last executing test programs: 3m43.059384945s ago: executing program 2 (id=290): socket$inet6_sctp(0xa, 0x801, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 3m42.964115641s ago: executing program 2 (id=292): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) open(&(0x7f0000000380)='./bus\x00', 0x240, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x2, 0x5}, 0x0, &(0x7f0000000140)={0x1ff, 0x7f, 0x4, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 3m41.882670921s ago: executing program 2 (id=301): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000100)=[{0xffffffffffffffff, 0x3, {0xbd51cb138c98d8f3, 0x1, 0x4}, {0x0, 0xf0, 0x1}, 0xff, 0xfe}, {0x0, 0x3, {0x1}, {0x0, 0xff}, 0x1, 0x7f}, {0x2, 0xffffffffffffffff, {0x2, 0x1}, {0x1, 0x0, 0x5}, 0x2, 0x1}], 0x60) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) 3m40.951268365s ago: executing program 2 (id=302): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') setpgid(r0, 0x0) setpgid(0x0, r0) mount(0x0, &(0x7f0000000300)='./file1\x00', 0x0, 0x800, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) 3m40.367181984s ago: executing program 2 (id=305): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r3, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 3m39.437644745s ago: executing program 2 (id=310): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c000000190001090000000000000000021800000000fd010014000008000100ac14140008000400", @ANYRES32, @ANYBLOB="100016800c00038000000100", @ANYRES32, @ANYBLOB="0600150004"], 0x4c}}, 0x0) 3m38.210658277s ago: executing program 32 (id=310): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c000000190001090000000000000000021800000000fd010014000008000100ac14140008000400", @ANYRES32, @ANYBLOB="100016800c00038000000100", @ANYRES32, @ANYBLOB="0600150004"], 0x4c}}, 0x0) 2m28.122032328s ago: executing program 0 (id=635): mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c63616368653d6d6d61702c572d5dd72fd4f18c09f9bc0d"]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$FUSE_INIT(r3, &(0x7f00000003c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x7, 0x10080000, 0x3, 0x10, 0x80000001, 0x1, 0x0, 0x0, 0x10, 0x1}}, 0x50) write$tcp_mem(r3, &(0x7f0000000180)={0x5, 0x20, 0x544c, 0x20, 0x100000001}, 0x48) 2m27.662018318s ago: executing program 0 (id=637): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x800) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m27.603366459s ago: executing program 4 (id=638): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="040e05000f20"], 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x8) 2m26.909443065s ago: executing program 4 (id=641): bind$tipc(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, 0x0, 0x0) connect$inet6(r0, 0x0, 0x0) mmap(&(0x7f0000ce2000/0x4000)=nil, 0x4000, 0x2000006, 0x12, 0xffffffffffffffff, 0x913e0000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0xe8a2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m26.60915163s ago: executing program 4 (id=643): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount$9p_xen(0x0, 0x0, &(0x7f0000000180), 0x244404, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[], 0x1a3) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x2180) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r1, 0xc9, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1eace2d0fb0a010000000000000000030001000000008000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x6]}}) 2m26.488248828s ago: executing program 0 (id=644): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) creat(0x0, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x8c5) chdir(&(0x7f00000001c0)='./file0\x00') unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200) 2m26.305084452s ago: executing program 0 (id=645): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) unshare(0x60600) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) readahead(r3, 0x2, 0x7) 2m25.948552716s ago: executing program 4 (id=648): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0) pread64(r1, &(0x7f0000000380)=""/85, 0x55, 0x81ffffffbfffffc) 2m24.492132432s ago: executing program 0 (id=654): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000400)={r8, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r4, 0x0, r9, r5], [0x2b8], [], [0x800000000]}) 2m24.280231531s ago: executing program 0 (id=657): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x36e084fcb6392193, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2m21.057162424s ago: executing program 4 (id=670): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount(0x0, &(0x7f0000000300)='./file1\x00', &(0x7f0000000080)='tmpfs\x00', 0x800, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) 2m20.837605596s ago: executing program 4 (id=674): socket$kcm(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x13, 0x10, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) socket$kcm(0x2, 0x5, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000304fcff00"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000140012800b0001006970766c616e00000348028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 2m9.149201034s ago: executing program 33 (id=657): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x36e084fcb6392193, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2m5.38355689s ago: executing program 34 (id=674): socket$kcm(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x13, 0x10, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) socket$kcm(0x2, 0x5, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000304fcff00"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000140012800b0001006970766c616e00000348028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 13.742706531s ago: executing program 7 (id=1153): socket(0x2, 0x80805, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0xfffffffe, @loopback}, 0x1c) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xc0}, &(0x7f00000002c0)=0x0, &(0x7f0000000640)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={0x0, 0x21c}}, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r1, 0x47bc, 0x20, 0x0, 0x0, 0x0) 13.389372875s ago: executing program 7 (id=1157): open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0xb, 0x2, 0x9, 0xfffffffffffffff7, 0x6, 0x3000000002, 0x35fe7901]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13.082686995s ago: executing program 7 (id=1158): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) 9.358250887s ago: executing program 6 (id=1172): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x44, 0x4, 0x478, 0xffffffff, 0x2f8, 0x228, 0x228, 0xffffffff, 0xffffffff, 0x470, 0x470, 0x470, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x203, 0xa8, 0x1d0, 0x8502}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:initctl_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x11}}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, [0xff, 0xffffffff, 0xff000000, 0xff000000], 0x0, 0x4e21, 0x0, 0x4e23, 0x0, 0x8000}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8) unshare(0x6a040000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r2, 0x0, 0x26, &(0x7f0000000040)={@multicast1, @loopback, @empty}, 0xc) r3 = socket(0x2b, 0x80801, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380) sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000) listen(r3, 0x9) 9.0027327s ago: executing program 7 (id=1174): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) syz_emit_ethernet(0x4a, &(0x7f0000000940)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x14, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0xff}, @private1={0xfc, 0x1, '\x00', 0x1}, {[], @ndisc_ns={0x87, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) listen(r1, 0x5) accept4(r1, &(0x7f0000000240)=@x25, 0x0, 0x80800) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x5, @empty}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 8.741432518s ago: executing program 3 (id=1176): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0) 8.438432101s ago: executing program 1 (id=1177): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000680)=ANY=[@ANYBLOB="8c0100001e00810b000000000000000007000000", @ANYRES32=0x0, @ANYBLOB], 0x18c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x4, [{0x0, 0x2, 0x1000000}]}, @restrict={0x0, 0x0, 0x0, 0x6, 0x2}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x14, 0x1e8, &(0x7f0000000680)}) 7.615399373s ago: executing program 7 (id=1178): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair(0x23, 0x5, 0x0, &(0x7f0000000080)) 7.525962815s ago: executing program 3 (id=1179): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000007000200060c10000000010000000000", 0x58}], 0x1) 5.870216287s ago: executing program 3 (id=1180): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700e, 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x2) 5.707269244s ago: executing program 7 (id=1181): fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, 0x2, 0x0, 0x80000000}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000005640)=0x1, 0x4) gettid() open(0x0, 0x141b42, 0x0) pipe(0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r1) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0) mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0) mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x21a8f5, 0x0) 5.529766483s ago: executing program 3 (id=1182): prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$can_bcm(0x1d, 0x2, 0x2) socket$inet(0x2, 0xa, 0x400) sendmsg$can_bcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000064000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000208000140000000000900010073797a300000000008000a40000000021c0008800c00024000000000000000000c0001"], 0xac}}, 0x0) 5.474516153s ago: executing program 5 (id=1183): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000013c0)=""/86, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74, 0x8080000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000180)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000026c0)=ANY=[@ANYBLOB="2000000010000107feffffff000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x4000) recvmmsg(r2, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1}, 0x80000007}], 0x1, 0x0, 0x0) 5.396121243s ago: executing program 1 (id=1184): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) ftruncate(r3, 0x200004) sendfile(r2, r3, 0x0, 0x80001d00c0d1) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 5.224856731s ago: executing program 3 (id=1185): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) statx(0xffffffffffffffff, 0x0, 0x100, 0x20, &(0x7f0000000440)) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r2, 0x15f1, 0xff98, 0x69, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 5.074478105s ago: executing program 6 (id=1186): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000680)='nilfs2_mdt_submit_block\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48) close(0x3) prlimit64(0x0, 0x9, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$evdev(&(0x7f0000000080), 0x10002, 0xcb058d7760901e46) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000006000000850000004f000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 5.03235251s ago: executing program 1 (id=1187): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, 0x0, 0x0) 4.401922852s ago: executing program 5 (id=1188): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.387851777s ago: executing program 6 (id=1189): mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2) socket(0x200000000000011, 0x2, 0x0) write$FUSE_INIT(r0, &(0x7f0000000140)={0x50}, 0xffd3) syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x3415, 0x10100}, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000000140), 0x80) syz_io_uring_setup(0x3d, &(0x7f0000000180)={0x0, 0x0, 0x10100}, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x8000000000000001, 0x0, 0xc3ad, 0x0, 0x3}, 0x0, 0x0) write$sndseq(r0, &(0x7f00000001c0)=[{0x2, 0x8, 0x3, 0x46, @tick=0x9, {0x5, 0xff}, {0x9, 0x1e}, @raw8={"fea053ae015ea2a805f42810"}}, {0x5, 0x7, 0x9, 0x9, @time={0x1, 0x3e79}, {0x9, 0x7}, {0x6, 0x3}, @time=@time={0x6}}], 0x38) read$FUSE(r0, &(0x7f00000079c0)={0x2020}, 0x2020) 3.472842386s ago: executing program 6 (id=1190): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) r3 = io_uring_setup(0x67bb, &(0x7f0000000280)) io_uring_enter(r3, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) 3.322540316s ago: executing program 5 (id=1191): openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="2b0d911f56551ad9ff000000000000", 0xf}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b10f78fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee059", 0x472}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 3.077464071s ago: executing program 1 (id=1192): openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x14, &(0x7f00000000c0)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f933a3c92b", 0x14}], 0x1}, 0x0) 2.235510902s ago: executing program 6 (id=1193): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) pipe2$9p(&(0x7f0000000f80)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, 0x0, 0x0, r2) mkdir(&(0x7f0000000000)='./bus\x00', 0x65) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 1.893230233s ago: executing program 5 (id=1194): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) dup3(r2, r1, 0x0) 812.933409ms ago: executing program 1 (id=1195): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000000280)='./file1\x00') rename(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 610.858368ms ago: executing program 6 (id=1196): signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0xd]}, 0x8) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfad9, 0x8, 0x0, 0x173}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) socket$xdp(0x2c, 0x3, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socket(0x40000000015, 0x5, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xd}, 0x0, &(0x7f00000002c0)={0x3fc, 0x0, 0x100000, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_io_uring_setup(0x7b47, 0x0, 0x0, 0x0) 609.966623ms ago: executing program 3 (id=1197): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) splice(r3, 0x0, r2, 0x0, 0x7f, 0xe) write(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000a44000/0x4000)=nil, 0x4000, 0x0, 0xbc32038f2d035af6, 0xffffffffffffffff, 0x2882c000) r5 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') lseek(r5, 0x2004, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 499.655897ms ago: executing program 5 (id=1198): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) 354.507028ms ago: executing program 1 (id=1199): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$inet(r2, &(0x7f0000001640)={0x0, 0x0, 0x0}, 0x20000090) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x80800}) listen(r2, 0x5) io_uring_enter(r3, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 0s ago: executing program 5 (id=1200): landlock_restrict_self(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b80200001800a00010071756f7461000000100002800c000140000000000000000034"], 0x118}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) kernel console output (not intermixed with test programs): er period limited to 200000 ns [ 102.739902][ T6020] kvm: requested 93028 ns i8254 timer period limited to 200000 ns [ 102.759215][ T6020] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 102.786935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!! [ 103.086380][ T6020] kvm: requested 10057 ns i8254 timer period limited to 200000 ns [ 103.140248][ T6020] kvm: requested 155047 ns i8254 timer period limited to 200000 ns [ 103.181744][ T6020] kvm: requested 160914 ns i8254 timer period limited to 200000 ns [ 103.601875][ T6043] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.632114][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.338638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.347749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.356160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.448983][ T6043] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.806777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 104.815675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.000041][ T6043] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.369650][ T6043] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.722107][ T6068] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 105.839993][ T6043] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.608188][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.837587][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 