last executing test programs: 4m55.409187567s ago: executing program 32 (id=312): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r2, 0x4068aea3, &(0x7f0000000680)={0xdb, 0x0, 0x3}) 4m47.103720847s ago: executing program 0 (id=591): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@empty, @empty, 0x0, "daf86eed51d59c3b227a93fc7264db425e9d015e14f17c0900497e00b3bb00", 0x7, 0x6, 0xffffff9d, 0xffffe6df}, 0x3c) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETSGCNT_IN6(r1, 0x89e1, &(0x7f0000000040)={@empty, @ipv4={'\x00', '\xff\xff', @local}}) 4m46.96967123s ago: executing program 0 (id=593): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 4m46.480559647s ago: executing program 0 (id=596): r0 = socket$netlink(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002080)=@updpolicy={0xc0, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xc0}}, 0x20004800) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2) 4m46.28289638s ago: executing program 0 (id=601): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) 4m46.110309819s ago: executing program 0 (id=602): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x6a}, [@ldst]}, 0x0}, 0x90) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) getsockname(r0, 0x0, &(0x7f0000000140)) 4m45.54539358s ago: executing program 0 (id=614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x32}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}]}, 0x74}}, 0x0) 4m45.238054879s ago: executing program 33 (id=614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x32}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}]}, 0x74}}, 0x0) 3m50.32806318s ago: executing program 5 (id=1466): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x1, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x40420, 0x3}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_BCAST_FLOOD={0x5, 0x1e, 0x1}, @IFLA_BRPORT_MCAST_TO_UCAST={0x5, 0x1c, 0x1}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200404c1}, 0x40000) 3m50.240011322s ago: executing program 5 (id=1468): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 3m50.19626335s ago: executing program 5 (id=1470): r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x3, {{0xa, 0x1, 0x3, @mcast2, 0x10000000}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000003c0)={0x2, {{0xa, 0x0, 0x0, @mcast1, 0xb}}}, 0x88) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90) 3m50.059658134s ago: executing program 5 (id=1473): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) connect$bt_rfcomm(r1, &(0x7f00000008c0)={0x1f, @none, 0x6}, 0xa) getpeername$packet(r1, 0x0, &(0x7f0000000500)) 3m49.208097818s ago: executing program 5 (id=1490): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) symlinkat(&(0x7f0000000400)='./file1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00') 3m49.110959012s ago: executing program 5 (id=1493): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fanotify_init(0x200, 0x0) 3m34.023359945s ago: executing program 34 (id=1493): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fanotify_init(0x200, 0x0) 3m10.519890587s ago: executing program 6 (id=2023): openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x2a01, 0x0) r0 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x3d}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 3m9.602906441s ago: executing program 6 (id=2041): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) 3m9.521889937s ago: executing program 6 (id=2042): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000002c0)='rpm_return_int\x00', r0, 0x0, 0x8}, 0x18) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_gstrings={0x1b, 0x1}}) 3m9.476474454s ago: executing program 6 (id=2043): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x205) 3m9.436398738s ago: executing program 6 (id=2044): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}, &(0x7f0000000240)=0x40) 3m7.874246755s ago: executing program 6 (id=2061): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x5, 0x6, 0x2, 0x0, 0x8, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffe01}]}]}]}}]}, 0xb0}}, 0x0) 3m7.696266359s ago: executing program 35 (id=2061): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x5, 0x6, 0x2, 0x0, 0x8, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffe01}]}]}]}}]}, 0xb0}}, 0x0) 58.656670496s ago: executing program 1 (id=3864): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 58.554018765s ago: executing program 3 (id=3866): unshare(0x40200) r0 = semget(0x1, 0x4, 0x39c) semop(r0, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1) semop(r0, &(0x7f0000000000)=[{0x3, 0xbbdd, 0x1000}, {0x2, 0x100, 0x800}], 0x2) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000140)=[0x6, 0x7fff]) unshare(0x40400) 58.457704847s ago: executing program 1 (id=3868): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x65364000) madvise(&(0x7f00006d3000/0x4000)=nil, 0x4000, 0x66) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0) 57.789443003s ago: executing program 1 (id=3874): sendmsg$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7fffffff}}], 0x30}, 0x80) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 57.660965109s ago: executing program 1 (id=3876): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260) 57.582741457s ago: executing program 1 (id=3878): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) shutdown(r0, 0x0) 57.565502443s ago: executing program 3 (id=3879): r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e) connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e) 57.395989537s ago: executing program 3 (id=3881): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a0000000500000002000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 57.24768536s ago: executing program 1 (id=3882): prlimit64(0x0, 0x9, &(0x7f0000000140)={0x2, 0x8b}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r1) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) 56.924251576s ago: executing program 36 (id=3882): prlimit64(0x0, 0x9, &(0x7f0000000140)={0x2, 0x8b}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r1) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) 56.634510866s ago: executing program 3 (id=3886): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260) 56.430873298s ago: executing program 3 (id=3889): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002640)=@newtaction={0x100, 0x30, 0x200, 0x70bd28, 0x25dfdbfc, {}, [{0x40, 0x1, [@m_ipt={0x3c, 0x7, 0x0, 0x0, {{0x8}, {0x4}, {0x11, 0x6, "e2ebd2e0185a4d308803e9306e"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0xac, 0x1, [@m_ipt={0xa8, 0x806, 0x0, 0x0, {{0x8}, {0x4}, {0x7d, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x100}}, 0x4008800) recvmmsg$unix(r1, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000015c0)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 55.993563766s ago: executing program 3 (id=3893): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x18, 0x0, 0xcb, r2}, [@IFA_LOCAL={0x8, 0x2, @remote}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010102}, @IFA_RT_PRIORITY={0x8, 0x9, 0x31}, @IFA_RT_PRIORITY={0x8, 0x9, 0x4}]}, 0x48}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 55.375418243s ago: executing program 37 (id=3893): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x18, 0x0, 0xcb, r2}, [@IFA_LOCAL={0x8, 0x2, @remote}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010102}, @IFA_RT_PRIORITY={0x8, 0x9, 0x31}, @IFA_RT_PRIORITY={0x8, 0x9, 0x4}]}, 0x48}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 3.466512508s ago: executing program 2 (id=4493): prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0x1b200000, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x4) 3.266851619s ago: executing program 7 (id=4495): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000180)={0xf000000, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x0}) syz_open_dev$MSR(0x0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0) 3.171867867s ago: executing program 2 (id=4497): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB(r3, 0xc01c64ad, &(0x7f0000000080)={r2}) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r3, 0x100000000) 2.947668898s ago: executing program 2 (id=4502): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880) ioctl$HIDIOCGREPORT(r1, 0x400c4807, 0x0) close(0x4) 2.668519103s ago: executing program 7 (id=4504): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) 2.582654242s ago: executing program 7 (id=4505): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) 2.474924823s ago: executing program 7 (id=4507): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x8000000000000001) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xdb) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000380)=0xf7) 2.066534637s ago: executing program 9 (id=4511): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, 0x0) 1.907806083s ago: executing program 9 (id=4513): r0 = syz_open_dev$media(&(0x7f00000004c0), 0x40, 0x8000) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000333}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1.713836602s ago: executing program 8 (id=4515): r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) truncate(&(0x7f0000000040)='./bus\x00', 0x9472) lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000240)=ANY=[@ANYBLOB="0402"], 0x2, 0x0) dup3(r1, r0, 0x0) finit_module(r1, 0x0, 0x0) 1.702784732s ago: executing program 9 (id=4516): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) socket(0x8, 0x3, 0x0) 1.49177329s ago: executing program 8 (id=4518): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[]) ioctl$KVM_GET_VCPU_EVENTS(r2, 0xc048aeca, &(0x7f0000000080)) 1.270872795s ago: executing program 9 (id=4521): socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x100, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.250552032s ago: executing program 8 (id=4522): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66) 1.160074495s ago: executing program 4 (id=4523): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000040)='GPL\x00'}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth0_macvtap\x00', 0x0}) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r3, 0x25, 0x2, @void}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r1, 0x4, r0}, 0x10) 966.511629ms ago: executing program 4 (id=4524): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 910.963187ms ago: executing program 9 (id=4525): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0xbac00000}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x401, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 864.944215ms ago: executing program 2 (id=4526): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$FS_IOC_RESVSP(r0, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0}) 775.755401ms ago: executing program 8 (id=4527): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2080, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xeeee8000, 0x0, 0x0, 0x8, 0xb, 0x0, 0x2, 0x0, 0x9, 0x9, 0x10}, {0x0, 0x4, 0xc, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x5, 0xff}, {0x3000, 0x5000, 0xd, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x80a0000, 0x2, 0x4, 0x0, 0x0, 0x0, 0xf7, 0xaa, 0x8, 0x0, 0x4}, {0xdddd0000, 0xdddd0000, 0x8, 0x6, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c, 0x5}, {0x0, 0x0, 0xd, 0x80, 0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x80, 0x40}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0xe8, 0x8}, {0x0, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x26, 0x3, 0x10, 0xfc}, {0x10000}, {0xeeef0000}, 0xddfcffd9, 0x0, 0x0, 0x22c, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]}) 754.204705ms ago: executing program 4 (id=4528): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000300)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)={0x10, 0x37, 0x200, 0x70bd2c, 0x25dfdbff}, 0x10}], 0x1, 0x0, 0x0, 0x80}, 0x20040051) 753.302227ms ago: executing program 9 (id=4529): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000000)=0x3) 591.692379ms ago: executing program 4 (id=4530): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_INIT(r0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020) 552.535339ms ago: executing program 8 (id=4531): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x80800) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r0, 0x0, 0xffffffa9) 504.807231ms ago: executing program 4 (id=4532): r0 = socket(0x11, 0x3, 0xfffffffd) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000800)=ANY=[@ANYRES8, @ANYRES16=r0], 0xdd12}], 0x1, 0x0, 0x0, 0x4000801}, 0x10) 401.642057ms ago: executing program 4 (id=4533): sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) 236.449394ms ago: executing program 7 (id=4534): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x157]}, 0x8) r1 = syz_io_uring_setup(0x6934, &(0x7f0000000300)={0x0, 0x125a, 0x10100, 0xffffffff, 0x16f, 0x0, r0}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000002280)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x28, 0x3, r0, 0x0, 0x0, 0x0, 0x23, 0x0, {0xfffe}}) io_uring_enter(r1, 0x44fd, 0x3, 0x1, 0x0, 0x0) signalfd(r0, &(0x7f00000002c0), 0x8) 127.522403ms ago: executing program 8 (id=4535): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) 96.555848ms ago: executing program 2 (id=4536): sendmsg$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@ip_tos_u8={{0xffffffffffffff0d, 0x0, 0x1, 0x8}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7fffffff}}], 0x30}, 0x80) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 64.991554ms ago: executing program 7 (id=4537): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x2e, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x4, 0x4}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x58, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xb, 0xf, 0x3, 0x2, 0x7ae, 0x9, 0xb11, 0x65, [{0x7fff, 0x401, 0x5, 0x6}, {0x0, 0xe1, 0x7, 0xfffffffd}, {0x3ff, 0xa, 0x76800, 0xd}]}}, @TCA_U32_CLASSID={0x6, 0x1, {0x1, 0x3}}, @TCA_U32_HASH={0x8, 0x2, 0x9}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x2006c805}, 0x20040054) 0s ago: executing program 2 (id=4538): ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) timer_create(0x1, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x1) kernel console output (not intermixed with test programs): e_slave_1) entered blocking state [ 298.579677][T14027] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.592145][T14027] bridge_slave_1: entered allmulticast mode [ 298.603040][T14027] bridge_slave_1: entered promiscuous mode [ 298.738187][T14027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 298.772919][T14027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.923237][ T5908] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 298.931475][T14027] team0: Port device team_slave_0 added [ 298.966542][T14027] team0: Port device team_slave_1 added [ 299.093197][ T5908] usb 4-1: Using ep0 maxpacket: 16 [ 299.103316][ T5908] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 299.109449][ T6190] udevd[6190]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 299.165002][ T5908] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.190789][T14027] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.202065][ T5908] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 299.225556][T14027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.267462][T14027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.292233][ T5965] usb 2-1: USB disconnect, device number 31 [ 299.293020][ T5908] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 299.314695][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 299.330102][T14027] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.338391][ T5908] usb 4-1: SerialNumber: syz [ 299.345027][T14027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.379940][T14027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.394157][ T5908] hub 4-1:1.0: bad descriptor, ignoring hub [ 299.400096][ T5908] hub 4-1:1.0: probe with driver hub failed with error -5 [ 299.410204][ T5908] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 299.431580][T14060] IPv6: sit1: Disabled Multicast RS [ 299.440414][T14060] sit1: entered allmulticast mode [ 299.532088][T14027] hsr_slave_0: entered promiscuous mode [ 299.543396][T14027] hsr_slave_1: entered promiscuous mode [ 299.549550][T14027] debugfs: 'hsr0' already exists in 'hsr' [ 299.558018][T14027] Cannot create hsr debugfs directory [ 299.693342][ T5908] usb 4-1: USB disconnect, device number 33 [ 299.955436][T14027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.997972][T14027] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.018478][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.025682][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.060143][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.067345][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.097418][T14027] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 300.110341][T14027] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 300.162903][ T5168] Bluetooth: hci1: command tx timeout [ 300.271352][T14039] kexec: Could not allocate control_code_buffer [ 300.486255][T14027] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.612989][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 300.613008][ T30] audit: type=1400 audit(2000000405.811:872): avc: denied { watch_mount } for pid=14104 comm="syz.7.3323" path="/274" dev="tmpfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 300.977013][T14027] veth0_vlan: entered promiscuous mode [ 300.984067][T14121] netlink: 'syz.1.3328': attribute type 13 has an invalid length. [ 301.019117][T14121] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 301.038483][T14121] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 301.055532][T14121] gretap1: entered promiscuous mode [ 301.060938][T14121] gretap1: entered allmulticast mode [ 301.077744][T14027] veth1_vlan: entered promiscuous mode [ 301.143298][T14027] veth0_macvtap: entered promiscuous mode [ 301.165516][T14027] veth1_macvtap: entered promiscuous mode [ 301.213229][T14027] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.232061][T14027] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.422565][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.453730][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.564113][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.592729][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.839216][T14157] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3342'. [ 301.859000][T14157] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3342'. [ 301.972959][ T5921] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 302.038816][ T30] audit: type=1326 audit(2000000407.231:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14153 comm="syz.3.3343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbcfb8ebe9 code=0x7fc00000 [ 302.088680][T14164] syzkaller1: entered promiscuous mode [ 302.100793][T14164] syzkaller1: entered allmulticast mode [ 302.146505][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.157985][ T5921] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 302.178765][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.223489][ T5921] usb 3-1: config 0 descriptor?? [ 302.241679][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3349'. [ 302.252432][ T5168] Bluetooth: hci1: command tx timeout [ 302.270615][T14170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3349'. [ 302.288118][ T4536] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.312375][ T4536] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.321264][ T4536] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.330486][ T4536] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 302.418928][ T9] IPVS: starting estimator thread 0... [ 302.433074][T14178] pim6reg1: entered promiscuous mode [ 302.438405][T14178] pim6reg1: entered allmulticast mode [ 302.455954][ T5921] usbhid 3-1:0.0: can't add hid device: -71 [ 302.469622][ T5921] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 302.505322][ T5921] usb 3-1: USB disconnect, device number 34 [ 302.511506][T14180] IPVS: using max 40 ests per chain, 96000 per kthread [ 302.651690][ T30] audit: type=1326 audit(2000000407.852:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14153 comm="syz.3.3343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdbcfb2ade9 code=0x7fc00000 [ 302.711314][ T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 302.861244][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 302.877668][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 302.890523][T14200] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 302.891010][ T30] audit: type=1400 audit(2000000408.072:875): avc: denied { connect } for pid=14198 comm="syz.3.3363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 302.929285][ T30] audit: type=1400 audit(2000000408.102:876): avc: denied { read } for pid=14198 comm="syz.3.3363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 302.931075][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 302.949004][ T5921] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 302.972479][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 302.983013][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 303.005324][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 303.016557][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.121991][ T5921] usb 3-1: Using ep0 maxpacket: 32 [ 303.128905][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.140133][ T5921] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 303.149391][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.159316][ T5921] usb 3-1: config 0 descriptor?? [ 303.168983][ T5921] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 303.180072][ T5921] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 303.234480][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 303.240112][ T9] usbtmc 2-1:16.0: can't read capabilities [ 303.241355][T14200] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 303.260098][T14210] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3366'. [ 303.273339][T14210] chnl_net:caif_netlink_parms(): no params data found [ 303.516425][ T9] usb 2-1: USB disconnect, device number 32 [ 303.580950][T14200] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 303.588980][ T5921] usb 3-1: USB disconnect, device number 35 [ 303.606593][ T5921] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 303.710375][T14200] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 303.764243][ T92] usb 9-1: new full-speed USB device number 8 using dummy_hcd [ 303.935820][ T92] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 303.956936][T14231] netlink: 'syz.3.3376': attribute type 2 has an invalid length. [ 303.960803][ T92] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 303.995307][ T92] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 304.016404][ T92] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.237332][ T92] usb 9-1: GET_CAPABILITIES returned 0 [ 304.260587][ T92] usbtmc 9-1:16.0: can't read capabilities [ 304.320567][ T5168] Bluetooth: hci1: command tx timeout [ 304.498922][ T1829] usb 9-1: USB disconnect, device number 8 [ 304.851635][ T5921] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 305.010103][ T5921] usb 4-1: Using ep0 maxpacket: 16 [ 305.017661][ T5921] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 305.037399][ T5921] usb 4-1: config 1 has no interface number 0 [ 305.041427][T14286] ALSA: mixer_oss: invalid OSS volume 'ؤnh{%OBeb' [ 305.048065][ T5921] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 305.061353][ T5921] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 305.072069][ T5921] usb 4-1: config 1 interface 105 has no altsetting 0 [ 305.091662][ T5921] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 305.101175][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.109807][ T5921] usb 4-1: Product: syz [ 305.118754][ T5921] usb 4-1: Manufacturer: syz [ 305.125322][ T5921] usb 4-1: SerialNumber: syz [ 305.139162][T14270] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 305.149578][T14270] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 305.229580][T14290] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 305.236830][ T5908] IPVS: starting estimator thread 0... [ 305.330715][T14292] IPVS: using max 44 ests per chain, 105600 per kthread [ 305.334796][T14294] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 305.568628][T14270] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 305.592252][T14270] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 305.635631][T14303] syz.7.3408 (14303): drop_caches: 2 [ 305.680267][ T1829] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 305.775181][ T30] audit: type=1326 audit(2000000410.973:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 305.819664][ T30] audit: type=1326 audit(2000000410.973:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 305.859460][ T30] audit: type=1326 audit(2000000410.973:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 305.883361][ T1829] usb 3-1: Using ep0 maxpacket: 32 [ 305.905107][ T1829] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 305.913554][ T1829] usb 3-1: config 0 has no interface number 0 [ 305.919323][T14320] input: syz1 as /devices/virtual/input/input41 [ 305.923798][ T30] audit: type=1326 audit(2000000410.973:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 305.952620][ T30] audit: type=1326 audit(2000000410.973:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 305.977209][ T30] audit: type=1326 audit(2000000410.973:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 306.001550][ T1829] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 306.012810][ T1829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.020962][ T1829] usb 3-1: Product: syz [ 306.025227][ T1829] usb 3-1: Manufacturer: syz [ 306.030036][ T30] audit: type=1326 audit(2000000410.973:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 306.030156][ T30] audit: type=1326 audit(2000000410.973:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 306.030196][ T30] audit: type=1326 audit(2000000410.973:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 306.030232][ T30] audit: type=1326 audit(2000000410.973:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14310 comm="syz.1.3412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x7ffc0000 [ 306.128429][T14327] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3419'. [ 306.135983][ T5921] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 306.141691][T14327] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3419'. [ 306.149037][ T5921] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 306.169593][ T5921] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 306.180560][ T1829] usb 3-1: SerialNumber: syz [ 306.190877][ T1829] usb 3-1: config 0 descriptor?? [ 306.198918][ T1829] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 306.213840][ T5921] aqc111 4-1:1.105 eth17: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, da:eb:be:1d:cf:70 [ 306.255458][ T5921] usb 4-1: USB disconnect, device number 34 [ 306.275106][ T5921] aqc111 4-1:1.105 eth17: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 306.381677][ T5921] aqc111 4-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 306.397568][ T5921] aqc111 4-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 306.410041][ T5851] Bluetooth: hci1: command tx timeout [ 306.417951][ T5921] aqc111 4-1:1.105 eth17 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 306.434701][ T1829] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 306.492404][ T1829] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 306.561242][T14337] overlay: filesystem on ./bus is read-only [ 306.800027][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 306.806175][ T5168] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 306.952496][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 306.963695][ T5921] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 306.973697][ T5965] usb 3-1: USB disconnect, device number 36 [ 306.991272][ T5965] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 307.006370][ T5965] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 307.018725][ T5965] quatech2 3-1:0.51: device disconnected [ 307.159067][ T5921] usb 4-1: Using ep0 maxpacket: 8 [ 307.165520][ T5921] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 307.173946][ T5921] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 307.183851][ T1829] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 307.191413][ T5921] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 307.202380][ T5921] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 307.212716][ T5921] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 307.225876][ T5921] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 307.235155][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.369493][ T1829] usb 9-1: Using ep0 maxpacket: 16 [ 307.376311][ T1829] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 307.385752][ T1829] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 307.395005][ T1829] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.405020][ T1829] usb 9-1: config 0 descriptor?? [ 307.448115][ T5921] usb 4-1: usb_control_msg returned -32 [ 307.454029][ T5921] usbtmc 