last executing test programs: 11m46.335091265s ago: executing program 2 (id=913): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4001}, 0x20000850) 11m46.173455251s ago: executing program 2 (id=914): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) 11m46.100721023s ago: executing program 2 (id=916): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0003}]}) setresuid(0x0, 0x0, 0xee00) 11m43.586883617s ago: executing program 2 (id=927): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 11m42.585183313s ago: executing program 2 (id=932): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x40900, 0x0) r1 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x0, 0xffffffff}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) 11m42.342815435s ago: executing program 2 (id=936): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) ppoll(&(0x7f0000000000)=[{r1, 0x205}], 0x1, 0x0, 0x0, 0x0) 11m41.940492877s ago: executing program 32 (id=936): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) ppoll(&(0x7f0000000000)=[{r1, 0x205}], 0x1, 0x0, 0x0, 0x0) 6m57.410523648s ago: executing program 4 (id=3591): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/59, 0x232000, 0x1000}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xa, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) 6m56.336208428s ago: executing program 4 (id=3596): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setsig(r0, 0xa, 0x21) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 6m55.23817764s ago: executing program 4 (id=3598): r0 = msgget$private(0x0, 0x1c0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0) msgsnd(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="020000"], 0x2a, 0x0) msgsnd(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 6m54.9686247s ago: executing program 4 (id=3600): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) chroot(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00') 6m54.839741186s ago: executing program 4 (id=3601): r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2) 6m54.491623437s ago: executing program 4 (id=3605): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10) 6m54.254970257s ago: executing program 33 (id=3605): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10) 4m49.645057826s ago: executing program 6 (id=4705): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008e04"]) 4m49.143029547s ago: executing program 6 (id=4709): r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0) pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x1e) r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r0) keyctl$KEYCTL_MOVE(0x1e, r3, r0, r1, 0x0) 4m48.92766962s ago: executing program 6 (id=4711): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') 4m46.377055591s ago: executing program 6 (id=4727): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) umount2(&(0x7f0000000200)='./file0/../file0/../file0/../file0\x00', 0x1) 4m46.223772046s ago: executing program 6 (id=4730): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) 4m45.903486301s ago: executing program 6 (id=4735): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 4m45.547736853s ago: executing program 34 (id=4735): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 2m19.96285093s ago: executing program 7 (id=5974): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSUSAGE(r1, 0x4018480c, 0x0) ioctl$HIDIOCGSTRING(r1, 0x81044804, 0x0) 2m16.783485993s ago: executing program 7 (id=6011): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) write$cgroup_pressure(r1, &(0x7f0000000040)={'some', 0x20, 0x2, 0x20, 0xeeb5}, 0x2f) splice(r0, 0x0, r2, 0x0, 0x8, 0x0) 2m16.608530776s ago: executing program 7 (id=6013): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000440)={0x0, 0x9}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8) 2m16.35235977s ago: executing program 7 (id=6014): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='\x00', 0x9901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x8) 2m16.235294661s ago: executing program 7 (id=6016): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="05000003", @ANYRES32=0x0], 0x1c}}, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0) 2m16.011575658s ago: executing program 7 (id=6018): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x2000000, 0xffffffff, 0x80000001, 0x0, 0x2, 0x4000000, 0xd, 0x20000}) 2m15.332814606s ago: executing program 35 (id=6018): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x2000000, 0xffffffff, 0x80000001, 0x0, 0x2, 0x4000000, 0xd, 0x20000}) 23.167454684s ago: executing program 0 (id=6878): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x3, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 22.989284554s ago: executing program 0 (id=6880): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x11, &(0x7f0000000180)=0x7ff, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) sendto$packet(r0, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 22.660446273s ago: executing program 0 (id=6883): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0x10}], 0x2}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000009500)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001a40)=""/4096}], 0x56}, 0x80001}], 0x1, 0x2100, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) 22.339482711s ago: executing program 0 (id=6885): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x81) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) symlink(0x0, &(0x7f00000017c0)='./file0\x00') move_mount(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x245) 22.24166114s ago: executing program 0 (id=6886): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x0, 0x5000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x1fd, 0x0, 0x2000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0xdddd1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 22.075946214s ago: executing program 0 (id=6888): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r1}}, 0x48) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r3}}, 0x48) 21.633863384s ago: executing program 36 (id=6888): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r1}}, 0x48) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r3}}, 0x48) 5.018197327s ago: executing program 5 (id=7024): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048845}, 0x8c0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000002940)=@deltfilter={0x24, 0x2d, 0x5, 0x70bd2c, 0x25dfdbf9, {0x0, 0x0, 0x0, r3, {0x5, 0xfff3}, {0xfff2, 0xf}, {0xffff, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 4.603453884s ago: executing program 5 (id=7029): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4) read$FUSE(r1, 0x0, 0x0) write$FUSE_STATFS(r1, &(0x7f0000000400)={0x60, 0x0, 0x0, {{0x5, 0xa, 0x20000000000, 0x59c, 0x1ff, 0x5, 0x5, 0x6}}}, 0x60) 4.521605043s ago: executing program 5 (id=7031): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x45, &(0x7f0000000080)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x20000001, 