last executing test programs: 16m3.475818755s ago: executing program 1 (id=1173): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_usb_connect(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0xffffffffffffffff, 0x5, &(0x7f0000000200)=0x262) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$unix(0x1, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3cd4e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d42822f7346b616fe28ed0b9f42b0efdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af829500000000", 0x13c}], 0x2}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)="14", 0x2, 0x0, 0x4}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r7}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 16m0.100560746s ago: executing program 1 (id=1179): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) dup2(0xffffffffffffffff, r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235000800000f3066baf80cb8b58eb48aef66bafc0cec0fe72d16da0000c4c37d054e0000b93c090000b80000c0feba000000000f30df180f20583e650f01c9660fdcd42e0f78dc", 0x4e}], 0x1, 0x90, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$sysctl(0xffffffffffffffff, &(0x7f0000000180)='4\x00', 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x44, 0x1, 0x9, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x8}, @NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x77}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x44}}, 0x400d0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r9, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xe, 0x0, 0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4040000) sendmsg$NFT_BATCH(r9, 0x0, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000000400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x4d008}, 0x2000c000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081200000bfa30000000000000703000002feffff720af0fff8ffffff91a4f0ff000000006b030000000000001d400500000000004704000001ed000072030200000000001d44000000000000730a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 15m57.169192688s ago: executing program 1 (id=1187): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0xb08, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8840}, 0x40004) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090400000003"], 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SECCOMP(0x4e, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=0x0, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000202000085000000720000001801000020207325000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0xc0189436, &(0x7f0000000140)) 15m47.948044396s ago: executing program 1 (id=1208): capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x200002, 0x200003, 0x801, 0x4, 0x7, 0x204}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota']) r0 = openat(0xffffffffffffff9c, 0x0, 0x250942, 0x1cd) quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000900, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000001080)='net/sockstat\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100), 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x13b) mkdir(&(0x7f0000000240)='./file0\x00', 0x180) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(0x0) r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) r5 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x5) fchdir(r6) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 15m44.480004011s ago: executing program 1 (id=1215): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x29) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000005000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000f8ffffffffffffffb7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) 15m44.05894223s ago: executing program 1 (id=1218): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0xb08, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8840}, 0x40004) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090400000003"], 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SECCOMP(0x4e, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=0x0, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000202000085000000720000001801000020207325000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0xc0189436, &(0x7f0000000140)) 15m28.510033469s ago: executing program 32 (id=1218): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getanyicast={0x14, 0x3e, 0xb08, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8840}, 0x40004) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090400000003"], 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SECCOMP(0x4e, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=0x0, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000202000085000000720000001801000020207325000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0xc0189436, &(0x7f0000000140)) 1m12.869578363s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 1m6.480322647s ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 59.568826527s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 52.324252945s ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 48.114832912s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 40.310117939s ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 34.554401529s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 27.69481082s ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 22.343694379s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 14.249724312s ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 8.623783337s ago: executing program 3 (id=3113): openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x646102, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa10, 0xffffffff}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0xfffffffffffffe06, 0xffffffffffffffff, {0x0, 0x800}}, './file1\x00'}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921d2c19c4, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='ocfs2\x00', 0x200084, &(0x7f00000002c0)='\xd0x^\a\x8e\xc1\xed7\x9c]\xee\x8e\x8b=\xfer\fy?\xc2\xfaC\x16\x13\x80K\x0e\x1bNf\xdd\xb6\x10\xe7\xeat\x9d8\x15J\xfa\xfa\x0f\xe4Y\xad3\xa58r\xde\xed\x8am\xe8\xfa\xd6H\xe7V\f\xc5\xec\xd8\xfcxNc\xd2\xa94@\x9dz\xbb\xa8\x80C\x94\xecf\a\xe3\xef\x83\x95\xf7\x9b\xba\x16\xd3?\xff\xd5\xd0\xb5T.\xa4\xf9\xa9\xa4\xfb{3s\xe6\xc5m\xe7\xe3\xe7\x15x\x1c\xdbq\xaa\xab5\xe6:\xc8.kx\xc2\xee8\x10\xae\xc1|\xb0`\x92\x17J\x03\xf1jSq\x87\x04%46@p\x04\xc8\x14\xb47j\xe8\x8f\xa9@\xf3\xbf\x92F\x1fV\xfa\xbb\xb9\xe6\x838wF/k\xaa\xd7v\x89y\x9f\x84\t\xea\x17\x967?\x19\xd0') r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$tun(r2, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, './file1\x00'}, 0x6e) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x4403, 0x215, 0x1, 0x2, 0xc9, 0x0, 0x40}, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'bond0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x33, 0x9, 0xfffffffffffffff8}}) chdir(0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) 5.952963217s ago: executing program 5 (id=3481): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000c80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="7f1ad71c5e1e2ffd65015711202c22a16e97f0b88f833c486c5fbe2f289a0d0f74a06da438dab866494a247e9e4e4f06f21c7c3f5c4dc83ecf01", 0x3a}], 0x1, 0x0, 0x0, 0x20000850}], 0x1, 0x4000080) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="a800000019000100000000e000"], 0xb8}}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0x60, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0xffffffff, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x2, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x2, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0x3, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x7, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0xef, 0x45, 0x4, 0xbdb], 0x1, 0x1c4211}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 4.967322197s ago: executing program 2 (id=3484): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./bus\x00', 0x128) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x14, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) 4.965101227s ago: executing program 5 (id=3485): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000002840), 0xffffffffffffffff) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f00000003c0)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, 0x0) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) r2 = socket$inet_icmp(0x2, 0x2, 0x1) bind$inet(r2, &(0x7f0000001c40)={0x2, 0xff, @multicast2}, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00'}, 0x10) r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000080)={'mpc624\x00', [0x3c4, 0x10, 0x2, 0xa, 0x14000000, 0x400000, 0xfffffffc, 0x7, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0xe00, 0xe2df, 0xaa14, 0x1, 0x4, 0x9, 0x7, 0xf58, 0x6]}) ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x9}) bpf$MAP_CREATE(0x0, 0x0, 0x50) 4.827361954s ago: executing program 0 (id=3486): pipe2$watch_queue(0x0, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) read$char_usb(r1, &(0x7f00000001c0)=""/4068, 0xfe4) 4.574792006s ago: executing program 5 (id=3487): socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) lseek(r3, 0x851, 0x0) 4.374969664s ago: executing program 2 (id=3488): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) gettid() timer_create(0x8, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)=0xfe) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000009280)={0xfffffffffffffff7, 0x0}) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000740)=""/71, 0x47}], 0x1) write$ppp(r0, &(0x7f0000003700)="aaf5", 0x2) 4.178748462s ago: executing program 0 (id=3489): syz_open_dev$usbmon(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f00000007c0)}, 0x20) 3.366648119s ago: executing program 5 (id=3490): ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000011c0)={'erspan0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x6, 0x80, 0x1000, 0x4, {{0x5, 0x4, 0x0, 0xe, 0xd, 0x66, 0x0, 0x10, 0x29, 0x0, @multicast2, @remote}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0xffff1000, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.320223698s ago: executing program 2 (id=3491): mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x10008000) read(r1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3.168845403s ago: executing program 0 (id=3492): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mremap(&(0x7f00004f9000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f00007f8000/0x1000)=nil) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) munlock(&(0x7f00000e5000/0x1000)=nil, 0x1000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) setpriority(0x2, 0x0, 0x6) 2.767057625s ago: executing program 0 (id=3493): syz_emit_ethernet(0x82, &(0x7f0000005a40)=ANY=[], 0x0) prlimit64(0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, &(0x7f00000003c0)) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) chroot(&(0x7f0000000a40)='./file0\x00') 2.766611081s ago: executing program 5 (id=3494): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4004, 0x0, 0x0, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, 0x0, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r5, 0x0, 0xffffffffffff8000, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000002700)=""/102392, 0x18ff8) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c80, 0x7000000) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0) close(r7) 2.627274502s ago: executing program 2 (id=3495): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x1, 0x3, 0x40000010, 0x1000, 0x40, "9523060da071565408ee799014b54fb6dd7a28"}) 1.825029875s ago: executing program 0 (id=3496): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f00000001c0)={0x24, 0x14, 0x105, 0x70bc2a, 0x2ddfdb7b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "053e3e71ed07348ace"}]}, 0x24}, 0x1, 0x0, 0x0, 0x8086}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r4 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x0, 0xe, 0x60a00, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, r1, 0x4, 0x5, 0x4, 0x7}, 0x50) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, '\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 1.471186169s ago: executing program 5 (id=3497): openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {}, {0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x7, 0xea, 0x100004}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x2000000, 0x0, 0x10}, 0x84) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 1.470902003s ago: executing program 2 (id=3498): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000300)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x9) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x7e) close_range(r0, 0xffffffffffffffff, 0x0) 384.566646ms ago: executing program 2 (id=3499): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="67400f07c40249af4b8bb9800000c00f3235010000000f300f20a366450f769e00000100440f20c03588001d00440f22c0460f01c9c4827d24c366bafc0cf0ff07ef87f345a57a43e16806a4", 0x4c}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x80a0000, 0x4000, 0x8, 0xb, 0x3, 0xd0, 0x40, 0x7, 0x0, 0x2e, 0x1d}, {0x5000, 0xeeee0000, 0x3, 0x2, 0x40, 0x7, 0x7f, 0x6, 0x5, 0x6, 0x3, 0x1}, {0x1, 0x4000, 0xe, 0x5, 0x1, 0x7, 0x0, 0x9, 0x0, 0xa7, 0x8, 0x81}, {0xeeee0000, 0x10000, 0xa, 0x6, 0x3, 0x2, 0x1, 0xf8, 0x9, 0x9, 0xe, 0xfd}, {0x4000, 0x2000, 0x10, 0x0, 0x15, 0x2, 0xab, 0x7f, 0x1, 0x83, 0xf7, 0x6}, {0x1000, 0x80a0000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0x13, 0x1, 0x7}, {0x80a0000, 0x1, 0x4, 0x5, 0x0, 0x5, 0x4, 0x3, 0x3, 0x84, 0x3, 0x70}, {0x0, 0xeeef0000, 0xc, 0x5, 0xf, 0x7, 0x1, 0xe2, 0x2, 0x8, 0xf0, 0x9}, {0x18002, 0x30}, {0xd000, 0x7}, 0x80000031, 0x0, 0x6000, 0x2024, 0x8000006, 0x0, 0x3000, [0x6800000000000000, 0x9, 0x60, 0x3]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 104.255065ms ago: executing program 4 (id=2937): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2a4ac2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) (async) 0s ago: executing program 0 (id=3500): r0 = socket$packet(0x11, 0x2, 0x300) capset(&(0x7f0000000080)={0x20080522}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) kernel console output (not intermixed with test programs): olve the problem. [ 1233.890406][T19247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1233.939748][T19247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1233.967202][T19247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1234.001457][T19247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1234.232131][ T5870] Bluetooth: hci3: command tx timeout [ 1234.273592][T19289] loop6: detected capacity change from 0 to 7 [ 1234.288137][T19289] Dev loop6: unable to read RDB block 7 [ 1234.294103][T19289] loop6: AHDI p3 p4 [ 1234.298173][T19289] loop6: partition table partially beyond EOD, truncated [ 1234.306301][T19289] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1235.123100][ T10] usb 3-1: USB disconnect, device number 94 [ 1235.317713][T19247] hsr_slave_0: entered promiscuous mode [ 1235.327915][T19247] hsr_slave_1: entered promiscuous mode [ 1235.727753][T19296] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1236.555451][T17741] Bluetooth: hci3: command tx timeout [ 1236.622169][T19247] debugfs: 'hsr0' already exists in 'hsr' [ 1236.694946][T19247] Cannot create hsr debugfs directory [ 1237.808235][T19311] Mount JFS Failure: -22 [ 1237.813685][T19311] jfs_mount failed w/return code = -22 [ 1237.827408][T19311] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2952'. [ 1238.478984][ T1299] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 1238.488264][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.640626][T17741] Bluetooth: hci3: command tx timeout [ 1239.569594][T19247] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1240.270341][ T5896] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1240.389423][T19345] netlink: 'syz.5.2957': attribute type 10 has an invalid length. [ 1240.398489][T19247] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1240.550051][ T5896] usb 3-1: device descriptor read/64, error -71 [ 