106.980247][ T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 107.147815][ T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 107.188007][ T24] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 107.225009][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 107.237734][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 107.252598][ T24] usb 1-1: SerialNumber: syz [ 107.281011][ T6077] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 107.568021][ T24] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 108.005190][ T6089] virtio-fs: tag not found [ 108.044180][ T24] usb 1-1: USB disconnect, device number 2 [ 108.728302][ T5826] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 108.777556][ T6099] binder: 6098:6099 ioctl c0306201 2000000003c0 returned -14 [ 108.887115][ T5826] usb 3-1: Using ep0 maxpacket: 16 [ 108.898767][ T5826] usb 3-1: config 0 has an invalid interface number: 180 but max is 0 [ 108.907762][ T5826] usb 3-1: config 0 has no interface number 0 [ 108.914011][ T5826] usb 3-1: config 0 interface 180 has no altsetting 0 [ 108.937199][ T5826] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f [ 108.946582][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.955244][ T5826] usb 3-1: Product: syz [ 108.959890][ T5826] usb 3-1: Manufacturer: syz [ 108.964572][ T5826] usb 3-1: SerialNumber: syz [ 108.985541][ T5826] usb 3-1: config 0 descriptor?? [ 109.233197][ T5826] viperboard 3-1:0.180: version 0.00 found at bus 003 address 002 [ 109.553128][ T5826] usb 3-1: USB disconnect, device number 2 [ 110.302877][ T6043] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.440118][ T6043] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.599957][ T6043] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.018267][ T6132] IPv4: Oversized IP packet from 127.202.26.0 [ 111.576194][ T6142] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.139335][ T6193] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 115.146607][ T980] IPVS: starting estimator thread 0... [ 115.707336][ T6202] IPVS: using max 36 ests per chain, 86400 per kthread [ 116.191435][ T30] audit: type=1800 audit(1749853907.741:2): pid=6208 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.90" name="file0" dev="overlay" ino=93 res=0 errno=0 [ 118.409963][ T980] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 118.596939][ T980] usb 2-1: Using ep0 maxpacket: 32 [ 118.713326][ T980] usb 2-1: config 0 has an invalid interface number: 231 but max is 0 [ 118.830525][ T980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 119.011852][ T980] usb 2-1: config 0 has no interface number 0 [ 119.124673][ T980] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 119.260834][ T980] usb 2-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 119.514607][ T980] usb 2-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 119.571247][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.597014][ T980] usb 2-1: Product: syz [ 119.601267][ T980] usb 2-1: Manufacturer: syz [ 119.609958][ T980] usb 2-1: SerialNumber: syz [ 119.620302][ T980] usb 2-1: config 0 descriptor?? [ 119.627859][ T6227] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 119.637018][ T980] usb-storage 2-1:0.231: USB Mass Storage device detected [ 119.937311][ T977] usb 2-1: USB disconnect, device number 2 [ 120.453165][ T6239] process 'syz.3.98' launched './file1' with NULL argv: empty string added [ 120.922443][ T6260] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2248643489 (17989147912 ns) > initial count (11631199424 ns). Using initial count to start timer. [ 121.381859][ T6269] delete_channel: no stack [ 121.387116][ T977] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 121.597263][ T977] usb 5-1: Using ep0 maxpacket: 8 [ 121.610049][ T977] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 121.632283][ T977] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 121.654647][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.671479][ T977] usb 5-1: Product: syz [ 121.676379][ T977] usb 5-1: Manufacturer: syz [ 121.681613][ T977] usb 5-1: SerialNumber: syz [ 121.692465][ T977] usb 5-1: config 0 descriptor?? [ 121.711042][ T977] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 121.876814][ T980] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 121.917811][ T977] gspca_zc3xx: reg_w_i err -71 [ 122.036844][ T980] usb 3-1: Using ep0 maxpacket: 8 [ 122.052676][ T980] usb 3-1: unable to get BOS descriptor or descriptor too short [ 122.063346][ T980] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 113, changing to 10 [ 122.077886][ T980] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 122.091433][ T980] usb 3-1: config 1 interface 0 has no altsetting 0 [ 122.105471][ T980] usb 3-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40 [ 122.119365][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.130121][ T30] audit: type=1400 audit(1749853913.671:3): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=6264 comm="syz.4.107" dest=2 [ 122.152505][ T980] usb 3-1: Product: syz [ 122.157325][ T980] usb 3-1: Manufacturer: syz [ 122.162355][ T980] usb 3-1: SerialNumber: syz [ 122.175198][ T6280] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 122.261570][ T5833] Bluetooth: hci3: command 0x0405 tx timeout [ 122.338007][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 122.430239][ T980] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input5 [ 122.467811][ T5179] bcm5974 3-1:1.0: could not read from device [ 122.489877][ T5179] bcm5974 3-1:1.0: could not read from device [ 122.500886][ T980] usb 3-1: USB disconnect, device number 3 [ 122.515961][ T5179] bcm5974 3-1:1.0: could not read from device [ 122.525534][ T977] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 122.547041][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 122.556443][ T977] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 122.571831][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.594506][ T977] usb 5-1: USB disconnect, device number 3 [ 122.600979][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 122.616621][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 122.637882][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.655129][ T10] usb 2-1: Product: syz [ 122.669377][ T10] usb 2-1: Manufacturer: syz [ 122.694023][ T10] usb 2-1: SerialNumber: syz [ 122.980819][ T5875] udevd[5875]: Error opening device "/dev/input/event4": No such file or directory [ 123.007706][ T10] usb 2-1: 0:2 : does not exist [ 123.058948][ T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 123.067872][ T5875] udevd[5875]: Unable to EVIOCGABS device "/dev/input/event4" [ 123.075529][ T5875] udevd[5875]: Unable to EVIOCGABS device "/dev/input/event4" [ 123.183752][ T5875] udevd[5875]: Unable to EVIOCGABS device "/dev/input/event4" [ 123.191987][ T5875] udevd[5875]: Unable to EVIOCGABS device "/dev/input/event4" [ 123.861822][ T10] usb 2-1: USB disconnect, device number 3 [ 124.095793][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.347555][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 124.400461][ T6321] netlink: 20 bytes leftover after parsing attributes in process `syz.0.123'. [ 124.429442][ T6321] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.430742][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.519649][ T10] usb 2-1: config 0 has no interfaces? [ 124.519704][ T10] usb 2-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 124.519731][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.523246][ T10] usb 2-1: config 0 descriptor?? [ 127.773158][ T9] usb 2-1: USB disconnect, device number 4 [ 127.857582][ T30] audit: type=1800 audit(1749853919.411:4): pid=6344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.129" name="file1" dev="overlay" ino=182 res=0 errno=0 [ 127.912943][ T30] audit: type=1804 audit(1749853919.441:5): pid=6344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.129" name="/newroot/29/bus/file0" dev="overlay" ino=182 res=1 errno=0 [ 128.262671][ T6349] bridge_slave_0: left allmulticast mode [ 128.316713][ T6349] bridge_slave_0: left promiscuous mode [ 128.348203][ T6349] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.488247][ T6360] netlink: 'syz.2.135': attribute type 1 has an invalid length. [ 128.606087][ T6349] bridge_slave_1: left allmulticast mode [ 128.622882][ T6349] bridge_slave_1: left promiscuous mode [ 128.636488][ T6349] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.247547][ T6349] bond0: (slave bond_slave_0): Releasing backup interface [ 129.430696][ T6349] bond0: (slave bond_slave_1): Releasing backup interface [ 129.740059][ T6349] team0: Port device team_slave_0 removed [ 129.832987][ T6349] team0: Port device team_slave_1 removed [ 129.865154][ T6349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.904331][ T6349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 129.998372][ T6349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.005877][ T6349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.174257][ T6360] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 130.184401][ T6362] ip6erspan0: entered promiscuous mode [ 130.307788][ T6369] evm: overlay not supported [ 130.885846][ T6383] netlink: 'syz.2.142': attribute type 27 has an invalid length. [ 131.417959][ T6383] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.426107][ T6383] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.066351][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'. [ 132.067046][ T6383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.157132][ T6383] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 133.167943][ T6383] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.180660][ T6383] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.192356][ T6383] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.204225][ T6383] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.736590][ T6410] kvm: pic: level sensitive irq not supported [ 133.746417][ T6410] kvm: pic: non byte read [ 134.007992][ T6385] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.049184][ T6385] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.088701][ T6385] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 136.620207][ T6466] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 137.121162][ T44] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 137.429179][ T6468] wireguard0: entered promiscuous mode [ 137.452639][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.470075][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 137.541481][ T44] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 137.633150][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.688053][ T44] usb 2-1: config 0 descriptor?? [ 137.711260][ T44] hub 2-1:0.0: bad descriptor, ignoring hub [ 137.728393][ T44] hub 2-1:0.0: probe with driver hub failed with error -5 [ 137.868508][ T44] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 137.912394][ T6466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.166'. [ 138.112724][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.120699][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.257581][ T977] usb 2-1: USB disconnect, device number 5 [ 139.743480][ T6495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.177'. [ 139.803224][ T6495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.177'. [ 139.941362][ T6495] Zero length message leads to an empty skb [ 140.975572][ T6517] loop6: detected capacity change from 0 to 63 [ 140.989721][ T6517] Buffer I/O error on dev loop6, logical block 0, async page read [ 140.998152][ T6517] Buffer I/O error on dev loop6, logical block 1, async page read [ 141.006335][ T6517] Buffer I/O error on dev loop6, logical block 2, async page read [ 141.014512][ T6517] Buffer I/O error on dev loop6, logical block 3, async page read [ 141.023019][ T6517] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.031242][ T6517] Buffer I/O error on dev loop6, logical block 1, async page read [ 141.039443][ T6517] Buffer I/O error on dev loop6, logical block 2, async page read [ 141.047633][ T6517] Buffer I/O error on dev loop6, logical block 3, async page read [ 141.055817][ T6517] Buffer I/O error on dev loop6, logical block 0, async page read [ 141.151273][ T6517] Buffer I/O error on dev loop6, logical block 1, async page read [ 141.383629][ T6524] trusted_key: encrypted_key: insufficient parameters specified [ 142.122876][ T6529] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 143.538405][ T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 143.666954][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 143.718889][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 143.725919][ T44] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.741154][ T44] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 143.760744][ T44] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 143.771877][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.822704][ T44] usb 1-1: Product: syz [ 143.845860][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.864800][ T44] usb 1-1: Manufacturer: syz [ 143.885508][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.895954][ T44] usb 1-1: SerialNumber: syz [ 143.929455][ T24] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 143.942746][ T6546] lo: entered allmulticast mode [ 144.008204][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.035393][ T6546] lo: left allmulticast mode [ 144.059303][ T24] usb 4-1: config 0 descriptor?? [ 144.125813][ T44] usb 1-1: 0:2 : does not exist [ 144.147006][ T44] usb 1-1: unit 6 not found! [ 144.224209][ T44] usb 1-1: USB disconnect, device number 3 [ 144.427153][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 144.494327][ T24] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 144.528297][ T24] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 144.681772][ T24] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 145.467374][ T24] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71 [ 145.555200][ T24] usb 4-1: USB disconnect, device number 2 [ 146.110309][ T6568] netlink: 'syz.4.199': attribute type 4 has an invalid length. [ 146.159917][ T6568] netlink: 'syz.4.199': attribute type 4 has an invalid length. [ 146.577794][ T5833] Bluetooth: hci3: command 0x0405 tx timeout [ 146.656867][ T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 146.811824][ T9] usb 4-1: config 0 has no interfaces? [ 146.823026][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 146.971125][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.989606][ T9] usb 4-1: Product: syz [ 146.993839][ T9] usb 4-1: Manufacturer: syz [ 147.057526][ T9] usb 4-1: SerialNumber: syz [ 147.076413][ T9] usb 4-1: config 0 descriptor?? [ 147.949915][ T10] usb 4-1: USB disconnect, device number 3 [ 150.090429][ T6599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'. [ 150.154488][ T6599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.208'. [ 150.206902][ T6599] netlink: 32 bytes leftover after parsing attributes in process `syz.2.208'. [ 150.633396][ T6599] nbd0: detected capacity change from 0 to 256 [ 150.704826][ T5833] block nbd0: Receive control failed (result -104) [ 151.680387][ T6629] loop6: detected capacity change from 0 to 63 [ 151.701488][ T5872] buffer_io_error: 1150 callbacks suppressed [ 151.701504][ T5872] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.351848][ T5872] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.360617][ T5872] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.369323][ T5872] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.377958][ T5872] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.427108][ T6632] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 152.438592][ T6629] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.469272][ T30] audit: type=1800 audit(1749853944.001:6): pid=6632 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.218" name="file1" dev="overlay" ino=239 res=0 errno=0 [ 152.602209][ T6629] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.639664][ T6629] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.648770][ T6629] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.657724][ T6629] Buffer I/O error on dev loop6, logical block 0, async page read [ 152.776956][ T30] audit: type=1400 audit(1749853944.291:7): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=6633 comm="syz.1.220" daddr=::ffff:255.255.255.255 dest=20003 [ 152.879687][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 153.318998][ T6643] syz.3.222 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 