4-1:16.0: can't read capabilities [ 307.623747][ T5921] usb 9-1: USB disconnect, device number 9 [ 307.789137][ T5908] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 307.818885][T14374] usbtmc 4-1:16.0: stb usb_control_msg returned -32 [ 307.832382][ T9] usb 4-1: USB disconnect, device number 35 [ 307.938890][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 307.955265][ T5908] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 307.965614][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.998160][ T5908] usb 3-1: Product: syz [ 308.004003][ T5908] usb 3-1: Manufacturer: syz [ 308.009119][ T5908] usb 3-1: SerialNumber: syz [ 308.020722][ T5908] usb 3-1: config 0 descriptor?? [ 308.042959][ T5908] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244) [ 308.063275][T14386] netlink: 360 bytes leftover after parsing attributes in process `syz.7.3445'. [ 308.151119][T14390] lo speed is unknown, defaulting to 1000 [ 308.719922][ T9] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 308.773251][T14414] vlan2: entered allmulticast mode [ 308.783467][T14414] bond0: entered allmulticast mode [ 308.850251][ T5908] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 308.863964][ T5908] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 308.882134][ T5908] usb 3-1: USB disconnect, device number 37 [ 308.885919][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 308.889048][ T5168] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 308.937131][ T9] usb 9-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 308.980042][ T9] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 62976, setting to 1024 [ 308.991333][ T9] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 309.011228][ T9] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 309.028675][ T9] usb 9-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 309.052313][ T9] usb 9-1: Product: syz [ 309.056516][ T9] usb 9-1: Manufacturer: syz [ 309.062114][ T9] usb 9-1: SerialNumber: syz [ 309.086408][ T9] cdc_mbim 9-1:1.0: skipping garbage [ 309.104780][T14431] netlink: 'syz.1.3462': attribute type 1 has an invalid length. [ 309.113781][T14431] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3462'. [ 309.123157][T14431] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3462'. [ 309.179867][T14433] mkiss: ax0: crc mode is auto. [ 309.298434][T14404] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 309.625900][T14460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3476'. [ 309.832828][T14467] syz.2.3477 (14467): drop_caches: 2 [ 309.915027][T14404] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 310.120796][T14488] netlink: 116 bytes leftover after parsing attributes in process `syz.2.3486'. [ 310.135661][ T9] cdc_mbim 9-1:1.0: failed to get mac address [ 310.154872][ T9] cdc_mbim 9-1:1.0: bind() failure [ 310.171303][ T9] cdc_ncm 9-1:1.1: probe with driver cdc_ncm failed with error -71 [ 310.185643][ T9] cdc_mbim 9-1:1.1: probe with driver cdc_mbim failed with error -71 [ 310.205130][ T9] usbtest 9-1:1.1: probe with driver usbtest failed with error -71 [ 310.277301][ T9] usb 9-1: USB disconnect, device number 10 [ 310.428423][T14494] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3489'. [ 310.441314][T14494] netlink: 'syz.7.3489': attribute type 30 has an invalid length. [ 310.463739][ T12] netdevsim netdevsim7 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.472250][ T12] netdevsim netdevsim7 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.497985][ T12] netdevsim netdevsim7 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 310.509728][ T12] netdevsim netdevsim7 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 311.001394][T14516] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.009049][T14516] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.027049][ T5908] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 311.047210][ T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 311.153492][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 311.169178][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.388430][ T5908] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 311.406853][ T5908] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 311.417116][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 311.428256][ T5908] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 311.446982][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 311.454825][ T5908] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 311.466347][ T5908] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 311.478244][ T9] usb 4-1: config 9 has an invalid interface number: 48 but max is 0 [ 311.486671][ T9] usb 4-1: config 9 has no interface number 0 [ 311.497068][ T5908] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 311.521655][ T9] usb 4-1: config 9 interface 48 has no altsetting 0 [ 311.528657][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 311.538762][ T9] usb 4-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=f3.7b [ 311.556760][ T5908] usb 9-1: Product: syz [ 311.561331][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.569427][ T5908] usb 9-1: Manufacturer: syz [ 311.585241][ T9] usb 4-1: Product: syz [ 311.591018][ T5908] cdc_wdm 9-1:1.0: skipping garbage [ 311.599209][ T9] usb 4-1: Manufacturer: syz [ 311.609079][ T5908] cdc_wdm 9-1:1.0: skipping garbage [ 311.620098][ T9] usb 4-1: SerialNumber: syz [ 311.632659][ T5908] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 311.640311][ T5908] cdc_wdm 9-1:1.0: Unknown control protocol [ 311.654693][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 311.654727][ T30] audit: type=1400 audit(2000000416.856:893): avc: denied { create } for pid=14524 comm="syz.2.3502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 311.689544][ T30] audit: type=1400 audit(2000000416.886:894): avc: denied { sys_admin } for pid=14524 comm="syz.2.3502" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 311.859990][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 311.885596][ T9] gspca_vc032x: reg_w err -71 [ 311.890798][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.898379][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.903812][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.911941][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.918035][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.923451][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.929232][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.934674][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.942176][ T30] audit: type=1326 audit(2000000417.146:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14527 comm="syz.7.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3acb8ebe9 code=0x7fc00000 [ 311.967235][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.972919][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.979280][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.984635][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.990843][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 311.996186][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.006968][ C0] cdc_wdm 9-1:1.0: Unexpected error -71 [ 312.015009][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 312.021883][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 312.028368][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 312.034969][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 312.041486][ C0] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 312.047850][ T5921] usb 9-1: USB disconnect, device number 11 [ 312.048083][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 312.060054][ C0] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 312.072913][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.079175][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.084565][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.090248][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.095545][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 312.101379][ T9] gspca_vc032x: Unknown sensor... [ 312.106748][ T9] vc032x 4-1:9.48: probe with driver vc032x failed with error -22 [ 312.127783][ T9] usb 4-1: USB disconnect, device number 36 [ 312.497482][T14543] sp0: Synchronizing with TNC [ 312.519060][T14543] sp0: Found TNC [ 312.566712][ T30] audit: type=1326 audit(2000000417.767:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14527 comm="syz.7.3503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd3acb8ebe9 code=0x7fc00000 [ 313.048808][T14573] netlink: 'syz.2.3520': attribute type 1 has an invalid length. [ 313.086613][T14573] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3520'. [ 313.201577][T14579] netlink: 'syz.7.3523': attribute type 29 has an invalid length. [ 313.248153][T14585] netlink: 'syz.7.3523': attribute type 29 has an invalid length. [ 313.248433][T14587] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 313.289724][T14579] netlink: 500 bytes leftover after parsing attributes in process `syz.7.3523'. [ 313.366075][T14579] unsupported nla_type 58 [ 313.762916][T14609] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3535'. [ 314.002039][T14618] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3540'. [ 314.325644][ T1829] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 314.368746][T14639] netlink: 84 bytes leftover after parsing attributes in process `syz.7.3550'. [ 314.380126][T14639] netlink: 84 bytes leftover after parsing attributes in process `syz.7.3550'. [ 314.489445][ T1829] usb 2-1: Using ep0 maxpacket: 32 [ 314.499609][ T1829] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 314.519536][ T1829] usb 2-1: config 0 has no interface number 0 [ 314.537714][ T1829] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 314.576807][ T1829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.636127][ T1829] usb 2-1: Product: syz [ 314.640330][ T1829] usb 2-1: Manufacturer: syz [ 314.656970][ T1829] usb 2-1: SerialNumber: syz [ 314.681270][ T1829] usb 2-1: config 0 descriptor?? [ 314.690869][ T30] audit: type=1400 audit(2000000419.868:897): avc: denied { getopt } for pid=14659 comm="syz.3.3557" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 314.711975][ T1829] smsc95xx v2.0.0 [ 314.919146][ T30] audit: type=1400 audit(2000000420.118:898): avc: denied { remount } for pid=14673 comm="syz.3.3565" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 315.206632][ T1829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 315.225909][ T1829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 315.255013][ T5965] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 315.415046][ T5965] usb 9-1: Using ep0 maxpacket: 16 [ 315.426693][ T5965] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 315.444892][ T5965] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 315.465667][ T5965] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 315.484862][ T5965] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.492917][ T5965] usb 9-1: Product: syz [ 315.497372][ T5965] usb 9-1: Manufacturer: syz [ 315.501991][ T5965] usb 9-1: SerialNumber: syz [ 315.517441][ T5965] usb 9-1: config 0 descriptor?? [ 315.534010][ T5965] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 315.543862][ T5965] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 315.639179][ T1829] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 315.659550][ T1829] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 315.692770][ T8592] udevd[8592]: setting mode of /dev/bus/usb/002/033 to 020664 failed: Read-only file system [ 315.706064][ T1829] usb 2-1: USB disconnect, device number 33 [ 315.737836][ T8592] udevd[8592]: setting owner of /dev/bus/usb/002/033 to uid=0, gid=0 failed: Read-only file system [ 315.766105][ T8592] udevd[8592]: symlink '../bus/usb/002/033' '/dev/char/189:160.tmp-c189:160' failed: Read-only file system [ 315.790108][ T8592] udevd[8592]: symlink '../bus/usb/002/033' '/dev/char/189:160.tmp-c189:160' failed: Read-only file system [ 316.134006][ T5965] em28xx 9-1:0.0: unknown em28xx chip ID (252) [ 316.339161][ T5965] em28xx 9-1:0.0: Config register raw data: 0xfc [ 316.355393][T14708] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 316.364873][ T5965] em28xx 9-1:0.0: I2S Audio (5 sample rate(s)) [ 316.389647][ T5965] em28xx 9-1:0.0: No AC97 audio processor [ 316.544984][ T5965] usb 9-1: USB disconnect, device number 12 [ 316.597115][T14714] pim6reg: entered allmulticast mode [ 316.609470][ T36] netdevsim netdevsim7 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.619572][ T36] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.638405][ T36] netdevsim netdevsim7 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.657483][ T36] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.668567][T14715] pim6reg: left allmulticast mode [ 316.693250][ T36] netdevsim netdevsim7 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.701917][ T36] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.710770][ T13] netdevsim netdevsim7 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.721001][ T13] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.731661][ T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 316.882105][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.885404][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.912121][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 316.928138][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 316.937610][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 316.954345][ T9] usb 2-1: SerialNumber: syz [ 317.175732][ T9] usb 2-1: 0:2 : does not exist [ 317.214205][ T9] usb 2-1: USB disconnect, device number 34 [ 317.249849][ T8592] udevd[8592]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.274921][ T51] Bluetooth: hci2: command 0x1003 tx timeout [ 317.275455][ T5168] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 317.394343][T14739] netlink: 'syz.3.3593': attribute type 1 has an invalid length. [ 317.432680][T14739] bond1: entered promiscuous mode [ 317.439089][T14739] 8021q: adding VLAN 0 to HW filter on device bond1 [ 317.492709][T14739] 8021q: adding VLAN 0 to HW filter on device bond2 [ 317.507286][T14739] bond1: (slave bond2): making interface the new active one [ 317.515341][T14739] bond2: entered promiscuous mode [ 317.521796][T14739] bond1: (slave bond2): Enslaving as an active interface with an up link [ 317.583237][T14748] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3596'. [ 317.789341][T14767] input: syz0 as /devices/virtual/input/input42 [ 318.493376][ T5908] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 318.665088][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 