1241.446676][T19353] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2957'. [ 1241.506004][T19247] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1241.589197][T19345] bond0: (slave team0): Releasing backup interface [ 1241.610414][ T5896] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1241.633738][T19345] batman_adv: batadv0: Adding interface: team0 [ 1241.646881][T19345] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1241.678545][T19345] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1241.750507][ T5896] usb 3-1: device descriptor read/64, error -71 [ 1241.882942][T19247] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1241.893229][ T5896] usb usb3-port1: attempt power cycle [ 1242.230578][ T5896] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1242.360539][ T5896] usb 3-1: device descriptor read/8, error -71 [ 1242.721652][T19247] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1242.860618][T19247] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1242.894544][T19247] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1243.038905][T19371] loop6: detected capacity change from 0 to 7 [ 1243.203491][T19371] Dev loop6: unable to read RDB block 7 [ 1243.212413][T19371] loop6: AHDI p3 p4 [ 1243.229185][T19371] loop6: partition table partially beyond EOD, truncated [ 1243.267140][T19371] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1243.541584][T19380] netlink: 'syz.5.2963': attribute type 2 has an invalid length. [ 1243.549446][T19380] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2963'. [ 1243.784867][T19381] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2965'. [ 1243.795714][T19379] Mount JFS Failure: -22 [ 1243.830166][T19379] jfs_mount failed w/return code = -22 [ 1244.318790][T19247] 8021q: adding VLAN 0 to HW filter on device team0 [ 1244.352010][T19385] : Can't lookup blockdev [ 1244.494093][T16478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1244.501277][T16478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1244.665285][ T6971] bridge0: port 2(bridge_slave_1) entered blocking state [ 1244.672405][ T6971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1244.736041][T19394] 9pnet_fd: Insufficient options for proto=fd [ 1245.525090][T19383] bridge0: entered promiscuous mode [ 1245.555285][T19383] macsec1: entered promiscuous mode [ 1245.630377][T19383] bridge0: left promiscuous mode [ 1246.700064][ T10] usb 3-1: new low-speed USB device number 99 using dummy_hcd [ 1246.991269][ T10] usb 3-1: config 1 has an invalid interface number: 67 but max is 0 [ 1246.999676][ T10] usb 3-1: config 1 has no interface number 0 [ 1247.026780][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=6240, bcdDevice=92.59 [ 1247.054390][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.094896][ T10] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6240 [ 1247.134444][T19247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1247.307279][ T10] gspca_sn9c20x: Write register 1000 failed -71 [ 1247.353886][ T10] gspca_sn9c20x: Device initialization failed [ 1247.380866][ T10] gspca_sn9c20x 3-1:1.67: probe with driver gspca_sn9c20x failed with error -71 [ 1247.472412][ T10] usb 3-1: USB disconnect, device number 99 [ 1248.881688][T19447] 9pnet_fd: Insufficient options for proto=fd [ 1249.048953][T19453] 9pnet_fd: Insufficient options for proto=fd [ 1249.183459][T19247] veth0_vlan: entered promiscuous mode [ 1249.204397][T19247] veth1_vlan: entered promiscuous mode [ 1249.620270][T19460] FAULT_INJECTION: forcing a failure. [ 1249.620270][T19460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1249.633408][T19460] CPU: 1 UID: 0 PID: 19460 Comm: syz.3.2981 Not tainted syzkaller #0 PREEMPT(full) [ 1249.633436][T19460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1249.633449][T19460] Call Trace: [ 1249.633458][T19460] [ 1249.633468][T19460] dump_stack_lvl+0x16c/0x1f0 [ 1249.633501][T19460] should_fail_ex+0x512/0x640 [ 1249.633534][T19460] _copy_to_user+0x32/0xd0 [ 1249.633568][T19460] do_vfs_ioctl+0x8d0/0x14f0 [ 1249.633601][T19460] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1249.633633][T19460] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1249.633675][T19460] ? irqentry_exit+0x3b/0x90 [ 1249.633700][T19460] ? hook_file_ioctl_common+0x145/0x410 [ 1249.633732][T19460] ? selinux_file_ioctl+0x180/0x270 [ 1249.633761][T19460] ? selinux_file_ioctl+0xb4/0x270 [ 1249.633798][T19460] __x64_sys_ioctl+0x114/0x210 [ 1249.633832][T19460] do_syscall_64+0xcd/0x4c0 [ 1249.633862][T19460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1249.633885][T19460] RIP: 0033:0x7f5cd338eba9 [ 1249.633902][T19460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1249.633923][T19460] RSP: 002b:00007f5cd42a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1249.633943][T19460] RAX: ffffffffffffffda RBX: 00007f5cd35d6180 RCX: 00007f5cd338eba9 [ 1249.633958][T19460] RDX: 0000200000000140 RSI: 00000000c0189436 RDI: 0000000000000007 [ 1249.633971][T19460] RBP: 00007f5cd42a6090 R08: 0000000000000000 R09: 0000000000000000 [ 1249.633985][T19460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1249.633998][T19460] R13: 00007f5cd35d6218 R14: 00007f5cd35d6180 R15: 00007fff31a4e538 [ 1249.634029][T19460] [ 1250.960798][ T5960] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 1251.132711][T19247] veth0_macvtap: entered promiscuous mode [ 1251.179642][T19463] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2982'. [ 1251.221276][ T5960] usb 1-1: Using ep0 maxpacket: 16 [ 1251.238747][T19247] veth1_macvtap: entered promiscuous mode [ 1251.262523][ T5960] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1251.277425][ T5960] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 1251.290381][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 1251.301673][ T5960] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1251.405146][ T5960] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 1251.436137][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.469764][ T5960] usb 1-1: Product: syz [ 1251.499134][ T5960] usb 1-1: Manufacturer: syz [ 1251.523200][ T5960] usb 1-1: SerialNumber: syz [ 1251.553555][ T5960] usb 1-1: config 0 descriptor?? [ 1251.614359][T19247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1251.676839][T19247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1251.802772][T19461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1251.955839][T19247] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1251.972457][T19461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1252.549349][ T5960] rc_core: IR keymap rc-xbox-dvd not found [ 1252.558384][T19480] syz.0.2980 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1252.565163][ T5960] Registered IR keymap rc-empty [ 1252.597193][T19247] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1252.603946][ T5960] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 1252.770383][ T5960] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input44 [ 1252.805174][T19482] Mount JFS Failure: -22 [ 1252.809467][T19482] jfs_mount failed w/return code = -22 [ 1252.818917][ T5960] usb 1-1: USB disconnect, device number 66 [ 1252.824859][ C1] xbox_remote 1-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 1252.850813][T19482] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2986'. [ 1253.219801][T19247] wireguard: wg0: Could not create IPv4 socket [ 1253.335380][T19247] wireguard: wg1: Could not create IPv4 socket [ 1253.413315][T19247] wireguard: wg2: Could not create IPv4 socket [ 1253.792204][T19493] 9pnet_fd: Insufficient options for proto=fd [ 1254.682449][T19507] Mount JFS Failure: -22 [ 1254.690160][T19507] jfs_mount failed w/return code = -22 [ 1254.721674][T19507] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2992'. [ 1254.938331][ T5933] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1255.271866][ T5933] usb 4-1: Using ep0 maxpacket: 16 [ 1255.298116][ T5933] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b [ 1255.346052][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1255.379327][ T5933] usb 4-1: Product: syz [ 1255.400178][ T5933] usb 4-1: SerialNumber: syz [ 1255.431034][ T5933] usb 4-1: config 0 descriptor?? [ 1255.455662][ T5933] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1255.534028][ T5933] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 1255.590845][ T5933] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1255.615310][ T5933] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1255.659266][ T5933] usb 4-1: USB disconnect, device number 77 [ 1256.691068][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1256.714188][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1256.722867][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1256.733042][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1256.742325][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1256.755596][T19528] binder: 19519:19528 ioctl c0306201 0 returned -14 [ 1256.766439][T19528] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2996'. [ 1257.156142][T19522] Failed to initialize the IGMP autojoin socket (err -2) [ 1257.580422][T19541] 9pnet_fd: Insufficient options for proto=fd [ 1258.052495][T19546] loop6: detected capacity change from 0 to 7 [ 1258.864073][T19546] Dev loop6: unable to read RDB block 7 [ 1258.869633][T19546] loop6: AHDI p3 p4 [ 1258.881359][T17741] Bluetooth: hci3: command tx timeout [ 1259.073878][T19546] loop6: partition table partially beyond EOD, truncated [ 1259.084420][T19546] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1259.214299][T19551] tipc: Enabling of bearer rejected, already enabled [ 1260.571418][T19561] Mount JFS Failure: -22 [ 1260.581836][T19561] jfs_mount failed w/return code = -22 [ 1260.589512][T19561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3005'. [ 1260.981482][T17741] Bluetooth: hci3: command tx timeout [ 1263.080250][T17741] Bluetooth: hci3: command tx timeout [ 1263.240766][T19598] 9pnet_fd: Insufficient options for proto=fd [ 1264.602637][T19613] loop6: detected capacity change from 0 to 7 [ 1265.410472][T17741] Bluetooth: hci3: command tx timeout [ 1265.448623][T19613] Dev loop6: unable to read RDB block 7 [ 1265.502381][T19613] loop6: AHDI p3 p4 [ 1265.527455][T19613] loop6: partition table partially beyond EOD, truncated [ 1265.535147][T19613] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1265.887911][T19626] Mount JFS Failure: -22 [ 1265.892393][T19626] jfs_mount failed w/return code = -22 [ 1265.899659][T19626] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3017'. [ 1266.971910][T19636] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3019'. [ 1267.148991][T19636] tipc: Enabling of bearer rejected, already enabled [ 1267.248049][T19645] binder: 19637:19645 ioctl c0306201 0 returned -14 [ 1267.256940][T19645] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3020'. [ 1268.450461][T19665] 9pnet_fd: Insufficient options for proto=fd [ 1269.371508][T19675] netlink: 277 bytes leftover after parsing attributes in process `syz.5.3025'. [ 1269.381990][T19675] netlink: 'syz.5.3025': attribute type 4 has an invalid length. [ 1269.389728][T19675] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3025'. [ 1271.093835][ T30] audit: type=1326 audit(1757603367.596:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19696 comm="syz.3.3029" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5cd338eba9 code=0x0 [ 1271.169366][T19522] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1271.251913][T19700] tipc: Enabling of bearer rejected, already enabled [ 1271.263214][T19522] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1271.295199][T19522] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1272.107302][T19720] Mount JFS Failure: -22 [ 1272.149758][T19720] jfs_mount failed w/return code = -22 [ 1272.191762][T19720] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3031'. [ 1272.910031][ T5967] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1273.150522][ T5967] usb 6-1: Using ep0 maxpacket: 32 [ 1273.157158][ T5967] usb 6-1: too many configurations: 95, using maximum allowed: 8 [ 1273.196046][T19522] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1273.217897][ T5967] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1273.225963][T19522] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1273.323051][T19522] wireguard: wg0: Could not create IPv4 socket [ 1273.336222][ T5967] usb 6-1: can't read configurations, error -61 [ 1273.337904][T19522] wireguard: wg1: Could not create IPv4 socket [ 1273.429917][T19522] wireguard: wg2: Could not create IPv4 socket [ 1273.571133][ T5967] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1273.814006][ T5967] usb 6-1: Using ep0 maxpacket: 32 [ 1273.821419][ T5967] usb 6-1: too many configurations: 95, using maximum allowed: 8 [ 1273.999673][ T5967] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1274.037065][ T5967] usb 6-1: can't read configurations, error -61 [ 1274.089874][ T5967] usb usb6-port1: attempt power cycle [ 1274.751170][ T5967] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1274.915475][ T5967] usb 6-1: Using ep0 maxpacket: 32 [ 1274.921925][ T5967] usb 6-1: too many configurations: 95, using maximum allowed: 8 [ 1274.932371][ T5967] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1274.945612][ T5967] usb 6-1: can't read configurations, error -61 [ 1275.086447][T19765] 9pnet_fd: Insufficient options for proto=fd [ 1275.463878][ T5967] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1275.501371][ C1] raw-gadget.0 gadget.5: ignoring, device is not running [ 1275.512345][ T5967] usb 6-1: device descriptor read/8, error -32 [ 1275.722238][ T5967] usb usb6-port1: unable to enumerate USB device [ 1276.446713][ T5967] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1276.655445][ T5967] usb 6-1: device descriptor read/64, error -71 [ 1277.017199][ T5967] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 1277.189889][ T5967] usb 6-1: device descriptor read/64, error -71 [ 1277.311151][ T5967] usb usb6-port1: attempt power cycle [ 1277.730514][ T5967] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1277.764070][ T5967] usb 6-1: device descriptor read/8, error -71 [ 1278.380382][ T5967] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1278.420691][ T5967] usb 6-1: device descriptor read/8, error -71 [ 1278.558170][ T5967] usb usb6-port1: unable to enumerate USB device [ 1279.747629][T19828] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3049'. [ 1279.950073][ T5960] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1280.299188][T19833] QAT: Stopping all acceleration devices. [ 1280.612880][ T5960] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1280.756941][ T5960] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1280.785612][ T5960] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1280.796317][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1280.798849][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1280.816996][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1280.827602][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1280.838317][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1280.959864][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1281.289617][T19836] Failed to initialize the IGMP autojoin socket (err -2) [ 1283.040745][ T5870] Bluetooth: hci3: command tx timeout [ 1283.206753][T19836] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1283.863534][T19870] Failed to initialize the IGMP autojoin socket (err -2) [ 1283.872346][T19836] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1283.905998][T19836] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1283.936872][ T10] usb 1-1: USB disconnect, device number 67 [ 1284.064219][T19879] loop6: detected capacity change from 0 to 7 [ 1284.088098][T19879] Dev loop6: unable to read RDB block 7 [ 1284.093924][T19879] loop6: AHDI p3 p4 [ 1284.098024][T19879] loop6: partition table partially beyond EOD, truncated [ 1284.108402][T19879] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1285.113184][ T5870] Bluetooth: hci3: command tx timeout [ 1286.128481][T19911] loop6: detected capacity change from 0 to 7 [ 1286.164307][T19909] : Can't lookup blockdev [ 1286.530323][T19911] Dev loop6: unable to read RDB block 7 [ 1286.536233][T19911] loop6: AHDI p3 p4 [ 1286.540482][T19911] loop6: partition table partially beyond EOD, truncated [ 1286.548444][T19911] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1287.020632][T19921] loop6: detected capacity change from 0 to 7 [ 1287.107696][T19921] Dev loop6: unable to read RDB block 7 [ 1287.210125][ T5870] Bluetooth: hci3: command tx timeout [ 1287.268925][T19921] loop6: AHDI p3 p4 [ 1287.441099][T19921] loop6: partition table partially beyond EOD, truncated [ 1287.473450][T19921] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1287.804505][T19836] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1287.863874][T19836] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1287.881591][T19930] Mount JFS Failure: -22 [ 1287.885829][T19930] jfs_mount failed w/return code = -22 [ 1287.919295][T19930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3064'. [ 1287.932377][T19836] wireguard: wg0: Could not create IPv4 socket [ 1287.956596][T19836] wireguard: wg1: Could not create IPv4 socket [ 1287.967554][T19836] wireguard: wg2: Could not create IPv4 socket [ 1288.341615][T19905] bridge0: entered promiscuous mode [ 1288.366923][T19905] macsec1: entered promiscuous mode [ 1288.422698][T19905] bridge0: left promiscuous mode [ 1289.270299][ T5870] Bluetooth: hci3: command tx timeout [ 1290.263458][T19944] loop6: detected capacity change from 0 to 7 [ 1290.423997][T19944] Dev loop6: unable to read RDB block 7 [ 1290.432422][T19944] loop6: AHDI p3 p4 [ 1290.450567][T19944] loop6: partition table partially beyond EOD, truncated [ 1290.887829][T19944] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1291.045582][T19961] FAULT_INJECTION: forcing a failure. [ 1291.045582][T19961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1291.059070][T19961] CPU: 0 UID: 0 PID: 19961 Comm: syz.3.3068 Not tainted syzkaller #0 PREEMPT(full) [ 1291.059097][T19961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1291.059109][T19961] Call Trace: [ 1291.059115][T19961] [ 1291.059122][T19961] dump_stack_lvl+0x16c/0x1f0 [ 1291.059152][T19961] should_fail_ex+0x512/0x640 [ 1291.059179][T19961] _copy_from_user+0x2e/0xd0 [ 1291.059206][T19961] ucma_listen+0x81/0x220 [ 1291.059232][T19961] ? __pfx_ucma_listen+0x10/0x10 [ 1291.059255][T19961] ? __pfx_ucma_listen+0x10/0x10 [ 1291.059270][T19961] ucma_write+0x1f8/0x330 [ 1291.059285][T19961] ? __pfx_ucma_write+0x10/0x10 [ 1291.059298][T19961] ? bpf_lsm_file_permission+0x9/0x10 [ 1291.059313][T19961] ? security_file_permission+0x71/0x210 [ 1291.059331][T19961] ? rw_verify_area+0xcf/0x6c0 [ 1291.059349][T19961] ? __pfx_ucma_write+0x10/0x10 [ 1291.059362][T19961] vfs_write+0x29d/0x11d0 [ 1291.059377][T19961] ? __pfx_vfs_write+0x10/0x10 [ 1291.059387][T19961] ? find_held_lock+0x2b/0x80 [ 1291.059403][T19961] ? __fget_files+0x204/0x3c0 [ 1291.059417][T19961] ? __fget_files+0x20e/0x3c0 [ 1291.059434][T19961] ksys_write+0x1f8/0x250 [ 1291.059445][T19961] ? __pfx_ksys_write+0x10/0x10 [ 1291.059458][T19961] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 1291.059475][T19961] do_syscall_64+0xcd/0x4c0 [ 1291.059492][T19961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.059504][T19961] RIP: 0033:0x7f5cd338eba9 [ 1291.059514][T19961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1291.059525][T19961] RSP: 002b:00007f5cd42c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1291.059536][T19961] RAX: ffffffffffffffda RBX: 00007f5cd35d6090 RCX: 00007f5cd338eba9 [ 1291.059544][T19961] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1291.059551][T19961] RBP: 00007f5cd42c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1291.059558][T19961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1291.059565][T19961] R13: 00007f5cd35d6128 R14: 00007f5cd35d6090 R15: 00007fff31a4e538 [ 1291.059581][T19961] [ 1291.772811][T12490] udevd[12490]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory [ 1292.600444][ T5960] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1292.761941][ T5960] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1292.800761][T19968] tipc: Enabling of bearer rejected, already enabled [ 1292.801635][ T5960] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1292.940774][ T5960] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1292.971463][ T5960] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 1292.995585][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1293.024061][ T5960] usb 4-1: config 0 descriptor?? [ 1293.497255][ T5960] elo 0003:04E7:0030.0023: reserved main item tag 0xe [ 1293.515177][ T5960] elo 0003:04E7:0030.0023: item fetching failed at offset 8/9 [ 1293.551096][ T5960] elo 0003:04E7:0030.0023: parse failed [ 1293.570075][ T5960] elo 0003:04E7:0030.0023: probe with driver elo failed with error -22 [ 1294.487460][T19970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1294.560652][T19970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1294.742503][ T10] usb 4-1: USB disconnect, device number 78 [ 1296.103906][T17741] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1296.116882][T17741] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1296.129787][T17741] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1296.141192][T17741] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1296.151381][T17741] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1296.384841][T20015] Failed to initialize the IGMP autojoin socket (err -2) [ 1296.461636][ T30] audit: type=1400 audit(1757603392.966:951): avc: denied { read write } for pid=20018 comm="syz.5.3078" dev="9p" ino=1708457985 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1296.780164][ T30] audit: type=1400 audit(1757603392.966:952): avc: denied { open } for pid=20018 comm="syz.5.3078" path="/359/file0" dev="9p" ino=1708457985 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1296.876861][T20032] loop6: detected capacity change from 0 to 7 [ 1296.900113][ T30] audit: type=1800 audit(1757603392.976:953): pid=20019 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.3078" name="/" dev="9p" ino=1708457985 res=0 errno=0 [ 1296.938637][T20032] Dev loop6: unable to read RDB block 7 [ 1296.985001][T20032] loop6: AHDI p3 p4 [ 1296.988944][T20032] loop6: partition table partially beyond EOD, truncated [ 1297.099085][T20032] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1297.860604][T20039] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3080'. [ 1298.230429][T17741] Bluetooth: hci3: command tx timeout [ 1298.268162][T20060] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3084'. [ 1298.277465][T20060] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3084'. [ 1298.286528][T20060] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3084'. [ 1298.302925][T20060] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1298.320818][T20060] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1299.440087][ T5896] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1299.680095][ T5896] usb 3-1: Using ep0 maxpacket: 16 [ 1299.690876][ T5896] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 1299.731609][ T30] audit: type=1400 audit(1757603396.226:954): avc: denied { ioctl } for pid=20054 comm="syz.3.3087" path="/dev/ptyqa" dev="devtmpfs" ino=129 ioctlcmd=0x5439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 1299.788446][ T5896] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1299.856276][ T5896] usb 3-1: config 0 has no interface number 0 [ 1299.874872][ T5896] usb 3-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1299.913953][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1299.937114][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.074712][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1300.137410][ T5896] usb 3-1: config 0 descriptor?? [ 1300.245018][ T5896] usb 3-1: Found UVC 0.00 device (0bd3:05f4) [ 1300.257025][ T5896] usb 3-1: No valid video chain found. [ 1300.311387][T17741] Bluetooth: hci3: command tx timeout [ 1300.446968][T20015] netdevsim netdevsim4 netdevsim1: renamed from eth6 [ 1300.572505][T20015] netdevsim netdevsim4 netdevsim2: renamed from eth7 [ 1301.090049][ T5927] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1301.112384][T20015] netdevsim netdevsim4 netdevsim3: renamed from eth8 [ 1301.260230][ T5927] usb 4-1: Using ep0 maxpacket: 16 [ 1301.287711][ T5927] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1301.325029][ T5927] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1301.349390][ T5927] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 1301.349422][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1301.368978][ T5927] usb 4-1: config 0 descriptor?? [ 1301.714300][T20110] Mount JFS Failure: -22 [ 1301.733651][T20110] jfs_mount failed w/return code = -22 [ 1301.759784][T20110] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3094'. [ 1302.031823][T20117] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3093'. [ 1302.390195][T17741] Bluetooth: hci3: command tx timeout [ 1302.473348][ T5919] usb 3-1: USB disconnect, device number 100 [ 1302.693264][T20124] loop6: detected capacity change from 0 to 7 [ 1303.644841][T20124] Dev loop6: unable to read RDB block 7 [ 1303.858919][T20128] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1303.930703][T20124] loop6: AHDI p3 p4 [ 1303.934648][T20124] loop6: partition table partially beyond EOD, truncated [ 1304.238496][T20124] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1304.471708][T17741] Bluetooth: hci3: command tx timeout [ 1305.351102][ T5927] usbhid 4-1:0.0: can't add hid device: -71 [ 1305.357123][ T5927] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1305.382857][ T5927] usb 4-1: USB disconnect, device number 79 [ 1305.691187][T20151] FAULT_INJECTION: forcing a failure. [ 1305.691187][T20151] name failslab, interval 1, probability 0, space 0, times 0 [ 1305.704053][T20151] CPU: 0 UID: 0 PID: 20151 Comm: syz.3.3102 Not tainted syzkaller #0 PREEMPT(full) [ 1305.704080][T20151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1305.704088][T20151] Call Trace: [ 1305.704092][T20151] [ 1305.704097][T20151] dump_stack_lvl+0x16c/0x1f0 [ 1305.704118][T20151] should_fail_ex+0x512/0x640 [ 1305.704132][T20151] ? __kmalloc_noprof+0xbf/0x510 [ 1305.704146][T20151] ? ethtool_get_sset_info+0x12a/0x340 [ 1305.704157][T20151] should_failslab+0xc2/0x120 [ 1305.704171][T20151] __kmalloc_noprof+0xd2/0x510 [ 1305.704186][T20151] ethtool_get_sset_info+0x12a/0x340 [ 1305.704199][T20151] ? __pfx_ethtool_get_sset_info+0x10/0x10 [ 1305.704209][T20151] ? full_name_hash+0xbc/0x110 [ 1305.704226][T20151] ? netdev_name_node_lookup+0x127/0x180 [ 1305.704241][T20151] dev_ethtool+0x2785/0x5bc0 [ 1305.704252][T20151] ? __kernel_text_address+0xd/0x40 [ 1305.704266][T20151] ? unwind_get_return_address+0x59/0xa0 [ 1305.704279][T20151] ? arch_stack_walk+0xa6/0x100 [ 1305.704297][T20151] ? __pfx_dev_ethtool+0x10/0x10 [ 1305.704309][T20151] ? kvm_sched_clock_read+0x11/0x20 [ 1305.704322][T20151] ? sched_clock+0x38/0x60 [ 1305.704337][T20151] ? sched_clock_cpu+0x6c/0x530 [ 1305.704358][T20151] ? __resched_curr+0xfd/0x3b0 [ 1305.704370][T20151] ? find_held_lock+0x2b/0x80 [ 1305.704384][T20151] ? __schedule+0x3fef/0x5de0 [ 1305.704398][T20151] ? rcu_is_watching+0x12/0xc0 [ 1305.704413][T20151] ? trace_sched_exit_tp+0xd1/0x120 [ 1305.704425][T20151] ? __schedule+0x11a3/0x5de0 [ 1305.704449][T20151] ? __lock_acquire+0x62e/0x1ce0 [ 1305.704474][T20151] ? find_held_lock+0x2b/0x80 [ 1305.704488][T20151] ? dev_load+0x8e/0x240 [ 1305.704505][T20151] dev_ioctl+0x290/0x10e0 [ 1305.704520][T20151] sock_do_ioctl+0x19d/0x280 [ 1305.704537][T20151] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1305.704557][T20151] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1305.704574][T20151] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1305.704594][T20151] sock_ioctl+0x227/0x6b0 [ 1305.704605][T20151] ? __pfx_sock_ioctl+0x10/0x10 [ 1305.704617][T20151] ? security_file_ioctl+0xa6/0x240 [ 1305.704635][T20151] ? selinux_file_ioctl+0x180/0x270 [ 1305.704650][T20151] ? selinux_file_ioctl+0xb4/0x270 [ 1305.704666][T20151] ? __pfx_sock_ioctl+0x10/0x10 [ 1305.704678][T20151] __x64_sys_ioctl+0x18b/0x210 [ 1305.704695][T20151] do_syscall_64+0xcd/0x4c0 [ 1305.704712][T20151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.704723][T20151] RIP: 0033:0x7f5cd338eba9 [ 1305.704734][T20151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1305.704745][T20151] RSP: 002b:00007f5cd42c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1305.704757][T20151] RAX: ffffffffffffffda RBX: 00007f5cd35d6090 RCX: 00007f5cd338eba9 [ 1305.704765][T20151] RDX: 0000200000000580 RSI: 0000000000008946 RDI: 0000000000000005 [ 1305.704772][T20151] RBP: 00007f5cd42c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1305.704779][T20151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1305.704785][T20151] R13: 00007f5cd35d6128 R14: 00007f5cd35d6090 R15: 00007fff31a4e538 [ 1305.704801][T20151] [ 1306.329183][T20015] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1306.353904][T20015] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1306.389865][T20015] wireguard: wg0: Could not create IPv4 socket [ 1306.398092][T20015] wireguard: wg1: Could not create IPv4 socket [ 1306.405679][T20015] wireguard: wg2: Could not create IPv4 socket [ 1307.414366][T20166] Mount JFS Failure: -22 [ 1307.421591][T20166] jfs_mount failed w/return code = -22 [ 1307.455850][T20166] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3107'. [ 1307.561466][ T5896] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1307.892994][ T5896] usb 6-1: Using ep0 maxpacket: 16 [ 1307.918533][ T5896] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1307.952445][ T5896] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1307.973197][ T5896] usb 6-1: config 0 has no interface number 0 [ 1307.979654][ T5896] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1307.997996][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1308.140750][ T5896] usb 6-1: config 0 descriptor?? [ 1308.164680][ T5896] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1308.170236][ T5919] usb 1-1: new full-speed USB device number 68 using dummy_hcd [ 1308.179479][ T5896] usb 6-1: No valid video chain found. [ 1308.249079][T20180] binder: 20174:20180 ioctl 4018620d 0 returned -22 [ 1308.362299][T20181] binder: 20174:20181 ioctl c0306201 0 returned -14 [ 1308.390651][T20181] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3108'. [ 1308.664598][ T5919] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1309.253498][ T5919] usb 1-1: not running at top speed; connect to a high speed hub [ 1309.264285][ T5919] usb 1-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 1309.280781][ T5919] usb 1-1: config 5 interface 0 has no altsetting 1 [ 1309.313693][ T5919] usb 1-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70 [ 1309.374209][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1309.480817][ T5919] usb 1-1: Product: syz [ 1309.526452][ T5919] usb 1-1: Manufacturer: syz [ 1309.669280][ T5919] usb 1-1: SerialNumber: syz [ 1310.097007][T20192] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1310.470000][ T5896] usb 6-1: USB disconnect, device number 53 [ 1310.821740][T20202] batman_adv: batadv0: Removing interface: team0 [ 1311.057570][T20207] PKCS7: Unknown OID: [5] (bad) [ 1311.060567][T20202] bridge_slave_0: left allmulticast mode [ 1311.062612][T20207] PKCS7: Only support pkcs7_signedData type [ 1311.084626][T20202] bridge_slave_0: left promiscuous mode [ 1311.094918][T20202] bridge0: port 1(bridge_slave_0) entered disabled state [ 1311.097848][T20207] netlink: 'syz.5.3112': attribute type 2 has an invalid length. [ 1311.696451][T20207] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3112'. [ 1311.892381][T20202] bridge_slave_1: left allmulticast mode [ 1311.902628][ T5919] usb 1-1: USB disconnect, device number 68 [ 1311.936886][T20202] bridge_slave_1: left promiscuous mode [ 1311.976473][T20202] bridge0: port 2(bridge_slave_1) entered disabled state [ 1311.998269][T20202] bond0: (slave 30): Releasing backup interface [ 1312.024083][T20202] bond0: (slave c@0Ù): Releasing backup interface [ 1312.041890][T12490] udevd[12490]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:5.