0x4, 0x2}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) 4.295620659s ago: executing program 3 (id=7033): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000400)=""/101, 0x65}, {&(0x7f00000004c0)=""/21, 0x15}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000380)=""/57, 0x39}, {&(0x7f0000000600)=""/223, 0xdf}], 0x6}}], 0x2, 0x60, 0x0) 4.129018s ago: executing program 5 (id=7036): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r3, 0xffffffffffffffff}) ppoll(&(0x7f0000000140)=[{r4, 0x340}], 0x1, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000340)=0x400f) 4.128519838s ago: executing program 3 (id=7037): sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x5c, 0x0, 0x917, 0x1000, 0x25dfdc03, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x601}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44}, 0x0) r0 = syz_io_uring_setup(0x24fd, &(0x7f0000000f80)={0x0, 0x1, 0x10100}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='1q'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 3.947341508s ago: executing program 3 (id=7039): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x4, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x0, 0xfff1}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x61, 0x1, 0x0, 0x0, {{0x44c, 0x0, 0x4}, "fe"}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 3.724254385s ago: executing program 3 (id=7044): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x110) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x9, 0x8, 0x6, '\x00', 0x1f8630ad}) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000340)={0x1e0003, 0x0, [0xd, 0xff, 0xfffffffffffffff7, 0x3e00000000000000, 0x7fffffff, 0x7, 0x9, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.451968958s ago: executing program 3 (id=7048): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) write$char_usb(r1, &(0x7f00000000c0)='A', 0x1) close(0x3) 3.068957387s ago: executing program 5 (id=7053): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c80)={0x84, &(0x7f00000007c0)={0x20, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 2.065180528s ago: executing program 1 (id=7060): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000200)=@ccm_128={{0x304}, "e0729b8a919f0264", "2b84cdf4f4a2e0a9bdba804bfe1a446e", "e7d85bab", "5bad2ef1a6a5fb81"}, 0x28) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x4, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 1.911575907s ago: executing program 1 (id=7062): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c80)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd26, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0xfff3, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x5, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x7, 0x9, 0xb61c}}}]}]}]}}]}, 0x50}}, 0x0) 1.559542611s ago: executing program 1 (id=7066): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]}) syz_open_dev$sndctrl(0x0, 0x805, 0x401) readv(r1, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1) 1.270984182s ago: executing program 8 (id=7070): r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}}) io_uring_enter(r0, 0x47bc, 0x2, 0x0, 0x0, 0x0) 1.119147903s ago: executing program 8 (id=7072): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @tick=0xe, 0x52}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000000c0)={0x3, 0x1, 'client1\x00', 0x0, "81cbf3dc07ade253", "c2382b4c6bb074dcb971c144adc7e6576c93d30263c40dbdd1b75d7917ca30cb", 0x5, 0x800}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, 0x0) tkill(r0, 0x7) 1.093848118s ago: executing program 9 (id=7073): r0 = io_uring_setup(0x192, &(0x7f0000000300)={0x0, 0x4178, 0x400, 0x8000002, 0x3d7}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) recvfrom(r2, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x28, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x19}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x8040) close_range(r0, 0xffffffffffffffff, 0x0) 815.528646ms ago: executing program 9 (id=7074): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002"], 0x7c}}, 0x0) r0 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400}) ioctl$TUNSETTXFILTER(r0, 0x401054d5, &(0x7f0000000380)=ANY=[]) r1 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) 735.487081ms ago: executing program 8 (id=7075): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x109702, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000140)) 669.044769ms ago: executing program 9 (id=7076): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x2002, {0x0, 0x0, 0x0, r3, {0xa, 0x6}, {0x0, 0x7}, {0x7, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @broadcast}, @TCA_FLOWER_KEY_ETH_SRC={0xa, 0x6, @local}]}}]}, 0x48}}, 0x0) 591.915667ms ago: executing program 1 (id=7077): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004940)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 590.976726ms ago: executing program 8 (id=7078): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x4100000000}, 0x18) r1 = gettid() r2 = epoll_create(0x400) r3 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000000)) kcmp$KCMP_EPOLL_TFD(r1, r1, 0x7, r3, &(0x7f0000000080)={r2, r3}) 479.405401ms ago: executing program 8 (id=7079): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000140), 0x101) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000400)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2800) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 431.729568ms ago: executing program 9 (id=7080): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="89", 0x34000}], 0x1}}], 0x1, 0x0) close(0x4) 408.650492ms ago: executing program 1 (id=7081): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "0000000000000208", "5171bb74cd3660dab9e2f700000000000000000000000400", "d8a024e5", "20000926000200"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000700)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x35, 0x0, "f5fe9c103abe0b65544e0980519f38f54dd5f87ecc377210bd44fe7e1375550831c5f6dd769f5a1d175f47a8b941c8e568ca41e8da841f4f18f1ea6b206d495119ac37c29f4b384d0a9181566cfc4a1b"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 269.543223ms ago: executing program 5 (id=7082): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x10, 0x0, 0x8, 0x2, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4}, {0x2000, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x2}, {0x8080000, 0x3000, 0x4, 0x0, 0x0, 0x1, 0x10, 0xa, 0x26}, {0x80ac000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0xf0, 0x8, 0xdd00, 0x0, [0xe, 0x0, 0x1]}) msgsnd(0xffffffffffffffff, &(0x7f0000000000)={0x3}, 0x4, 0x0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000000c0)) 258.283112ms ago: executing program 1 (id=7083): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r3, {}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 203.548841ms ago: executing program 3 (id=7084): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0x3) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xe9503, 