262] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 169.998901][ T1036] rc_core: IR keymap rc-streamzap not found [ 170.003492][ T1036] Registered IR keymap rc-empty [ 170.010947][ T1036] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 170.015990][ T1036] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input15 [ 170.212746][ T5890] usb 6-1: USB disconnect, device number 5 [ 171.242316][ T8279] overlay: ./file0 is not a directory [ 171.251694][ T8279] overlay: ./file0 is not a directory [ 171.300419][ T8275] can0: slcan on ptm0. [ 171.368254][ T8271] can0 (unregistered): slcan off ptm0. [ 171.679277][ T8292] fuse: Unknown parameter 'zòÞã†JJ' [ 172.147609][ T1036] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 172.162105][ T8292] can0: slcan on ptm0. [ 172.289238][ T8288] can0 (unregistered): slcan off ptm0. [ 172.326603][ T1036] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 172.334917][ T1036] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 172.346736][ T1036] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 172.357365][ T1036] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 172.367838][ T1036] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 172.375966][ T1036] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 172.390001][ T1036] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 172.396546][ T1036] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.432316][ T1036] usb 5-1: config 0 descriptor?? [ 172.437254][ T8260] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 172.682331][ T1036] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 172.882049][ C3] usblp0: nonzero read bulk status received: -71 [ 172.897062][ T5834] usb 5-1: USB disconnect, device number 8 [ 173.002198][ T8315] can0: slcan on ptm0. [ 173.068136][ T8310] can0 (unregistered): slcan off ptm0. [ 173.183501][ T8260] netlink: 16 bytes leftover after parsing attributes in process `syz.0.578'. [ 173.194922][ T8258] usblp0: removed [ 174.595290][ T1036] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 174.802014][ T1036] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.806155][ T1036] usb 6-1: config 0 has no interfaces? [ 174.809515][ T1036] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.812515][ T1036] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.831913][ T1036] usb 6-1: config 0 descriptor?? [ 175.669382][ T5751] Bluetooth: hci3: command 0x0406 tx timeout [ 177.319105][ T8374] lo speed is unknown, defaulting to 1000 [ 177.597670][ T842] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 177.758994][ T842] usb 8-1: config 0 has no interfaces? [ 177.762369][ T842] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 177.765199][ T842] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.767917][ T842] usb 8-1: Product: syz [ 177.769386][ T842] usb 8-1: Manufacturer: syz [ 177.771495][ T842] usb 8-1: SerialNumber: syz [ 177.774589][ T842] usb 8-1: config 0 descriptor?? [ 178.033462][ T842] usb 8-1: USB disconnect, device number 10 [ 178.633110][ T8382] loop3: detected capacity change from 0 to 7 [ 178.647361][ T8382] Dev loop3: unable to read RDB block 7 [ 178.650270][ T8382] loop3: unable to read partition table [ 178.653715][ T8382] loop3: partition table beyond EOD, truncated [ 178.667740][ T8382] loop_reread_partitions: partition scan of loop3 ( ) failed (rc=-5) [ 179.461792][ T8370] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 179.468052][ T8370] exFAT-fs (nbd0): unable to read boot sector [ 179.470796][ T8370] exFAT-fs (nbd0): failed to read boot sector [ 179.472847][ T8370] exFAT-fs (nbd0): failed to recognize exfat type [ 179.657233][ T1036] usb 6-1: USB disconnect, device number 6 [ 179.854225][ T8406] lo speed is unknown, defaulting to 1000 [ 179.940807][ T8411] FAULT_INJECTION: forcing a failure. [ 179.940807][ T8411] name failslab, interval 1, probability 0, space 0, times 0 [ 179.944769][ T8411] CPU: 1 UID: 0 PID: 8411 Comm: syz.0.617 Tainted: G L syzkaller #0 