153.456736][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 153.475640][ T10] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 153.493008][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.523941][ T10] usb 3-1: config 0 descriptor?? [ 153.760885][ T10] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 154.002419][ T6653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.225'. [ 154.028266][ T6654] Bluetooth: (null): Invalid header checksum [ 154.359430][ T10] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 154.383731][ T10] asix 3-1:0.0: probe with driver asix failed with error -71 [ 154.435716][ T10] usb 3-1: USB disconnect, device number 4 [ 154.762635][ T6665] kvm: pic: non byte write [ 155.366835][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 155.886855][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 155.912450][ T24] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 155.934847][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.964262][ T24] usb 3-1: Product: syz [ 155.972833][ T24] usb 3-1: Manufacturer: syz [ 155.995596][ T24] usb 3-1: SerialNumber: syz [ 156.009931][ T24] usb 3-1: config 0 descriptor?? [ 156.040333][ T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 156.086848][ T24] usb 3-1: setting power ON [ 156.092025][ T24] dvb-usb: bulk message failed: -22 (2/0) [ 156.116793][ T977] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 156.163788][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 156.193480][ T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 156.226407][ T24] usb 3-1: media controller created [ 156.281479][ T977] usb 1-1: Using ep0 maxpacket: 8 [ 156.287624][ T6678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.234'. [ 156.321350][ T6687] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 156.340651][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.375160][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.403539][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 156.410828][ T977] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 156.503296][ T977] usb 1-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 156.556548][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.570024][ T24] usb 3-1: selecting invalid altsetting 6 [ 156.595030][ T24] usb 3-1: digital interface selection failed (-22) [ 156.612214][ T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 156.636453][ T977] usb 1-1: config 0 descriptor?? [ 156.663778][ T24] usb 3-1: setting power OFF [ 156.680276][ T24] dvb-usb: bulk message failed: -22 (2/0) [ 156.694347][ T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 156.704795][ T24] (NULL device *): no alternate interface [ 156.802185][ T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 156.843215][ T24] usb 3-1: USB disconnect, device number 5 [ 157.338564][ T6685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.372487][ T6701] syz.4.242: attempt to access beyond end of device [ 157.372487][ T6701] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 157.436977][ T6685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.610546][ T6701] SQUASHFS error: Failed to read block 0x0: -5 [ 157.632095][ T6701] unable to read squashfs_super_block [ 157.671184][ T977] chicony 0003:04F2:1123.0003: unbalanced delimiter at end of report description [ 157.695953][ T977] chicony 0003:04F2:1123.0003: Chicony hid parse failed: -22 [ 157.717633][ T977] chicony 0003:04F2:1123.0003: probe with driver chicony failed with error -22 [ 157.858982][ T977] usb 1-1: USB disconnect, device number 4 [ 159.544638][ T6734] syz.1.252 uses obsolete (PF_INET,SOCK_PACKET) [ 160.135955][ T6748] netlink: 'syz.4.256': attribute type 3 has an invalid length. [ 160.204814][ T6748] netlink: 666 bytes leftover after parsing attributes in process `syz.4.256'. [ 161.047183][ T24] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 161.227656][ T24] usb 4-1: not running at top speed; connect to a high speed hub [ 161.254375][ T24] usb 4-1: config 95 has an invalid interface number: 1 but max is 0 [ 161.275572][ T24] usb 4-1: config 95 has no interface number 0 [ 161.282951][ T24] usb 4-1: config 95 interface 1 has no altsetting 0 [ 161.293940][ T24] usb 4-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 161.313969][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.331248][ T24] usb 4-1: Product: syz [ 161.341257][ T24] usb 4-1: Manufacturer: syz [ 161.345926][ T24] usb 4-1: SerialNumber: syz [ 161.566750][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 161.680677][ T24] usb 4-1: USB disconnect, device number 4 [ 161.718942][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 161.826759][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.861582][ T9] usb 5-1: config 0 descriptor?? [ 161.868082][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 161.919184][ T9] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 162.666429][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b00ec00: rx timeout, send abort [ 162.676846][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b00e000: rx timeout, send abort [ 163.176001][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b00ec00: abort rx timeout. Force session deactivation [ 163.188141][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b00e000: abort rx timeout. Force session deactivation [ 163.687325][ T9] usb 5-1: USB disconnect, device number 4 [ 164.436601][ T6807] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 164.626316][ T6811] netlink: 'syz.1.275': attribute type 1 has an invalid length. [ 164.790676][ T6811] 8021q: adding VLAN 0 to HW filter on device bond1 [ 165.651236][ T6814] bond1: (slave gretap1): making interface the new active one [ 165.757258][ T6814] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 165.835567][ T6818] vlan2: entered allmulticast mode [ 165.851824][ T6818] bond1: entered allmulticast mode [ 165.872398][ T6818] gretap1: entered allmulticast mode [ 165.959046][ T6818] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 166.526223][ T6846] warning: `syz.1.285' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 168.681434][ T6898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.301'. [ 169.036977][ T5897] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 169.217143][ T5897] usb 4-1: Using ep0 maxpacket: 16 [ 169.264483][ T5897] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 169.316905][ T5897] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 169.344126][ T5897] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 169.377875][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.385959][ T5897] usb 4-1: Product: syz [ 169.465513][ T5897] usb 4-1: Manufacturer: syz [ 169.483859][ T5897] usb 4-1: SerialNumber: syz [ 169.787753][ T5897] usb 4-1: 0:2 : does not exist [ 169.835849][ T5897] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 169.992139][ T5897] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 170.064051][ T5897] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5) [ 170.125276][ T5897] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5) [ 170.309134][ T5897] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 170.391296][ T5897] usb 4-1: USB disconnect, device number 5 [ 172.045582][ T6934] bridge0: entered allmulticast mode [ 172.118469][ T6934] pim6reg: entered allmulticast mode [ 172.156909][ T6934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.315'. [ 172.165825][ T6934] bridge_slave_1: left allmulticast mode [ 172.256894][ T6934] bridge_slave_1: left promiscuous mode [ 172.281480][ T6934] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.356612][ T6934] bridge_slave_0: left allmulticast mode [ 172.401478][ T6934] bridge_slave_0: left promiscuous mode [ 172.447258][ T977] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 172.447975][ T6934] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.607841][ T6934] bridge0 (unregistering): left allmulticast mode [ 172.618062][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 172.650751][ T977] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 172.667308][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.717332][ T977] usb 1-1: config 0 descriptor?? [ 172.764149][ T977] as10x_usb: device has been detected [ 172.793145][ T977] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 172.884687][ T977] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 172.933312][ T6936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.964103][ T6936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.984642][ T977] as10x_usb: error during firmware upload part1 [ 173.000202][ T6936] x_tables: duplicate underflow at hook 1 [ 173.006866][ T977] Registered device nBox DVB-T Dongle [ 173.020131][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 173.036510][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 173.045424][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 173.056397][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 173.068755][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 173.108825][ T5940] usb 1-1: USB disconnect, device number 5 [ 173.216302][ T5940] Unregistered device nBox DVB-T Dongle [ 173.251816][ T5940] as10x_usb: device has been disconnected [ 173.341700][ T6949] Driver unsupported XDP return value 0 on prog (id 48) dev N/A, expect packet loss! [ 173.383642][ T6952] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 174.121991][ T6944] chnl_net:caif_netlink_parms(): no params data found [ 174.759278][ T6944] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.846987][ T6944] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.865416][ T6944] bridge_slave_0: entered allmulticast mode [ 174.874572][ T6944] bridge_slave_0: entered promiscuous mode [ 174.971557][ T6944] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.012529][ T6944] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.027557][ T6944] bridge_slave_1: entered allmulticast mode [ 175.053144][ T6944] bridge_slave_1: entered promiscuous mode [ 175.136843][ T5833] Bluetooth: hci1: command tx timeout [ 175.271526][ T6944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.290685][ T6944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.576487][ T6988] netlink: 24 bytes leftover after parsing attributes in process `syz.3.332'. [ 175.641153][ T6944] team0: Port device team_slave_0 added [ 175.647561][ T5940] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 175.747676][ T6944] team0: Port device team_slave_1 added [ 175.796711][ T5940] usb 1-1: Using ep0 maxpacket: 16 [ 175.812196][ T6988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.332'. [ 175.844627][ T5940] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 175.883982][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 175.905257][ T5940] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 175.953818][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.976877][ T5940] usb 1-1: Product: syz [ 175.981124][ T5940] usb 1-1: Manufacturer: syz [ 175.994360][ T5940] usb 1-1: SerialNumber: syz [ 176.017310][ T5940] usb 1-1: config 0 descriptor?? [ 176.059543][ T5940] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 176.073759][ T5940] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 176.174851][ T6944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.188442][ T6944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.250193][ T6944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.284554][ T6944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.295032][ T6944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.324787][ T6944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.404544][ T6944] hsr_slave_0: entered promiscuous mode [ 176.413108][ T6944] hsr_slave_1: entered promiscuous mode [ 176.421129][ T6944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.431153][ T6944] Cannot create hsr debugfs directory [ 176.482452][ T5897] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 176.655144][ T5940] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 176.664930][ T5940] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 176.676180][ T5897] usb 2-1: Using ep0 maxpacket: 16 [ 176.693678][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 176.714411][ T5897] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 176.744687][ T5897] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 176.754693][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.766924][ T5897] usb 2-1: Product: syz [ 176.771232][ T5897] usb 2-1: Manufacturer: syz [ 176.775898][ T5897] usb 2-1: SerialNumber: syz [ 176.979066][ T6944] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 176.990776][ T6944] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 177.004055][ T6944] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 177.033592][ T6944] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 177.036585][ T5897] usb 2-1: 0:2 : does not exist [ 177.065917][ T5897] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 177.139476][ T5897] usb 2-1: USB disconnect, device number 6 [ 177.229416][ T5833] Bluetooth: hci1: command tx timeout [ 177.241508][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.350056][ T6944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.390562][ T6944] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.419036][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.426349][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.453457][ T3503] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.460762][ T3503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.758153][ T5940] em28xx 1-1:0.0: Unknown AC97 audio processor detected! [ 177.766136][ T5940] em28xx 1-1:0.0: couldn't setup AC97 register 2 [ 177.904052][ T5940] em28xx 1-1:0.0: couldn't setup AC97 register 4 [ 177.914175][ T5940] em28xx 1-1:0.0: couldn't setup AC97 register 6 [ 177.926970][ T5940] em28xx 1-1:0.0: couldn't setup AC97 register 54 [ 177.950354][ T5940] em28xx 1-1:0.0: couldn't setup AC97 register 56 [ 178.077219][ T5940] usb 1-1: USB disconnect, device number 6 [ 178.333834][ T6944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.492184][ T7033] netlink: 'syz.1.344': attribute type 39 has an invalid length. [ 179.297173][ T5833] Bluetooth: hci1: command tx timeout [ 179.417843][ T6944] veth0_vlan: entered promiscuous mode [ 179.453231][ T6944] veth1_vlan: entered promiscuous mode [ 179.579463][ T6944] veth0_macvtap: entered promiscuous mode [ 179.610664][ T6944] veth1_macvtap: entered promiscuous mode [ 179.693089][ T6944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.716150][ T7058] netlink: 'syz.1.351': attribute type 39 has an invalid length. [ 179.746062][ T6944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.820540][ T6944] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.840556][ T6944] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.860080][ T6944] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.881874][ T6944] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.188010][ T7062] ntfs3(nullb0): Primary boot signature is not NTFS. [ 180.195361][ T7062] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 180.385941][ T3503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.416560][ T3503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.535671][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.564412][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.646199][ T7069] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 180.978764][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 30 seconds [ 181.408725][ T5833] Bluetooth: hci1: command tx timeout [ 182.962262][ T7095] netlink: 20 bytes leftover after parsing attributes in process `syz.0.363'. [ 185.031869][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x60000000000 [ 185.096913][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x60000000000 [ 185.106251][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x60000000080 [ 185.138535][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x60000000080 [ 185.197227][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x60000000000 [ 185.227262][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x60000000000 [ 185.288923][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x60000000080 [ 185.305030][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x60000000080 [ 185.344037][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x60000000000 [ 185.370657][ T7117] kvm: kvm [7116]: vcpu2, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x60000000000 [ 186.049517][ T7135] binder: BINDER_SET_CONTEXT_MGR already set [ 186.127441][ T7135] binder: 7130:7135 ioctl 4018620d 200000000040 returned -16 [ 187.151533][ T7149] netlink: 12 bytes leftover after parsing attributes in process `syz.4.377'. [ 187.345489][ T7154] netlink: 44 bytes leftover after parsing attributes in process `syz.3.379'. [ 187.377325][ T7150] netlink: 44 bytes leftover after parsing attributes in process `syz.3.379'. [ 187.430342][ T7156] loop6: detected capacity change from 0 to 63 [ 187.459252][ T7156] buffer_io_error: 669 callbacks suppressed [ 187.459273][ T7156] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 187.477565][ T7156] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 187.486084][ T7156] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 187.494832][ T7156] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 187.503570][ T7156] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 187.504554][ T7159] af_packet: tpacket_rcv: packet too big, clamped from 62183 to 3952. macoff=96 [ 187.512199][ T7156] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 187.548796][ T7156] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 187.804934][ T7170] netlink: 96 bytes leftover after parsing attributes in process `syz.3.386'. [ 188.036369][ T7176] netlink: 76 bytes leftover after parsing attributes in process `syz.3.387'. [ 189.155518][ T7190] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 189.460197][ T7200] netlink: 4 bytes leftover after parsing attributes in process `syz.4.394'. [ 189.469506][ T977] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 189.495455][ T7200] ipvlan2: entered promiscuous mode [ 189.640516][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 189.654185][ T977] usb 4-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=e0.b8 [ 189.686925][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.720494][ T977] usb 4-1: Product: syz [ 189.739590][ T977] usb 4-1: Manufacturer: syz [ 189.756182][ T977] usb 4-1: SerialNumber: syz [ 189.781992][ T977] usb 4-1: config 0 descriptor?? [ 189.793848][ T977] empeg 4-1:0.0: empeg converter detected [ 189.802832][ T977] usb 4-1: active config #0 != 1 ?? [ 190.066941][ T5897] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 190.476845][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.506905][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.531654][ T5897] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 190.567013][ T5897] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 190.586480][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.609690][ T5897] usb 1-1: config 0 descriptor?? [ 190.720946][ T980] usb 4-1: USB disconnect, device number 6 [ 190.758226][ T7220] netlink: 'syz.1.401': attribute type 3 has an invalid length. [ 190.780720][ T7220] netlink: 'syz.1.401': attribute type 3 has an invalid length. [ 190.847796][ T7214] binder: 7211:7214 ioctl 4018620d 0 returned -22 [ 190.907454][ T7221] binder: 7211:7221 ioctl c018620c 0 returned -14 [ 191.054628][ T5897] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 191.105171][ T5897] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 191.425900][ C1] plantronics 0003:047F:FFFF.0004: hid_field_extract() called with n (132) > 32! (swapper/1) [ 191.642734][ T980] usb 1-1: USB disconnect, device number 7 [ 191.762060][ T977] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 192.097488][ T977] usb 5-1: Using ep0 maxpacket: 32 [ 192.127239][ T977] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 192.156305][ T977] usb 5-1: config 0 has no interface number 0 [ 192.178237][ T977] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 192.256328][ T977] usb 5-1: config 0 interface 1 has no altsetting 0 [ 192.271743][ T977] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 192.300222][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.313157][ T977] usb 5-1: Product: syz [ 192.318166][ T977] usb 5-1: Manufacturer: syz [ 192.323080][ T977] usb 5-1: SerialNumber: syz [ 192.341760][ T977] usb 5-1: config 0 descriptor?? [ 192.346769][ T980] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 192.635174][ T977] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 192.646893][ T980] usb 6-1: Using ep0 maxpacket: 8 [ 192.649066][ T977] cx231xx 5-1:0.1: Failed to read PCB config [ 192.659866][ T977] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 192.678436][ T977] usb 5-1: USB disconnect, device number 5 [ 192.686349][ T980] usb 6-1: device descriptor read/all, error -71 [ 193.181591][ T977] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 193.386938][ T977] usb 5-1: Using ep0 maxpacket: 32 [ 193.409206][ T977] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 193.419307][ T977] usb 5-1: config 0 has no interface number 0 [ 193.425482][ T977] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 193.448939][ T977] usb 5-1: config 0 interface 1 has no altsetting 0 [ 193.469132][ T977] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 193.483510][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.495186][ T977] usb 5-1: Product: syz [ 193.512064][ T977] usb 5-1: Manufacturer: syz [ 193.537141][ T977] usb 5-1: SerialNumber: syz [ 193.546773][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 193.586054][ T977] usb 5-1: config 0 descriptor?? [ 193.700615][ T10] usb 1-1: config 0 has an invalid interface number: 73 but max is 0 [ 193.716812][ T10] usb 1-1: config 0 has no interface number 0 [ 193.739677][ T10] usb 1-1: New USB device found, idVendor=06f8, idProduct=300c, bcdDevice=39.64 [ 193.754443][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.766852][ T10] usb 1-1: Product: syz [ 193.771127][ T10] usb 1-1: Manufacturer: syz [ 193.786078][ T10] usb 1-1: SerialNumber: syz [ 193.807479][ T10] usb 1-1: config 0 descriptor?? [ 193.842819][ T977] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 193.877489][ T10] usb 1-1: Found UVC 0.00 device syz (06f8:300c) [ 193.887383][ T10] usb 1-1: No valid video chain found. [ 193.893564][ T977] cx231xx 5-1:0.1: bad scenario!!!!! [ 193.893564][ T977] config_info=0 [ 193.904728][ T977] cx231xx 5-1:0.1: Failed to read PCB config [ 194.168660][ T980] usb 5-1: USB disconnect, device number 6 [ 194.367311][ T977] usb 1-1: USB disconnect, device number 8 [ 197.409172][ T7313] overlayfs: failed to clone upperpath [ 197.564087][ T7313] overlayfs: failed to clone upperpath [ 198.980758][ T44] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 199.277821][ T44] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 199.301056][ T44] usb 5-1: config 27 interface 0 altsetting 0 has a duplicate endpoint with address 0xB, skipping [ 199.320891][ T44] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 199.341961][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.389287][ T44] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 199.415831][ T44] usb 5-1: invalid MIDI out EP 0 [ 199.552191][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.563485][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.706344][ T44] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 199.726771][ T977] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 199.751815][ T44] usb 5-1: USB disconnect, device number 7 [ 199.913839][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 199.921304][ T977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 199.965378][ T977] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 199.984562][ T977] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 200.002255][ T977] usb 1-1: Product: syz [ 200.006591][ T977] usb 1-1: Manufacturer: syz [ 200.016921][ T977] usb 1-1: SerialNumber: syz [ 200.032310][ T977] usb 1-1: config 0 descriptor?? [ 200.042664][ T7334] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 200.059484][ T7343] : entered promiscuous mode [ 200.394626][ T977] usb 1-1: USB disconnect, device number 9 [ 200.877643][ T5897] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 201.253382][ T5897] usb 6-1: Using ep0 maxpacket: 16 [ 201.279959][ T5897] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 201.290445][ T5897] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.367314][ T5897] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 201.376444][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.404085][ T5897] usb 6-1: Product: syz [ 201.419236][ T5897] usb 6-1: Manufacturer: syz [ 201.436689][ T5897] usb 6-1: SerialNumber: syz [ 201.694043][ T5897] usb 6-1: 0:2 : does not exist [ 201.793178][ T5897] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 201.863277][ T5897] usb 6-1: USB disconnect, device number 4 [ 201.963805][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 205.587481][ T7396] loop6: detected capacity change from 0 to 7 [ 205.622667][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.692756][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.743825][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.794022][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.826946][ T7402] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.846890][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 205.856072][ T7402] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.897589][ T7402] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.957004][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.965103][ T7396] Buffer I/O error on dev loop6, logical block 0, async page read [ 205.991185][ T7407] Buffer I/O error on dev loop6, logical block 0, async page read [ 206.028948][ T7396] ldm_validate_partition_table(): Disk read failed. [ 206.040402][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 206.065968][ T9] usb 2-1: config 0 has an invalid interface number: 151 but max is 0 [ 206.081882][ T7396] Dev loop6: unable to read RDB block 0 [ 206.096009][ T9] usb 2-1: config 0 has no interface number 0 [ 206.131253][ T7396] loop6: unable to read partition table [ 206.137287][ T9] usb 2-1: New USB device found, idVendor=0403, idProduct=e548, bcdDevice=ad.d6 [ 206.164252][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.165156][ T7396] loop6: partition table beyond EOD, [ 206.194858][ T9] usb 2-1: Product: syz [ 206.244444][ T7396] truncated [ 206.264656][ T9] usb 2-1: Manufacturer: syz [ 206.274652][ T7396] loop_reread_partitions: partition scan of loop6 (3Ÿ‚¾‚³÷„I÷>Ê9äÿtPΪÅó×AÝÁÅ8}!Žñè3#yXÖe) failed (rc=-5) [ 206.296778][ T9] usb 2-1: SerialNumber: syz [ 206.365979][ T9] usb 2-1: config 0 descriptor?? [ 206.403959][ T9] ftdi_sio 2-1:0.151: FTDI USB Serial Device converter detected [ 206.490720][ T5194] ldm_validate_partition_table(): Disk read failed. [ 206.500437][ T9] ftdi_sio ttyUSB0: unknown device type: 0xadd6 [ 206.527136][ T5194] Dev loop6: unable to read RDB block 0 [ 206.542504][ T5194] loop6: unable to read partition table [ 206.556925][ T5194] loop6: partition table beyond EOD, truncated [ 207.125040][ T10] usb 2-1: USB disconnect, device number 7 [ 207.159928][ T10] ftdi_sio 2-1:0.151: device disconnected [ 208.629610][ T7433] binder: 7432:7433 ioctl c0306201 2000000003c0 returned -14 [ 210.710581][ T7462] binder: 7461:7462 ioctl c0306201 2000000003c0 returned -14 [ 211.062124][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 60 seconds [ 211.098581][ T7467] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 211.156187][ T44] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 211.189149][ T7477] 8021q: VLANs not supported on gre0 [ 211.816945][ T44] usb 6-1: Using ep0 maxpacket: 32 [ 211.864530][ T44] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 211.872825][ T5832] Bluetooth: hci2: command 0x0406 tx timeout [ 211.872926][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 211.968889][ T44] usb 6-1: config 0 has no interface number 0 [ 212.015618][ T44] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 212.098905][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.129443][ T44] usb 6-1: Product: syz [ 212.144136][ T44] usb 6-1: Manufacturer: syz [ 212.154349][ T44] usb 6-1: SerialNumber: syz [ 212.176132][ T44] usb 6-1: config 0 descriptor?? [ 212.196577][ T44] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 212.307651][ T7481] wg2: entered promiscuous mode [ 212.316249][ T7481] wg2: entered allmulticast mode [ 212.430151][ T44] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 212.455352][ T7485] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.478875][ T44] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 212.652280][ T30] audit: type=1400 audit(1749854004.201:8): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=7487 comm="syz.3.492" [ 212.805508][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 212.818420][ T44] usb 6-1: USB disconnect, device number 5 [ 212.862475][ T7485] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.868562][ T44] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 212.890349][ T44] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 212.915143][ T44] quatech2 6-1:0.51: device disconnected [ 212.928910][ T7491] syz_tun: entered allmulticast mode [ 212.959272][ T7489] syz_tun: left allmulticast mode [ 213.044037][ T7485] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.181765][ T7485] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.420503][ T7485] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.495208][ T7485] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.543775][ T7485] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.639747][ T7485] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.964256][ T7512] netlink: 'syz.0.501': attribute type 1 has an invalid length. [ 214.070602][ T7513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.501'. [ 214.268551][ T9] libceph: connect (1)[c::]:6789 error -101 [ 214.302615][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 214.314813][ T7513] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 214.326316][ T7513] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 214.361081][ T7515] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 214.419273][ T7515] bond1 (unregistering): Released all slaves [ 214.449825][ T7517] ceph: No mds server is up or the cluster is laggy [ 214.467357][ T9] libceph: connect (1)[c::]:6789 error -101 [ 214.473618][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 214.797121][ T10] libceph: connect (1)[c::]:6789 error -101 [ 214.838242][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 214.970187][ T7529] serio: Serial port ptm0 [ 215.122686][ T7536] netlink: 4 bytes leftover after parsing attributes in process `syz.5.511'. [ 215.151370][ T30] audit: type=1326 audit(1749854006.701:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.173710][ T30] audit: type=1326 audit(1749854006.701:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.196292][ T30] audit: type=1326 audit(1749854006.701:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.251957][ T30] audit: type=1326 audit(1749854006.701:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.278688][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.5.511'. [ 215.301047][ T30] audit: type=1326 audit(1749854006.701:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.339287][ T30] audit: type=1326 audit(1749854006.701:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.436314][ T30] audit: type=1326 audit(1749854006.701:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.471969][ T30] audit: type=1326 audit(1749854006.721:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 215.509686][ T30] audit: type=1326 audit(1749854006.721:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7533 comm="syz.1.