0x0) ioctl$PPPIOCATTACH(r1, 0x4004743d, &(0x7f0000000040)=0x3) r2 = epoll_create1(0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000004c0)={0x60000018}) 201.808011ms ago: executing program 9 (id=7085): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000240)={0x0, 0x0, 0x1, 0x0, 0x8}) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xf, 0x10012, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) fremovexattr(r1, &(0x7f0000000180)=ANY=[]) 61.014314ms ago: executing program 8 (id=7086): syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x80000001, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x1f461e2c, 0x2, 0xfffffffa, 0x3, 0x3, 0x3, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x0, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x3c, 0x4, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x0, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x0, 0xffff, 0x2000002, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0x5, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x1, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x0, 0x400002, 0x3, 0x4, 0x5, 0xf23, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0x2, 0x5, 0x735, 0x8, 0x3, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xfffffffe, 0x8, 0x2b94, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) io_setup(0x6, &(0x7f0000001380)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) write$char_usb(r0, &(0x7f0000000040)="e2", 0x918) 0s ago: executing program 9 (id=7087): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01"], 0x40}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f5"], 0xfdef) kernel console output (not intermixed with test programs): .963978][T20781] input: syz0 as /devices/virtual/input/input113 [ 751.970740][ T5918] usb 1-1: config 7 has no interface number 0 [ 751.970765][ T5918] usb 1-1: config 7 has no interface number 1 [ 751.970826][ T5918] usb 1-1: config 7 interface 32 altsetting 9 bulk endpoint 0xC has invalid maxpacket 1024 [ 751.970854][ T5918] usb 1-1: config 7 interface 32 altsetting 9 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 751.970884][ T5918] usb 1-1: config 7 interface 32 has no altsetting 0 [ 751.970905][ T5918] usb 1-1: config 7 interface 69 has no altsetting 0 [ 751.973905][ T5918] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0005, bcdDevice=a5.97 [ 752.108960][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.128003][ T5918] usb 1-1: Product: syz [ 752.132236][ T5918] usb 1-1: Manufacturer: syz [ 752.145572][ T5918] usb 1-1: SerialNumber: syz [ 752.163100][T20762] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 752.397305][ T5918] kvaser_usb 1-1:7.32: error -ENODEV: Cannot get usb endpoint(s) [ 752.480185][ T5918] kvaser_usb 1-1:7.69: error -ENODEV: Cannot get usb endpoint(s) [ 752.545740][ T5918] usb 1-1: USB disconnect, device number 78 [ 752.677044][T20797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5819'. [ 753.352931][T20815] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5826'. [ 753.849879][T20815] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.028923][T20815] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.335554][ T5918] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 754.546279][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 754.595524][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 754.605327][ T5918] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 754.691415][ T5918] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 754.703815][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.725312][ T5918] usb 2-1: config 0 descriptor?? [ 754.781559][ T30] kauditd_printk_skb: 102 callbacks suppressed [ 754.781577][ T30] audit: type=1326 audit(1749562581.478:8795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.5.5833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x7fc00000 [ 755.098763][ T9] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 755.156270][ T5918] plantronics 0003:047F:FFFF.0062: ignoring exceeding usage max [ 755.209340][ T5918] plantronics 0003:047F:FFFF.0062: No inputs registered, leaving [ 755.286901][ T5918] plantronics 0003:047F:FFFF.0062: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 755.295821][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 755.326004][ T9] usb 1-1: config 166 has an invalid interface number: 177 but max is 1 [ 755.341773][ T9] usb 1-1: config 166 has an invalid interface number: 34 but max is 1 [ 755.384156][ T9] usb 1-1: config 166 has no interface number 0 [ 755.403163][ T9] usb 1-1: config 166 has no interface number 1 [ 755.444709][ T9] usb 1-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 755.477433][ T9] usb 1-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 755.491326][ T30] audit: type=1326 audit(1749562582.178:8796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20837 comm="syz.5.5833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f67539 code=0x7fc00000 [ 755.536455][ T9] usb 1-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 755.589815][ T9] usb 1-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 755.622417][ T9] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 755.647121][ T9] usb 1-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 755.691596][ T9] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 755.710774][ T9] usb 1-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 755.753687][ T9] usb 1-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 755.803928][ T9] usb 1-1: config 166 interface 177 has no altsetting 0 [ 755.814791][ T9] usb 1-1: config 166 interface 34 has no altsetting 0 [ 755.834429][ T9] usb 1-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 755.848430][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.860897][ T9] usb 1-1: Product: syz [ 755.865210][ T9] usb 1-1: Manufacturer: syz [ 755.888225][ T9] usb 1-1: SerialNumber: syz [ 756.130607][ T9] ums-realtek 1-1:166.177: USB Mass Storage device detected [ 756.203249][ T9] ums-realtek 1-1:166.34: USB Mass Storage device detected [ 756.282334][ T9] ums-realtek 1-1:166.34: probe with driver ums-realtek failed with error -5 [ 756.309115][ T9] usb 1-1: Found UVC 0.00 device syz (0bda:0138) [ 756.329799][ T9] usb 1-1: No valid video chain found. [ 756.354528][ T9] usb 1-1: USB disconnect, device number 79 [ 757.171379][T13743] usb 2-1: USB disconnect, device number 79 [ 757.884550][T20910] batman_adv: batadv0: Adding interface: ip6gretap2 [ 757.908094][T20910] batman_adv: batadv0: The MTU of interface ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 757.937445][T20910] batman_adv: batadv0: Interface activated: ip6gretap2 [ 758.900886][T20948] KVM: debugfs: duplicate directory 20948-5 [ 758.945578][ T5903] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 759.160314][ T5903] usb 6-1: Using ep0 maxpacket: 32 [ 759.183097][ T5903] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 