PREEMPT(full) [ 179.944786][ T8411] Tainted: [L]=SOFTLOCKUP [ 179.944790][ T8411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.944797][ T8411] Call Trace: [ 179.944801][ T8411] [ 179.944805][ T8411] dump_stack_lvl+0x100/0x190 [ 179.944822][ T8411] should_fail_ex.cold+0x5/0xa [ 179.944837][ T8411] ? mon_bin_ioctl+0x7de/0xcb0 [ 179.944854][ T8411] should_failslab+0xc2/0x120 [ 179.944868][ T8411] __kmalloc_noprof+0xe0/0x850 [ 179.944882][ T8411] mon_bin_ioctl+0x7de/0xcb0 [ 179.944898][ T8411] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 179.944910][ T8411] ? __pfx_mon_bin_ioctl+0x10/0x10 [ 179.944928][ T8411] ? find_held_lock+0x2b/0x80 [ 179.944943][ T8411] ? __fget_files+0x215/0x3d0 [ 179.944956][ T8411] ? hook_file_ioctl_common+0x149/0x410 [ 179.944971][ T8411] mon_bin_compat_ioctl+0x212/0x3a0 [ 179.944988][ T8411] ? __pfx_mon_bin_compat_ioctl+0x10/0x10 [ 179.945007][ T8411] ? __pfx_mon_bin_compat_ioctl+0x10/0x10 [ 179.945023][ T8411] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 179.945037][ T8411] __do_fast_syscall_32+0xe7/0x950 [ 179.945049][ T8411] ? lockdep_hardirqs_on+0x78/0x100 [ 179.945061][ T8411] do_fast_syscall_32+0x32/0x70 [ 179.945073][ T8411] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 179.945088][ T8411] RIP: 0023:0xf708ef7c [ 179.945096][ T8411] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 179.945107][ T8411] RSP: 002b:00000000f547d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 179.945118][ T8411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000009204 [ 179.945125][ T8411] RDX: 0000000000010f0d RSI: 0000000000000000 RDI: 0000000000000000 [ 179.945131][ T8411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 179.945137][ T8411] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 179.945143][ T8411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 179.945156][ T8411] [ 180.606013][ T8428] FAULT_INJECTION: forcing a failure. [ 180.606013][ T8428] name failslab, interval 1, probability 0, space 0, times 0 [ 180.610157][ T8428] CPU: 2 UID: 0 PID: 8428 Comm: syz.3.623 Tainted: G L syzkaller #0 PREEMPT(full) [ 180.610175][ T8428] Tainted: [L]=SOFTLOCKUP [ 180.610179][ T8428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 180.610186][ T8428] Call Trace: [ 180.610189][ T8428] [ 180.610193][ T8428] dump_stack_lvl+0x100/0x190 [ 180.610210][ T8428] should_fail_ex.cold+0x5/0xa [ 180.610224][ T8428] should_failslab+0xc2/0x120 [ 180.610238][ T8428] __kmalloc_cache_noprof+0x7a/0x6f0 [ 180.610255][ T8428] ? copy_mount_options+0x55/0x190 [ 180.610276][ T8428] copy_mount_options+0x55/0x190 [ 180.610295][ T8428] __ia32_sys_mount+0x1ab/0x310 [ 180.610312][ T8428] ? __pfx___ia32_sys_mount+0x10/0x10 [ 180.610334][ T8428] ? ksys_write+0x1ac/0x250 [ 180.610348][ T8428] ? rcu_is_watching+0x12/0xc0 [ 180.610364][ T8428] __do_fast_syscall_32+0xe7/0x950 [ 180.610376][ T8428] ? lockdep_hardirqs_on+0x78/0x100 [ 180.610388][ T8428] do_fast_syscall_32+0x32/0x70 [ 180.610400][ T8428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 180.610414][ T8428] RIP: 0023:0xf7fe8f7c [ 180.610424][ T8428] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 180.610434][ T8428] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000015 [ 180.610445][ T8428] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000100 [ 180.610452][ T8428] RDX: 0000000080000440 RSI: 0000000000000001 RDI: 00000000800000c0 [ 180.610458][ T8428] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 180.610464][ T8428] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 180.610471][ T8428] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 180.610484][ T8428] [ 181.212751][ T8433] netlink: 2120 bytes leftover after parsing attributes in process `syz.3.625'. [ 181.917577][ T5834] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 182.078809][ T5834] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 182.082981][ T5834] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 182.087572][ T5834] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 