318.690679][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 318.716761][ T5908] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 318.742617][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.782354][ T5908] usb 3-1: config 0 descriptor?? [ 318.815069][T14817] block nbd8: NBD_DISCONNECT [ 318.822157][T14817] block nbd8: Send disconnect failed -22 [ 318.832912][T14814] block nbd8: Disconnected due to user request. [ 318.847633][T14814] block nbd8: shutting down sockets [ 318.960194][ T5168] Bluetooth: hci6: command 0x0405 tx timeout [ 319.043359][ T5908] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 319.272002][ T1829] usb 3-1: USB disconnect, device number 38 [ 319.323861][T14846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3625'. [ 319.992571][ T5851] Bluetooth: hci3: command 0x0406 tx timeout [ 320.000783][ T5965] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 320.016198][ T5965] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 320.377260][T14901] netlink: 92 bytes leftover after parsing attributes in process `syz.8.3642'. [ 320.390572][T14902] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3641'. [ 321.436452][ T30] audit: type=1400 audit(2000000426.641:899): avc: denied { create } for pid=14948 comm="syz.7.3656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 321.584589][T14958] netlink: 212924 bytes leftover after parsing attributes in process `syz.1.3660'. [ 322.311437][ T5851] Bluetooth: hci6: command 0x0405 tx timeout [ 322.311474][ T5965] Bluetooth: hci6: Opcode 0x0c1a failed: -110 [ 322.324368][ T5965] Bluetooth: hci6: Error when powering off device on rfkill (-110) [ 324.390566][ T5965] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 324.396752][ T5965] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 324.400394][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 326.469396][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 326.475688][ T5965] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 326.481918][ T5965] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 326.729540][T14991] netlink: 'syz.7.3674': attribute type 1 has an invalid length. [ 326.822008][T14991] bond2: entered promiscuous mode [ 326.827531][T14991] 8021q: adding VLAN 0 to HW filter on device bond2 [ 326.889137][ T5965] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 326.934844][T15000] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 326.936405][T14997] 8021q: adding VLAN 0 to HW filter on device bond3 [ 326.950558][T14997] bond2: (slave bond3): making interface the new active one [ 326.957865][T14997] bond3: entered promiscuous mode [ 326.970320][T14997] bond2: (slave bond3): Enslaving as an active interface with an up link [ 327.039141][ T5965] usb 2-1: Using ep0 maxpacket: 16 [ 327.045899][ T5965] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.067726][ T5965] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 327.077947][ T5965] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 327.087118][ T5965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.100182][ T5965] usb 2-1: config 0 descriptor?? [ 327.328326][ T5965] usb 2-1: USB disconnect, device number 35 [ 327.338913][ T5895] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 327.497789][T15029] netlink: 16178 bytes leftover after parsing attributes in process `syz.7.3691'. [ 327.511428][ T5895] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 327.522294][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 327.549249][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 327.572476][ T5895] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 327.612103][ T5895] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 327.635206][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.653050][ T5895] usb 4-1: config 0 descriptor?? [ 327.661512][T15007] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 327.685497][T15034] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15034 comm=syz.7.3692 [ 327.850675][T15038] lo speed is unknown, defaulting to 1000 [ 328.095769][ T5895] plantronics 0003:047F:FFFF.0024: reserved main item tag 0xd [ 328.116364][ T5895] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 328.286262][ T30] audit: type=1400 audit(2000000433.495:900): avc: denied { write } for pid=15057 comm="syz.2.3703" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 328.336347][ T5895] usb 4-1: USB disconnect, device number 37 [ 328.682363][T15075] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3710'. [ 328.830684][T15081] netlink: 'syz.8.3713': attribute type 21 has an invalid length. [ 328.848512][T15081] netlink: 'syz.8.3713': attribute type 22 has an invalid length. [ 328.877206][T15081] netlink: 'syz.8.3713': attribute type 23 has an invalid length. [ 328.888364][T15081] netlink: 'syz.8.3713': attribute type 25 has an invalid length. [ 328.902270][T15081] netlink: 'syz.8.3713': attribute type 26 has an invalid length. [ 328.928156][T15081] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3713'. [ 329.011637][ T5895] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 329.159900][ T5895] usb 2-1: Using ep0 maxpacket: 16 [ 329.177600][ T5895] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 329.177628][ T5895] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 329.177646][ T5895] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 329.226496][ T5895] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 329.226526][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.226545][ T5895] usb 2-1: Product: syz [ 329.226560][ T5895] usb 2-1: Manufacturer: syz [ 329.226574][ T5895] usb 2-1: SerialNumber: syz [ 329.665025][ T5895] usb 2-1: 0:2 : does not exist [ 330.095406][T15114] netlink: 'syz.3.3724': attribute type 4 has an invalid length. [ 330.495205][ T5895] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 330.573857][ T5895] usb 2-1: USB disconnect, device number 36 [ 330.599549][ T8592] udevd[8592]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 331.403978][ T30] audit: type=1326 audit(2000000436.616:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15123 comm="syz.1.3727" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f688b18ebe9 code=0x0 [ 331.810453][T15148] syzkaller1: entered promiscuous mode [ 331.816043][T15148] syzkaller1: entered allmulticast mode [ 332.156519][ T5908] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 332.307410][ T5908] usb 3-1: Using ep0 maxpacket: 16 [ 332.325903][ T5908] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 332.357942][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.384903][ T5908] usb 3-1: Product: syz [ 332.397899][ T5908] usb 3-1: Manufacturer: syz [ 332.402585][ T5908] usb 3-1: SerialNumber: syz [ 332.415870][ T5908] usb 3-1: config 0 descriptor?? [ 332.434209][ T5908] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 332.492935][T15164] syz_tun: entered promiscuous mode [ 332.538619][T15164] batadv_slave_0: entered promiscuous mode [ 332.558990][T15164] batadv_slave_0: left promiscuous mode [ 332.574976][T15164] syz_tun: left promiscuous mode [ 332.668766][ T5858] udevd[5858]: symlink '../../loop9' '/dev/disk/by-diskseq/85.tmp-b7:9' failed: Read-only file system [ 332.679794][ T6035] udevd[6035]: symlink '../../loop1' '/dev/disk/by-diskseq/86.tmp-b7:1' failed: Read-only file system [ 332.802352][ T5858] udevd[5858]: symlink '../../loop1' '/dev/disk/by-diskseq/87.tmp-b7:1' failed: Read-only file system [ 332.888138][ T5858] udevd[5858]: symlink '../../loop1' '/dev/disk/by-diskseq/87.tmp-b7:1' failed: Read-only file system [ 332.890900][ T6035] udevd[6035]: symlink '../../loop9' '/dev/disk/by-diskseq/85.tmp-b7:9' failed: Read-only file system [ 332.916615][T15175] unknown channel width for channel at 909000KHz? [ 332.923095][T15175] unknown channel width for channel at 909000KHz? [ 332.923256][ T6035] udevd[6035]: symlink '../../loop9' '/dev/disk/by-diskseq/85.tmp-b7:9' failed: Read-only file system [ 332.940655][T15175] unknown channel width for channel at 909000KHz? [ 332.964878][ T5858] udevd[5858]: symlink '../../loop1' '/dev/disk/by-diskseq/87.tmp-b7:1' failed: Read-only file system [ 333.076078][ T10] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 333.226246][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 333.233366][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.248807][ T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 333.264054][ T10] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 333.274163][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.296329][ T10] usb 9-1: config 0 descriptor?? [ 333.464500][ T5908] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 333.481688][ T5908] usb 3-1: USB disconnect, device number 39 [ 333.634627][ T10] usbhid 9-1:0.0: can't add hid device: -71 [ 333.643775][ T10] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 333.663514][ T10] usb 9-1: USB disconnect, device number 13 [ 333.968457][T15194] lo speed is unknown, defaulting to 1000 [ 334.330962][ T5895] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 334.496511][ T5895] usb 4-1: Using ep0 maxpacket: 32 [ 334.503782][ T5895] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 334.514444][ T5895] usb 4-1: config 0 has no interface number 0 [ 334.514487][ T5895] usb 4-1: config 0 interface 184 has no altsetting 0 [ 334.518480][ T5895] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 334.518505][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.518524][ T5895] usb 4-1: Product: syz [ 334.518537][ T5895] usb 4-1: Manufacturer: syz [ 334.518551][ T5895] usb 4-1: SerialNumber: syz [ 334.520628][ T5895] usb 4-1: config 0 descriptor?? [ 334.525653][ T5895] smsc75xx v1.0.0 [ 334.635289][ T5965] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 334.785400][ T5965] usb 2-1: Using ep0 maxpacket: 8 [ 334.798005][T15236] lo speed is unknown, defaulting to 1000 [ 334.812816][ T5965] usb 2-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 334.822508][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.830935][ T5965] usb 2-1: Product: syz [ 334.837621][ T5965] usb 2-1: Manufacturer: syz [ 334.842279][ T5965] usb 2-1: SerialNumber: syz [ 334.853978][ T5965] usb 2-1: config 0 descriptor?? [ 334.867081][ T5965] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 335.085277][ T5908] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 335.251591][ T5908] usb 9-1: config 0 has no interfaces? [ 335.262164][ T5908] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 335.271900][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.281147][ T5908] usb 9-1: Product: syz [ 335.285570][ T5908] usb 9-1: Manufacturer: syz [ 335.290164][ T5908] usb 9-1: SerialNumber: syz [ 335.305718][ T5908] usb 9-1: config 0 descriptor?? [ 335.578286][T15236] netdevsim netdevsim8 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 335.589459][T15236] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.655904][ T10] usb 9-1: USB disconnect, device number 14 [ 335.741110][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 335.761455][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 335.771344][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 335.782703][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 335.792483][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 335.802862][ T5895] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 335.812662][ T5895] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 335.829486][ T5895] usb 4-1: USB disconnect, device number 38 [ 336.076008][ T5965] gspca_sonixj: reg_w1 err -71 [ 336.081171][ T5965] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 336.094772][ T5965] usb 2-1: USB disconnect, device number 37 [ 336.564349][ T5965] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 336.720242][ T5965] usb 4-1: config 0 has an invalid interface number: 199 but max is 1 [ 336.728913][ T5965] usb 4-1: config 0 has no interface number 1 [ 336.738935][ T5965] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 336.750179][ T5965] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 336.765441][ T5965] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 336.784296][ T5965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 336.792319][ T5965] usb 4-1: SerialNumber: syz [ 336.838834][ T5965] usb 4-1: config 0 descriptor?? [ 336.886190][ T5965] usb 4-1: Found UVC 0.00 device (0002:0000) [ 336.893120][ T5965] usb 4-1: No valid video chain found. [ 337.094242][ T5908] usb 4-1: USB disconnect, device number 39 [ 337.193941][ T13] netdevsim netdevsim8 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 337.210714][ T13] netdevsim netdevsim8 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 337.268551][T15286] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 337.285015][T15286] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.780297][ T30] audit: type=1400 audit(2000000442.989:902): avc: denied { ioctl } for pid=15299 comm="syz.3.3800" path="socket:[51458]" dev="sockfs" ino=51458 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 338.233587][ T5908] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 338.404999][ T5908] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 338.414985][ T5908] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 338.428362][ T5908] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 338.443292][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.657091][T15286] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 338.670206][T15286] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.683276][T15286] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 338.694779][ T5908] usb 2-1: usb_control_msg returned -32 [ 338.700372][ T5908] usbtmc 2-1:16.0: can't read capabilities [ 338.809105][T15286] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 338.833522][T15286] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.863426][T15286] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 339.031977][T15324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3811'. [ 339.078075][T15324] veth0_macvtap: left promiscuous mode [ 339.189912][ T7469] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 339.199104][ T7469] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 339.209515][ T7469] netdevsim netdevsim8 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 339.229721][ T7469] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 339.239043][ T7469] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 339.248989][ T7469] netdevsim netdevsim8 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 339.257490][ T5908] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 339.277804][ T49] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 339.286228][ T49] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 339.294799][ T49] netdevsim netdevsim8 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 339.312420][ T49] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 339.320976][ T49] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 339.329471][ T49] netdevsim netdevsim8 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 339.376420][T15333] overlayfs: failed to set uuid (305/file1, err=-1); falling back to uuid=null. [ 339.385656][T15333] overlayfs: failed to verify upper root origin [ 339.421746][ T5908] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 339.443051][ T5908] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 339.457958][ T5908] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 339.468865][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.491851][T15320] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 339.510047][ T5908] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 339.547283][ T6035] udevd[6035]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 339.728129][ T5895] usb 3-1: USB disconnect, device number 40 [ 339.734695][ T1829] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 339.894027][ T1829] usb 9-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 339.903448][ T1829] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.913463][ T1829] usb 9-1: config 0 descriptor?? [ 340.042532][ T5908] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 340.084621][T15343] overlayfs: upper fs does not support file handles, falling back to index=off. [ 340.135128][ T30] audit: type=1400 audit(2000000445.351:903): avc: denied { name_bind 0x1000000 } for pid=15344 comm="syz.7.3820" path="socket:[51649]" dev="sockfs" ino=51649 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 340.139781][T15345] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 340.202454][ T5908] usb 4-1: Using ep0 maxpacket: 32 [ 340.208990][ T5908] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 340.217688][ T5908] usb 4-1: config 0 has no interface number 0 [ 340.227054][ T5908] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 340.237828][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.248000][ T5908] usb 4-1: Product: syz [ 340.252162][ T5908] usb 4-1: Manufacturer: syz [ 340.257130][ T5908] usb 4-1: SerialNumber: syz [ 340.264041][ T5908] usb 4-1: config 0 descriptor?? [ 340.276500][ T5908] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 340.490405][ T5908] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 340.528133][ T5908] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 340.888482][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 340.904998][ T5908] usb 4-1: USB disconnect, device number 40 [ 340.932093][ T5908] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 340.932189][ T5895] usb 3-1: new full-speed USB device number 41 using dummy_hcd [ 340.955427][ T5908] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 340.971106][ T5908] quatech2 4-1:0.51: device disconnected [ 341.005748][ T5965] usb 2-1: USB disconnect, device number 38 [ 341.103990][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 341.118726][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.129222][ T5895] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 341.138696][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.154729][ T1829] usb 9-1: Cannot set autoneg [ 341.159605][ T1829] MOSCHIP usb-ethernet driver 9-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 341.173519][ T5895] usb 3-1: config 0 descriptor?? [ 341.191824][ T1829] usb 9-1: USB disconnect, device number 15 [ 341.290579][T15380] syzkaller1: entered promiscuous mode [ 341.296349][T15380] syzkaller1: entered allmulticast mode [ 341.304976][T15380] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 341.396028][T15384] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3838'. [ 341.407024][T15384] netlink: 'syz.7.3838': attribute type 7 has an invalid length. [ 341.420581][T15384] netlink: 'syz.7.3838': attribute type 8 has an invalid length. [ 341.430076][T15384] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3838'. [ 341.444609][T15384] erspan0: entered promiscuous mode [ 341.450685][T15384] gretap0: entered promiscuous mode [ 341.465571][T15384] hsr1: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network [ 341.478835][T15384] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network [ 341.600578][ T5895] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 341.906330][ T5895] usb 3-1: USB disconnect, device number 41 [ 342.508416][ T30] audit: type=1400 audit(2000000447.722:904): avc: denied { shutdown } for pid=15416 comm="syz.1.3851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 343.355706][ T5858] udevd[5858]: symlink '../../loop5' '/dev/disk/by-diskseq/91.tmp-b7:5' failed: Read-only file system [ 343.384542][ T8592] udevd[8592]: symlink '../../loop9' '/dev/disk/by-diskseq/90.tmp-b7:9' failed: Read-only file system [ 343.448365][ T8592] udevd[8592]: symlink '../../loop9' '/dev/disk/by-diskseq/90.tmp-b7:9' failed: Read-only file system [ 343.632126][ T9] libceph: connect (1)[c::]:6789 error -101 [ 343.642876][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 343.923453][ T9] libceph: connect (1)[c::]:6789 error -101 [ 343.929655][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 344.007987][T15476] SELinux: unknown common  [ 344.014034][T15476] SELinux: failed to load policy [ 344.425838][T15457] ceph: No mds server is up or the cluster is laggy [ 344.440709][ T9] libceph: connect (1)[c::]:6789 error -101 [ 344.447121][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 344.535107][ T30] audit: type=1400 audit(2000000449.753:905): avc: denied { setopt } for pid=15483 comm="syz.2.3875" lport=47983 faddr=255.255.255.254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 344.828190][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 344.857809][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 344.973690][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 345.002187][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 345.363575][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 345.392740][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 345.576398][ T5168] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 345.591408][ T5168] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 345.602187][ T5168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 345.610299][ T5168] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 345.617750][ T5168] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 345.635324][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 345.699276][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 345.706729][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 345.716837][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 345.724743][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 345.861065][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 345.884433][T15515] input: syz1 as /devices/virtual/input/input44 [ 345.892233][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 346.058794][T15510] lo speed is unknown, defaulting to 1000 [ 347.022568][ T12] bridge_slave_1: left promiscuous mode [ 347.028319][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.169014][ T5921] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 347.222657][ T12] bridge_slave_0: left allmulticast mode [ 347.228325][ T12] bridge_slave_0: left promiscuous mode [ 347.245151][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.368864][ T5921] usb 3-1: Using ep0 maxpacket: 16 [ 347.375481][ T5921] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 347.385267][ T5921] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 75, changing to 10 [ 347.398509][ T5921] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 25344, setting to 1024 [ 347.416041][ T5921] usb 3-1: config 0 interface 0 has no altsetting 0 [ 347.445137][ T5921] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 347.465378][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.474868][ T5921] usb 3-1: Product: syz [ 347.488035][ T5921] usb 3-1: Manufacturer: syz [ 347.502462][ T5168] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 347.515431][ T5921] usb 3-1: SerialNumber: syz [ 347.520320][ T5168] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 347.531176][ T5168] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 347.539874][ T5168] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 347.547254][ T5168] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 347.569125][ T5921] usb 3-1: config 0 descriptor?? [ 347.812096][ T5921] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input45 [ 347.823197][ T5168] Bluetooth: hci2: command tx timeout [ 347.984240][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 348.005550][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 348.014471][ T10] usb 3-1: USB disconnect, device number 42 [ 348.023671][ T12] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 348.047027][ T12] bond0 (unregistering): Released all slaves [ 348.160161][ T12] k*]: left promiscuous mode [ 348.216609][T15529] lo speed is unknown, defaulting to 1000 [ 348.427079][T15510] chnl_net:caif_netlink_parms(): no params data found [ 348.622909][T15555] netlink: 96 bytes leftover after parsing attributes in process `syz.7.3906'. [ 348.765918][ T12] hsr_slave_0: left promiscuous mode [ 348.774959][ T12] hsr_slave_1: left promiscuous mode [ 348.782021][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.395622][ T12] team0 (unregistering): Port device team_slave_1 removed [ 349.439365][ T12] team0 (unregistering): Port device team_slave_0 removed [ 349.581964][ T5168] Bluetooth: hci3: command tx timeout [ 349.801481][T15529] chnl_net:caif_netlink_parms(): no params data found [ 349.825394][T15510] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.850446][T15510] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.865049][T15510] bridge_slave_0: entered allmulticast mode [ 349.872788][T15510] bridge_slave_0: entered promiscuous mode [ 349.894443][T15510] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.901785][ T5168] Bluetooth: hci2: command tx timeout [ 349.915489][T15510] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.939673][T15510] bridge_slave_1: entered allmulticast mode [ 349.947095][T15510] bridge_slave_1: entered promiscuous mode [ 350.034230][T15510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.068242][T15510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 350.125955][T15510] team0: Port device team_slave_0 added [ 350.131997][T15529] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.140329][T15529] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.148575][T15529] bridge_slave_0: entered allmulticast mode [ 350.155334][T15529] bridge_slave_0: entered promiscuous mode [ 350.163707][T15529] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.171137][T15529] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.178334][T15529] bridge_slave_1: entered allmulticast mode [ 350.185004][T15529] bridge_slave_1: entered promiscuous mode [ 350.193837][T15510] team0: Port device team_slave_1 added [ 350.230945][T15510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.238307][T15510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.264426][T15510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.280461][T15529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.292243][ T12] IPVS: stop unused estimator thread 0... [ 350.292267][T15529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 350.313784][T15510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.320767][T15510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.346895][T15510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 350.396383][T15529] team0: Port device team_slave_0 added [ 350.434085][T15529] team0: Port device team_slave_1 added [ 350.450129][T15510] hsr_slave_0: entered promiscuous mode [ 350.459882][T15510] hsr_slave_1: entered promiscuous mode [ 350.466105][T15510] debugfs: 'hsr0' already exists in 'hsr' [ 350.471934][T15510] Cannot create hsr debugfs directory [ 350.506059][ T12] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.521034][ T12] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.581659][T15529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.592762][T15529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.623588][T15529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.660286][ T12] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.670693][ T12] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.686927][T15529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.694128][T15529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.722112][T15529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 350.769776][ T12] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 350.774752][T15621] netlink: 'syz.2.3930': attribute type 1 has an invalid length. [ 350.783530][ T12] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.817051][T15621] bond1: entered promiscuous mode [ 350.826161][T15621] 8021q: adding VLAN 0 to HW filter on device bond1 [ 350.872809][T15624] loop8: detected capacity change from 0 to 16384 [ 350.938830][T15621] 8021q: adding VLAN 0 to HW filter on device bond1 [ 350.976602][T15621] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 351.027236][T15621] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 351.060007][ T8592] udevd[8592]: symlink '../../loop8' '/dev/disk/by-diskseq/92.tmp-b7:8' failed: Read-only file system [ 351.066432][T15621] bond1: (slave vcan1): making interface the new active one [ 351.117068][T15621] vcan1: entered promiscuous mode [ 351.131837][T15621] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 351.181679][T15529] hsr_slave_0: entered promiscuous mode [ 351.188227][T15529] hsr_slave_1: entered promiscuous mode [ 351.194355][T15529] debugfs: 'hsr0' already exists in 'hsr' [ 351.200279][T15529] Cannot create hsr debugfs directory [ 351.249254][ T12] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 351.268137][T15625] loop8: detected capacity change from 16384 to 16383 [ 351.268286][ T12] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.400335][ T8592] udevd[8592]: symlink '../../loop8' '/dev/disk/by-diskseq/92.tmp-b7:8' failed: Read-only file system [ 351.641726][ T8592] udevd[8592]: symlink '../../loop8' '/dev/disk/by-diskseq/92.tmp-b7:8' failed: Read-only file system [ 351.656980][ T5168] Bluetooth: hci3: command tx timeout [ 351.693447][ T8592] udevd[8592]: symlink '../../loop8' '/dev/disk/by-diskseq/92.tmp-b7:8' failed: Read-only file system [ 351.946584][ T5908] usb 9-1: new full-speed USB device number 16 using dummy_hcd [ 351.986926][ T5168] Bluetooth: hci2: command tx timeout [ 352.129986][ T5908] usb 9-1: config 0 has an invalid interface number: 139 but max is 0 [ 352.132856][ T12] bond0 (unregistering): Released all slaves [ 352.138265][ T5908] usb 9-1: config 0 has no interface number 0 [ 352.138305][ T5908] usb 9-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 352.138325][ T5908] usb 9-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D [ 352.138349][ T5908] usb 9-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64 [ 352.191051][ T5908] usb 9-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 352.206318][ T5908] usb 9-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6 [ 352.215558][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.224756][ T5908] usb 9-1: Product: syz [ 352.229056][ T5908] usb 9-1: Manufacturer: syz [ 352.233650][ T5908] usb 9-1: SerialNumber: syz [ 352.241619][ T5908] usb 9-1: config 0 descriptor?? [ 352.247318][T15645] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 352.254713][T15645] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 352.303200][ T12] bond1 (unregistering): (slave bond2): Releasing backup interface [ 352.311587][ T12] bond2 (unregistering): left promiscuous mode [ 352.318999][ T12] bond1 (unregistering): Released all slaves [ 352.403417][ T12] bond2 (unregistering): Released all slaves [ 352.465183][T15510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.474561][ T5908] mct_u232 9-1:0.139: MCT U232 converter detected [ 352.498699][T15510] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.505459][ T5908] usb 9-1: MCT U232 converter now attached to ttyUSB0 [ 352.525649][ T5908] usb 9-1: USB disconnect, device number 16 [ 352.532617][ T12] : left promiscuous mode [ 352.555432][ T5908] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0 [ 352.563969][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.571097][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.585150][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.586756][ T5908] mct_u232 9-1:0.139: device disconnected [ 352.592303][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.641174][T15529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.701616][T15529] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.715939][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.723090][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.743621][T15510] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 352.754317][T15510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 352.791016][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.798169][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.890147][T15529] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 352.922765][ T12] hsr_slave_0: left promiscuous mode [ 352.930619][ T12] hsr_slave_1: left promiscuous mode [ 352.958965][ T12] veth1_macvtap: left promiscuous mode [ 352.964593][ T12] veth1_vlan: left promiscuous mode [ 352.970868][ T12] veth0_vlan: left promiscuous mode [ 353.426144][ T92] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 353.586043][ T92] usb 9-1: Using ep0 maxpacket: 32 [ 353.598261][ T92] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.613368][ T92] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.623253][ T92] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 353.632669][ T92] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.642748][ T92] usb 9-1: config 0 descriptor?? [ 353.652097][ T92] hub 9-1:0.0: USB hub found [ 353.736008][ T5168] Bluetooth: hci3: command tx timeout [ 353.861919][ T92] hub 9-1:0.0: 1 port detected [ 353.972629][T15510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.055871][ T5168] Bluetooth: hci2: command tx timeout [ 354.074907][T15529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.111346][ T12] IPVS: stop unused estimator thread 0... [ 354.277436][ T92] usb 9-1: USB disconnect, device number 17 [ 354.369810][T15510] veth0_vlan: entered promiscuous mode [ 354.390446][T15510] veth1_vlan: entered promiscuous mode [ 354.443907][T15510] veth0_macvtap: entered promiscuous mode [ 354.463774][T15510] veth1_macvtap: entered promiscuous mode [ 354.505398][T15529] veth0_vlan: entered promiscuous mode [ 354.520450][T15529] veth1_vlan: entered promiscuous mode [ 354.531809][T15510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.552436][T15510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.605974][T15529] veth0_macvtap: entered promiscuous mode [ 354.618660][T15529] veth1_macvtap: entered promiscuous mode [ 354.654015][T15529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.679153][T15529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.770508][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.835173][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.929378][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.942114][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.016228][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.038327][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.100622][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.120982][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.146033][ T5908] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 355.297136][ T5908] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 355.316899][ T5908] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 355.327056][ T92] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 355.349595][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 355.368325][ T5908] usb 9-1: Product: syz [ 355.372950][ T5908] usb 9-1: Manufacturer: syz [ 355.382734][ T5908] usb 9-1: SerialNumber: syz [ 355.495303][ T92] usb 10-1: Using ep0 maxpacket: 32 [ 355.507382][ T92] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 355.535081][ T92] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.555485][ T92] usb 10-1: Product: syz [ 355.559798][ T92] usb 10-1: Manufacturer: syz [ 355.607208][ T92] usb 10-1: SerialNumber: syz [ 355.617116][ T5908] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 355.640135][ T92] usb 10-1: config 0 descriptor?? [ 355.680393][ T92] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 355.810415][T15735] netlink: 'syz.4.3961': attribute type 13 has an invalid length. [ 355.812539][ T10] usb 9-1: USB disconnect, device number 18 [ 355.818629][ T5168] Bluetooth: hci3: command tx timeout [ 355.834937][T15735] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3961'. [ 355.873227][ T10] usblp0: removed [ 355.934421][T15735] netlink: 'syz.4.3961': attribute type 13 has an invalid length. [ 355.948286][T15735] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3961'. [ 356.209302][T15747] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3966'. [ 356.407881][T15756] smc: adding net device bond0 with user defined pnetid SYZ2 [ 356.518014][T15764] loop2: detected capacity change from 0 to 6 [ 356.528784][T15764] Dev loop2: unable to read RDB block 6 [ 356.535507][T15764] loop2: unable to read partition table [ 356.543147][T15764] loop2: partition table beyond EOD, truncated [ 356.557782][T15764] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 356.573137][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/94.tmp-b7:2' failed: Read-only file system [ 356.601088][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/94.tmp-b7:2' failed: Read-only file system [ 356.622874][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/94.tmp-b7:2' failed: Read-only file system [ 356.687614][T15766] netlink: 'syz.8.3974': attribute type 1 has an invalid length. [ 356.801739][T15766] 8021q: adding VLAN 0 to HW filter on device bond1 [ 356.845687][T15770] bond1: (slave geneve3): making interface the new active one [ 356.856646][T15770] bond1: (slave geneve3): Enslaving as an active interface with an up link [ 356.918189][ T92] gspca_stk1135: reg_w 0xd err -71 [ 356.925737][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 356.932081][ T92] gspca_stk1135: Sensor write failed [ 356.947790][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 356.954220][ T92] gspca_stk1135: Sensor write failed [ 356.959584][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 356.966397][ T92] gspca_stk1135: Sensor read failed [ 356.971659][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 356.982356][ T92] gspca_stk1135: Sensor read failed [ 356.989603][ T92] gspca_stk1135: Detected sensor type unknown (0x0) [ 357.004375][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 357.017383][ T92] gspca_stk1135: Sensor read failed [ 357.029100][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 357.042329][ T92] gspca_stk1135: Sensor read failed [ 357.052818][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 357.066737][ T92] gspca_stk1135: Sensor write failed [ 357.080173][ T92] gspca_stk1135: serial bus timeout: status=0x00 [ 357.099294][ T92] gspca_stk1135: Sensor write failed [ 357.112851][ T92] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71 [ 357.150953][ T92] usb 10-1: USB disconnect, device number 2 [ 357.302891][T15789] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3983'. [ 357.792411][T15809] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3988'. [ 357.841623][T15809] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3988'. [ 358.223588][ T92] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 358.385060][ T92] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 358.396878][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.409916][ T92] usb 5-1: config 0 descriptor?? [ 358.693409][ T5921] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 358.858838][ T5921] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 358.874562][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 358.886587][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 358.896614][ T5921] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 358.910047][ T5921] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 358.920172][ T5921] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.943395][ T5921] usb 10-1: config 0 descriptor?? [ 359.409331][ T5921] plantronics 0003:047F:FFFF.0026: ignoring exceeding usage max [ 359.451460][ T5921] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 359.657898][ T5921] usb 10-1: USB disconnect, device number 3 [ 359.687235][ T92] pegasus 5-1:0.0: can't reset MAC [ 359.696120][ T92] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 359.708884][ T92] usb 5-1: USB disconnect, device number 5 [ 359.892844][ T5908] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 360.053024][ T5908] usb 9-1: Using ep0 maxpacket: 8 [ 360.064175][ T5908] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 360.092048][ T5908] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 360.106309][ T5908] usb 9-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 360.115510][ T5908] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.125610][ T5908] usb 9-1: Product: syz [ 360.129777][ T5908] usb 9-1: Manufacturer: syz [ 360.142456][ T5908] usb 9-1: SerialNumber: syz [ 360.149207][ T5908] usb 9-1: config 0 descriptor?? [ 360.159746][ T5908] powermate 9-1:0.0: probe with driver powermate failed with error -22 [ 360.370323][T15877] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 362.351467][ T5921] usb 10-1: new full-speed USB device number 4 using dummy_hcd [ 362.437503][T15932] Bluetooth: hci0: invalid len left 7, exp >= 131 [ 362.516349][ T5921] usb 10-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 362.533840][ T5921] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.552628][ T5921] usb 10-1: Product: syz [ 362.557015][ T5921] usb 10-1: Manufacturer: syz [ 362.565742][ T5921] usb 10-1: SerialNumber: syz [ 362.574221][ T5921] usb 10-1: config 0 descriptor?? [ 362.594341][ T5921] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 362.615699][ T5921] pctv452e: pctv452e_power_ctrl: 1 [ 362.615699][ T5921] [ 362.632460][ T5921] usb 10-1: selecting invalid altsetting 3 [ 362.647872][ T5921] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 362.647872][ T5921] [ 362.659441][ T5921] dvb-usb: bulk message failed: -22 (5/0) [ 362.674446][ T5921] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 362.688029][ T10] usb 9-1: USB disconnect, device number 19 [ 362.726477][ T5921] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19) [ 362.868869][ T92] usb 10-1: USB disconnect, device number 4 [ 363.241052][ T5908] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 363.412328][ T5908] usb 9-1: config 0 has an invalid interface number: 134 but max is 0 [ 363.453187][ T5908] usb 9-1: config 0 has no interface number 0 [ 363.481591][ T5908] usb 9-1: New USB device found, idVendor=1c04, idProduct=0015, bcdDevice=e2.1e [ 363.507687][ T5908] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.554564][ T5908] usb 9-1: config 0 descriptor?? [ 363.848005][ T5908] usb 9-1: USB disconnect, device number 20 [ 363.867585][T15962] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4053'. [ 364.236303][T15970] netlink: 9 bytes leftover after parsing attributes in process `syz.9.4056'. [ 364.267405][T15970] gretap0: entered promiscuous mode [ 364.282502][T15972] veth0_to_bridge: entered promiscuous mode [ 364.295599][T15971] veth0_to_bridge: left promiscuous mode [ 364.303184][T15970] netlink: 5 bytes leftover after parsing attributes in process `syz.9.4056'. [ 364.313923][T15970] 0{X: renamed from gretap0 [ 364.322624][T15970] 0{X: left promiscuous mode [ 364.334128][T15970] 0{X: entered allmulticast mode [ 364.353318][T15970] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 364.489009][T15981] netlink: 'syz.4.4061': attribute type 10 has an invalid length. [ 364.507375][T15981] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4061'. [ 364.544494][T15981] team0: Port device geneve0 added [ 364.748534][T15996] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4064'. [ 364.768450][T15998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4067'. [ 364.825645][T16001] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 364.957927][ T30] audit: type=1400 audit(2000000470.183:906): avc: denied { listen } for pid=16008 comm="syz.9.4072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 365.241283][T16025] netlink: 'syz.2.4077': attribute type 15 has an invalid length. [ 365.249172][T16025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4077'. [ 365.267961][T16025] netlink: 'syz.2.4077': attribute type 15 has an invalid length. [ 365.277219][T16025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4077'. [ 