759.202531][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.222843][ T5903] usb 6-1: Product: syz [ 759.227402][ T5903] usb 6-1: Manufacturer: syz [ 759.232036][ T5903] usb 6-1: SerialNumber: syz [ 759.255615][ T5918] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 759.274283][ T5903] usb 6-1: config 0 descriptor?? [ 759.316724][ T5903] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 759.466093][ T5918] usb 2-1: Using ep0 maxpacket: 32 [ 759.492985][ T5918] usb 2-1: config 0 interface 0 has no altsetting 0 [ 759.518939][ T5918] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 759.530431][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.540793][ T5918] usb 2-1: Product: syz [ 759.545076][ T5918] usb 2-1: Manufacturer: syz [ 759.550107][ T5918] usb 2-1: SerialNumber: syz [ 759.560976][ T5918] usb 2-1: config 0 descriptor?? [ 759.715086][T20963] input: syz0 as /devices/virtual/input/input114 [ 760.016893][ T5918] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 760.544479][ T5903] gspca_topro: reg_w err -71 [ 760.575585][ T5903] gspca_topro: Sensor soi763a [ 760.604925][ T5903] usb 6-1: USB disconnect, device number 60 [ 760.860575][T13743] usb 2-1: USB disconnect, device number 80 [ 760.905951][ T980] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 761.070699][ T980] usb 4-1: Using ep0 maxpacket: 32 [ 761.081003][ T980] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 761.101690][ T980] usb 4-1: config 0 has no interface number 0 [ 761.118574][ T980] usb 4-1: config 0 interface 184 has no altsetting 0 [ 761.153374][ T980] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 761.174737][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.208466][ T980] usb 4-1: Product: syz [ 761.220648][ T980] usb 4-1: Manufacturer: syz [ 761.237274][ T980] usb 4-1: SerialNumber: syz [ 761.249196][ T980] usb 4-1: config 0 descriptor?? [ 761.282874][ T980] smsc75xx v1.0.0 [ 762.067077][T13743] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 762.252828][T13743] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 762.285617][T13743] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 762.331028][T13743] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 762.351534][T13743] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 762.373024][T13743] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 762.382344][T13743] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.445293][T13743] usb 2-1: config 0 descriptor?? [ 762.509992][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 762.545902][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 762.623622][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 762.696530][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 762.743449][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 762.799775][ T980] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 762.845919][ T980] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 762.870767][T21044] netlink: 72 bytes leftover after parsing attributes in process `syz.5.5912'. [ 762.908868][ T980] usb 4-1: USB disconnect, device number 77 [ 762.931773][T21044] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5912'. [ 762.943023][T13743] plantronics 0003:047F:FFFF.0063: ignoring exceeding usage max [ 762.998992][T13743] plantronics 0003:047F:FFFF.0063: No inputs registered, leaving [ 763.076605][T13743] plantronics 0003:047F:FFFF.0063: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 763.928048][T21074] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5921'. [ 763.973041][T21074] netlink: 104 bytes leftover after parsing attributes in process `syz.7.5921'. [ 763.977315][T21070] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 764.002860][ T5903] IPVS: starting estimator thread 0... [ 764.032189][T21074] netlink: 104 bytes leftover after parsing attributes in process `syz.7.5921'. [ 764.106258][T21076] IPVS: using max 28 ests per chain, 67200 per kthread [ 764.245256][ T980] usb 2-1: USB disconnect, device number 81 [ 764.700073][T21099] loop4: detected capacity change from 0 to 524255232 [ 764.901580][T21105] binder: 21104:21105 ioctl c0306201 80000640 returned -22 [ 767.195611][T21166] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5957'. [ 767.225060][T21166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 767.438404][T21166] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.665708][T13743] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 767.856119][T13743] usb 6-1: Using ep0 maxpacket: 16 [ 767.873433][T13743] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.903946][T13743] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 767.921673][T13743] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 767.935965][T13743] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 767.945219][T13743] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.966712][T13743] usb 6-1: config 0 descriptor?? [ 768.400692][T13743] HID 045e:07da: Invalid code 65791 type 1 [ 768.439699][T13743] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0064/input/input115 [ 768.516597][T13743] microsoft 0003:045E:07DA.0064: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 768.706907][T13743] usb 6-1: USB disconnect, device number 61 [ 768.733994][T21213] fido_id[21213]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 769.160856][T21235] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5988'. [ 769.170553][T21235] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5988'. [ 769.181426][T21235] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 769.880047][ T30] audit: type=1326 audit(1749562596.578:8797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21248 comm="syz.1.5994" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7fc00000 [ 769.902200][ C1] vkms_vblank_simulate: vblank timer overrun [ 770.030831][ T30] audit: type=1326 audit(1749562596.578:8798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21248 comm="syz.1.5994" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7539 code=0x7fc00000 [ 770.122034][ T30] audit: type=1326 audit(1749562596.638:8799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21248 comm="syz.1.5994" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x7fc00000 [ 770.177089][T21260] netlink: 1347 bytes leftover after parsing attributes in process `syz.3.5998'. [ 770.407639][T21267] loop2: detected capacity change from 0 to 7 [ 770.419808][ T6159] loop2: [POWERTEC] p1 p2 p3 [ 770.424968][ T6159] loop2: p1 start 1953653104 is beyond EOD, truncated [ 770.439186][ T6159] loop2: p2 start 1818361856 is beyond EOD, truncated [ 770.446605][ T6159] loop2: p3 start 1769173621 is beyond EOD, truncated [ 770.459641][T21267] loop2: [POWERTEC] p1 p2 p3 [ 770.466089][T21267] loop2: p1 start 1953653104 is beyond EOD, truncated [ 770.473510][T21267] loop2: p2 start 1818361856 is beyond EOD, truncated [ 770.481071][T21267] loop2: p3 start 1769173621 is beyond