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1312.091988][T20202] team0: Port device team_slave_0 removed [ 1312.136160][T20202] team0: Port device team_slave_1 removed [ 1312.158022][T20202] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1312.174467][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1312.186370][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1312.196462][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1312.205285][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1312.213742][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1312.244674][T20202] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1312.256793][T20202] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1312.287536][T20202] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1313.113617][T20218] Failed to initialize the IGMP autojoin socket (err -2) [ 1313.750066][ T10] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1313.909148][T17741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1313.942808][T17741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1313.954796][T17741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1313.991243][T17741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1314.011369][T17741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1314.084712][ T10] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1314.095112][ T10] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1314.106613][ T10] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1314.120026][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1314.129115][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1314.144063][ T6955] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.198045][ T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1314.207098][ T10] usb 6-1: invalid MIDI out EP 0 [ 1314.347808][ T5870] Bluetooth: hci3: command tx timeout [ 1314.404350][ T10] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1314.566248][T14795] udevd[14795]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1314.628553][T20255] Failed to initialize the IGMP autojoin socket (err -2) [ 1314.712696][T20239] delete_channel: no stack [ 1314.799044][ T10] usb 6-1: USB disconnect, device number 54 [ 1314.819918][ T6955] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1315.205143][ T6955] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1315.625026][ T6955] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.400036][ T5870] Bluetooth: hci3: command tx timeout [ 1317.407144][ T5960] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1317.502268][T20309] loop6: detected capacity change from 0 to 7 [ 1317.516350][T20309] Dev loop6: unable to read RDB block 7 [ 1317.522102][T20309] loop6: AHDI p3 p4 [ 1317.526159][T20309] loop6: partition table partially beyond EOD, truncated [ 1317.536035][T20309] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1317.590617][ T5960] usb 6-1: Using ep0 maxpacket: 16 [ 1317.831792][ T5960] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1318.280400][ T5960] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1318.319265][T17741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1318.345728][ T5960] usb 6-1: config 0 has no interface number 0 [ 1318.354992][ T5960] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1318.369464][T17741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1318.378691][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.388526][T17741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1318.401042][T17741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1318.408792][T17741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1318.429514][ T5960] usb 6-1: config 0 descriptor?? [ 1318.439385][ T5960] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1318.446663][ T5960] usb 6-1: No valid video chain found. [ 1318.475627][ T5870] Bluetooth: hci3: command tx timeout [ 1319.310437][ T6955] bond0 (unregistering): Released all slaves [ 1319.356067][ T6955] bond1 (unregistering): Released all slaves [ 1319.440440][T20310] Failed to initialize the IGMP autojoin socket (err -2) [ 1319.491536][ T6955] tipc: Disabling bearer [ 1319.496998][ T6955] tipc: Left network mode [ 1319.639268][ T6955] IPVS: stopping backup sync thread 11549 ... [ 1320.754781][ T10] usb 6-1: USB disconnect, device number 55 [ 1320.770304][ T5870] Bluetooth: hci3: command tx timeout [ 1321.248357][ T6955] hsr_slave_0: left promiscuous mode [ 1321.254616][ T6955] hsr_slave_1: left promiscuous mode [ 1321.281231][ T6955] veth1_macvtap: left promiscuous mode [ 1321.288357][ T6955] veth0_macvtap: left promiscuous mode [ 1321.374264][ T6955] pim6reg (unregistering): left allmulticast mode [ 1322.919519][T17741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1322.942817][T17741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1322.953879][T17741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1322.962595][T17741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1322.971313][T17741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1323.818567][ T10] lo speed is unknown, defaulting to 1000 [ 1323.837323][ T10] syz0: Port: 1 Link DOWN [ 1323.864404][T20370] sit1: entered promiscuous mode [ 1323.869390][T20370] sit1: entered allmulticast mode [ 1323.948307][T20396] Failed to initialize the IGMP autojoin socket (err -2) [ 1324.185438][T20426] netlink: 3276 bytes leftover after parsing attributes in process `syz.2.3132'. [ 1324.227278][T20425] Failed to initialize the IGMP autojoin socket (err -2) [ 1324.457655][ T6955] IPVS: stop unused estimator thread 0... [ 1325.374533][T20218] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1325.428902][T20218] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1325.475502][T20218] wireguard: wg0: Could not create IPv4 socket [ 1325.486546][T20218] wireguard: wg1: Could not create IPv4 socket [ 1325.498148][T20218] wireguard: wg2: Could not create IPv4 socket [ 1325.889489][T20461] loop6: detected capacity change from 0 to 7 [ 1325.949742][T20461] Dev loop6: unable to read RDB block 7 [ 1325.955744][T20461] loop6: AHDI p3 p4 [ 1325.960058][T20461] loop6: partition table partially beyond EOD, truncated [ 1325.969037][T20461] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1326.130689][ T5919] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1326.189405][T20462] Mount JFS Failure: -22 [ 1326.231168][T20462] jfs_mount failed w/return code = -22 [ 1326.330266][ T5919] usb 3-1: Using ep0 maxpacket: 32 [ 1326.382575][ T5919] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 1326.716365][ T5919] usb 3-1: config 0 has no interface number 0 [ 1326.756278][ T5919] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 1326.777275][ T30] audit: type=1800 audit(1757603423.246:955): pid=20466 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.3137" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1326.852047][ T5919] usb 3-1: config 0 interface 196 has no altsetting 0 [ 1326.905598][ T5919] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 1326.930928][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1326.938982][ T5919] usb 3-1: Product: syz [ 1326.967572][T20473] Mount JFS Failure: -22 [ 1326.986274][ T5919] usb 3-1: Manufacturer: syz [ 1326.986280][T20473] jfs_mount failed w/return code = -22 [ 1326.986298][ T5919] usb 3-1: SerialNumber: syz [ 1327.370870][ T5919] usb 3-1: config 0 descriptor?? [ 1327.380430][T20460] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1327.720275][ T5927] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1327.756577][ T5919] ipheth 3-1:0.196: ipheth_get_macaddr: usb_control_msg: -71 [ 1327.775483][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1327.789022][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1327.816048][ T5919] ipheth 3-1:0.196: probe with driver ipheth failed with error -71 [ 1327.899910][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1327.919015][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1327.927166][ T5927] usb 6-1: Using ep0 maxpacket: 16 [ 1327.933022][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1327.961328][ T5919] usb 3-1: USB disconnect, device number 101 [ 1327.978320][ T5927] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1328.034732][ T5927] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1328.050456][T20488] Failed to initialize the IGMP autojoin socket (err -2) [ 1328.057842][ T5927] usb 6-1: config 0 has no interface number 0 [ 1328.057893][ T5927] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1328.057917][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1328.092652][ T5927] usb 6-1: config 0 descriptor?? [ 1328.402316][ T5927] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1328.409216][ T5927] usb 6-1: No valid video chain found. [ 1328.903088][T20505] Mount JFS Failure: -22 [ 1328.907497][T20505] jfs_mount failed w/return code = -22 [ 1329.994264][ T5870] Bluetooth: hci0: command tx timeout [ 1330.497077][ T5967] usb 6-1: USB disconnect, device number 56 [ 1332.007677][T20488] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1332.025810][T20488] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1332.070333][ T5870] Bluetooth: hci0: command tx timeout [ 1332.096331][T20488] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1333.154569][T17741] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1333.183773][T17741] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1333.197996][T17741] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1333.208723][T17741] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1333.242299][T17741] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1333.278111][T20569] Failed to initialize the IGMP autojoin socket (err -2) [ 1334.160101][ T5870] Bluetooth: hci0: command tx timeout [ 1334.522042][ T30] audit: type=1326 audit(1757603431.026:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20603 comm="syz.2.3155" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b1218eba9 code=0x0 [ 1334.701619][ T5896] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1334.930958][ T5896] usb 1-1: Using ep0 maxpacket: 16 [ 1334.939364][ T5896] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 1334.960258][ T5896] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1334.990736][T20488] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1335.000552][ T5896] usb 1-1: config 0 has no interface number 0 [ 1335.035707][ T5896] usb 1-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1335.047631][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.068773][ T5896] usb 1-1: config 0 descriptor?? [ 1335.087497][ T5896] usb 1-1: Found UVC 0.00 device (0bd3:05f4) [ 1335.106378][ T5896] usb 1-1: No valid video chain found. [ 1335.134822][T20488] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1335.184333][T17741] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1335.201427][T17741] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1335.211493][T17741] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1335.222225][T17741] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1335.231850][T17741] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1335.253745][T20488] wireguard: wg0: Could not create IPv4 socket [ 1335.275757][T20615] Failed to initialize the IGMP autojoin socket (err -2) [ 1335.290736][T20488] wireguard: wg1: Could not create IPv4 socket [ 1335.305614][T20488] wireguard: wg2: Could not create IPv4 socket [ 1336.716859][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1336.729023][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1336.741073][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1336.750488][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1336.758037][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1336.806720][T20649] Failed to initialize the IGMP autojoin socket (err -2) [ 1337.402672][ T5906] usb 1-1: USB disconnect, device number 69 [ 1337.568741][T20676] loop6: detected capacity change from 0 to 7 [ 1337.596788][T12490] Dev loop6: unable to read RDB block 7 [ 1337.606093][T12490] loop6: AHDI p3 p4 [ 1337.625353][T12490] loop6: partition table partially beyond EOD, truncated [ 1337.642091][T12490] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1337.657104][T20676] Dev loop6: unable to read RDB block 7 [ 1337.667744][T20676] loop6: AHDI p3 p4 [ 1337.679814][T20676] loop6: partition table partially beyond EOD, truncated [ 1337.706227][T20676] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1337.910417][ T5870] Bluetooth: hci5: command 0x0406 tx timeout [ 1338.675830][T20698] : Can't lookup blockdev [ 1338.802703][ T5870] Bluetooth: hci0: command tx timeout [ 1338.958557][T20702] bridge0: entered promiscuous mode [ 1338.964436][T20702] macsec1: entered promiscuous mode [ 1338.984817][T20702] bridge0: left promiscuous mode [ 1339.130958][T20649] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1339.371153][T20649] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1339.412456][T20649] wireguard: wg0: Could not create IPv4 socket [ 1339.432084][T20649] wireguard: wg1: Could not create IPv4 socket [ 1339.442638][T20649] wireguard: wg2: Could not create IPv4 socket [ 1340.490131][ T10] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1341.146263][T20728] loop6: detected capacity change from 0 to 7 [ 1341.163149][T12490] Dev loop6: unable to read RDB block 7 [ 1341.168717][T12490] loop6: AHDI p3 p4 [ 1341.183852][T12490] loop6: partition table partially beyond EOD, truncated [ 1341.195689][T12490] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1341.242621][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1341.280080][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1341.317172][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1341.400868][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1341.842207][ T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1341.873812][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1341.927379][ T10] usb 3-1: config 0 descriptor?? [ 1341.951160][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1341.966274][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1341.975314][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1341.984796][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1341.992549][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1342.052201][T20741] Failed to initialize the IGMP autojoin socket (err -2) [ 1342.130304][ T5896] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1342.320309][ T5896] usb 6-1: Using ep0 maxpacket: 16 [ 1342.376204][ T5896] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1342.426723][ T5896] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1342.466409][ T5896] usb 6-1: config 0 has no interface number 0 [ 1342.484748][ T10] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1342.491353][ T5896] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1342.530044][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1342.586208][ T5896] usb 6-1: config 0 descriptor?? [ 1342.638238][ T5896] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1342.670085][ T5896] usb 6-1: No valid video chain found. [ 1342.710294][ T10] usb 3-1: USB disconnect, device number 102 [ 1342.859897][T20759] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3170'. [ 1343.637088][T20770] loop2: detected capacity change from 0 to 7 [ 1343.653685][T20770] Dev loop2: unable to read RDB block 7 [ 1343.666453][T20770] loop2: unable to read partition table [ 1343.689622][T20770] loop2: partition table beyond EOD, truncated [ 1343.705945][T20770] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1344.070357][T20399] Bluetooth: hci0: command tx timeout [ 1344.243317][ T5960] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1344.511625][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1344.548215][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1344.590083][ T5960] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1344.624118][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1344.657183][T20741] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1344.670397][ T5960] usb 1-1: config 0 descriptor?? [ 1344.703647][T20741] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1344.735774][T20741] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1344.979629][ T5967] usb 6-1: USB disconnect, device number 57 [ 1345.892293][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1345.906711][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1345.917717][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1345.927460][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1345.935289][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1345.961106][ T5960] uclogic 0003:256C:006D.0025: interface is invalid, ignoring [ 1346.011035][T20814] Failed to initialize the IGMP autojoin socket (err -2) [ 1346.105100][T20741] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1346.153305][ T5870] Bluetooth: hci0: command tx timeout [ 1346.170744][T20741] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1346.194093][T20741] wireguard: wg0: Could not create IPv4 socket [ 1346.202765][T20741] wireguard: wg1: Could not create IPv4 socket [ 1346.211877][T20741] wireguard: wg2: Could not create IPv4 socket [ 1346.334913][ T5896] usb 1-1: USB disconnect, device number 70 [ 1346.379152][T20826] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3176'. [ 1346.801459][T20829] netlink: 165 bytes leftover after parsing attributes in process `syz.5.3178'. [ 1348.315352][T20864] Mount JFS Failure: -22 [ 1348.319625][T20864] jfs_mount failed w/return code = -22 [ 1349.000410][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1349.016820][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1349.026888][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1349.037463][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1349.045136][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1349.208359][T20869] Failed to initialize the IGMP autojoin socket (err -2) [ 1349.279061][T20884] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3183'. [ 1349.740128][T20729] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1350.100345][T20729] usb 6-1: Using ep0 maxpacket: 16 [ 1350.129504][T20729] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1350.419738][T20729] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1350.441606][T20729] usb 6-1: config 0 has no interface number 0 [ 1350.464287][T20729] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1350.485304][T20729] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1350.521609][T20729] usb 6-1: config 0 descriptor?? [ 1350.540951][T20729] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1350.566583][T20729] usb 6-1: No valid video chain found. [ 1351.192234][T20399] Bluetooth: hci0: command tx timeout [ 1352.479696][T20869] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1352.514723][T20729] usb 6-1: USB disconnect, device number 58 [ 1352.522416][T20869] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1352.555752][T20869] wireguard: wg0: Could not create IPv4 socket [ 1352.571613][T20869] wireguard: wg1: Could not create IPv4 socket [ 1352.588165][T20869] wireguard: wg2: Could not create IPv4 socket [ 1353.267939][T20947] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3189'. [ 1354.081351][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1354.101671][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1354.111362][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1354.120629][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1354.128349][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1354.583767][T20959] Failed to initialize the IGMP autojoin socket (err -2) [ 1355.345223][T20970] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20970 comm=syz.5.3190 [ 1355.653037][ T30] audit: type=1400 audit(1757603452.156:957): avc: denied { bind } for pid=20984 comm="syz.0.3195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1355.675155][T20985] netlink: 'syz.0.3195': attribute type 3 has an invalid length. [ 1355.690210][T20985] netlink: 'syz.0.3195': attribute type 1 has an invalid length. [ 1355.991753][T20994] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3196'. [ 1356.164963][T20998] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1356.228450][T20998] CIFS mount error: No usable UNC path provided in device string! [ 1356.228450][T20998] [ 1356.241963][ T5870] Bluetooth: hci0: command tx timeout [ 1356.272612][T20998] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1356.287531][ T30] audit: type=1400 audit(1757603452.786:958): avc: denied { mounton } for pid=20997 comm="syz.2.3197" path="/631/file0" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 1356.312535][T21002] loop0: Can't mount, would change RO state [ 1356.480086][ T5967] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 1356.720706][ T5967] usb 6-1: Using ep0 maxpacket: 16 [ 1356.729150][ T5967] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1356.746315][ T5967] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1356.773065][T21007] binder: 21006:21007 unknown command 0 [ 1356.782601][ T5967] usb 6-1: config 0 has no interface number 0 [ 1356.794306][T21007] binder: 21006:21007 ioctl c0306201 200000000080 returned -22 [ 1356.806419][ T5967] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1356.828423][T21007] binder: 21006:21007 ioctl c0189371 2000000001c0 returned -22 [ 1356.840713][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1356.870724][T21007] Bluetooth: MGMT ver 1.23 [ 1356.875747][ T5967] usb 6-1: config 0 descriptor?? [ 1356.904409][ T5967] usb 6-1: Found UVC 0.00 device (0bd3:05f4) [ 1356.935279][ T5967] usb 6-1: No valid video chain found. [ 1357.248001][T21017] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1357.838149][ T203] dvmrp8 (unregistering): left allmulticast mode [ 1358.311736][ T5870] Bluetooth: hci0: command tx timeout [ 1358.757195][ T203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1358.802720][ T203] bond0 (unregistering): Released all slaves [ 1359.286390][ T5919] usb 6-1: USB disconnect, device number 59 [ 1359.962107][ T203] bond1 (unregistering): Released all slaves [ 1360.469858][ T5870] Bluetooth: hci0: command tx timeout [ 1360.937494][ T203] bond2 (unregistering): (slave veth3): Releasing active interface [ 1360.960976][ T203] bond2 (unregistering): Released all slaves [ 1361.151060][ T203] : left promiscuous mode [ 1361.361331][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.402015][ T203] tipc: Left network mode [ 1362.366971][ T203] batman_adv: batadv0: Removing interface: wlan0 [ 1362.506671][ T203] hsr_slave_0: left promiscuous mode [ 1362.513397][ T203] hsr_slave_1: left promiscuous mode [ 1362.519355][ T203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1362.527463][ T203] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1362.556618][ T5870] Bluetooth: hci0: command tx timeout [ 1364.110538][T20399] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1364.121978][T20399] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1364.136616][T20399] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1364.149815][T20399] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1364.174091][T20399] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1364.267826][ T203] team0 (unregistering): Port device team_slave_1 removed [ 1364.410257][ T5960] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1364.422312][ T203] team0 (unregistering): Port device team_slave_0 removed [ 1364.580027][ T5960] usb 3-1: Using ep0 maxpacket: 16 [ 1364.616336][ T5960] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 1364.630741][ T5870] Bluetooth: hci0: command tx timeout [ 1364.635416][ T5960] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1364.666055][ T5960] usb 3-1: config 0 has no interface number 0 [ 1364.677605][ T5960] usb 3-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b [ 1364.687366][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1364.741413][ T5960] usb 3-1: config 0 descriptor?? [ 1364.777198][ T5960] usb 3-1: Found UVC 0.00 device (0bd3:05f4) [ 1364.798274][ T5960] usb 3-1: No valid video chain found. [ 1366.117804][T21123] Failed to initialize the IGMP autojoin socket (err -2) [ 1366.316201][ T5870] Bluetooth: hci3: command tx timeout [ 1366.580580][ T5896] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 1366.657968][T20959] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1366.752075][ T5896] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1366.764056][T20959] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1366.792731][ T5896] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1366.822087][ T30] audit: type=1400 audit(1757603463.301:959): avc: denied { create } for pid=21165 comm="syz.0.3218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 1366.937784][ T5896] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1366.942743][T20959] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1367.033563][ T30] audit: type=1400 audit(1757603463.301:960): avc: denied { ioctl } for pid=21165 comm="syz.0.3218" path="socket:[67082]" dev="sockfs" ino=67082 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 1367.246594][ T5896] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1367.256117][ T24] usb 3-1: USB disconnect, device number 103 [ 1367.267078][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1367.290143][ T5896] usb 6-1: Product: syz [ 1367.295795][ T5896] usb 6-1: Manufacturer: syz [ 1367.302621][ T5896] usb 6-1: SerialNumber: syz [ 1367.339841][ T203] IPVS: stop unused estimator thread 0... [ 1367.533726][ T5896] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 60 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1367.800574][ T5919] usb 6-1: USB disconnect, device number 60 [ 1367.837719][T21159] usblp0: removed [ 1368.102177][T20959] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1368.127787][T20959] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1368.153042][T20959] wireguard: wg0: Could not create IPv4 socket [ 1368.166624][T20959] wireguard: wg1: Could not create IPv4 socket [ 1368.176649][T20959] wireguard: wg2: Could not create IPv4 socket [ 1368.630494][ T5919] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 1368.931739][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1368.982371][ T5919] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 1369.092632][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1369.115931][ T5919] usb 1-1: config 0 descriptor?? [ 1369.386642][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1369.411065][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1369.422251][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1369.434794][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1369.609316][ T5919] petalynx 0003:18B1:0037.0026: item fetching failed at offset 0/2 [ 1369.618101][ T5919] petalynx 0003:18B1:0037.0026: parse failed [ 1369.624341][ T5919] petalynx 0003:18B1:0037.0026: probe with driver petalynx failed with error -22 [ 1369.633596][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1369.744509][T21223] Failed to initialize the IGMP autojoin socket (err -2) [ 1369.819292][ T5919] usb 1-1: USB disconnect, device number 71 [ 1370.658214][T21245] loop6: detected capacity change from 0 to 7 [ 1370.686871][T21245] Dev loop6: unable to read RDB block 7 [ 1370.696375][T21245] loop6: AHDI p3 p4 [ 1370.710143][T21245] loop6: partition table partially beyond EOD, truncated [ 1370.737841][T21245] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1371.793049][T20399] Bluetooth: hci0: command tx timeout [ 1371.988941][T21253] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12) [ 1371.995566][T21253] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1372.004550][T21253] vhci_hcd vhci_hcd.0: Device attached [ 1372.100223][T21257] vhci_hcd: connection closed [ 1372.109200][T16478] vhci_hcd: stop threads [ 1372.139043][T16478] vhci_hcd: release socket [ 1372.144673][T16478] vhci_hcd: disconnect device [ 1372.199776][T21263] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3228'. [ 1372.209263][T20729] vhci_hcd: vhci_device speed not set [ 1372.390289][ T5896] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 1372.563695][ T5896] usb 1-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55 [ 1372.596489][T21269] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1372.602443][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1372.742928][ T5896] usb 1-1: Product: syz [ 1372.747091][ T5896] usb 1-1: Manufacturer: syz [ 1372.782729][ T5896] usb 1-1: SerialNumber: syz [ 1372.860938][T21278] loop6: detected capacity change from 0 to 7 [ 1372.901557][ T5896] usb 1-1: config 0 descriptor?? [ 1372.957385][T21278] Dev loop6: unable to read RDB block 7 [ 1372.957741][T21278] loop6: unable to read partition table [ 1372.959764][T21278] loop6: partition table beyond EOD, truncated [ 1372.960770][T21278] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1373.056718][ T5896] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 1373.560577][ T5896] sonixb 1-1:0.0: Error reading register 00: -110 [ 1373.920584][T20399] Bluetooth: hci0: command tx timeout [ 1374.235954][T21223] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1374.256461][T21223] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1374.276114][T21223] wireguard: wg0: Could not create IPv4 socket [ 1374.285736][T21223] wireguard: wg1: Could not create IPv4 socket [ 1374.295519][T21223] wireguard: wg2: Could not create IPv4 socket [ 1375.097455][T21332] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3232'. [ 1375.108921][T21336] loop2: detected capacity change from 0 to 7 [ 1375.152956][T21336] loop2: [POWERTEC] [ 1375.380926][T21280] usb 1-1: USB disconnect, device number 72 [ 1375.660767][T21348] 9pnet_fd: Insufficient options for proto=fd [ 1376.228939][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1376.241192][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1376.252189][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1376.261936][ T10] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 1376.263031][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1376.370436][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1376.410771][ T10] usb 3-1: device descriptor read/64, error -71 [ 1376.418876][T21357] Failed to initialize the IGMP autojoin socket (err -2) [ 1376.427012][ T5896] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 1376.469711][ T30] audit: type=1400 audit(1757603472.971:961): avc: denied { read } for pid=21362 comm="syz.0.3238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 1376.590400][ T5896] usb 6-1: Using ep0 maxpacket: 16 [ 1376.607918][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1376.629790][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1376.655274][ T5896] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1376.671217][ T10] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 1376.683237][ T5896] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1376.700959][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1376.723284][ T5896] usb 6-1: config 0 descriptor?? [ 1376.831082][ T10] usb 3-1: device descriptor read/64, error -71 [ 1376.960595][ T10] usb usb3-port1: attempt power cycle [ 1377.149796][ T5896] microsoft 0003:045E:07DA.0027: ignoring exceeding usage max [ 1377.166786][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.176310][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.190461][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.197949][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.209299][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.216911][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.228522][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.236098][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.248993][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.256708][ T5896] microsoft 0003:045E:07DA.0027: unknown main item tag 0x0 [ 1377.287274][ T5896] microsoft 0003:045E:07DA.0027: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 1377.306990][ T5896] microsoft 0003:045E:07DA.0027: no inputs found [ 1377.327676][ T10] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 1377.337203][ T5896] microsoft 0003:045E:07DA.0027: could not initialize ff, continuing anyway [ 1377.374077][ T10] usb 3-1: device descriptor read/8, error -71 [ 1377.577614][T21397] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1377.690449][ T10] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 1378.030014][ T10] usb 3-1: device descriptor read/8, error -71 [ 1378.155787][ T10] usb usb3-port1: unable to enumerate USB device [ 1378.306984][T21280] usb 6-1: USB disconnect, device number 61 [ 1378.474245][T20399] Bluetooth: hci0: command tx timeout [ 1378.965533][T21357] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1379.006271][T21357] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1379.038652][T21357] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1379.625786][T21357] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1379.653525][T21357] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1379.674746][T21357] wireguard: wg0: Could not create IPv4 socket [ 1379.684841][T21357] wireguard: wg1: Could not create IPv4 socket [ 1379.695700][T21357] wireguard: wg2: Could not create IPv4 socket [ 1379.889323][T21443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3240'. [ 1379.945899][ T30] audit: type=1326 audit(1757603476.444:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21445 comm="syz.5.3241" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f656fb8eba9 code=0x0 [ 1380.012957][T21443] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3240'. [ 1380.028697][T21451] loop2: detected capacity change from 0 to 7 [ 1380.046131][T21451] Dev loop2: unable to read RDB block 7 [ 1380.063044][T21451] loop2: unable to read partition table [ 1380.089231][T21451] loop2: partition table beyond EOD, truncated [ 1380.112460][T21451] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1380.210222][T21280] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1380.319524][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1380.334385][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1380.343751][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1380.352284][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1380.362642][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1380.390174][T21280] usb 1-1: Using ep0 maxpacket: 32 [ 1380.397306][T21280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1380.410131][T21280] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1380.423649][T21456] Failed to initialize the IGMP autojoin socket (err -2) [ 1380.429484][T21280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1380.442341][T21280] usb 1-1: Product: syz [ 1380.446527][T21280] usb 1-1: Manufacturer: syz [ 1380.460030][T21280] usb 1-1: SerialNumber: syz [ 1380.472392][T21280] usb 1-1: config 0 descriptor?? [ 1380.489802][T21280] usb 1-1: bad CDC descriptors [ 1380.498559][T21280] usb 1-1: unsupported MDLM descriptors [ 1380.911010][ T30] audit: type=1400 audit(1757603477.194:963): avc: denied { listen } for pid=21442 comm="syz.0.3240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1382.402371][ T5870] Bluetooth: hci0: command tx timeout [ 1383.395993][ T24] usb 1-1: USB disconnect, device number 73 [ 1383.803789][T21510] 9pnet_fd: Insufficient options for proto=fd [ 1384.470617][ T5870] Bluetooth: hci0: command tx timeout [ 1384.764886][T21528] netlink: 'syz.5.3250': attribute type 2 has an invalid length. [ 1384.772980][T21528] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3250'. [ 1384.985497][ T203] bond0 (unregistering): Released all slaves [ 1385.138409][ T203] bond1 (unregistering): Released all slaves [ 1385.322254][ T203] tipc: Disabling bearer [ 1385.335233][ T203] tipc: Left network mode [ 1385.700227][ T5906] usb 3-1: new full-speed USB device number 108 using dummy_hcd [ 1385.891823][ T5906] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1385.904175][ T203] hsr_slave_0: left promiscuous mode [ 1385.914639][ T203] hsr_slave_1: left promiscuous mode [ 1386.368398][ T5906] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1386.379805][ T5906] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1386.395629][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1386.408524][ T5906] usb 3-1: Product: syz [ 1386.413021][ T5906] usb 3-1: Manufacturer: syz [ 1386.417672][ T5906] usb 3-1: SerialNumber: syz [ 1386.445851][ T203] veth1_macvtap: left promiscuous mode [ 1386.452339][ T203] veth0_macvtap: left promiscuous mode [ 1386.459648][ T203] veth1_vlan: left promiscuous mode [ 1386.465559][ T203] veth0_vlan: left promiscuous mode [ 1386.550903][ T5870] Bluetooth: hci0: command tx timeout [ 1386.720224][ T5906] usb 3-1: cannot find UAC_HEADER [ 1386.861527][ T5906] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1386.935593][T21534] __vm_enough_memory: pid: 21534, comm: syz.2.3252, bytes: 21199824494592 not enough memory for the allocation [ 1386.947776][T21533] __vm_enough_memory: pid: 21533, comm: syz.2.3252, bytes: 21199824494592 not enough memory for the allocation [ 1387.009837][T12490] udevd[12490]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1387.040895][ T203] pim6reg (unregistering): left allmulticast mode [ 1388.448434][ T203] IPVS: stop unused estimator thread 0... [ 1388.623352][T21456] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1388.642753][ T5870] Bluetooth: hci0: command tx timeout [ 1388.667326][T21456] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1388.775990][T21456] wireguard: wg0: Could not create IPv4 socket [ 1388.805180][T21456] wireguard: wg1: Could not create IPv4 socket [ 1388.831511][T21456] wireguard: wg2: Could not create IPv4 socket [ 1388.902724][T20399] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1388.966459][T20399] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1389.004247][T20399] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1389.030243][T20399] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1389.043245][T20399] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1389.103645][T21567] Failed to initialize the IGMP autojoin socket (err -2) [ 1391.180204][ T5870] Bluetooth: hci3: command tx timeout [ 1391.586855][T21589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3262'. [ 1391.602838][T21589] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3262'. [ 1391.873457][T21594] Mount JFS Failure: -22 [ 1391.877792][T21594] jfs_mount failed w/return code = -22 [ 1392.660113][T21604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1392.674875][T21604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1392.685233][T21604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1392.695537][T21604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3265'. [ 1393.200023][ T5870] Bluetooth: hci3: command tx timeout [ 1394.940530][T21567] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1394.954312][T21567] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1394.969695][T21567] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1395.271401][ T5870] Bluetooth: hci3: command tx timeout [ 1396.020219][T21567] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1396.111295][T21567] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1396.166369][T21567] wireguard: wg0: Could not create IPv4 socket [ 1396.190287][T21567] wireguard: wg1: Could not create IPv4 socket [ 1396.218506][T21567] wireguard: wg2: Could not create IPv4 socket [ 1396.270990][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1396.283474][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1396.294911][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1396.304295][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1396.312624][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1396.426087][T21644] Failed to initialize the IGMP autojoin socket (err -2) [ 1396.716499][T21654] Mount JFS Failure: -22 [ 1396.724681][T21654] jfs_mount failed w/return code = -22 [ 1397.640260][T20729] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 1397.840362][T20729] usb 6-1: Using ep0 maxpacket: 8 [ 1397.857173][T20729] usb 6-1: config 1 interface 0 altsetting 5 bulk endpoint 0x1 has invalid maxpacket 16 [ 1397.882858][T20729] usb 6-1: config 1 interface 0 has no altsetting 0 [ 1397.937150][T20729] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1397.961226][T20729] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1397.969241][T20729] usb 6-1: Product: syz [ 1397.990042][T20729] usb 6-1: Manufacturer: syz [ 1397.994756][T20729] usb 6-1: SerialNumber: syz [ 1398.019467][T21656] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1398.424260][T20729] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 62 if 0 alt 5 proto 1 vid 0x0525 pid 0xA4A8 [ 1398.455085][T20729] usb 6-1: USB disconnect, device number 62 [ 1398.506975][T20729] usblp0: removed [ 1398.580984][ T30] audit: type=1400 audit(1757603495.064:964): avc: denied { append } for pid=21695 comm="syz.2.3281" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1398.694214][ T30] audit: type=1400 audit(1757603495.074:965): avc: denied { map } for pid=21695 comm="syz.2.3281" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1398.744304][ T30] audit: type=1400 audit(1757603495.074:966): avc: denied { execute } for pid=21695 comm="syz.2.3281" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1398.936083][ T30] audit: type=1400 audit(1757603495.194:967): avc: denied { ioctl } for pid=21694 comm="syz.5.3280" path="socket:[71437]" dev="sockfs" ino=71437 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1399.715854][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1400.158220][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1400.166843][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1400.178297][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1400.194013][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1400.203729][T21723] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1400.277877][T21718] Failed to initialize the IGMP autojoin socket (err -2) [ 1400.440038][ T30] audit: type=1326 audit(1757603496.914:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1400.549580][ T30] audit: type=1326 audit(1757603496.914:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1400.715383][ T30] audit: type=1326 audit(1757603496.914:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1400.766120][ T30] audit: type=1326 audit(1757603496.914:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1400.815913][ T30] audit: type=1326 audit(1757603496.914:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1400.928150][ T30] audit: type=1326 audit(1757603496.914:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21728 comm="syz.0.3287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f616858eba9 code=0x7ffc0000 [ 1401.898009][T21718] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1401.924360][T21718] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1401.947238][T21718] wireguard: wg0: Could not create IPv4 socket [ 1401.956796][T21718] wireguard: wg1: Could not create IPv4 socket [ 1401.971734][T21718] wireguard: wg2: Could not create IPv4 socket [ 1402.267301][T21778] Mount JFS Failure: -22 [ 1402.278622][T21778] jfs_mount failed w/return code = -22 [ 1402.596503][T21780] loop6: detected capacity change from 0 to 7 [ 1402.614869][T21780] Dev loop6: unable to read RDB block 7 [ 1402.626084][T21780] loop6: unable to read partition table [ 1402.646368][T21780] loop6: partition table beyond EOD, truncated [ 1402.664147][T21780] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1403.087940][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1403.101865][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1403.111749][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1403.133144][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1403.243781][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1403.414133][T21801] Failed to initialize the IGMP autojoin socket (err -2) [ 1404.587636][T21822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1404.598822][T21822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1405.458546][T20399] Bluetooth: hci0: command tx timeout [ 1405.481640][T21847] netlink: 'syz.0.3299': attribute type 10 has an invalid length. [ 1405.489531][T21847] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3299'. [ 1405.499310][T21847] dummy0: entered promiscuous mode [ 1405.517158][T21847] bridge0: port 3(dummy0) entered blocking state [ 1405.526192][T21847] bridge0: port 3(dummy0) entered disabled state [ 1405.536478][T21847] dummy0: entered allmulticast mode [ 1405.564237][T21847] bridge0: port 3(dummy0) entered blocking state [ 1405.570933][T21847] bridge0: port 3(dummy0) entered forwarding state [ 1406.144766][T21853] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3300'. [ 1407.148877][T21872] binder: 21868:21872 ioctl 4018620d 0 returned -22 [ 1407.242368][T21873] binder: 21868:21873 ioctl c0306201 0 returned -14 [ 1407.258806][T21873] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3303'. [ 1407.691261][T20399] Bluetooth: hci0: command tx timeout [ 1408.257450][T21888] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3305'. [ 1408.310866][T21888] tmpfs: Bad value for 'mpol' [ 1409.168107][T21801] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1409.195075][T21801] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1409.213680][T21801] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1409.750237][T20399] Bluetooth: hci0: command tx timeout [ 1409.758115][T21801] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1409.782650][T21801] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1409.805879][T21801] wireguard: wg0: Could not create IPv4 socket [ 1409.814987][T21801] wireguard: wg1: Could not create IPv4 socket [ 1409.827761][T21801] wireguard: wg2: Could not create IPv4 socket [ 1410.090804][T21935] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1410.106450][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1410.106466][ T30] audit: type=1400 audit(1757603506.604:987): avc: denied { ioctl } for pid=21936 comm="syz.0.3306" path="socket:[73386]" dev="sockfs" ino=73386 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1410.141363][T21938] ieee802154 phy1 wpan1: encryption failed: -22 [ 1410.500168][ T5960] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 1410.986685][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1411.006907][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1411.018520][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1411.034209][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1411.044058][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1411.125486][T21956] Failed to initialize the IGMP autojoin socket (err -2) [ 1411.486960][T21962] netlink: 1144 bytes leftover after parsing attributes in process `syz.0.3311'. [ 1411.509021][T21962] overlay: Unknown parameter 'euid<00000000004294967295' [ 1412.506163][T21980] binder: 21973:21980 ioctl 4018620d 0 returned -22 [ 1412.765423][T21980] binder: 21973:21980 ioctl c0306201 0 returned -14 [ 1412.774334][T21980] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3314'. [ 1413.113037][T20399] Bluetooth: hci0: command tx timeout [ 1413.513959][T21988] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1413.647702][T22003] binder_alloc: binder_alloc_mmap_handler: 22002 200000ffe000-200001000000 already mapped failed -16 [ 1413.686693][T22005] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1413.888737][T22012] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1414.055408][T22010] trusted_key: encrypted_key: master key parameter is missing [ 1414.119505][T22010] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3318'. [ 1414.350499][T20729] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1414.491950][T20729] usb 