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c45b8e929 code=0x7fc00000 [ 217.259115][ T7569] binder: 7566:7569 ioctl c0306201 0 returned -14 [ 217.775597][ T7582] fuse: Bad value for 'fd' [ 217.866869][ T7217] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 219.012682][ T7217] usb 2-1: config index 0 descriptor too short (expected 46, got 36) [ 219.026982][ T7217] usb 2-1: config 0 interface 0 altsetting 130 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 219.048098][ T7217] usb 2-1: config 0 interface 0 has no altsetting 0 [ 219.054810][ T7217] usb 2-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 219.083011][ T7217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.123704][ T7217] usb 2-1: config 0 descriptor?? [ 219.149611][ T7217] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 219.496107][ T7580] kvm: pic: single mode not supported [ 219.496126][ T7580] kvm: pic: level sensitive irq not supported [ 219.514739][ T7580] kvm: pic: level sensitive irq not supported [ 219.547191][ T7580] kvm: pic: single mode not supported [ 219.553404][ T7580] kvm: pic: level sensitive irq not supported [ 219.701498][ T7217] usb 2-1: USB disconnect, device number 8 [ 221.295690][ T7632] netlink: 'syz.0.543': attribute type 11 has an invalid length. [ 222.382886][ T7642] fuse: Bad value for 'fd' [ 222.406949][ T44] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 223.226853][ T44] usb 6-1: Using ep0 maxpacket: 16 [ 223.255833][ T44] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 223.286370][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.306474][ T44] usb 6-1: Product: syz [ 223.321946][ T44] usb 6-1: Manufacturer: syz [ 223.332106][ T44] usb 6-1: SerialNumber: syz [ 223.387972][ T44] usb 6-1: config 0 descriptor?? [ 223.418111][ T44] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 223.454661][ T44] usb 6-1: Detected FT-X [ 223.632889][ T44] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 224.461154][ T44] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 224.550869][ T44] usb 6-1: USB disconnect, device number 6 [ 224.617188][ T44] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 224.632687][ T44] ftdi_sio 6-1:0.0: device disconnected [ 225.038928][ T7686] syzkaller0: entered promiscuous mode [ 225.071856][ T7686] syzkaller0: entered allmulticast mode [ 225.357672][ T30] kauditd_printk_skb: 194 callbacks suppressed [ 225.357694][ T30] audit: type=1800 audit(1749854016.901:212): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.566" name="/" dev="fuse" ino=1 res=0 errno=0 [ 225.508636][ T7682] 9pnet_fd: Insufficient options for proto=fd [ 226.787415][ T7714] tipc: Started in network mode [ 226.824830][ T7714] tipc: Node identity -, cluster identity 4711 [ 228.244392][ T30] audit: type=1400 audit(1749854019.791:213): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=7725 comm="syz.5.578" daddr=::ffff:0.0.0.0 [ 229.027036][ T7740] cgroup: fork rejected by pids controller in /syz4 [ 230.296784][ T5897] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 230.457316][ T5897] usb 6-1: Using ep0 maxpacket: 16 [ 230.482694][ T5897] usb 6-1: config 0 has no interfaces? [ 230.491522][ T5897] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 230.516603][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.540597][ T5897] usb 6-1: Product: syz [ 230.545369][ T5897] usb 6-1: Manufacturer: syz [ 230.573918][ T5897] usb 6-1: SerialNumber: syz [ 230.607927][ T5897] usb 6-1: config 0 descriptor?? [ 230.766592][ T8192] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 230.851536][ T8187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.903469][ T8187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.961926][ T44] usb 6-1: USB disconnect, device number 7 [ 233.254663][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 233.468201][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 233.797381][ T9] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 233.834393][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.956149][ T9] usb 2-1: Product: syz [ 233.962025][ T9] usb 2-1: Manufacturer: syz [ 233.981716][ T9] usb 2-1: SerialNumber: syz [ 234.017656][ T9] usb 2-1: config 0 descriptor?? [ 234.086846][ T30] audit: type=1326 audit(1749854025.621:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8217 comm="syz.4.595" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f358c38e929 code=0x0 [ 234.194098][ T8220] netlink: 12 bytes leftover after parsing attributes in process `syz.5.596'. [ 234.284283][ T8220] vlan2: entered promiscuous mode [ 234.307235][ T8220] ip6gretap0: entered promiscuous mode [ 234.353513][ T8220] bridge0: port 3(vlan2) entered blocking state [ 234.376915][ T8220] bridge0: port 3(vlan2) entered disabled state [ 234.389468][ T8220] vlan2: entered allmulticast mode [ 234.404188][ T8220] ip6gretap0: entered allmulticast mode [ 234.457271][ T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 234.488709][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 234.534849][ T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 234.582381][ T9] usb 2-1: media controller created [ 234.705366][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 234.838858][ T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 234.871664][ T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 235.085211][ T980] usb 2-1: USB disconnect, device number 9 [ 235.182488][ T980] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 235.286739][ T44] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 235.519798][ T44] usb 6-1: Using ep0 maxpacket: 16 [ 235.529109][ T44] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 235.553765][ T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.587928][ T44] usb 6-1: config 0 descriptor?? [ 235.649597][ T44] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 236.185091][ T30] audit: type=1800 audit(1749854027.731:215): pid=8244 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.605" name="bus" dev="overlay" ino=673 res=0 errno=0 [ 237.315890][ T8267] veth1_macvtap: left promiscuous mode [ 237.321775][ T8267] macsec0: entered promiscuous mode [ 237.367905][ T8267] veth1_macvtap: entered promiscuous mode [ 237.374258][ T8267] macsec0: left promiscuous mode [ 237.446847][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 237.596763][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 237.608888][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.626779][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0254, bcdDevice= 0.00 [ 237.635893][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.679939][ T9] usb 1-1: config 0 descriptor?? [ 237.919986][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 237.928889][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 237.941613][ T9] usb 1-1: USB disconnect, device number 10 [ 238.017263][ T44] gspca_sonixj: reg_r err -71 [ 238.029555][ T44] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 238.062398][ T44] usb 6-1: USB disconnect, device number 8 [ 238.637581][ T8284] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 239.720793][ T44] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 239.782063][ T8288] syz.4.624: vmalloc error: size 33554432, failed to allocated page array size 65536, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 239.936846][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 239.947524][ T8288] CPU: 0 UID: 0 PID: 8288 Comm: syz.4.624 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) [ 239.947555][ T8288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.947582][ T8288] Call Trace: [ 239.947598][ T8288] [ 239.947609][ T8288] dump_stack_lvl+0x189/0x250 [ 239.947663][ T8288] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.947696][ T8288] ? __pfx__printk+0x10/0x10 [ 239.947719][ T8288] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 239.947756][ T8288] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 239.947796][ T8288] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 239.947837][ T8288] warn_alloc+0x214/0x310 [ 239.947875][ T8288] ? __pfx_warn_alloc+0x10/0x10 [ 239.947916][ T8288] ? __get_vm_area_node+0x28f/0x300 [ 239.947946][ T8288] ? translate_table+0x198/0x2000 [ 239.947977][ T8288] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 239.948040][ T8288] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 239.948075][ T8288] ? rcu_is_watching+0x15/0xb0 [ 239.948110][ T8288] ? translate_table+0x198/0x2000 [ 239.948134][ T8288] ? translate_table+0x198/0x2000 [ 239.948157][ T8288] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 239.948186][ T8288] ? translate_table+0x198/0x2000 [ 239.948208][ T8288] ? xt_alloc_table_info+0x3b/0xa0 [ 239.948260][ T8288] translate_table+0x198/0x2000 [ 239.948300][ T8288] ? __lock_acquire+0xab9/0xd20 [ 239.948333][ T8288] ? __pfx_translate_table+0x10/0x10 [ 239.948361][ T8288] ? __might_fault+0xb0/0x130 [ 239.948408][ T8288] ? _copy_from_user+0x94/0xb0 [ 239.948436][ T8288] do_ipt_set_ctl+0x967/0xcd0 [ 239.948468][ T8288] ? rcu_is_watching+0x15/0xb0 [ 239.948499][ T8288] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 239.948546][ T8288] ? __pfx___mutex_lock+0x10/0x10 [ 239.948575][ T8288] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 239.948629][ T8288] nf_setsockopt+0x26f/0x290 [ 239.948662][ T8288] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 239.948687][ T8288] do_sock_setsockopt+0x257/0x3e0 [ 239.948717][ T8288] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 239.948748][ T8288] ? __fget_files+0x2a/0x420 [ 239.948785][ T8288] __x64_sys_setsockopt+0x18b/0x220 [ 239.948819][ T8288] do_syscall_64+0xfa/0x3b0 [ 239.948838][ T8288] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.948870][ T8288] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.948892][ T8288] ? clear_bhb_loop+0x60/0xb0 [ 239.948919][ T8288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.948939][ T8288] RIP: 0033:0x7f358c38e929 [ 239.948968][ T8288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.948987][ T8288] RSP: 002b:00007f358d286038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 239.949009][ T8288] RAX: ffffffffffffffda RBX: 00007f358c5b5fa0 RCX: 00007f358c38e929 [ 239.949025][ T8288] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 239.949039][ T8288] RBP: 00007f358c410b39 R08: 0000000000000268 R09: 0000000000000000 [ 239.949053][ T8288] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.949067][ T8288] R13: 0000000000000000 R14: 00007f358c5b5fa0 R15: 00007fff79e94628 [ 239.949099][ T8288] [ 239.949113][ T8288] Mem-Info: [ 239.949848][ T44] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 240.278522][ T8288] active_anon:1217 inactive_anon:5709 isolated_anon:0 [ 240.278522][ T8288] active_file:6264 inactive_file:45655 isolated_file:0 [ 240.278522][ T8288] unevictable:768 dirty:294 writeback:0 [ 240.278522][ T8288] slab_reclaimable:11152 slab_unreclaimable:102311 [ 240.278522][ T8288] mapped:30191 shmem:2325 pagetables:1243 [ 240.278522][ T8288] sec_pagetables:0 bounce:0 [ 240.278522][ T8288] kernel_misc_reclaimable:0 [ 240.278522][ T8288] free:1303919 free_pcp:23716 free_cma:0 [ 240.336885][ T8288] Node 0 active_anon:3268kB inactive_anon:23036kB active_file:24856kB inactive_file:182620kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120764kB dirty:1172kB writeback:0kB shmem:6164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12348kB pagetables:4948kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 240.378044][ T8288] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 240.416966][ T8288] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 240.483469][ T8288] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 240.517010][ T8288] Node 0 DMA32 free:1295888kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1364kB inactive_anon:23096kB active_file:23080kB inactive_file:182552kB unevictable:1536kB writepending:1172kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:72260kB local_pcp:46832kB free_cma:0kB [ 240.599100][ T8288] lowmem_reserve[]: 0 0 1 1 1 [ 240.625705][ T8288] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1776kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 240.646001][ T44] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 240.724203][ T8288] lowmem_reserve[]: 0 [ 240.724255][ T44] usb 1-1: Product: syz [ 240.756980][ T44] usb 1-1: Manufacturer: syz [ 240.766786][ T44] usb 1-1: SerialNumber: syz [ 240.783311][ T8288] 0 0 0 0 [ 240.786461][ T8288] Node 1 Normal free:3900332kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21664kB local_pcp:13248kB free_cma:0kB [ 240.793892][ T44] usb 1-1: config 0 descriptor?? [ 240.841643][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 240.858117][ T8288] lowmem_reserve[]: 0 0 0 0 0 [ 240.863112][ T8288] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 240.894694][ T8288] Node 0 DMA32: 526*4kB (UM) 287*8kB (UM) 247*16kB (UME) 236*32kB (UM) 135*64kB (UME) 20*128kB (UME) 14*256kB (M) 5*512kB (UM) 5*1024kB (UM) 7*2048kB (UME) 306*4096kB (M) = 1306080kB [ 241.014194][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 241.032546][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.147785][ T8288] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB [ 241.147970][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 90 seconds [ 241.147981][ T8288] 0*2048kB 0*4096kB = 8kB [ 241.210897][ T9] usb 2-1: config 0 descriptor?? [ 241.220088][ T9] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 241.256811][ T8288] Node 1 Normal: 177*4kB (UME) 49*8kB (UME) 46*16kB (UME) 124*32kB (UME) 38*64kB (UME) 5*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3900332kB [ 241.300070][ T10] usb 1-1: USB disconnect, device number 11 [ 241.309570][ T8288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 241.359894][ T8288] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 241.393942][ T8288] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 241.451078][ T8288] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 241.480318][ T8288] 53332 total pagecache pages [ 241.489614][ T8288] 0 pages in swap cache [ 241.502015][ T8288] Free swap = 124988kB [ 241.511328][ T8288] Total swap = 124996kB [ 241.523081][ T8288] 2097051 pages RAM [ 241.532361][ T8288] 0 pages HighMem/MovableOnly [ 241.539299][ T8329] netlink: 36 bytes leftover after parsing attributes in process `syz.3.631'. [ 241.567125][ T8288] 424572 pages reserved [ 241.572881][ T8288] 0 pages cma reserved [ 242.286758][ T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 242.447220][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 242.466318][ T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 242.485388][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.505756][ T10] usb 6-1: Product: syz [ 242.516891][ T10] usb 6-1: Manufacturer: syz [ 242.526757][ T10] usb 6-1: SerialNumber: syz [ 242.552813][ T10] usb 6-1: config 0 descriptor?? [ 242.575018][ T5834] Bluetooth: hci2: unexpected event for opcode 0x200f [ 242.720214][ T8349] kvm: pic: non byte write [ 242.776946][ T10] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 242.845794][ T9] gspca_stv06xx: I2C: Read error writing address: -71 [ 242.873521][ T9] usb 2-1: USB disconnect, device number 10 [ 243.407138][ T10] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 243.444146][ T10] usb 6-1: USB disconnect, device number 9 [ 243.682432][ T8364] Invalid logical block size (201) [ 244.424990][ T8378] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.578885][ T5834] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 246.588234][ T5834] Bluetooth: hci2: Injecting HCI hardware error event [ 246.597529][ T5833] Bluetooth: hci2: hardware error 0x00 [ 247.078528][ T8415] netlink: 36 bytes leftover after parsing attributes in process `syz.5.661'. [ 247.126856][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.5.661'. [ 247.224432][ T8415] netlink: 36 bytes leftover after parsing attributes in process `syz.5.661'. [ 247.335446][ T8415] netlink: 36 bytes leftover after parsing attributes in process `syz.5.661'. [ 247.736428][ T30] audit: type=1326 audit(1749854039.281:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 247.864782][ T30] audit: type=1326 audit(1749854039.281:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 247.927841][ T30] audit: type=1326 audit(1749854039.281:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 247.950719][ T30] audit: type=1326 audit(1749854039.281:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 247.983540][ T30] audit: type=1326 audit(1749854039.281:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.023210][ T30] audit: type=1326 audit(1749854039.311:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.050822][ T30] audit: type=1326 audit(1749854039.311:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.078442][ T30] audit: type=1326 audit(1749854039.311:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.111111][ T30] audit: type=1326 audit(1749854039.321:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.133356][ T30] audit: type=1326 audit(1749854039.321:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8417 comm="syz.3.