EOD, truncated [ 770.615565][T13743] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 770.787371][T13743] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 770.809062][T13743] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 770.829698][T13743] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 770.866300][T13743] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.916154][T21269] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 770.937680][T13743] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 771.097176][T21286] bridge_slave_0: left allmulticast mode [ 771.103126][T21286] bridge_slave_0: left promiscuous mode [ 771.119107][T21286] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.168963][T21286] bridge_slave_1: left allmulticast mode [ 771.174710][T21286] bridge_slave_1: left promiscuous mode [ 771.205478][T21286] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.229696][T21286] bond0: (slave bond_slave_0): Releasing backup interface [ 771.264317][T21286] bond0: (slave bond_slave_1): Releasing backup interface [ 771.352016][T21286] team0: Port device team_slave_0 removed [ 771.404122][T21286] team0: Port device team_slave_1 removed [ 771.415215][T21286] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 771.426787][T21286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 771.517702][T21286] bond1: (slave ip6gretap1): Releasing active interface [ 771.585385][T21286] ip6gretap1: left allmulticast mode [ 771.619479][T21286] batman_adv: batadv0: Interface deactivated: ip6gretap2 [ 771.632066][ T977] usb 4-1: USB disconnect, device number 78 [ 771.644417][T21286] batman_adv: batadv0: Removing interface: ip6gretap2 [ 772.012285][T13302] hid-generic 0000:0000:0000.0065: unknown main item tag 0x0 [ 772.043257][T13302] hid-generic 0000:0000:0000.0065: hidraw0: HID v0.00 Device [syz1] on syz0 [ 772.326921][T17351] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.570796][T17351] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.802112][T17351] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.094472][T17351] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.461349][T21328] input: syz1 as /devices/virtual/input/input116 [ 773.489945][T17351] bridge_slave_1: left allmulticast mode [ 773.519709][T21330] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6027'. [ 773.530764][T17351] bridge_slave_1: left promiscuous mode [ 773.567998][T17351] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.703402][T17351] bridge_slave_0: left allmulticast mode [ 773.740159][T17351] bridge_slave_0: left promiscuous mode [ 773.778925][T17351] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.973275][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 773.984756][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 773.993212][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 774.003692][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 774.015313][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 774.113139][T14668] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 774.138316][T14668] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 774.146002][T14668] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 774.154243][T14668] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 774.168266][T14668] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 776.016081][T17351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 776.086968][T17351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 776.170499][T17351] bond0 (unregistering): Released all slaves [ 776.185967][T14668] Bluetooth: hci2: command tx timeout [ 777.524121][T17351] hsr_slave_0: left promiscuous mode [ 777.552937][T17351] hsr_slave_1: left promiscuous mode [ 777.576591][T17351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 777.605676][T17351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 777.763428][T17351] veth1_macvtap: left promiscuous mode [ 777.790341][T17351] veth0_macvtap: left promiscuous mode [ 777.809692][T17351] veth1_vlan: left promiscuous mode [ 777.815109][T17351] veth0_vlan: left promiscuous mode [ 778.276102][T14668] Bluetooth: hci2: command tx timeout [ 779.907089][T17351] team0 (unregistering): Port device team_slave_1 removed [ 780.136387][T17351] team0 (unregistering): Port device team_slave_0 removed [ 780.345676][T14668] Bluetooth: hci2: command tx timeout [ 781.305539][ T977] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 781.492259][ T977] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 781.540533][ T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 781.583502][ T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 781.605533][ T977] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 781.645520][ T977] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 781.664844][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.702055][ T977] usb 2-1: config 0 descriptor?? [ 782.155608][ T977] plantronics 0003:047F:FFFF.0066: No inputs registered, leaving [ 782.211878][ T977] plantronics 0003:047F:FFFF.0066: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 782.425712][T14668] Bluetooth: hci2: command tx timeout [ 782.457409][T21343] chnl_net:caif_netlink_parms(): no params data found [ 782.884996][T21343] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.906686][T21343] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.914120][T21343] bridge_slave_0: entered allmulticast mode [ 782.936584][T21343] bridge_slave_0: entered promiscuous mode [ 782.972256][T21343] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.995768][T21343] bridge0: port 2(bridge_slave_1) entered disabled state [ 783.003203][T21343] bridge_slave_1: entered allmulticast mode [ 783.018642][T21343] bridge_slave_1: entered promiscuous mode [ 783.177188][T21343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 783.217122][T21343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 783.439384][T21343] team0: Port device team_slave_0 added [ 783.490552][T21343] team0: Port device team_slave_1 added [ 783.501165][ T5918] usb 2-1: USB disconnect, device number 82 [ 783.701607][T21343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 783.730687][T21343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 783.833111][T21343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 783.860628][T21343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 783.875380][T21343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 783.912264][T21343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 784.143154][T21343] hsr_slave_0: entered promiscuous mode [ 784.164182][T21343] hsr_slave_1: entered promiscuous mode [ 784.178687][T21343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 784.201636][T21343] Cannot create hsr debugfs directory [ 784.262017][T22214] input: syz0 as /devices/virtual/input/input118 [ 784.658809][ T30] audit: type=1804 audit(1749562611.358:8800): pid=22217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.6083" name="/" dev="pidfs" ino=22221 