1-1: device descriptor read/64, error -71 [ 1414.671236][T22030] loop6: detected capacity change from 0 to 7 [ 1414.678068][T22030] Dev loop6: unable to read RDB block 7 [ 1414.683857][T22030] loop6: AHDI p3 p4 [ 1414.687759][T22030] loop6: partition table partially beyond EOD, truncated [ 1414.694924][T22030] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1414.730093][T20729] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1414.870117][T20729] usb 1-1: device descriptor read/64, error -71 [ 1415.190841][T20399] Bluetooth: hci0: command tx timeout [ 1415.233027][T20729] usb usb1-port1: attempt power cycle [ 1415.603799][T20729] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1415.790291][T20729] usb 1-1: device descriptor read/8, error -71 [ 1416.049305][T21956] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1416.060005][T20729] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1416.074646][T21956] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1416.115734][T20729] usb 1-1: device descriptor read/8, error -71 [ 1416.166511][T21956] wireguard: wg0: Could not create IPv4 socket [ 1416.191902][T21956] wireguard: wg1: Could not create IPv4 socket [ 1416.215261][T21956] wireguard: wg2: Could not create IPv4 socket [ 1416.240369][T20729] usb usb1-port1: unable to enumerate USB device [ 1418.635828][T17741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1418.650029][T17741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1418.659265][T17741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1418.670404][T17741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1418.682249][T17741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1418.707521][T22130] Failed to initialize the IGMP autojoin socket (err -2) [ 1418.770288][ T5960] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1418.961037][ T5960] usb 1-1: Using ep0 maxpacket: 32 [ 1418.989053][ T5960] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1419.018203][ T5960] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1419.026120][ T5960] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 1419.037776][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1419.048718][ T5960] usb 1-1: config 0 descriptor?? [ 1419.487963][ T5960] vrc2 0003:07C0:1125.0028: fixing up VRC-2 report descriptor [ 1419.522488][ T5960] input: HID 07c0:1125 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:07C0:1125.0028/input/input46 [ 1419.644816][ T5960] vrc2 0003:07C0:1125.0028: input,hidraw0: USB HID v0.02 Joystick [HID 07c0:1125] on usb-dummy_hcd.0-1/input0 [ 1419.702550][ T5960] usb 1-1: USB disconnect, device number 78 [ 1419.875899][T22152] fido_id[22152]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 1420.107699][T22130] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1420.134703][T22130] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1420.153320][T22130] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1420.470360][ T5870] Bluetooth: hci5: command 0x0406 tx timeout [ 1420.793398][ T5870] Bluetooth: hci0: command tx timeout [ 1420.926263][T22130] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1420.947630][T22130] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1420.967260][T22130] wireguard: wg0: Could not create IPv4 socket [ 1420.979322][T22130] wireguard: wg1: Could not create IPv4 socket [ 1420.988156][T22130] wireguard: wg2: Could not create IPv4 socket [ 1422.114406][T22207] loop6: detected capacity change from 0 to 7 [ 1422.418227][T14793] Dev loop6: unable to read RDB block 7 [ 1422.811020][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1422.871759][T14793] loop6: unable to read partition table [ 1423.134339][T14793] loop6: partition table beyond EOD, truncated [ 1423.724375][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1423.759341][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1423.776740][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1423.789967][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1423.802616][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1423.873915][T22214] Failed to initialize the IGMP autojoin socket (err -2) [ 1424.815888][ T30] audit: type=1400 audit(1757603521.304:988): avc: denied { bind } for pid=22234 comm="syz.0.3338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 1425.162456][T22240] loop6: detected capacity change from 0 to 7 [ 1425.195969][T22240] Dev loop6: unable to read RDB block 7 [ 1425.222902][T22240] loop6: AHDI p3 p4 [ 1425.227976][T22240] loop6: partition table partially beyond EOD, truncated [ 1425.300319][T22240] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1425.541278][T22244] Mount JFS Failure: -22 [ 1425.560349][T22244] jfs_mount failed w/return code = -22 [ 1425.954783][ T5870] Bluetooth: hci0: command tx timeout [ 1427.315377][T22214] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1427.342017][T22214] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1427.368277][T22214] wireguard: wg0: Could not create IPv4 socket [ 1427.378212][T22214] wireguard: wg1: Could not create IPv4 socket [ 1427.387794][T22214] wireguard: wg2: Could not create IPv4 socket [ 1428.740221][T20729] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1428.794490][ T5919] usb 6-1: new full-speed USB device number 64 using dummy_hcd [ 1429.146511][ T5919] usb 6-1: config 4 has an invalid interface number: 114 but max is 0 [ 1429.159392][T20729] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1429.228890][ T5919] usb 6-1: config 4 has no interface number 0 [ 1429.311482][T20729] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1429.325043][ T5919] usb 6-1: config 4 interface 114 altsetting 9 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1429.347284][T20729] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1429.358790][ T5919] usb 6-1: config 4 interface 114 altsetting 9 endpoint 0x86 has invalid maxpacket 1023, setting to 64 [ 1429.373677][T20729] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1429.383812][ T5919] usb 6-1: config 4 interface 114 has no altsetting 0 [ 1429.434082][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1429.446772][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1429.459735][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1429.469027][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1429.481220][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1429.513281][T22339] Failed to initialize the IGMP autojoin socket (err -2) [ 1429.532784][T22317] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1429.556480][ T5919] usb 6-1: New USB device found, idVendor=0482, idProduct=0101, bcdDevice= 1.00 [ 1429.566055][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1429.594952][T20729] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1429.602834][ T5919] usb 6-1: Product: syz [ 1429.789348][ T5919] usb 6-1: Manufacturer: syz [ 1429.829308][ T5919] usb 6-1: SerialNumber: syz [ 1429.883865][T22316] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1429.942729][T20729] usb 1-1: USB disconnect, device number 79 [ 1430.104627][ T5919] usb-storage 6-1:4.114: USB Mass Storage device detected [ 1430.159097][ T5919] usb-storage 6-1:4.114: Quirks match for vid 0482 pid 0101: 8 [ 1430.278395][ T5919] usb 6-1: USB disconnect, device number 64 [ 1430.583925][T22359] : Can't lookup blockdev [ 1430.670625][ T5960] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 1430.732170][T22365] bridge0: entered promiscuous mode [ 1430.738793][T22365] macsec1: entered promiscuous mode [ 1430.810362][T22366] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3348'. [ 1430.824450][T22365] bridge0: left promiscuous mode [ 1430.849005][ T5960] usb 1-1: Using ep0 maxpacket: 16 [ 1430.859548][ T5960] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1430.878597][ T5960] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1430.907735][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1430.920405][ T5960] usb 1-1: Product: syz [ 1430.924899][ T5960] usb 1-1: Manufacturer: syz [ 1430.929784][ T5960] usb 1-1: SerialNumber: syz [ 1430.981655][ T5960] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1430.988187][ T5960] r8152-cfgselector 1-1: config 0 descriptor?? [ 1431.590373][ T5870] Bluetooth: hci0: command tx timeout [ 1432.423039][T22396] loop6: detected capacity change from 0 to 7 [ 1432.431454][T22396] Dev loop6: unable to read RDB block 7 [ 1432.437022][T22396] loop6: AHDI p3 p4 [ 1432.441277][T22396] loop6: partition table partially beyond EOD, truncated [ 1432.448396][T22396] loop6: p3 start 1886353253 is beyond EOD, truncated [ 1432.586030][T22400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1432.599034][T22400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1433.214594][T22339] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1433.252096][T22339] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1433.280580][T22339] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1433.456113][T20729] r8152-cfgselector 1-1: USB disconnect, device number 80 [ 1433.670145][ T5870] Bluetooth: hci0: command tx timeout [ 1434.052953][T22339] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1434.083913][T22339] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1434.107657][T22339] wireguard: wg0: Could not create IPv4 socket [ 1434.116668][T22339] wireguard: wg1: Could not create IPv4 socket [ 1434.130170][T22339] wireguard: wg2: Could not create IPv4 socket [ 1435.093071][T22459] trusted_key: encrypted_key: keyword 'new¼°±‹U£_5' not recognized [ 1435.126806][T22459] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1435.136288][T22459] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1435.755742][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1435.788400][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1435.801712][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1435.815152][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1435.825135][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1435.863833][T22466] Failed to initialize the IGMP autojoin socket (err -2) [ 1436.048791][T22479] block nbd0: server does not support multiple connections per device. [ 1436.126237][T22479] block nbd0: shutting down sockets [ 1436.428095][T22486] input: syz1 as /devices/virtual/input/input47 [ 1436.435728][T22486] input: failed to attach handler leds to device input47, error: -6 [ 1437.451251][T22484] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1437.910261][T20399] Bluetooth: hci0: command tx timeout [ 1439.102697][T22466] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1439.139238][T22466] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1439.168747][T22466] wireguard: wg0: Could not create IPv4 socket [ 1439.199618][T22466] wireguard: wg1: Could not create IPv4 socket [ 1439.257578][T22466] wireguard: wg2: Could not create IPv4 socket [ 1439.284116][T22526] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 1439.296534][T22526] exFAT-fs (nullb0): invalid boot record signature [ 1439.326774][T22526] exFAT-fs (nullb0): failed to read boot sector [ 1439.402865][T22526] exFAT-fs (nullb0): failed to recognize exfat type [ 1442.193132][T21280] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1442.431247][ T30] audit: type=1400 audit(1757603538.934:989): avc: denied { map } for pid=22587 comm="syz.0.3368" path="pipe:[76976]" dev="pipefs" ino=76976 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1442.465204][T21280] usb 6-1: config 0 has an invalid interface number: 253 but max is 0 [ 1442.475864][T21280] usb 6-1: config 0 has no interface number 0 [ 1442.486455][T21280] usb 6-1: too many endpoints for config 0 interface 253 altsetting 240: 136, using maximum allowed: 30 [ 1442.499398][T21280] usb 6-1: config 0 interface 253 altsetting 240 has 0 endpoint descriptors, different from the interface descriptor's value: 136 [ 1442.518698][T21280] usb 6-1: config 0 interface 253 has no altsetting 0 [ 1442.527962][T21280] usb 6-1: New USB device found, idVendor=0dba, idProduct=5066, bcdDevice=80.99 [ 1442.545165][T22596] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3369'. [ 1442.549966][T21280] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1 [ 1442.579962][T21280] usb 6-1: Product: syz [ 1442.584322][T21280] usb 6-1: Manufacturer: syz [ 1442.588925][T21280] usb 6-1: SerialNumber: syz [ 1442.626958][T21280] usb 6-1: config 0 descriptor?? [ 1442.643208][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1442.671967][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1442.681950][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1442.697955][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1442.706907][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1442.755491][T22598] Failed to initialize the IGMP autojoin socket (err -2) [ 1444.793704][T20399] Bluetooth: hci0: command tx timeout [ 1445.114281][T21280] usb 6-1: USB disconnect, device number 65 [ 1445.598616][T22598] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1445.621562][T22598] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1445.646101][T22598] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1446.239057][T22598] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1446.265308][T22598] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1446.288311][T22598] wireguard: wg0: Could not create IPv4 socket [ 1446.297097][T22598] wireguard: wg1: Could not create IPv4 socket [ 1446.313256][T22598] wireguard: wg2: Could not create IPv4 socket [ 1447.175321][ T30] audit: type=1400 audit(1757603543.664:990): avc: denied { mounton } for pid=22684 comm="syz.5.3373" path="/449/file0" dev="autofs" ino=78431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 1448.241120][T17741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1448.254012][T17741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1448.271822][T17741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1448.290336][T17741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1448.298029][T17741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1448.337543][T22718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3380'. [ 1448.367186][T22715] Failed to initialize the IGMP autojoin socket (err -2) [ 1448.374804][T22722] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3381'. [ 1449.238248][ T30] audit: type=1400 audit(1757603545.654:991): avc: denied { associate } for pid=22743 comm="syz.5.3385" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1449.573157][ T5919] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1449.711947][ T30] audit: type=1400 audit(1757603545.654:992): avc: denied { append } for pid=22743 comm="syz.5.3385" name="pfkey" dev="proc" ino=4026533803 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 1449.910270][ T5919] usb 6-1: Using ep0 maxpacket: 8 [ 1449.956401][ T5919] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1449.993531][ T5919] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1450.130277][ T5919] usb 6-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68 [ 1450.139470][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1450.170316][ T5919] usb 6-1: Product: syz [ 1450.241497][ T5919] usb 6-1: Manufacturer: syz [ 1450.246414][ T5919] usb 6-1: SerialNumber: syz [ 1450.334444][ T5919] usb 6-1: config 0 descriptor?? [ 1450.390493][T20399] Bluetooth: hci0: command tx timeout [ 1452.057325][ T5919] usb 6-1: USB disconnect, device number 66 [ 1452.506646][T20399] Bluetooth: hci0: command tx timeout [ 1452.961759][T22715] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1453.005584][T22715] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1453.116666][T22715] wireguard: wg0: Could not create IPv4 socket [ 1453.125696][T22715] wireguard: wg1: Could not create IPv4 socket [ 1453.136161][T22715] wireguard: wg2: Could not create IPv4 socket [ 1455.476486][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1455.490829][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1455.500624][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1455.603265][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1455.637111][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1455.785628][T22902] Failed