182.090814][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 182.097745][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 182.101820][ T5834] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 182.107964][ T5834] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 182.112947][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.116705][ T5834] usb 5-1: config 0 descriptor?? [ 182.121064][ T8421] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 182.336360][ T5834] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 182.559107][ C1] usblp0: nonzero read bulk status received: -71 [ 182.584021][ T1036] usb 5-1: USB disconnect, device number 9 [ 182.903478][ T8420] netlink: 16 bytes leftover after parsing attributes in process `syz.0.620'. [ 182.908238][ T8419] usblp0: removed [ 183.930367][ T8471] trusted_key: encrypted_key: key user:syµÑïz not found [ 184.080429][ T8471] virtio-fs: tag not found [ 184.156152][ T40] audit: type=1326 audit(1779868993.157:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz.2.635" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68f7c code=0x0 [ 185.071368][ T8487] netlink: 4 bytes leftover after parsing attributes in process `syz.2.640'. [ 185.088567][ T8487] 8021q: adding VLAN 0 to HW filter on device bond2 [ 185.229022][ T8493] fuse: Unknown parameter 'zòÞã†JJ' [ 185.582511][ T8493] can0: slcan on ptm0. [ 186.079367][ T8491] can0 (unregistered): slcan off ptm0. [ 186.444574][ T8523] loop9: detected capacity change from 0 to 7 [ 186.458109][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.460931][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.467165][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.469967][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.472524][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.476250][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.481506][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.485252][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.489146][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.492870][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.496445][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.500252][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.508930][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.512655][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.515862][ T8523] ldm_validate_partition_table(): Disk read failed. [ 186.519295][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.523015][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.526371][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.530123][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.575688][ T8520] [ 186.576480][ T8520] ====================================================== [ 186.578591][ T8520] WARNING: possible circular locking dependency detected [ 186.580669][ T8520] syzkaller #0 Tainted: G L [ 186.582768][ T8520] ------------------------------------------------------ [ 186.585063][ T8520] syz.2.645/8520 is trying to acquire lock: [ 186.586816][ T8520] ffff88801ce9fa10 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 186.589841][ T8520] [ 186.589841][ T8520] but task is already holding lock: [ 186.592031][ T8520] ffff88802704aef0 (&q->q_usage_counter(io)#26){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 186.595504][ T8520] [ 186.595504][ T8520] which lock already depends on the new lock. [ 186.595504][ T8520] [ 186.598608][ T8520] [ 186.598608][ T8520] the existing dependency chain (in reverse order) is: [ 186.601272][ T8520] [ 186.601272][ T8520] -> #2 (&q->q_usage_counter(io)#26){++++}-{0:0}: [ 186.604284][ T8520] blk_alloc_queue+0x610/0x790 [ 186.606004][ T8520] blk_mq_alloc_queue+0x174/0x290 [ 186.607703][ T8520] __blk_mq_alloc_disk+0x29/0x120 [ 186.609403][ T8520] loop_add+0x498/0xb60 [ 186.610838][ T8520] loop_init+0x1d3/0x200 [ 186.612301][ T8520] do_one_initcall+0x121/0x750 [ 186.613957][ T8520] kernel_init_freeable+0x6ea/0x7b0 [ 186.615681][ T8520] kernel_init+0x1f/0x1e0 [ 186.617186][ T8520] ret_from_fork+0x72b/0xd50 [ 186.618760][ T8520] ret_from_fork_asm+0x1a/0x30 [ 186.620357][ T8520] [ 186.620357][ T8520] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 186.622557][ T8520] fs_reclaim_acquire+0xc4/0x100 [ 186.624289][ T8520] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 186.626072][ T8520] __kernfs_iattrs+0x124/0x3e0 [ 186.627704][ T8520] __kernfs_setattr+0x4d/0x3c0 [ 186.629323][ T8520] kernfs_iop_setattr+0xda/0x130 [ 186.630961][ T8520] notify_change+0xb25/0x1330 [ 186.632611][ T8520] do_truncate+0x1df/0x240 [ 186.634193][ T8520] path_openat+0x2a55/0x31a0 [ 186.635793][ T8520] do_file_open+0x20e/0x430 [ 186.637344][ T8520] do_sys_openat2+0x10d/0x1e0 [ 186.638949][ T8520] __x64_sys_openat+0x12d/0x210 [ 186.640569][ T8520] do_syscall_64+0x10b/0x830 [ 186.642135][ T8520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.644131][ T8520] [ 186.644131][ T8520] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 186.646692][ T8520] __lock_acquire+0x14b8/0x2630 [ 186.648328][ T8520] lock_acquire+0x1b1/0x370 [ 186.649862][ T8520] down_read+0x99/0x450 [ 186.651292][ T8520] kernfs_iop_getattr+0x9c/0xf0 [ 186.652961][ T8520] vfs_getattr_nosec+0x2d4/0x430 [ 186.654636][ T8520] vfs_getattr+0x4a/0x60 [ 186.656090][ T8520] loop_query_min_dio_size.isra.0+0x117/0x250 [ 186.658064][ T8520] lo_ioctl+0x13aa/0x1bc0 [ 186.659465][ T8520] lo_compat_ioctl+0xf3/0x160 [ 186.661150][ T8520] compat_blkdev_ioctl+0x682/0x7b0 [ 186.662940][ T8520] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 186.664763][ T8520] __do_fast_syscall_32+0xe7/0x950 [ 186.666458][ T8520] do_fast_syscall_32+0x32/0x70 [ 186.668093][ T8520] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.670158][ T8520] [ 186.670158][ T8520] other info that might help us debug this: [ 186.670158][ T8520] [ 186.673253][ T8520] Chain exists of: [ 186.673253][ T8520] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#26 [ 186.673253][ T8520] [ 186.677572][ T8520] Possible unsafe locking scenario: [ 186.677572][ T8520] [ 186.679801][ T8520] CPU0 CPU1 [ 186.681417][ T8520] ---- ---- [ 186.683215][ T8520] lock(&q->q_usage_counter(io)#26); [ 186.684898][ T8520] lock(fs_reclaim); [ 186.686917][ T8520] lock(&q->q_usage_counter(io)#26); [ 186.689315][ T8520] rlock(&root->kernfs_iattr_rwsem); [ 186.690941][ T8520] [ 186.690941][ T8520] *** DEADLOCK *** [ 186.690941][ T8520] [ 186.693424][ T8520] 3 locks held by syz.2.645/8520: [ 186.694964][ T8520] #0: ffff8880270c5430 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 186.698065][ T8520] #1: ffff88802704aef0 (&q->q_usage_counter(io)#26){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 186.701563][ T8520] #2: ffff88802704af28 (&q->q_usage_counter(queue)#10){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 186.705218][ T8520] [ 186.705218][ T8520] stack backtrace: [ 186.707006][ T8520] CPU: 3 UID: 0 PID: 8520 Comm: syz.2.645 Tainted: G L syzkaller #0 PREEMPT(full) [ 186.707023][ T8520] Tainted: [L]=SOFTLOCKUP [ 186.707027][ T8520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.707036][ T8520] Call Trace: [ 186.707045][ T8520] [ 186.707051][ T8520] dump_stack_lvl+0x100/0x190 [ 186.707070][ T8520] print_circular_bug.cold+0x178/0x1c7 [ 186.707098][ T8520] check_noncircular+0x146/0x160 [ 186.707118][ T8520] __lock_acquire+0x14b8/0x2630 [ 186.707132][ T8520] lock_acquire+0x1b1/0x370 [ 186.707142][ T8520] ? kernfs_iop_getattr+0x9c/0xf0 [ 186.707156][ T8520] ? __pfx___might_resched+0x10/0x10 [ 186.707170][ T8520] down_read+0x99/0x450 [ 186.707184][ T8520] ? kernfs_iop_getattr+0x9c/0xf0 [ 186.707195][ T8520] ? find_held_lock+0x2b/0x80 [ 186.707209][ T8520] ? __pfx_down_read+0x10/0x10 [ 186.707220][ T8520] ? kernfs_root+0xee/0x2a0 [ 186.707232][ T8520] kernfs_iop_getattr+0x9c/0xf0 [ 186.707243][ T8520] vfs_getattr_nosec+0x2d4/0x430 [ 186.707259][ T8520] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 186.707272][ T8520] vfs_getattr+0x4a/0x60 [ 186.707287][ T8520] loop_query_min_dio_size.isra.0+0x117/0x250 [ 186.707300][ T8520] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 186.707316][ T8520] lo_ioctl+0x13aa/0x1bc0 [ 186.707327][ T8520] ? __pfx_lo_ioctl+0x10/0x10 [ 186.707339][ T8520] ? blk_get_meta_cap+0xd4/0x6c0 [ 186.707352][ T8520] ? lockdep_hardirqs_on+0x78/0x100 [ 186.707362][ T8520] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 186.707375][ T8520] ? tomoyo_path_number_perm+0x28f/0x580 [ 186.707387][ T8520] ? tomoyo_path_number_perm+0x28f/0x580 [ 186.707400][ T8520] ? blkdev_common_ioctl+0x515/0x2b80 [ 186.707412][ T8520] ? tomoyo_path_number_perm+0x188/0x580 [ 186.707425][ T8520] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 186.707441][ T8520] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 186.707458][ T8520] ? do_vfs_ioctl+0x226/0x13e0 [ 186.707470][ T8520] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 186.707483][ T8520] lo_compat_ioctl+0xf3/0x160 [ 186.707494][ T8520] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 186.707505][ T8520] compat_blkdev_ioctl+0x682/0x7b0 [ 186.707519][ T8520] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 186.707534][ T8520] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 186.707548][ T8520] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 186.707560][ T8520] __do_fast_syscall_32+0xe7/0x950 [ 186.707571][ T8520] ? lockdep_hardirqs_on+0x78/0x100 [ 186.707581][ T8520] do_fast_syscall_32+0x32/0x70 [ 186.707598][ T8520] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 186.707612][ T8520] RIP: 0023:0xf7f68f7c [ 186.707621][ T8520] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 186.707633][ T8520] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 186.707644][ T8520] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000004c06 [ 186.707652][ T8520] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000000 [ 186.707659][ T8520] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 186.707665][ T8520] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 186.707673][ T8520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 186.707683][ T8520] [ 186.934080][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 186.938151][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 186.942245][ T8523] Dev loop9: unable to read RDB block 0 [ 186.955112][ T8523] loop9: unable to read partition table [ 186.958548][ T8523] loop9: partition table beyond EOD, truncated [ 186.961565][ T8523] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 187.007052][ T8520] ldm_validate_partition_table(): Disk read failed. [ 187.019905][ T8520] Dev loop9: unable to read RDB block 0 [ 187.027448][ T8520] loop9: unable to read partition table [ 187.036748][ T8520] loop9: partition table beyond EOD, truncated [ 187.042906][ T8520] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 188.297659][ T1036] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 188.459289][ T1036] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 188.462525][ T1036] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 188.465991][ T1036] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 188.471723][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 188.475633][ T1036] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 188.480043][ T1036] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 188.485217][ T1036] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 188.488884][ T1036] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.493267][ T1036] usb 6-1: config 0 descriptor?? [ 188.495881][ T8502] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 188.709857][ T1036] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 188.910097][ C0] usblp0: nonzero read bulk status received: -71 [ 188.915367][ T5848] usb 6-1: USB disconnect, device number 7 [ 189.181562][ T8498] netlink: 16 bytes leftover after parsing attributes in process `syz.1.642'. [ 189.185691][ T8497] usblp0: removed