res=1 errno=0 [ 784.714241][ T30] audit: type=1326 audit(1749562611.408:8801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22221 comm="syz.5.6085" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f67539 code=0x0 [ 785.221914][T21343] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 785.272048][T21343] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 785.320830][T21343] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 785.369532][T21343] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 785.774458][T21343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.816454][T22268] input: syz1 as /devices/virtual/input/input119 [ 785.858328][T21343] 8021q: adding VLAN 0 to HW filter on device team0 [ 785.906217][T18196] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.913460][T18196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 786.056492][T18196] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.063950][T18196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 786.287990][T22281] netlink: 'syz.0.6103': attribute type 39 has an invalid length. [ 786.499027][T21343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 786.574241][T21343] veth0_vlan: entered promiscuous mode [ 786.595357][T21343] veth1_vlan: entered promiscuous mode [ 786.635855][ T5903] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 786.780781][T21343] veth0_macvtap: entered promiscuous mode [ 786.789484][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 786.821503][T21343] veth1_macvtap: entered promiscuous mode [ 786.828491][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 786.851423][ T5903] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 786.893202][T21343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.901678][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.921670][ T5903] usb 4-1: config 0 descriptor?? [ 786.939313][T21343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.966764][ T9] usb 6-1: new full-speed USB device number 62 using dummy_hcd [ 786.977266][T21343] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.987827][T21343] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.997233][T21343] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.006787][T21343] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.170080][ T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 787.181663][ T3545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.199945][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 787.213978][ T3545] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.237466][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 787.255042][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 787.300685][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.322913][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.489962][ T9] usb 6-1: usb_control_msg returned -32 [ 787.503177][ T9] usbtmc 6-1:16.0: can't read capabilities [ 787.585140][ T5903] usb 4-1: string descriptor 0 read error: -22 [ 787.795155][ T5903] uclogic 0003:256C:006D.0067: interface is invalid, ignoring [ 788.061101][ T5903] usb 4-1: USB disconnect, device number 79 [ 788.165714][T22301] usb 6-1: USB disconnect, device number 62 [ 788.795668][ T9] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 788.978757][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 788.989013][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 789.029541][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 789.063391][ T9] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 789.120833][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 789.168243][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.195133][ T9] usb 1-1: Product: syz [ 789.215240][ T9] usb 1-1: Manufacturer: syz [ 789.234829][ T9] usb 1-1: SerialNumber: syz [ 789.728106][ T9] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 789.924335][T22369] syzkaller1: entered promiscuous mode [ 789.950149][T22369] syzkaller1: entered allmulticast mode [ 790.117700][ T30] audit: type=1326 audit(1749562616.808:8802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 790.245339][ T30] audit: type=1326 audit(1749562616.808:8803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e558 code=0x7ffc0000 [ 790.347165][ T30] audit: type=1326 audit(1749562616.808:8804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 790.436376][ T30] audit: type=1326 audit(1749562616.808:8805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e558 code=0x7ffc0000 [ 790.527308][ T30] audit: type=1326 audit(1749562616.808:8806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 790.591472][ T9] usb 1-1: 2:1: cannot get freq at ep 0x82 [ 790.659196][ T30] audit: type=1326 audit(1749562616.808:8807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e558 code=0x7ffc0000 [ 790.765848][ T9] usb 1-1: USB disconnect, device number 80 [ 790.784644][ T30] audit: type=1326 audit(1749562616.808:8808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e558 code=0x7ffc0000 [ 790.916353][ T30] audit: type=1326 audit(1749562616.808:8809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703e558 code=0x7ffc0000 [ 791.008397][ T6066] udevd[6066]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 791.094959][ T30] audit: type=1326 audit(1749562616.808:8810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 791.203313][ T30] audit: type=1326 audit(1749562616.808:8811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22377 comm="syz.3.6133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 793.991934][T22494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6169'. [ 794.022282][T22494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6169'. [ 795.394089][T22544] usb usb1: usbfs: interface 0 claimed by hub while 'syz.8.6184' sets config #0 [ 795.435561][ T9] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 795.598618][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 795.614458][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 795.625032][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 795.644081][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.667036][T22534] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 795.693032][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 795.991318][ T9] usb 4-1: USB disconnect, device number 80 [ 796.031852][T22553] cgroup: fork rejected by pids controller in /syz1 [ 796.507230][T13743] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 796.695635][T13743] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.754045][T13743] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 796.796777][T13743] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.857045][T13743] usb 6-1: config 0 descriptor?? [ 797.107505][T13743] usbhid 6-1:0.0: can't add hid device: -71 [ 797.135800][T13743] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 797.159421][T13743] usb 6-1: USB disconnect, device number 63 [ 