365.347055][ T30] audit: type=1326 audit(2000000470.573:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16030 comm="syz.8.4080" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f031338ebe9 code=0x0 [ 365.422775][ T30] audit: type=1400 audit(2000000470.653:908): avc: denied { audit_write } for pid=16034 comm="syz.2.4082" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 365.610477][T16046] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4086'. [ 365.979653][ T5965] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 366.136750][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.149260][ T5965] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 366.173700][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.236616][ T5965] usb 5-1: config 0 descriptor?? [ 366.386845][T16059] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4091'. [ 366.704368][ T5965] lenovo 0003:17EF:6047.0027: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 366.843070][T16067] netlink: 'syz.8.4094': attribute type 1 has an invalid length. [ 366.962112][T16067] bond2: entered promiscuous mode [ 366.974402][T16067] 8021q: adding VLAN 0 to HW filter on device bond2 [ 367.007827][T16070] 8021q: adding VLAN 0 to HW filter on device bond2 [ 367.045372][T16070] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 367.059260][T16070] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 367.083001][T16070] bond2: (slave vcan1): making interface the new active one [ 367.090474][T16070] vcan1: entered promiscuous mode [ 367.097743][T16070] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 367.455069][T16085] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 367.512720][ T5965] lenovo 0003:17EF:6047.0027: Sensitivity setting failed: -71 [ 367.524917][ T5965] usb 5-1: USB disconnect, device number 6 [ 367.899164][ T10] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 368.053559][ T10] usb 10-1: config index 0 descriptor too short (expected 45, got 36) [ 368.075227][ T10] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 368.130640][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 368.152927][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 368.160448][T16105] loop2: detected capacity change from 0 to 7 [ 368.193502][T16105] Dev loop2: unable to read RDB block 7 [ 368.198430][ T10] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 368.227087][T16105] loop2: unable to read partition table [ 368.228404][ T10] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 368.248454][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.251669][T16105] loop2: partition table beyond EOD, truncated [ 368.272880][ T10] usb 10-1: config 0 descriptor?? [ 368.277989][T16105] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 368.298852][T16089] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 368.339901][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/96.tmp-b7:2' failed: Read-only file system [ 368.414019][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/96.tmp-b7:2' failed: Read-only file system [ 368.502560][ T8592] udevd[8592]: symlink '../../loop2' '/dev/disk/by-diskseq/96.tmp-b7:2' failed: Read-only file system [ 368.569892][ T30] audit: type=1400 audit(2000000473.795:909): avc: denied { read } for pid=16118 comm="syz.4.4115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 368.754978][ T10] plantronics 0003:047F:FFFF.0028: reserved main item tag 0xd [ 368.797908][ T10] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 369.023437][ T92] usb 10-1: USB disconnect, device number 5 [ 369.847796][T16148] netlink: 180 bytes leftover after parsing attributes in process `syz.9.4127'. [ 369.873106][T16148] netlink: 180 bytes leftover after parsing attributes in process `syz.9.4127'. [ 369.916662][T16148] SELinux: security_context_str_to_sid (eue) failed with errno=-22 [ 370.020015][ T12] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x7d [ 370.210178][T16162] lo speed is unknown, defaulting to 1000 [ 370.688409][ T30] audit: type=1400 audit(2000000475.926:910): avc: denied { mounton } for pid=16174 comm="syz.2.4137" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 370.709731][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.772665][ T30] audit: type=1400 audit(2000000476.006:911): avc: denied { read open } for pid=16176 comm="syz.2.4138" path="/" dev="configfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 370.794919][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.932437][ T30] audit: type=1400 audit(2000000476.166:912): avc: denied { read } for pid=16181 comm="syz.2.4140" path="socket:[56195]" dev="sockfs" ino=56195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 371.243063][T16189] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 371.243063][T16189] Q&|xXX -90 [ 391.800555][T16840] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 391.829391][ T10] hub 9-1:0.0: hub_ext_port_status failed (err = -71) [ 391.829602][ T43] usb 9-1: USB disconnect, device number 23 [ 392.196565][ T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 392.376525][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 392.394016][ T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 392.434812][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 392.452166][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 392.465569][ T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 392.479781][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 392.490819][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.724603][ T10] usb 3-1: GET_CAPABILITIES returned 0 [ 392.749026][ T10] usbtmc 3-1:16.0: can't read capabilities [ 392.953818][ T5895] usb 3-1: USB disconnect, device number 46 [ 393.036103][ T43] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 393.186103][ T43] usb 10-1: Using ep0 maxpacket: 8 [ 393.199550][ T43] usb 10-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 393.247981][ T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.275521][ T43] usb 10-1: Product: syz [ 393.290195][ T43] usb 10-1: Manufacturer: syz [ 393.310806][ T43] usb 10-1: SerialNumber: syz [ 393.335715][ T43] usb 10-1: config 0 descriptor?? [ 393.358539][ T43] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 393.415553][T16883] netlink: 'syz.7.4435': attribute type 1 has an invalid length. [ 393.423675][T16883] netlink: 56 bytes leftover after parsing attributes in process `syz.7.4435'. [ 393.945726][ T5965] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 393.954815][ T12] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 393.966078][T16907] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 394.107499][ T5965] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 394.117982][ T5965] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 394.127726][ T5965] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.140336][ T5965] usb 9-1: config 0 descriptor?? [ 394.151658][ T5965] pwc: Askey VC010 type 2 USB webcam detected. [ 394.205583][ T5895] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 394.365490][ T5895] usb 3-1: Using ep0 maxpacket: 16 [ 394.395786][ T5895] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 394.409432][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.418616][ T5895] usb 3-1: Product: syz [ 394.422817][ T5895] usb 3-1: Manufacturer: syz [ 394.427710][ T5895] usb 3-1: SerialNumber: syz [ 394.440616][ T5895] usb 3-1: config 0 descriptor?? [ 394.441349][T16917] random: crng reseeded on system resumption [ 394.452347][ T5895] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 394.463925][ T30] audit: type=1400 audit(2000000499.708:949): avc: denied { ioctl } for pid=16916 comm="syz.4.4448" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x330f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 394.558102][ T5965] pwc: recv_control_msg error -32 req 02 val 2b00 [ 394.569414][ T5965] pwc: recv_control_msg error -32 req 02 val 2700 [ 394.576561][ T5965] pwc: recv_control_msg error -32 req 02 val 2c00 [ 394.586730][ T43] gspca_sonixj: reg_w1 err -71 [ 394.666151][ T43] sonixj 10-1:0.0: probe with driver sonixj failed with error -71 [ 394.688537][ T43] usb 10-1: USB disconnect, device number 10 [ 394.785498][ T5965] pwc: recv_control_msg error -71 req 04 val 1300 [ 394.797937][ T5965] pwc: recv_control_msg error -71 req 04 val 1400 [ 394.804902][ T5965] pwc: recv_control_msg error -71 req 02 val 2000 [ 394.812276][ T5965] pwc: recv_control_msg error -71 req 02 val 2100 [ 394.821675][ T5965] pwc: recv_control_msg error -71 req 04 val 1500 [ 394.840499][ T5965] pwc: recv_control_msg error -71 req 02 val 2500 [ 394.858252][ T5965] pwc: recv_control_msg error -71 req 02 val 2400 [ 394.869491][ T5965] pwc: recv_control_msg error -71 req 02 val 2600 [ 394.877585][ T5965] pwc: recv_control_msg error -71 req 02 val 2900 [ 394.887770][ T5965] pwc: recv_control_msg error -71 req 02 val 2800 [ 394.897559][ T5965] pwc: recv_control_msg error -71 req 04 val 1100 [ 394.912854][ T5965] pwc: recv_control_msg error -71 req 04 val 1200 [ 394.949171][ T5965] pwc: Registered as video103. [ 394.975329][ T5965] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input50 [ 395.053137][ T5965] usb 9-1: USB disconnect, device number 24 [ 395.662055][ T5895] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 395.688971][ T5895] usb 3-1: USB disconnect, device number 47 [ 396.338305][T16971] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 396.914127][ T43] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 397.092963][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 397.440118][T16986] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4475'. [ 397.452192][ T43] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 397.462051][ T43] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 397.483855][ T43] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 397.542006][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 397.551813][ T43] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 397.562198][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 397.576024][ T43] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 397.604064][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.614892][ T43] usb 3-1: config 0 descriptor?? [ 397.837710][T16978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 397.893983][T16978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 397.928280][ T43] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 48 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 398.023232][ T43] usb 3-1: USB disconnect, device number 48 [ 398.048777][ T43] usblp0: removed [ 398.353535][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 398.676372][T17027] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4492'. [ 398.714905][T17027] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4492'. [ 399.362928][ T5908] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 399.517164][ T5908] usb 3-1: Using ep0 maxpacket: 32 [ 399.556187][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.571159][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.626818][T17061] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4506'. [ 399.638982][ T5908] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 399.679489][T17061] netlink: 32 bytes leftover after parsing attributes in process `syz.8.4506'. [ 399.692424][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.742194][ T5908] usb 3-1: config 0 descriptor?? [ 400.314062][ T5908] savu 0003:1E7D:2D5A.002E: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 400.422113][T17084] Invalid ELF header magic: != ELF [ 400.471616][T17086] lo speed is unknown, defaulting to 1000 [ 400.524279][ T30] audit: type=1400 audit(2000000505.771:950): avc: denied { create } for pid=17081 comm="syz.9.4516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 400.566507][ T43] usb 3-1: USB disconnect, device number 49 [ 400.891415][ T30] audit: type=1400 audit(2000000506.131:951): avc: denied { read } for pid=17099 comm="syz.9.4521" path="socket:[62669]" dev="sockfs" ino=62669 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 401.591867][ T92] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 401.711841][ T5168] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 401.845468][ T92] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 402.036045][ T92] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 402.088279][T17135] netlink: 'syz.7.4537': attribute type 1 has an invalid length. [ 402.102943][ T92] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 402.146179][T17138] [ 402.148528][T17138] ===================================================== [ 402.155451][T17138] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 402.162886][T17138] syzkaller #0 Not tainted [ 402.167272][T17138] ----------------------------------------------------- [ 402.174172][T17138] syz.8.4535/17138 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 402.181859][T17138] ffff888075c8a750 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 402.190530][T17138] [ 402.190530][T17138] and this task is already holding: [ 402.197865][T17138] ffff8880212a3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 402.207692][T17138] which would create a new lock dependency: [ 402.213551][T17138] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 402.221615][T17138] [ 402.221615][T17138] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 402.231042][T17138] (&client->buffer_lock){..-.}-{3:3} [ 402.231059][T17138] [ 402.231059][T17138] ... which became SOFTIRQ-irq-safe at: [ 402.244071][T17138] lock_acquire+0x179/0x350 [ 402.248645][T17138] _raw_spin_lock+0x2e/0x40 [ 402.253213][T17138] evdev_pass_values+0x10e/0x9b0 [ 402.258213][T17138] evdev_events+0x1bb/0x390 [ 402.262776][T17138] input_pass_values+0x74e/0x880 [ 402.267789][T17138] input_handle_event+0xf00/0x14d0 [ 402.272979][T17138] input_event+0x8e/0xd0 [ 402.277290][T17138] xpad360_process_packet.part.0+0x603/0xce0 [ 402.283354][T17138] xpad_irq_in+0x8b5/0x2ac0 [ 402.287925][T17138] __usb_hcd_giveback_urb+0x388/0x610 [ 402.293377][T17138] usb_hcd_giveback_urb+0x39b/0x450 [ 402.298642][T17138] dummy_timer+0x1814/0x3a30 [ 402.303301][T17138] __hrtimer_run_queues+0x1ff/0xad0 [ 402.308560][T17138] hrtimer_run_softirq+0x17d/0x350 [ 402.313729][T17138] handle_softirqs+0x216/0x8e0 [ 402.318552][T17138] __irq_exit_rcu+0x109/0x170 [ 402.323288][T17138] irq_exit_rcu+0x9/0x30 [ 402.327591][T17138] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 402.333283][T17138] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 402.339321][T17138] _raw_spin_unlock_irqrestore+0x31/0x80 [ 402.345010][T17138] __wake_up+0x3f/0x60 [ 402.349142][T17138] rcu_exp_wait_wake+0x1c3/0x1600 [ 402.354221][T17138] kthread_worker_fn+0x30d/0xc50 [ 402.359220][T17138] kthread+0x3c5/0x780 [ 402.363354][T17138] ret_from_fork+0x5d7/0x6f0 [ 402.368008][T17138] ret_from_fork_asm+0x1a/0x30 [ 402.372843][T17138] [ 402.372843][T17138] to a SOFTIRQ-irq-unsafe lock: [ 402.379827][T17138] (tasklist_lock){.