to initialize the IGMP autojoin socket (err -2) [ 1456.171244][T22924] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3402'. [ 1457.750180][ T5870] Bluetooth: hci0: command tx timeout [ 1457.856546][T22957] block nbd5: NBD_DISCONNECT [ 1457.862949][ T5896] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1458.032839][ T5896] usb 1-1: Using ep0 maxpacket: 16 [ 1458.042119][ T5896] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 1458.075468][ T5896] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1458.093526][ T5896] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 1458.134865][ T5896] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 1458.145099][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1458.180180][ T5896] usb 1-1: config 0 descriptor?? [ 1458.396548][ T5896] usb 1-1: string descriptor 0 read error: -71 [ 1458.436504][ T5896] usbhid 1-1:0.0: can't add hid device: -71 [ 1458.463327][ T5896] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1458.498856][ T5896] usb 1-1: USB disconnect, device number 81 [ 1458.503265][T22902] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1458.525885][T22902] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1458.548710][T22902] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1459.209606][T22902] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1459.229011][T22902] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1459.254931][T22902] wireguard: wg0: Could not create IPv4 socket [ 1459.267246][T22902] wireguard: wg1: Could not create IPv4 socket [ 1459.281953][T22902] wireguard: wg2: Could not create IPv4 socket [ 1460.453269][T23017] netlink: 'syz.0.3413': attribute type 10 has an invalid length. [ 1460.485165][T23017] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1460.670392][T23033] ubi: mtd0 is already attached to ubi31 [ 1461.201345][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1461.214250][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1461.225504][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1461.235126][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1461.245239][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1461.260113][T23023] mac80211_hwsim hwsim21 wlan1: entered allmulticast mode [ 1461.327159][T23039] Failed to initialize the IGMP autojoin socket (err -2) [ 1463.284096][ T5870] Bluetooth: hci0: command tx timeout [ 1463.359692][ T5919] libceph: mon0 (1)[b::]:6789 connect error [ 1463.523689][ T30] audit: type=1400 audit(1757603560.014:993): avc: denied { write } for pid=23078 comm="syz.5.3426" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1463.681702][ T5919] libceph: mon0 (1)[b::]:6789 connect error [ 1463.918933][T21280] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 1464.120173][T21280] usb 6-1: Using ep0 maxpacket: 8 [ 1464.132638][T21280] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1464.301573][ T5919] libceph: mon0 (1)[b::]:6789 connect error [ 1464.401576][T21280] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1464.435486][T21280] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1464.545985][T21280] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1464.575806][T21280] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1464.589017][T23069] ceph: No mds server is up or the cluster is laggy [ 1464.596041][T21280] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1464.629561][T21280] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.931650][T21280] usb 6-1: GET_CAPABILITIES returned 0 [ 1464.937182][T21280] usbtmc 6-1:16.0: can't read capabilities [ 1465.108526][T23039] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1465.141935][T23039] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1465.163322][T23039] wireguard: wg0: Could not create IPv4 socket [ 1465.172687][T23039] wireguard: wg1: Could not create IPv4 socket [ 1465.181644][T23039] wireguard: wg2: Could not create IPv4 socket [ 1465.245627][T23084] usbtmc 6-1:16.0: usb_control_msg returned -71 [ 1465.253143][ T10] usb 6-1: USB disconnect, device number 67 [ 1467.931217][T23181] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3433'. [ 1467.940244][T23181] openvswitch: netlink: Flow actions attr not present in new flow. [ 1468.166198][T17741] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1468.180155][T17741] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1468.190631][T17741] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1468.201968][T17741] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1468.209658][T17741] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1468.287994][T23192] Failed to initialize the IGMP autojoin socket (err -2) [ 1469.974935][ T30] audit: type=1800 audit(1757603566.474:994): pid=23217 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3438" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1470.093277][T20399] Bluetooth: hci0: command 0x1003 tx timeout [ 1470.117364][ T5870] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 1470.347735][ T5870] Bluetooth: hci3: command tx timeout [ 1470.958022][T23192] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1470.976326][T23192] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1471.007984][T23192] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1471.666429][T23192] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1471.692480][T23192] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1471.714801][T23192] wireguard: wg0: Could not create IPv4 socket [ 1471.725103][T23192] wireguard: wg1: Could not create IPv4 socket [ 1471.737766][T23192] wireguard: wg2: Could not create IPv4 socket [ 1472.540031][ T10] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1472.700638][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 1472.741046][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 5: 33, using maximum allowed: 30 [ 1472.780938][ T10] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1472.866388][ T10] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1472.893030][ T10] usb 1-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 1472.944259][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1472.957387][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1472.968430][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1472.980279][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1472.983184][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1472.996646][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1473.066854][ T10] usb 1-1: New USB device found, idVendor=0461, idProduct=4e05, bcdDevice= 0.00 [ 1473.076400][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.092350][ T10] usb 1-1: config 0 descriptor?? [ 1473.147337][T23333] Failed to initialize the IGMP autojoin socket (err -2) [ 1473.633749][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 1473.640456][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1473.655894][ T10] usb 1-1: USB disconnect, device number 82 [ 1473.992954][ T30] audit: type=1400 audit(1757603570.484:995): avc: denied { connect } for pid=23344 comm="syz.5.3447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 1474.737734][ T30] audit: type=1800 audit(1757603571.234:996): pid=23363 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.3450" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1474.758988][ C1] vkms_vblank_simulate: vblank timer overrun [ 1475.122107][ T5870] Bluetooth: hci0: command tx timeout [ 1477.513772][ T5870] Bluetooth: hci0: command tx timeout [ 1479.577801][T23333] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1479.590767][ T5870] Bluetooth: hci0: command tx timeout [ 1479.604447][T23333] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1479.626599][T23333] wireguard: wg0: Could not create IPv4 socket [ 1479.635759][T23333] wireguard: wg1: Could not create IPv4 socket [ 1479.648290][T23333] wireguard: wg2: Could not create IPv4 socket [ 1481.621024][ T30] audit: type=1800 audit(1757603578.114:997): pid=23487 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.3463" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1481.807647][T20399] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1481.819548][T20399] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1481.841717][T20399] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1481.860377][T20399] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1481.872456][T20399] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1481.920403][T23496] Failed to initialize the IGMP autojoin socket (err -2) [ 1482.103213][T23503] kvm: pic: non byte write [ 1482.107739][T23503] kvm: pic: non byte write [ 1482.173842][T23503] kvm: pic: non byte write [ 1482.201803][T23503] kvm: pic: non byte write [ 1482.231108][T23503] kvm: pic: single mode not supported [ 1482.231479][T23503] kvm: pic: non byte write [ 1482.267668][T23503] kvm: pic: non byte write [ 1482.286433][T23503] kvm: pic: non byte write [ 1482.296344][T23503] kvm: pic: non byte write [ 1482.330900][T23503] kvm: pic: non byte write [ 1482.350534][T23503] kvm: pic: non byte write [ 1483.991764][T20399] Bluetooth: hci0: command tx timeout [ 1484.251930][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.690067][T23496] netdevsim netdevsim4 netdevsim1: renamed from eth10 [ 1484.724194][T23496] netdevsim netdevsim4 netdevsim2: renamed from eth11 [ 1484.753864][T23496] netdevsim netdevsim4 netdevsim3: renamed from eth12 [ 1485.435960][T23496] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1485.455290][T23496] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1485.474029][T23496] wireguard: wg0: Could not create IPv4 socket [ 1485.483281][T23496] wireguard: wg1: Could not create IPv4 socket [ 1485.492571][T23496] wireguard: wg2: Could not create IPv4 socket [ 1486.081547][T23602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1486.114649][T23602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1486.147155][T23598] kvm: pic: single mode not supported [ 1486.147620][T23598] kvm: pic: level sensitive irq not supported [ 1486.231487][ T30] audit: type=1800 audit(1757603582.714:998): pid=23605 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3477" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1486.712705][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1486.730423][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1486.745005][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1486.757207][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1486.890920][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1487.236549][ T30] audit: type=1400 audit(1757603583.734:999): avc: denied { getopt } for pid=23630 comm="syz.2.3483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1487.248491][T23617] Failed to initialize the IGMP autojoin socket (err -2) [ 1487.512144][T23639] comedi comedi3: bad chanlist[0]=0x00000009 chan=9 range length=9 [ 1489.040290][ T5870] Bluetooth: hci0: command tx timeout [ 1489.058685][T23664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1489.068238][T23664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1491.117081][T23707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3496'. [ 1491.191475][ T5870] Bluetooth: hci0: command tx timeout [ 1491.978633][T23721] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3497'. [ 1492.849712][T23617] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1492.874744][T23617] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 1492.893906][T23617] wireguard: wg0: Could not create IPv4 socket [ 1492.902801][T23617] wireguard: wg1: Could not create IPv4 socket [ 1492.913705][T23617] wireguard: wg2: Could not create IPv4 socket [ 1493.007394][T23636] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI [ 1493.019479][T23636] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 1493.027867][T23636] CPU: 1 UID: 0 PID: 23636 Comm: kbnepd bnep0 Not tainted syzkaller #0 PREEMPT(full) [ 1493.037406][T23636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1493.047434][T23636] RIP: 0010:klist_put+0x4d/0x1b0 [ 1493.052348][T23636] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 1c 3f 0d [ 1493.071932][T23636] RSP: 0018:ffffc90003a9f9b0 EFLAGS: 00010202 [ 1493.077976][T23636] RAX: dffffc0000000000 RBX: ffff88805abca060 RCX: ffffffff826109fd [ 1493.085920][T23636] RDX: 000000000000000b RSI: ffffffff8b89d035 RDI: 0000000000000058 [ 1493.093862][T23636] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1493.101820][T23636] R10: 0000000000000000 R11: ffffffff81a1f1e5 R12: 0000000000000000 [ 1493.109767][T23636] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 [ 1493.117720][T23636] FS: 0000000000000000(0000) GS:ffff8881247b5000(0000) knlGS:0000000000000000 [ 1493.126634][T23636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1493.133190][T23636] CR2: 00007ffd51459ef4 CR3: 000000001eebb000 CR4: 00000000003526f0 [ 1493.141146][T23636] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008 [ 1493.149088][T23636] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1493.157043][T23636] Call Trace: [ 1493.160301][T23636] [ 1493.163218][T23636] device_del+0x1d8/0x9f0 [ 1493.167529][T23636] ? __pfx_device_del+0x10/0x10 [ 1493.172369][T23636] ? netdev_unregister_kobject+0x2da/0x540 [ 1493.178166][T23636] unregister_netdevice_many_notify+0x14f0/0x24c0 [ 1493.184564][T23636] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1493.191308][T23636] ? __pfx___mutex_lock+0x10/0x10 [ 1493.196331][T23636] unregister_netdevice_queue+0x305/0x3f0 [ 1493.202042][T23636] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1493.208263][T23636] ? rtnl_net_dev_lock+0x28/0x360 [ 1493.213269][T23636] ? rtnl_net_dev_lock+0x146/0x360 [ 1493.218378][T23636] ? rtnl_lock+0x9/0x20 [ 1493.222513][T23636] ? rtnl_net_dev_lock+0x146/0x360 [ 1493.227602][T23636] unregister_netdev+0x1f/0x60 [ 1493.232362][T23636] bnep_session+0x224e/0x2d80 [ 1493.237024][T23636] ? __pfx_bnep_session+0x10/0x10 [ 1493.242042][T23636] ? do_raw_spin_lock+0x12c/0x2b0 [ 1493.247062][T23636] ? __pfx_woken_wake_function+0x10/0x10 [ 1493.252668][T23636] ? rcu_is_watching+0x12/0xc0 [ 1493.257406][T23636] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1493.263279][T23636] ? lockdep_hardirqs_on+0x7c/0x110 [ 1493.268464][T23636] ? __kthread_parkme+0x19e/0x250 [ 1493.273467][T23636] ? __pfx_bnep_session+0x10/0x10 [ 1493.278469][T23636] kthread+0x3c2/0x780 [ 1493.282525][T23636] ? __pfx_kthread+0x10/0x10 [ 1493.287084][T23636] ? rcu_is_watching+0x12/0xc0 [ 1493.291825][T23636] ? __pfx_kthread+0x10/0x10 [ 1493.296386][T23636] ret_from_fork+0x5d4/0x6f0 [ 1493.300947][T23636] ? __pfx_kthread+0x10/0x10 [ 1493.305508][T23636] ret_from_fork_asm+0x1a/0x30 [ 1493.310251][ T5870] Bluetooth: hci0: command tx timeout [ 1493.310261][T23636] [ 1493.310270][T23636] Modules linked in: [ 1493.323009][T23636] ---[ end trace 0000000000000000 ]--- [ 1493.329749][T23636] RIP: 0010:klist_put+0x4d/0x1b0 [ 1493.334753][T23636] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 1c 3f 0d [ 1493.354582][T23636] RSP: 0018:ffffc90003a9f9b0 EFLAGS: 00010202 [ 1493.360727][T23636] RAX: dffffc0000000000 RBX: ffff88805abca060 RCX: ffffffff826109fd [ 1493.368704][T23636] RDX: 000000000000000b RSI: ffffffff8b89d035 RDI: 0000000000000058 [ 1493.376972][T23636] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1493.385601][T23636] R10: 0000000000000000 R11: ffffffff81a1f1e5 R12: 0000000000000000 [ 1493.393648][T23636] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 [ 1493.401866][T23636] FS: 0000000000000000(0000) GS:ffff8881246b5000(0000) knlGS:0000000000000000 [ 1493.410874][T23636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1493.417451][T23636] CR2: 00007ffc262ea660 CR3: 0000000032576000 CR4: 00000000003526f0 [ 1493.425697][T23636] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008 [ 1493.433923][T23636] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1493.441989][T23636] Kernel panic - not syncing: Fatal exception [ 1493.448282][T23636] Kernel Offset: disabled [ 1493.452584][T23636] Rebooting in 86400 seconds..