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083678e929 code=0x7ffc0000 [ 248.438264][ T8430] netlink: 104 bytes leftover after parsing attributes in process `syz.1.667'. [ 248.810396][ T5833] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 249.225656][ T8442] overlayfs: failed to clone upperpath [ 250.936912][ T5194] udevd[5194]: worker [6297] /devices/virtual/block/nbd0 is taking a long time [ 253.331534][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 253.331551][ T30] audit: type=1804 audit(1749854044.881:237): pid=8489 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.686" name="bus" dev="ramfs" ino=19141 res=1 errno=0 [ 253.359807][ T30] audit: type=1804 audit(1749854044.901:238): pid=8489 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.686" name="bus" dev="ramfs" ino=19141 res=1 errno=0 [ 254.716311][ T8506] netlink: 24 bytes leftover after parsing attributes in process `syz.5.691'. [ 256.135953][ T8537] overlayfs: failed to clone upperpath [ 256.516849][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 256.686792][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 256.695111][ T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 256.705181][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.719183][ T9] usb 2-1: config 0 descriptor?? [ 259.401560][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 259.425209][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 259.456420][ T9] asix 2-1:0.0: probe with driver asix failed with error -71 [ 259.576012][ T9] usb 2-1: USB disconnect, device number 11 [ 259.922105][ T8575] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 259.927328][ T30] audit: type=1804 audit(1749854051.471:239): pid=8575 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.715" name="/newroot/138/file0" dev="tmpfs" ino=782 res=1 errno=0 [ 259.931114][ T8575] ref_ctr increment failed for inode: 0x30e offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802fc54980 [ 260.367073][ T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 260.563967][ T9] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 260.573321][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.603127][ T9] usb 6-1: config 0 descriptor?? [ 260.846920][ T9] udl 6-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 260.865740][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 260.907942][ T9] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 260.924270][ T9] [drm] Initialized udl on minor 2 [ 260.946864][ T9] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 260.981543][ T9] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 260.989769][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.997423][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.138540][ T977] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 261.193563][ T9] usb 6-1: USB disconnect, device number 10 [ 261.592711][ T977] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 262.217648][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 262.255987][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 262.264929][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 262.275090][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 262.282930][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 263.245842][ T8610] chnl_net:caif_netlink_parms(): no params data found [ 263.841240][ T8610] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.930026][ T8610] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.065874][ T8610] bridge_slave_0: entered allmulticast mode [ 264.248291][ T8610] bridge_slave_0: entered promiscuous mode [ 264.348012][ T5834] Bluetooth: hci5: command tx timeout [ 264.736208][ T8610] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.743616][ T8610] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.758993][ T8610] bridge_slave_1: entered allmulticast mode [ 264.769993][ T8610] bridge_slave_1: entered promiscuous mode [ 265.002743][ T8645] ======================================================= [ 265.002743][ T8645] WARNING: The mand mount option has been deprecated and [ 265.002743][ T8645] and is ignored by this kernel. Remove the mand [ 265.002743][ T8645] option from the mount to silence this warning. [ 265.002743][ T8645] ======================================================= [ 265.052907][ T8645] overlayfs: failed to resolve './bus': -2 [ 265.134797][ T8610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.233591][ T8610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.640929][ T8610] team0: Port device team_slave_0 added [ 265.674054][ T8610] team0: Port device team_slave_1 added [ 265.906468][ T8610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 265.932148][ T8610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 265.969147][ T5833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 265.986991][ T8610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.003838][ T5833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 266.023432][ T5833] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 266.033858][ T5833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 266.075600][ T5833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 266.192275][ T8610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.224321][ T8610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.260031][ T8610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.383705][ T8658] tipc: Started in network mode [ 266.393497][ T8658] tipc: Node identity 4, cluster identity 4711 [ 266.403883][ T8658] tipc: Node number set to 4 [ 266.432956][ T5833] Bluetooth: hci5: command tx timeout [ 266.443304][ T12] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.578318][ T8661] netlink: 'syz.5.746': attribute type 1 has an invalid length. [ 266.649829][ T8610] hsr_slave_0: entered promiscuous mode [ 266.679369][ T8610] hsr_slave_1: entered promiscuous mode [ 266.688321][ T8610] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 266.696002][ T8610] Cannot create hsr debugfs directory [ 266.798029][ T12] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.837115][ T8666] veth5: entered promiscuous mode [ 266.845755][ T8666] bond1: (slave veth5): Enslaving as a backup interface with a down link [ 266.983924][ T12] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.101633][ T12] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.283324][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.293365][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.306085][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.316137][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.326195][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.336247][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.349641][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.362535][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.372727][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 267.383083][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.5.751'. [ 268.176849][ T5833] Bluetooth: hci6: command tx timeout [ 268.178203][ T5829] Bluetooth: hci3: command 0x0405 tx timeout [ 268.496734][ T5829] Bluetooth: hci5: command tx timeout [ 269.864237][ T12] bridge_slave_1: left allmulticast mode [ 269.894289][ T12] bridge_slave_1: left promiscuous mode [ 269.924800][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.039387][ T12] bridge_slave_0: left allmulticast mode [ 270.066420][ T12] bridge_slave_0: left promiscuous mode [ 270.085418][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.267032][ T5834] Bluetooth: hci6: command tx timeout [ 270.628596][ T5834] Bluetooth: hci5: command tx timeout [ 271.218520][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 120 seconds [ 272.346920][ T5834] Bluetooth: hci6: command tx timeout [ 272.409084][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 272.538109][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 272.588766][ T12] bond0 (unregistering): Released all slaves [ 272.651994][ T8653] chnl_net:caif_netlink_parms(): no params data found [ 272.761981][ T8610] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 272.837724][ T8610] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 273.001595][ T8610] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 273.054447][ T8610] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 273.287526][ T8767] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 273.315948][ T8767] CIFS: Unable to determine destination address [ 273.885210][ T30] audit: type=1326 audit(1749854193.434:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8769 comm="syz.5.771" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f887a18e929 code=0x0 [ 273.940808][ T8653] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.966953][ T8653] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.996869][ T8653] bridge_slave_0: entered allmulticast mode [ 274.028783][ T8653] bridge_slave_0: entered promiscuous mode [ 274.108855][ T12] hsr_slave_0: left promiscuous mode [ 274.132819][ T12] hsr_slave_1: left promiscuous mode [ 274.148787][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.156453][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.193921][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.215277][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.301146][ T12] veth1_macvtap: left promiscuous mode [ 274.324837][ T12] veth0_macvtap: left promiscuous mode [ 274.338539][ T12] veth1_vlan: left promiscuous mode [ 274.344576][ T12] veth0_vlan: left promiscuous mode [ 274.416935][ T5834] Bluetooth: hci6: command tx timeout [ 275.603403][ T12] team0 (unregistering): Port device team_slave_1 removed [ 275.668030][ T12] team0 (unregistering): Port device team_slave_0 removed [ 278.286705][ T30] audit: type=1804 audit(1749854197.834:241): pid=8819 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.780" name="bus" dev="ramfs" ino=20418 res=1 errno=0 [ 278.287659][ T8653] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.347505][ T8653] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.355267][ T30] audit: type=1804 audit(1749854197.864:242): pid=8819 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.780" name="bus" dev="ramfs" ino=20418 res=1 errno=0 [ 278.357037][ T8653] bridge_slave_1: entered allmulticast mode [ 278.394335][ T8653] bridge_slave_1: entered promiscuous mode [ 278.746239][ T8653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.833994][ T8653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.107013][ T8653] team0: Port device team_slave_0 added [ 279.153775][ T8653] team0: Port device team_slave_1 added [ 279.311272][ T8653] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.340910][ T8653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.367690][ T8653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.478789][ T8653] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.487417][ T8653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.514023][ T8653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.654628][ T8653] hsr_slave_0: entered promiscuous mode [ 279.668246][ T8653] hsr_slave_1: entered promiscuous mode [ 279.674760][ T8653] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 279.683145][ T8653] Cannot create hsr debugfs directory [ 279.756228][ T8610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.144403][ T8610] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.020106][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.027384][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.044372][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.051727][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.429564][ T8610] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 281.631311][ T8653] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 281.841307][ T8653] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 281.957827][ T8653] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 282.021783][ T8653] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 282.360529][ T8610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 282.831871][ T8653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.114646][ T8653] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.150327][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.157681][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.237634][ T3503] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.244860][ T3503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.343494][ T8653] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 283.407804][ T8653] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 283.556851][ T8917] __nla_validate_parse: 23 callbacks suppressed [ 283.556872][ T8917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.803'. [ 283.619181][ T8917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.803'. [ 283.628080][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.804'. [ 284.401813][ T8610] veth0_vlan: entered promiscuous mode [ 284.442027][ T8610] veth1_vlan: entered promiscuous mode [ 284.624891][ T8610] veth0_macvtap: entered promiscuous mode [ 284.714881][ T8610] veth1_macvtap: entered promiscuous mode [ 284.800365][ T8653] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.915009][ T8610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.964821][ T8610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.040010][ T8610] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.115528][ T8610] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.155274][ T8610] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.200836][ T8610] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.156384][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.220824][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.727858][ T3503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.789165][ T3503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.137141][ T8653] veth0_vlan: entered promiscuous mode [ 288.192636][ T8653] veth1_vlan: entered promiscuous mode [ 288.228119][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 1 < 9 [ 288.238629][ T5834] Bluetooth: hci1: ACL packet for unknown connection handle 2845 [ 288.448714][ T8653] veth0_macvtap: entered promiscuous mode [ 288.515988][ T8653] veth1_macvtap: entered promiscuous mode [ 288.633261][ T8653] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.677699][ T8653] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.798433][ T8653] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.852330][ T8653] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.875969][ T8653] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.898780][ T8653] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.390810][ T6371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.431696][ T6371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.539369][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.560580][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.763471][ T9014] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 292.993457][ T9056] create_pit_timer: 17 callbacks suppressed [ 292.993480][ T9056] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 293.188109][ T9063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.834'. [ 295.547125][ T9085] netlink: 104 bytes leftover after parsing attributes in process `syz.5.840'. [ 296.624878][ T9098] netlink: 'syz.5.845': attribute type 4 has an invalid length. [ 298.907444][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 299.227495][ T30] audit: type=1326 audit(1749854218.784:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9135 comm="syz.5.858" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f887a18e929 code=0x0 [ 299.323651][ T9141] netlink: 104 bytes leftover after parsing attributes in process `syz.3.856'. [ 301.372781][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 150 seconds [ 302.251820][ T9202] veth1_to_bridge: entered promiscuous mode [ 302.276052][ T9202] veth1_to_bridge: entered allmulticast mode [ 303.147966][ T3536] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.687672][ T9228] ALSA: mixer_oss: invalid OSS volume '' [ 306.630909][ T9257] netlink: 'syz.5.892': attribute type 9 has an invalid length. [ 306.639330][ T9257] netlink: 'syz.5.892': attribute type 6 has an invalid length. [ 306.861925][ T9270] netlink: 'syz.5.894': attribute type 1 has an invalid length. [ 307.008470][ T9274] bond2: entered promiscuous mode [ 307.013601][ T9274] bond2: entered allmulticast mode [ 307.323426][ T9274] 8021q: adding VLAN 0 to HW filter on device bond2 [ 307.459695][ T66] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 307.478293][ T9270] ip6gretap1: entered promiscuous mode [ 307.488704][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 307.546927][ T9270] ip6gretap1: entered allmulticast mode [ 307.553481][ T9270] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 307.600533][ T992] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 307.682240][ T10] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 