+.+}-{3:3} [ 402.379843][T17138] [ 402.379843][T17138] ... which became SOFTIRQ-irq-unsafe at: [ 402.392449][T17138] ... [ 402.392457][T17138] lock_acquire+0x179/0x350 [ 402.399598][T17138] _raw_read_lock+0x5f/0x70 [ 402.404240][T17138] __do_wait+0x105/0x890 [ 402.408717][T17138] do_wait+0x21e/0x5a0 [ 402.412865][T17138] kernel_wait+0x9f/0x160 [ 402.417254][T17138] call_usermodehelper_exec_work+0xf1/0x170 [ 402.423221][T17138] process_one_work+0x9cf/0x1b70 [ 402.428224][T17138] worker_thread+0x6c8/0xf10 [ 402.432872][T17138] kthread+0x3c5/0x780 [ 402.436997][T17138] ret_from_fork+0x5d7/0x6f0 [ 402.441648][T17138] ret_from_fork_asm+0x1a/0x30 [ 402.446472][T17138] [ 402.446472][T17138] other info that might help us debug this: [ 402.446472][T17138] [ 402.456670][T17138] Chain exists of: [ 402.456670][T17138] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 402.456670][T17138] [ 402.469755][T17138] Possible interrupt unsafe locking scenario: [ 402.469755][T17138] [ 402.478055][T17138] CPU0 CPU1 [ 402.483390][T17138] ---- ---- [ 402.488743][T17138] lock(tasklist_lock); [ 402.492955][T17138] local_irq_disable(); [ 402.499678][T17138] lock(&client->buffer_lock); [ 402.507021][T17138] lock(&new->fa_lock); [ 402.513766][T17138] [ 402.517206][T17138] lock(&client->buffer_lock); [ 402.522220][T17138] [ 402.522220][T17138] *** DEADLOCK *** [ 402.522220][T17138] [ 402.530343][T17138] 7 locks held by syz.8.4535/17138: [ 402.535513][T17138] #0: ffff88802ada0118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 402.544652][T17138] #1: ffff8881472ea230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 402.554857][T17138] #2: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 402.564590][T17138] #3: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 402.574140][T17138] #4: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 402.583244][T17138] #5: ffff8880212a3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 402.593475][T17138] #6: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 402.602499][T17138] [ 402.602499][T17138] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 402.612884][T17138] -> (&client->buffer_lock){..-.}-{3:3} { [ 402.618593][T17138] IN-SOFTIRQ-W at: [ 402.622543][T17138] lock_acquire+0x179/0x350 [ 402.628675][T17138] _raw_spin_lock+0x2e/0x40 [ 402.634816][T17138] evdev_pass_values+0x10e/0x9b0 [ 402.641379][T17138] evdev_events+0x1bb/0x390 [ 402.647506][T17138] input_pass_values+0x74e/0x880 [ 402.654069][T17138] input_handle_event+0xf00/0x14d0 [ 402.660820][T17138] input_event+0x8e/0xd0 [ 402.666685][T17138] xpad360_process_packet.part.0+0x603/0xce0 [ 402.674287][T17138] xpad_irq_in+0x8b5/0x2ac0 [ 402.680413][T17138] __usb_hcd_giveback_urb+0x388/0x610 [ 402.687412][T17138] usb_hcd_giveback_urb+0x39b/0x450 [ 402.694236][T17138] dummy_timer+0x1814/0x3a30 [ 402.700448][T17138] __hrtimer_run_queues+0x1ff/0xad0 [ 402.707273][T17138] hrtimer_run_softirq+0x17d/0x350 [ 402.714005][T17138] handle_softirqs+0x216/0x8e0 [ 402.720403][T17138] __irq_exit_rcu+0x109/0x170 [ 402.726700][T17138] irq_exit_rcu+0x9/0x30 [ 402.732578][T17138] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 402.739831][T17138] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 402.747430][T17138] _raw_spin_unlock_irqrestore+0x31/0x80 [ 402.754686][T17138] __wake_up+0x3f/0x60 [ 402.760655][T17138] rcu_exp_wait_wake+0x1c3/0x1600 [ 402.767317][T17138] kthread_worker_fn+0x30d/0xc50 [ 402.773887][T17138] kthread+0x3c5/0x780 [ 402.779587][T17138] ret_from_fork+0x5d7/0x6f0 [ 402.785796][T17138] ret_from_fork_asm+0x1a/0x30 [ 402.792190][T17138] INITIAL USE at: [ 402.796059][T17138] lock_acquire+0x179/0x350 [ 402.802110][T17138] _raw_spin_lock+0x2e/0x40 [ 402.808218][T17138] evdev_pass_values+0x10e/0x9b0 [ 402.814716][T17138] evdev_events+0x1bb/0x390 [ 402.820758][T17138] input_pass_values+0x74e/0x880 [ 402.827241][T17138] input_handle_event+0xf00/0x14d0 [ 402.833907][T17138] input_inject_event+0x1e8/0x3b0 [ 402.840467][T17138] evdev_write+0x457/0x750 [ 402.846425][T17138] vfs_write+0x29d/0x11d0 [ 402.852299][T17138] ksys_write+0x1f8/0x250 [ 402.858161][T17138] do_syscall_64+0xcd/0x4c0 [ 402.864202][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.871628][T17138] } [ 402.874107][T17138] ... key at: [] __key.1+0x0/0x40 [ 402.881193][T17138] [ 402.881193][T17138] the dependencies between the lock to be acquired [ 402.881201][T17138] and SOFTIRQ-irq-unsafe lock: [ 402.894679][T17138] -> (tasklist_lock){.+.+}-{3:3} { [ 402.899959][T17138] HARDIRQ-ON-R at: [ 402.904172][T17138] lock_acquire+0x179/0x350 [ 402.910650][T17138] _raw_read_lock+0x5f/0x70 [ 402.917126][T17138] __do_wait+0x105/0x890 [ 402.923343][T17138] do_wait+0x21e/0x5a0 [ 402.929473][T17138] kernel_wait+0x9f/0x160 [ 402.935770][T17138] call_usermodehelper_exec_work+0xf1/0x170 [ 402.943633][T17138] process_one_work+0x9cf/0x1b70 [ 402.950539][T17138] worker_thread+0x6c8/0xf10 [ 402.957099][T17138] kthread+0x3c5/0x780 [ 402.963148][T17138] ret_from_fork+0x5d7/0x6f0 [ 402.969705][T17138] ret_from_fork_asm+0x1a/0x30 [ 402.976450][T17138] SOFTIRQ-ON-R at: [ 402.980613][T17138] lock_acquire+0x179/0x350 [ 402.987114][T17138] _raw_read_lock+0x5f/0x70 [ 402.993589][T17138] __do_wait+0x105/0x890 [ 402.999816][T17138] do_wait+0x21e/0x5a0 [ 403.005859][T17138] kernel_wait+0x9f/0x160 [ 403.012159][T17138] call_usermodehelper_exec_work+0xf1/0x170 [ 403.020215][T17138] process_one_work+0x9cf/0x1b70 [ 403.027121][T17138] worker_thread+0x6c8/0xf10 [ 403.033677][T17138] kthread+0x3c5/0x780 [ 403.039723][T17138] ret_from_fork+0x5d7/0x6f0 [ 403.046290][T17138] ret_from_fork_asm+0x1a/0x30 [ 403.053025][T17138] INITIAL USE at: [ 403.057077][T17138] lock_acquire+0x179/0x350 [ 403.063467][T17138] _raw_write_lock_irq+0x36/0x50 [ 403.070294][T17138] copy_process+0x4caf/0x7690 [ 403.076864][T17138] kernel_clone+0xfc/0x930 [ 403.083184][T17138] user_mode_thread+0xc7/0x110 [ 403.089837][T17138] rest_init+0x23/0x2b0 [ 403.095877][T17138] start_kernel+0x3ee/0x4d0 [ 403.102261][T17138] x86_64_start_reservations+0x18/0x30 [ 403.109610][T17138] x86_64_start_kernel+0x130/0x190 [ 403.116598][T17138] common_startup_64+0x13e/0x148 [ 403.123418][T17138] INITIAL READ USE at: [ 403.127892][T17138] lock_acquire+0x179/0x350 [ 403.134714][T17138] _raw_read_lock+0x5f/0x70 [ 403.141531][T17138] __do_wait+0x105/0x890 [ 403.148095][T17138] do_wait+0x21e/0x5a0 [ 403.154484][T17138] kernel_wait+0x9f/0x160 [ 403.161388][T17138] call_usermodehelper_exec_work+0xf1/0x170 [ 403.169603][T17138] process_one_work+0x9cf/0x1b70 [ 403.176863][T17138] worker_thread+0x6c8/0xf10 [ 403.183780][T17138] kthread+0x3c5/0x780 [ 403.190163][T17138] ret_from_fork+0x5d7/0x6f0 [ 403.197077][T17138] ret_from_fork_asm+0x1a/0x30 [ 403.204168][T17138] } [ 403.206813][T17138] ... key at: [] tasklist_lock+0x18/0x40 [ 403.214676][T17138] ... acquired at: [ 403.218634][T17138] _raw_read_lock+0x5f/0x70 [ 403.223279][T17138] send_sigio+0xb8/0x3e0 [ 403.227672][T17138] dnotify_handle_event+0x15e/0x2b0 [ 403.233030][T17138] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 403.239590][T17138] fsnotify+0x13d6/0x1dc0 [ 403.244074][T17138] vfs_mkdir+0x71d/0x8c0 [ 403.248457][T17138] do_mkdirat+0x304/0x3e0 [ 403.252932][T17138] __x64_sys_mkdirat+0x83/0xb0 [ 403.257851][T17138] do_syscall_64+0xcd/0x4c0 [ 403.262502][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.268539][T17138] [ 403.270838][T17138] -> (&f_owner->lock){....}-{3:3} { [ 403.276119][T17138] INITIAL USE at: [ 403.280067][T17138] lock_acquire+0x179/0x350 [ 403.286294][T17138] _raw_write_lock_irq+0x36/0x50 [ 403.292940][T17138] __f_setown+0x61/0x3c0 [ 403.298904][T17138] generic_setlease+0xeef/0x1300 [ 403.305559][T17138] kernel_setlease+0x106/0x140 [ 403.312031][T17138] vfs_setlease+0x258/0x2d0 [ 403.318239][T17138] fcntl_setlease+0x3ed/0x5a0 [ 403.324625][T17138] do_fcntl+0x751/0x15a0 [ 403.330578][T17138] __x64_sys_fcntl+0x163/0x200 [ 403.337052][T17138] do_syscall_64+0xcd/0x4c0 [ 403.343266][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.350866][T17138] INITIAL READ USE at: [ 403.355263][T17138] lock_acquire+0x179/0x350 [ 403.361912][T17138] _raw_read_lock_irq+0x67/0x80 [ 403.368904][T17138] do_fcntl+0x4d9/0x15a0 [ 403.375294][T17138] __x64_sys_fcntl+0x163/0x200 [ 403.382293][T17138] do_syscall_64+0xcd/0x4c0 [ 403.388939][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.396975][T17138] } [ 403.399541][T17138] ... key at: [] __key.1+0x0/0x40 [ 403.406708][T17138] ... acquired at: [ 403.410573][T17138] _raw_read_lock_irqsave+0x74/0x90 [ 403.415929][T17138] send_sigio+0x31/0x3e0 [ 403.420321][T17138] kill_fasync+0x214/0x510 [ 403.424892][T17138] lease_break_callback+0x23/0x30 [ 403.430066][T17138] __break_lease+0x674/0x1810 [ 403.434896][T17138] do_dentry_open+0x91f/0x1530 [ 403.439805][T17138] vfs_open+0x82/0x3f0 [ 403.444020][T17138] path_openat+0x1de4/0x2cb0 [ 403.448767][T17138] do_filp_open+0x20b/0x470 [ 403.453419][T17138] do_sys_openat2+0x11b/0x1d0 [ 403.458256][T17138] __x64_sys_open+0x153/0x1e0 [ 403.463078][T17138] do_syscall_64+0xcd/0x4c0 [ 403.467727][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.473768][T17138] [ 403.476077][T17138] -> (&new->fa_lock){....}-{3:3} { [ 403.481169][T17138] INITIAL USE at: [ 403.485038][T17138] lock_acquire+0x179/0x350 [ 403.491083][T17138] _raw_write_lock_irq+0x36/0x50 [ 403.497562][T17138] fasync_remove_entry+0xb2/0x1e0 [ 403.504126][T17138] fasync_helper+0xaf/0xd0 [ 403.510079][T17138] sock_fasync+0x92/0x140 [ 403.515945][T17138] __fput+0x968/0xb70 [ 403.521464][T17138] task_work_run+0x14d/0x240 [ 403.527589][T17138] exit_to_user_mode_loop+0xeb/0x110 [ 403.534417][T17138] do_syscall_64+0x3f6/0x4c0 [ 403.540548][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.547983][T17138] INITIAL READ USE at: [ 403.552281][T17138] lock_acquire+0x179/0x350 [ 403.558758][T17138] _raw_read_lock_irqsave+0x74/0x90 [ 403.565934][T17138] kill_fasync+0x138/0x510 [ 403.572324][T17138] sock_wake_async+0x132/0x160 [ 403.579057][T17138] mptcp_close_wake_up+0x2eb/0x600 [ 403.586148][T17138] __mptcp_close_ssk+0xd54/0x14d0 [ 403.593174][T17138] mptcp_destroy_common+0x65a/0xaf0 [ 403.600348][T17138] mptcp_disconnect+0x228/0x870 [ 403.607168][T17138] inet_shutdown+0x26c/0x440 [ 403.613735][T17138] __sys_shutdown+0x116/0x1b0 [ 403.620469][T17138] __x64_sys_shutdown+0x53/0x80 [ 403.627292][T17138] do_syscall_64+0xcd/0x4c0 [ 403.633787][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.641663][T17138] } [ 403.644139][T17138] ... key at: [] __key.0+0x0/0x40 [ 403.651235][T17138] ... acquired at: [ 403.655007][T17138] lock_acquire+0x179/0x350 [ 403.659664][T17138] _raw_read_lock_irqsave+0x74/0x90 [ 403.665006][T17138] kill_fasync+0x138/0x510 [ 403.669569][T17138] evdev_pass_values+0x619/0x9b0 [ 403.674658][T17138] evdev_events+0x1bb/0x390 [ 403.679320][T17138] input_pass_values+0x74e/0x880 [ 403.684417][T17138] input_handle_event+0xf00/0x14d0 [ 403.689685][T17138] input_inject_event+0x1e8/0x3b0 [ 403.694868][T17138] evdev_write+0x457/0x750 [ 403.699431][T17138] vfs_write+0x29d/0x11d0 [ 403.703903][T17138] ksys_write+0x1f8/0x250 [ 403.708384][T17138] do_syscall_64+0xcd/0x4c0 [ 403.713049][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.719087][T17138] [ 403.721396][T17138] [ 403.721396][T17138] stack backtrace: [ 403.727346][T17138] CPU: 1 UID: 0 PID: 17138 Comm: syz.8.4535 Not tainted syzkaller #0 PREEMPT(full) [ 403.727362][T17138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 403.727369][T17138] Call Trace: [ 403.727373][T17138] [ 403.727378][T17138] dump_stack_lvl+0x116/0x1f0 [ 403.727392][T17138] check_irq_usage+0x7dc/0x920 [ 403.727409][T17138] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 403.727425][T17138] ? check_path.constprop.0+0x24/0x50 [ 403.727441][T17138] ? __lock_acquire+0x12bc/0x1ce0 [ 403.727457][T17138] __lock_acquire+0x12bc/0x1ce0 [ 403.727476][T17138] lock_acquire+0x179/0x350 [ 403.727492][T17138] ? kill_fasync+0x138/0x510 [ 403.727510][T17138] _raw_read_lock_irqsave+0x74/0x90 [ 403.727521][T17138] ? kill_fasync+0x138/0x510 [ 403.727535][T17138] kill_fasync+0x138/0x510 [ 403.727551][T17138] evdev_pass_values+0x619/0x9b0 [ 403.727569][T17138] evdev_events+0x1bb/0x390 [ 403.727584][T17138] input_pass_values+0x74e/0x880 [ 403.727600][T17138] input_handle_event+0xf00/0x14d0 [ 403.727615][T17138] ? _copy_from_user+0x59/0xd0 [ 403.727631][T17138] input_inject_event+0x1e8/0x3b0 [ 403.727647][T17138] evdev_write+0x457/0x750 [ 403.727663][T17138] ? __pfx_evdev_write+0x10/0x10 [ 403.727679][T17138] ? bpf_lsm_file_permission+0x9/0x10 [ 403.727694][T17138] ? security_file_permission+0x71/0x210 [ 403.727711][T17138] ? rw_verify_area+0xcf/0x6c0 [ 403.727727][T17138] ? __pfx_evdev_write+0x10/0x10 [ 403.727744][T17138] vfs_write+0x29d/0x11d0 [ 403.727756][T17138] ? __pfx_vfs_write+0x10/0x10 [ 403.727765][T17138] ? find_held_lock+0x2b/0x80 [ 403.727778][T17138] ? __fget_files+0x204/0x3c0 [ 403.727791][T17138] ? __fget_files+0x20e/0x3c0 [ 403.727804][T17138] ksys_write+0x1f8/0x250 [ 403.727814][T17138] ? __pfx_ksys_write+0x10/0x10 [ 403.727826][T17138] do_syscall_64+0xcd/0x4c0 [ 403.727839][T17138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.727851][T17138] RIP: 0033:0x7f031338ebe9 [ 403.727860][T17138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.727871][T17138] RSP: 002b:00007f03141f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 403.727882][T17138] RAX: ffffffffffffffda RBX: 00007f03135b5fa0 RCX: 00007f031338ebe9 [ 403.727889][T17138] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 403.727895][T17138] RBP: 00007f0313411e19 R08: 0000000000000000 R09: 0000000000000000 [ 403.727902][T17138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.727908][T17138] R13: 00007f03135b6038 R14: 00007f03135b5fa0 R15: 00007ffcdabdd498 [ 403.727918][T17138] [ 403.727946][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.990701][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.010812][ T92] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 404.084369][ T92] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 404.102757][ T92] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.117442][ T92] usb 10-1: config 0 descriptor?? [ 404.531206][ T92] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 406.105678][ T43] usb 10-1: USB disconnect, device number 11 [ 407.069051][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!