307.716274][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.753297][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.786716][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 307.842249][ T10] usb 7-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 307.871868][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.085089][ T10] usb 7-1: config 0 descriptor?? [ 309.557464][ T10] usbhid 7-1:0.0: can't add hid device: -71 [ 309.571206][ T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 309.617779][ T10] usb 7-1: USB disconnect, device number 2 [ 310.653403][ T9329] trusted_key: syz.1.908 sent an empty control message without MSG_MORE. [ 311.031588][ T9333] netlink: 'syz.6.909': attribute type 1 has an invalid length. [ 311.165013][ T9335] netlink: 28 bytes leftover after parsing attributes in process `syz.6.909'. [ 311.205915][ T9333] bond1 (unregistering): Released all slaves [ 311.313384][ T9338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.911'. [ 311.516735][ T5897] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 311.589412][ T9343] netlink: 20 bytes leftover after parsing attributes in process `syz.3.912'. [ 311.694623][ T5897] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 311.726948][ T5897] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.738836][ T5897] usb 8-1: Product: syz [ 311.943396][ T5897] usb 8-1: Manufacturer: syz [ 311.958181][ T5897] usb 8-1: SerialNumber: syz [ 311.969010][ T5897] usb 8-1: config 0 descriptor?? [ 312.843116][ T5897] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 313.607665][ T9338] team0 (unregistering): Port device team_slave_0 removed [ 313.689691][ T9338] team0 (unregistering): Port device team_slave_1 removed [ 313.778842][ T9343] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.787010][ T9343] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.613583][ T9370] netlink: 24 bytes leftover after parsing attributes in process `syz.1.919'. [ 315.188993][ T5897] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 315.211835][ T5897] usb 8-1: USB disconnect, device number 2 [ 321.902492][ T977] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 322.116903][ T977] usb 8-1: Using ep0 maxpacket: 16 [ 322.134550][ T977] usb 8-1: config 0 has an invalid interface number: 180 but max is 0 [ 322.156736][ T977] usb 8-1: config 0 has no interface number 0 [ 322.183995][ T977] usb 8-1: config 0 interface 180 has no altsetting 0 [ 322.202223][ T9459] netlink: 12 bytes leftover after parsing attributes in process `syz.1.939'. [ 322.246874][ T977] usb 8-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f [ 322.276659][ T977] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.330757][ T977] usb 8-1: Product: syz [ 322.366704][ T977] usb 8-1: Manufacturer: syz [ 322.385996][ T977] usb 8-1: SerialNumber: syz [ 322.421837][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.428610][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.451752][ T9466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.939'. [ 322.453756][ T9459] bond2: entered promiscuous mode [ 322.468381][ T977] usb 8-1: config 0 descriptor?? [ 322.539262][ T9466] bond2: left promiscuous mode [ 322.807368][ T9466] 8021q: adding VLAN 0 to HW filter on device bond2 [ 322.862704][ T977] viperboard 8-1:0.180: version 0.00 found at bus 008 address 003 [ 323.040250][ T9464] bond2: (slave team_slave_1): Enslaving as an active interface with an up link [ 323.737236][ T7217] usb 8-1: USB disconnect, device number 3 [ 323.916168][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.5.943'. [ 323.978878][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.5.943'. [ 324.225349][ T9484] syzkaller0: entered promiscuous mode [ 324.241238][ T9484] syzkaller0: entered allmulticast mode [ 324.672098][ T9478] erspan0: entered promiscuous mode [ 325.048293][ T9478] gretap0: entered promiscuous mode [ 325.301005][ T9489] capability: warning: `syz.7.946' uses deprecated v2 capabilities in a way that may be insecure [ 327.059159][ T9511] uprobe: syz.1.953:9511 failed to unregister, leaking uprobe [ 327.456790][ T30] audit: type=1800 audit(1749854247.004:244): pid=9520 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.957" name="/" dev="9p" ino=2 res=0 errno=0 [ 330.359931][ T9557] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 331.618358][ T9548] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.792454][ T9548] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.925162][ T9548] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.018687][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 180 seconds [ 332.065785][ T9548] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.198576][ T9548] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.215445][ T9548] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.231938][ T9548] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.247412][ T9548] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.441368][ T30] audit: type=1800 audit(1749854251.994:245): pid=9587 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.978" name="/" dev="9p" ino=2 res=0 errno=0 [ 332.475116][ T9590] xt_CT: You must specify a L4 protocol and not use inversions on it [ 334.745969][ T9624] binder: BINDER_SET_CONTEXT_MGR already set [ 334.765761][ T9624] binder: 9623:9624 ioctl 4018620d 200000000040 returned -16 [ 334.776194][ T9624] binder: 9623:9624 ioctl c0306201 200000000c00 returned -14 [ 335.246092][ T9631] netlink: 'syz.6.988': attribute type 7 has an invalid length. [ 335.260846][ T9631] : entered promiscuous mode [ 335.466849][ T977] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 335.617045][ T977] usb 6-1: Using ep0 maxpacket: 8 [ 335.635175][ T977] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 335.715549][ T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.786953][ T977] usb 6-1: Product: syz [ 335.846707][ T977] usb 6-1: Manufacturer: syz [ 335.863758][ T977] usb 6-1: SerialNumber: syz [ 335.950391][ T977] usb 6-1: config 0 descriptor?? [ 336.584214][ T977] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 337.667015][ T980] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 337.836999][ T980] usb 2-1: Using ep0 maxpacket: 16 [ 337.883111][ T980] usb 2-1: config 5 has an invalid interface number: 168 but max is 0 [ 337.927324][ T980] usb 2-1: config 5 has no interface number 0 [ 337.949607][ T980] usb 2-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 338.012971][ T980] usb 2-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024 [ 338.029797][ T977] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 338.053729][ T980] usb 2-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023 [ 338.070407][ T977] usb 6-1: USB disconnect, device number 11 [ 338.094566][ T980] usb 2-1: config 5 interface 168 has no altsetting 0 [ 338.128377][ T980] usb 2-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 338.156943][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.184022][ T980] usb 2-1: Product: syz [ 338.215238][ T980] usb 2-1: Manufacturer: syz [ 338.230137][ T980] usb 2-1: SerialNumber: syz [ 338.281293][ T9676] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 338.322202][ T9676] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 340.664807][ C1] usb 2-1: NFC: Urb failure (status -71) [ 340.677737][ C1] usb 2-1: NFC: Urb failure (status -71) [ 340.687480][ T980] usb 2-1: NFC: Unable to get FW version [ 340.694931][ T980] pn533_usb 2-1:5.168: probe with driver pn533_usb failed with error -71 [ 340.720202][ T980] usb 2-1: USB disconnect, device number 12 [ 341.996059][ T9722] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.146432][ T9722] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.354803][ T9722] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.475508][ T9722] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.799907][ T9722] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.933344][ T9722] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.091299][ T9722] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.237708][ T9722] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.271888][ T9755] overlayfs: failed to clone upperpath [ 344.591031][ T9763] syzkaller0: entered promiscuous mode [ 344.613942][ T9763] syzkaller0: entered allmulticast mode [ 346.098161][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 346.876971][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 346.887625][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 346.897807][ T9] usb 2-1: config 1 has an invalid interface number: 206 but max is 0 [ 346.906361][ T9] usb 2-1: config 1 has no interface number 0 [ 346.976454][ T9] usb 2-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a [ 347.799402][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.815835][ T9] usb 2-1: Product: syz [ 347.832281][ T9] usb 2-1: Manufacturer: syz [ 347.837500][ T9] usb 2-1: SerialNumber: syz [ 347.925949][ T9800] overlayfs: failed to clone upperpath [ 347.988106][ T9803] binder: 9801:9803 ioctl c0306201 2000000026c0 returned -14 [ 348.107460][ T9779] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1024'. [ 348.216548][ T9779] gretap0: entered promiscuous mode [ 348.365802][ T9] usb 2-1: USB disconnect, device number 13 [ 349.250384][ T9820] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1035'. [ 350.046980][ T977] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 350.209920][ T977] usb 8-1: Using ep0 maxpacket: 8 [ 350.231442][ T977] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 350.262261][ T977] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 350.289626][ T977] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 350.315310][ T977] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 350.350148][ T977] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 350.367763][ T977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.539677][ T30] audit: type=1326 audit(1749854270.094:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9856 comm="syz.5.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887a18e929 code=0x7fc00000 [ 350.606292][ T977] usb 8-1: GET_CAPABILITIES returned 0 [ 350.615047][ T977] usbtmc 8-1:16.0: can't read capabilities [ 350.814846][ T44] usb 8-1: USB disconnect, device number 4 [ 351.390923][ T30] audit: type=1326 audit(1749854270.944:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9856 comm="syz.5.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f887a12ab19 code=0x7fc00000 [ 351.416896][ T30] audit: type=1326 audit(1749854270.944:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9856 comm="syz.5.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f887a12abdf code=0x7fc00000 [ 351.439002][ T30] audit: type=1326 audit(1749854270.944:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9856 comm="syz.5.1045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f887a18e929 code=0x7fc00000 [ 354.604015][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 354.786721][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 354.808394][ T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 354.866833][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.893742][ T9] usb 2-1: config 0 descriptor?? [ 355.223535][ T9933] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1070'. [ 356.020591][ T30] audit: type=1400 audit(1749854275.574:250): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=9946 comm="syz.3.1075" [ 356.173195][ T9950] overlayfs: failed to clone upperpath [ 356.246777][ T977] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 356.406705][ T977] usb 8-1: Using ep0 maxpacket: 16 [ 356.424523][ T977] usb 8-1: config 0 has an invalid interface number: 214 but max is 0 [ 356.433603][ T977] usb 8-1: config 0 has no interface number 0 [ 356.456769][ T977] usb 8-1: config 0 interface 214 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 356.499476][ T977] usb 8-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f2 [ 356.530024][ T977] usb 8-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3 [ 356.540120][ T977] usb 8-1: Product: syz [ 356.565729][ T977] usb 8-1: Manufacturer: syz [ 356.575946][ T977] usb 8-1: SerialNumber: syz [ 356.644056][ T977] usb 8-1: config 0 descriptor?? [ 357.129142][ T9969] syzkaller0: entered promiscuous mode [ 357.142896][ T9969] syzkaller0: entered allmulticast mode [ 357.154493][ T37] syzkaller0: tun_net_xmit 48 [ 357.184443][ T9974] fuse: Bad value for 'fd' [ 357.221921][ T9969] syzkaller0: create flow: hash 4207181514 index 1 [ 357.302075][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 357.323952][ T9] asix 2-1:0.0: probe with driver asix failed with error -71 [ 357.364333][ T9] usb 2-1: USB disconnect, device number 14 [ 357.415032][ T9968] syzkaller0: delete flow: hash 4207181514 index 1 [ 358.332735][T10000] netlink: 'syz.6.1097': attribute type 1 has an invalid length. [ 358.340961][T10000] netlink: 'syz.6.1097': attribute type 2 has an invalid length. [ 358.349259][T10000] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1097'. [ 359.127790][ T5896] usb 8-1: USB disconnect, device number 5 [ 359.513262][T10008] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 359.521040][T10008] IPv6: NLM_F_CREATE should be set when creating new route [ 359.968338][T10014] sctp: [Deprecated]: syz.6.1102 (pid 10014) Use of int in maxseg socket option. [ 359.968338][T10014] Use struct sctp_assoc_value instead [ 361.842094][T10008] lo: entered allmulticast mode [ 361.860952][T10008] tunl0: entered allmulticast mode [ 361.872442][T10008] gre0: entered allmulticast mode [ 361.891572][T10008] gretap0: left promiscuous mode [ 361.901208][T10008] gretap0: entered allmulticast mode [ 361.929010][T10008] erspan0: entered allmulticast mode [ 361.943129][T10008] ip_vti0: entered allmulticast mode [ 361.970303][T10008] ip6_vti0: entered allmulticast mode [ 361.980667][T10008] sit0: entered allmulticast mode [ 361.998498][T10008] ip6tnl0: entered allmulticast mode [ 362.021200][T10008] ip6gre0: entered allmulticast mode [ 362.033749][T10008] ip6gretap0: entered allmulticast mode [ 362.044508][T10008] vcan0: entered allmulticast mode [ 362.055329][T10008] bond0: entered allmulticast mode [ 362.062370][T10008] bond_slave_0: entered allmulticast mode [ 362.070306][T10008] bond_slave_1: entered allmulticast mode [ 362.084374][T10008] dummy0: entered allmulticast mode [ 362.110434][T10008] nlmon0: entered allmulticast mode [ 362.129086][T10008] caif0: entered allmulticast mode [ 362.147621][T10008] batadv0: entered allmulticast mode [ 362.185786][T10008] vxcan0: entered allmulticast mode [ 362.199532][T10008] vxcan1: entered allmulticast mode [ 362.217334][T10008] veth0: entered allmulticast mode [ 362.234649][T10008] veth1: entered allmulticast mode [ 362.247242][ T6219] block nbd0: Possible stuck request ffff8880253c0000: control (read@0,4096B). Runtime 210 seconds [ 362.297532][T10008] wg1: entered allmulticast mode [ 362.320437][T10008] wg2: entered allmulticast mode [ 362.329346][T10008] veth0_to_bridge: entered allmulticast mode [ 362.346677][T10008] bridge_slave_0: entered allmulticast mode [ 362.463865][T10008] veth1_to_bridge: entered allmulticast mode [ 362.659569][T10008] bridge_slave_1: entered allmulticast mode [ 362.827257][ T5194] udevd[5194]: worker [6297] /devices/virtual/block/nbd0 timeout; kill it [ 362.839567][T10008] veth0_to_bond: entered allmulticast mode [ 363.121052][T10008] veth1_to_bond: entered allmulticast mode [ 363.127263][ T5194] udevd[5194]: seq 11705 '/devices/virtual/block/nbd0' killed [ 363.251281][T10008] veth0_to_team: entered allmulticast mode [ 363.274118][T10008] team_slave_0: entered allmulticast mode [ 363.422260][T10008] veth1_to_team: entered allmulticast mode [ 363.450251][T10008] team_slave_1: entered allmulticast mode [ 363.460282][T10008] veth0_to_batadv: entered allmulticast mode [ 363.469930][T10008] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.483357][T10008] batadv_slave_0: entered allmulticast mode [ 363.515670][T10008] veth1_to_batadv: entered allmulticast mode [ 363.535091][T10008] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.563993][T10008] batadv_slave_1: entered allmulticast mode [ 363.577582][T10008] xfrm0: entered allmulticast mode [ 363.597531][T10008] veth0_to_hsr: entered allmulticast mode [ 363.628297][T10008] hsr_slave_0: entered allmulticast mode [ 363.636474][T10008] veth1_to_hsr: entered allmulticast mode [ 363.659877][T10008] hsr_slave_1: entered allmulticast mode [ 363.679559][T10008] hsr0: entered allmulticast mode [ 363.698984][T10008] veth1_virt_wifi: entered allmulticast mode [ 363.725631][T10008] veth0_virt_wifi: entered allmulticast mode [ 363.757766][T10008] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 363.766165][T10008] veth1_vlan: entered allmulticast mode [ 363.818076][T10008] veth0_vlan: entered allmulticast mode [ 363.852274][T10008] vlan0: entered allmulticast mode [ 363.872027][T10008] vlan1: entered allmulticast mode [ 363.882889][T10008] macvlan0: entered allmulticast mode [ 363.914503][T10008] macvlan1: entered allmulticast mode [ 363.927735][T10008] ipvlan0: entered allmulticast mode [ 363.933383][T10008] ipvlan1: entered allmulticast mode [ 363.965510][T10008] veth1_macvtap: entered allmulticast mode [ 363.988299][T10008] veth0_macvtap: entered allmulticast mode [ 364.011824][T10008] macvtap0: entered allmulticast mode [ 364.023391][T10008] macsec0: entered allmulticast mode [ 364.056388][T10008] geneve0: entered allmulticast mode [ 364.067188][T10008] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.075862][T10008] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.085385][T10008] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.094675][T10008] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.103897][T10008] geneve1: entered allmulticast mode [ 364.129366][T10008] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 364.150002][T10008] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 364.170261][T10008] bridge1: entered allmulticast mode [ 364.207052][T10008] ip6tnl1: entered allmulticast mode [ 364.222249][T10008] : entered allmulticast mode [ 364.228271][T10008] netdevsim netdevsim1 eth0: entered allmulticast mode [ 364.235353][T10008] netdevsim netdevsim1 eth1: entered allmulticast mode [ 364.243734][T10008] netdevsim netdevsim1 eth2: entered allmulticast mode [ 364.254140][T10008] netdevsim netdevsim1 eth3: entered allmulticast mode [ 364.262451][T10008] erspan1: entered allmulticast mode [ 364.277228][T10008] bridge0: entered allmulticast mode [ 364.290704][T10008] gre1: entered allmulticast mode [ 364.309877][T10008] bond2: entered allmulticast mode [ 364.334112][T10006] @: renamed from vlan0 (while UP) [ 364.916727][ T44] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 365.241703][ T44] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 365.271221][ T44] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 365.986935][ T44] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 366.000854][ T44] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 366.014035][ T44] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 366.040106][ T44] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 366.057962][ T44] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 366.066998][ T44] usb 6-1: Product: syz [ 366.077063][ T44] usb 6-1: Manufacturer: syz [ 366.110097][ T44] cdc_wdm 6-1:1.0: skipping garbage [ 366.115350][ T44] cdc_wdm 6-1:1.0: skipping garbage [ 366.229140][ T44] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 366.266998][ T44] cdc_wdm 6-1:1.0: Unknown control protocol [ 366.588401][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -EPIPE [ 366.605987][ T977] usb 6-1: USB disconnect, device number 12 [ 368.355107][ T30] audit: type=1326 audit(1749854287.894:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.466803][ T30] audit: type=1326 audit(1749854287.894:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.531709][ T30] audit: type=1326 audit(1749854287.904:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.592728][ T30] audit: type=1326 audit(1749854287.914:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.621872][ T30] audit: type=1326 audit(1749854287.914:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.741912][ T30] audit: type=1326 audit(1749854287.914:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.836770][ T30] audit: type=1326 audit(1749854287.914:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 368.864484][T10121] netlink: 'syz.7.1135': attribute type 4 has an invalid length. [ 369.162106][T10121] netlink: 'syz.7.1135': attribute type 4 has an invalid length. [ 369.211269][ T30] audit: type=1326 audit(1749854287.914:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 369.538616][ T30] audit: type=1326 audit(1749854287.954:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 369.563609][ T30] audit: type=1326 audit(1749854287.954:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10106 comm="syz.7.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f197db8e929 code=0x7ffc0000 [ 369.585299][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.473164][T10219] bridge: RTM_NEWNEIGH with invalid ether address [ 381.091247][T10242] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1173'. [ 381.148511][T10242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1173'. [ 381.340059][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 381.340080][ T30] audit: type=1400 audit(1749854300.894:270): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=10244 comm="syz.7.1174" dest=20002 [ 382.386789][T10257] netlink: 364 bytes leftover after parsing attributes in process `syz.1.1177'. [ 384.156137][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.162643][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.948240][ T5829] Bluetooth: hci5: command 0x0406 tx timeout [ 388.039927][T10312] overlayfs: failed to clone upperpath [ 389.676156][T10327] netlink: 'syz.5.1198': attribute type 4 has an invalid length. [ 389.729951][T10330] netlink: 'syz.5.1198': attribute type 4 has an invalid length. [ 389.786745][ T30] audit: type=1326 audit(1749854309.324:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.6.1196" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c65f8e929 code=0x0 [ 390.256878][ T31] INFO: task syz.0.657:8398 blocked for more than 143 seconds. [ 390.265771][ T31] Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 [ 390.290604][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 390.396682][T10340] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1200'. [ 390.406693][T10340] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1200'. [ 390.446823][ T31] task:syz.0.657 state:D stack:26976 pid:8398 tgid:8396 ppid:5820 task_flags:0x400140 flags:0x00004004 [ 390.906725][ T31] Call Trace: [ 390.910118][ T31] [ 390.913101][ T31] __schedule+0x16a2/0x4cb0 [ 390.995254][ T31] ? schedule+0x165/0x360 [ 391.063304][ T31] ? __pfx___schedule+0x10/0x10 [ 391.092378][ T31] ? schedule+0x91/0x360 [ 391.102649][ T31] schedule+0x165/0x360 [ 391.111827][ T31] schedule_preempt_disabled+0x13/0x30 [ 391.125389][ T31] __mutex_lock+0x724/0xe80 [ 391.156598][ T31] ? __mutex_lock+0x51b/0xe80 [ 391.161411][ T31] ? bdev_open+0xe0/0xd30 [ 391.165833][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 391.196836][ T31] ? __pfx_bd_prepare_to_claim+0x10/0x10 [ 391.202594][ T31] ? alloc_file_pseudo_noaccount+0x203/0x2c0 [ 391.239470][ T31] ? disk_block_events+0xab/0x120 [ 391.252303][ T31] ? bdev_open+0xbe/0xd30 [ 391.265509][ T31] bdev_open+0xe0/0xd30 [ 391.283985][ T31] bdev_file_open_by_dev+0x1be/0x240 [ 391.306185][ T31] setup_bdev_super+0x5a/0x5b0 [ 391.330456][ T31] get_tree_bdev_flags+0x366/0x4d0 [ 391.350112][ T31] ? __pfx_squashfs_fill_super+0x10/0x10 [ 391.373962][ T31] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 391.394693][ T31] ? __pfx_squashfs_get_tree+0x10/0x10 [ 391.411637][ T31] ? get_tree_bdev+0x12/0x30 [ 391.419993][ T31] ? __pfx_squashfs_fill_super+0x10/0x10 [ 391.439968][ T31] vfs_get_tree+0x92/0x2b0 [ 391.450831][ T31] do_new_mount+0x24a/0xa40 [ 391.465975][ T31] __se_sys_mount+0x317/0x410 [ 391.474553][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.492956][ T31] ? __pfx___se_sys_mount+0x10/0x10 [ 391.504527][ T31] ? __x64_sys_mount+0x20/0xc0 [ 391.514356][ T31] do_syscall_64+0xfa/0x3b0 [ 391.520914][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.535380][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.554945][ T31] ? clear_bhb_loop+0x60/0xb0 [ 391.561220][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.568245][ T31] RIP: 0033:0x7f5591f8e929 [ 391.573209][ T31] RSP: 002b:00007f5592dd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 391.586725][ T31] RAX: ffffffffffffffda RBX: 00007f55921b6080 RCX: 00007f5591f8e929 [ 391.609064][ T31] RDX: 0000200000000300 RSI: 0000200000000340 RDI: 0000200000000280 [ 391.621919][ T31] RBP: 00007f5592010b39 R08: 0000000000000000 R09: 0000000000000000 [ 391.641993][ T31] R10: 0000000001a0c000 R11: 0000000000000246 R12: 0000000000000000 [ 391.655730][ T31] R13: 0000000000000001 R14: 00007f55921b6080 R15: 00007ffc31389b58 [ 391.680703][ T31] [ 391.686197][ T31] [ 391.686197][ T31] Showing all locks held in the system: [ 391.793861][ T31] 1 lock held by khungtaskd/31: [ 391.809109][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 391.822619][ T31] 4 locks held by kworker/u8:4/66: [ 391.827961][ T31] 3 locks held by udevd/5194: [ 391.832827][ T31] 2 locks held by getty/5579: [ 391.837742][ T31] #0: ffff888030b070a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 391.847796][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 391.859062][ T31] 1 lock held by udevd/6297: [ 391.864685][ T31] #0: ffff888025330358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 391.895540][ T31] 2 locks held by syz.0.657/8398: [ 391.909850][ T31] #0: ffff88807ab0e0e0 (&type->s_umount_key#82/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 391.929509][ T31] #1: ffff888025330358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 391.939174][ T31] 2 locks held by syz.1.1199/10336: [ 391.954863][ T31] [ 391.957325][ T31] ============================================= [ 391.957325][ T31] [ 391.966352][ T31] NMI backtrace for cpu 0 [ 391.966371][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) [ 391.966397][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 391.966411][ T31] Call Trace: [ 391.966419][ T31] [ 391.966429][ T31] dump_stack_lvl+0x189/0x250 [ 391.966465][ T31] ? __wake_up_klogd+0xd9/0x110 [ 391.966492][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.966525][ T31] ? __pfx__printk+0x10/0x10 [ 391.966563][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 391.966595][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 391.966620][ T31] ? _printk+0xcf/0x120 [ 391.966646][ T31] ? __pfx__printk+0x10/0x10 [ 391.966671][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 391.966700][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 391.966730][ T31] watchdog+0xfee/0x1030 [ 391.966768][ T31] ? watchdog+0x1de/0x1030 [ 391.966803][ T31] kthread+0x70e/0x8a0 [ 391.966830][ T31] ? __pfx_watchdog+0x10/0x10 [ 391.966856][ T31] ? __pfx_kthread+0x10/0x10 [ 391.966880][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 391.966910][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.966941][ T31] ? __pfx_kthread+0x10/0x10 [ 391.966965][ T31] ret_from_fork+0x3fc/0x770 [ 391.966997][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 391.967033][ T31] ? __switch_to_asm+0x39/0x70 [ 391.967053][ T31] ? __switch_to_asm+0x33/0x70 [ 391.967071][ T31] ? __pfx_kthread+0x10/0x10 [ 391.967094][ T31] ret_from_fork_asm+0x1a/0x30 [ 391.967133][ T31] [ 392.120849][ T31] Sending NMI from CPU 0 to CPUs 1: [ 392.126126][ C1] NMI backtrace for cpu 1 [ 392.126144][ C1] CPU: 1 UID: 0 PID: 5897 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) [ 392.126168][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.126181][ C1] Workqueue: events free_obj_work [ 392.126214][ C1] RIP: 0010:check_preemption_disabled+0x17/0x120 [ 392.126237][ C1] Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 48 83 ec 10 65 48 8b 05 fe 7d 3a 07 48 89 44 24 08 <65> 8b 05 06 7e 3a 07 65 8b 0d fb 7d 3a 07 f7 c1 ff ff ff 7f 74 23 [ 392.126254][ C1] RSP: 0018:ffffc90004937400 EFLAGS: 00000086 [ 392.126269][ C1] RAX: fdf6794769f8da00 RBX: 0000000000000000 RCX: fdf6794769f8da00 [ 392.126283][ C1] RDX: 0000000000000000 RSI: ffffffff8db59cf2 RDI: ffffffff8be1b380 [ 392.126296][ C1] RBP: ffffffff81728de5 R08: 0000000000000000 R09: ffffffff81728de5 [ 392.126308][ C1] R10: ffffc900049375f8 R11: ffffffff81ace8a0 R12: 0000000000000002 [ 392.126322][ C1] R13: ffffffff8e13eda0 R14: 0000000000000000 R15: 0000000000000246 [ 392.126334][ C1] FS: 0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 392.126349][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 392.126361][ C1] CR2: 0000200000349030 CR3: 000000000df38000 CR4: 00000000003526f0 [ 392.126377][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 392.126388][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 392.126399][ C1] Call Trace: [ 392.126406][ C1] [ 392.126413][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126443][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126467][ C1] lock_acquire+0x130/0x360 [ 392.126494][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126519][ C1] ? __kasan_slab_free+0x62/0x70 [ 392.126544][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126571][ C1] unwind_next_frame+0xc2/0x2390 [ 392.126598][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126630][ C1] ? unwind_next_frame+0xa5/0x2390 [ 392.126659][ C1] ? kasan_save_free_info+0x46/0x50 [ 392.126693][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 392.126714][ C1] arch_stack_walk+0x11c/0x150 [ 392.126748][ C1] ? __kasan_slab_free+0x62/0x70 [ 392.126774][ C1] stack_trace_save+0x9c/0xe0 [ 392.126795][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 392.126822][ C1] kasan_save_track+0x3e/0x80 [ 392.126844][ C1] ? kasan_save_track+0x3e/0x80 [ 392.126864][ C1] ? kasan_save_free_info+0x46/0x50 [ 392.126892][ C1] ? __kasan_slab_free+0x62/0x70 [ 392.126940][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 392.126970][ C1] ? free_obj_work+0x342/0x480 [ 392.127014][ C1] kasan_save_free_info+0x46/0x50 [ 392.127041][ C1] __kasan_slab_free+0x62/0x70 [ 392.127061][ C1] kmem_cache_free+0x18f/0x400 [ 392.127085][ C1] free_obj_work+0x342/0x480 [ 392.127108][ C1] ? __pfx_free_obj_work+0x10/0x10 [ 392.127130][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 392.127154][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 392.127180][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 392.127206][ C1] process_scheduled_works+0xade/0x17b0 [ 392.127244][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.127277][ C1] worker_thread+0x8a0/0xda0 [ 392.127305][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 392.127334][ C1] ? __kthread_parkme+0x7b/0x200 [ 392.127365][ C1] kthread+0x70e/0x8a0 [ 392.127384][ C1] ? __pfx_worker_thread+0x10/0x10 [ 392.127410][ C1] ? __pfx_kthread+0x10/0x10 [ 392.127428][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 392.127452][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 392.127478][ C1] ? __pfx_kthread+0x10/0x10 [ 392.127496][ C1] ret_from_fork+0x3fc/0x770 [ 392.127521][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 392.127548][ C1] ? __switch_to_asm+0x39/0x70 [ 392.127565][ C1] ? __switch_to_asm+0x33/0x70 [ 392.127580][ C1] ? __pfx_kthread+0x10/0x10 [ 392.127599][ C1] ret_from_fork_asm+0x1a/0x30 [ 392.127623][ C1] [ 392.141809][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 392.141857][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) [ 392.141894][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.141912][ T31] Call Trace: [ 392.141924][ T31] [ 392.141938][ T31] dump_stack_lvl+0x99/0x250 [ 392.141984][ T31] ? __asan_memcpy+0x40/0x70 [ 392.142011][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.142048][ T31] ? __pfx__printk+0x10/0x10 [ 392.142090][ T31] panic+0x2db/0x790 [ 392.142132][ T31] ? __pfx_panic+0x10/0x10 [ 392.142167][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 392.142211][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 392.142248][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 392.142292][ T31] watchdog+0x102d/0x1030 [ 392.142328][ T31] ? watchdog+0x1de/0x1030 [ 392.142369][ T31] kthread+0x70e/0x8a0 [ 392.142401][ T31] ? __pfx_watchdog+0x10/0x10 [ 392.142431][ T31] ? __pfx_kthread+0x10/0x10 [ 392.142460][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 392.142495][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 392.142531][ T31] ? __pfx_kthread+0x10/0x10 [ 392.142559][ T31] ret_from_fork+0x3fc/0x770 [ 392.142597][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 392.142639][ T31] ? __switch_to_asm+0x39/0x70 [ 392.142661][ T31] ? __switch_to_asm+0x33/0x70 [ 392.142685][ T31] ? __pfx_kthread+0x10/0x10 [ 392.142713][ T31] ret_from_fork_asm+0x1a/0x30 [ 392.142770][ T31] [ 392.659773][ T31] Kernel Offset: disabled [ 392.664121][ T31] Rebooting in 86400 seconds..