797.635990][T13743] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 797.797351][T13743] usb 6-1: Using ep0 maxpacket: 16 [ 797.813585][T13743] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 797.834422][T13743] usb 6-1: config 0 interface 0 has no altsetting 0 [ 797.844819][T13743] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 797.864460][T13743] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.902781][T13743] usb 6-1: config 0 descriptor?? [ 798.387904][T13743] nzxt-smart2 0003:1E71:2009.0068: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0 [ 798.705670][ T30] kauditd_printk_skb: 112 callbacks suppressed [ 798.705692][ T30] audit: type=1326 audit(1749562625.398:8924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000 [ 798.840150][T13743] usb 6-1: USB disconnect, device number 64 [ 798.961116][ T30] audit: type=1326 audit(1749562625.398:8925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000 [ 799.012468][ T30] audit: type=1326 audit(1749562625.398:8926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.062066][ T30] audit: type=1326 audit(1749562625.398:8927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.167219][ T30] audit: type=1326 audit(1749562625.398:8928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.300193][ T30] audit: type=1326 audit(1749562625.398:8929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.386617][T23483] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6212'. [ 799.395941][ T30] audit: type=1326 audit(1749562625.398:8930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.453210][ T30] audit: type=1326 audit(1749562625.438:8931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.559391][ T30] audit: type=1326 audit(1749562625.438:8932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 799.672690][ T30] audit: type=1326 audit(1749562625.438:8933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23468 comm="syz.8.6206" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f87558 code=0x7ffc0000 [ 800.552478][T23521] loop2: detected capacity change from 0 to 7 [ 800.561267][ T6159] Dev loop2: unable to read RDB block 7 [ 800.567712][ T6159] loop2: unable to read partition table [ 800.574615][ T6159] loop2: partition table beyond EOD, truncated [ 800.598763][T23521] Dev loop2: unable to read RDB block 7 [ 800.619192][T23521] loop2: unable to read partition table [ 800.646111][T23521] loop2: partition table beyond EOD, truncated [ 800.679974][T23521] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 801.330298][T13302] usb 1-1: new full-speed USB device number 81 using dummy_hcd [ 801.518472][T13302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 801.540348][T13302] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 801.580966][T13302] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 801.601616][T13302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 801.636942][T13302] usb 1-1: config 0 descriptor?? [ 802.071192][T23573] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6245'. [ 802.072571][T13302] usbhid 1-1:0.0: can't add hid device: -71 [ 802.141751][T13302] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 802.240153][T13302] usb 1-1: USB disconnect, device number 81 [ 802.386032][ T9] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 802.503258][T23586] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6251'. [ 802.532616][T23586] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 802.541680][T23586] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 802.550661][T23586] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 802.559590][T23586] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 802.573793][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 802.624238][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 802.651991][ T9] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 802.678023][T23586] vxlan0: entered promiscuous mode [ 802.687114][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.722645][ T9] usb 6-1: config 0 descriptor?? [ 802.957661][ T9] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 803.496415][ T10] usb 6-1: USB disconnect, device number 65 [ 804.002785][T23639] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 805.665626][T13302] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 805.864982][T13302] usb 9-1: Using ep0 maxpacket: 32 [ 805.893042][T13302] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 805.926319][T13302] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 805.975909][T13302] usb 9-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 805.985034][T13302] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 806.005659][ T10] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 806.043281][T13302] usb 9-1: config 0 descriptor?? [ 806.186904][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 806.224496][ T10] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 806.275294][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 806.299358][ T10] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 806.342573][ T10] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 806.374178][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 806.399545][ T10] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 806.433311][ T10] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 806.482921][ T10] usb 6-1: Product: syz [ 806.510638][ T10] usb 6-1: Manufacturer: syz [ 806.527170][T13302] waterforce 0003:1044:7A4D.0069: unknown main item tag 0x0 [ 806.536415][ T10] usb 6-1: SerialNumber: syz [ 806.543669][T13302] waterforce 0003:1044:7A4D.0069: unknown main item tag 0x0 [ 806.588941][ T10] usb 6-1: config 0 descriptor?? [ 806.590360][T13302] waterforce 0003:1044:7A4D.0069: unknown main item tag 0x0 [ 806.646973][T13302] waterforce 0003:1044:7A4D.0069: hidraw0: USB HID v0.00 Device [HID 1044:7a4d] on usb-dummy_hcd.8-1/input0 [ 806.647779][ T10] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 806.747726][T13302] waterforce 0003:1044:7A4D.0069: fw version request failed with -38 [ 806.757141][ T10] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 806.821650][T13302] usb 9-1: USB disconnect, device number 2 [ 806.957890][T23707] fido_id[23707]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 806.999383][T23687] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 807.014172][T23713] syzkaller1: entered promiscuous mode [ 807.018039][ T9] usb 6-1: USB disconnect, device number 66 [ 807.019711][ C0] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 807.033272][T23713] syzkaller1: entered allmulticast mode [ 807.052169][T23712] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -19 [ 807.070427][ T9] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 807.709814][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 807.709851][ T30] audit: type=1326 audit(1749562634.408:8992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23737 comm="syz.1.6303" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x0 [ 808.456030][ T10] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 808.645571][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 808.663000][ T10] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 808.710240][ T10] usb 9-1: config 0 has no interface number 0 [ 808.750580][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.757800][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.783835][ T10] usb 9-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 808.835848][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.843929][ T10] usb 9-1: Product: syz [ 808.905599][ T10] usb 9-1: Manufacturer: syz [ 808.925492][ T10] usb 9-1: SerialNumber: syz [ 808.979572][ T10] usb 9-1: config 0 descriptor?? [ 809.042471][ T10] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 810.316349][T23825] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 810.488774][ T10] gspca_spca1528: reg_w err -71 [ 810.500907][ T10] spca1528 9-1:0.1: probe with driver spca1528 failed with error -71 [ 810.562168][ T10] usb 9-1: USB disconnect, device number 3 [ 811.720735][T23859] syz.1.6324 (23859): drop_caches: 2 [ 811.915554][ T5918] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 812.097915][ T5918] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 812.158540][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 812.193628][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 812.223754][ T5918] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 812.274479][ T5918] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 812.294517][ T5918] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 812.333483][ T5918] usb 4-1: Manufacturer: syz [ 812.377366][ T5918] usb 4-1: config 0 descriptor?? [ 812.488939][T13302] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 812.686560][T13302] usb 2-1: Using ep0 maxpacket: 32 [ 812.703078][T13302] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 812.755499][T13302] usb 2-1: config 0 has no interface number 0 [ 812.786084][T13302] usb 2-1: config 0 interface 184 has no altsetting 0 [ 812.814411][T13302] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 812.862340][ T5918] appleir 0003:05AC:8243.006A: unknown main item tag 0x0 [ 812.885239][T13302] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.896168][ T5918] appleir 0003:05AC:8243.006A: No inputs registered, leaving [ 812.914134][T13302] usb 2-1: Product: syz [ 812.920602][T13302] usb 2-1: Manufacturer: syz [ 812.930388][ T5918] appleir 0003:05AC:8243.006A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 812.945928][T13302] usb 2-1: SerialNumber: syz [ 812.998115][T13302] usb 2-1: config 0 descriptor?? [ 813.067593][T13302] smsc75xx v1.0.0 [ 813.225993][ T9] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 813.426642][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 813.434318][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 813.449919][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 813.462146][ T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 813.478755][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.487752][ T9] usb 6-1: Product: syz [ 813.491955][ T9] usb 6-1: Manufacturer: syz [ 813.497410][ T9] usb 6-1: SerialNumber: syz [ 813.730778][ T9] usb 6-1: 0:2 : does not exist [ 813.750567][ T9] usb 6-1: unit 9 not found! [ 813.798470][ T9] usb 6-1: 4:0: cannot get min/max values for control 5 (id 4) [ 813.829290][ T9] usb 6-1: 4:0: cannot get min/max values for control 6 (id 4) [ 813.849501][ T5925] usb 4-1: USB disconnect, device number 81 [ 813.907725][T13302] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 813.937190][ T9] usb 6-1: USB disconnect, device number 67 [ 813.944551][T13302] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 813.994939][ T6159] udevd[6159]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 814.192954][T13302] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 814.218912][T13302] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 814.250966][T13302] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 814.273659][T13302] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 814.316804][T13302] usb 2-1: USB disconnect, device number 83 [ 814.690589][T23971] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 814.735643][ T5918] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 814.944933][ T5918] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 814.985218][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.032743][ T5918] usb 6-1: config 0 descriptor?? [ 815.064459][ T5918] cp210x 6-1:0.0: cp210x converter detected [ 815.471544][ T5925] hid-generic 0000:0000:0000.006B: unknown main item tag 0x0 [ 815.480293][ T5918] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 815.561006][ T5925] hid-generic 0000:0000:0000.006B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 815.719185][ T5918] usb 6-1: cp210x converter now attached to ttyUSB0 [ 815.913295][ T5918] usb 6-1: USB disconnect, device number 68 [ 815.968113][ T5918] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 815.980700][T24003] fido_id[24003]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 816.028651][ T5918] cp210x 6-1:0.0: device disconnected [ 817.018731][T24037] loop2: detected capacity change from 0 to 7 [ 817.044432][T24037] Dev loop2: unable to read RDB block 7 [ 817.059116][T24037] loop2: unable to read partition table [ 817.065171][T24037] loop2: partition table beyond EOD, truncated [ 817.098575][T24037] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 817.605546][ T5903] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 817.735635][ T5918] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 817.776035][ T5903] usb 1-1: Using ep0 maxpacket: 16 [ 817.795742][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 817.819940][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 817.834265][ T5903] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 817.854185][ T5903] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 817.863807][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.891855][ T5903] usb 1-1: config 0 descriptor?? [ 817.897637][ T5918] usb 2-1: Using ep0 maxpacket: 32 [ 817.926166][ T5918] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 817.945815][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.976328][ T5918] usb 2-1: config 0 descriptor?? [ 818.018870][ T5918] gspca_main: sunplus-2.14.0 probing 041e:400b [ 818.361756][ T5903] kovaplus 0003:1E7D:2D50.006C: unknown main item tag 0x0 [ 818.386675][ T5903] kovaplus 0003:1E7D:2D50.006C: unknown main item tag 0x0 [ 818.401711][ T5903] kovaplus 0003:1E7D:2D50.006C: unknown main item tag 0x0 [ 818.416298][ T5903] kovaplus 0003:1E7D:2D50.006C: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0 [ 818.505585][T22301] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 818.556492][ T9] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 818.685943][T22301] usb 4-1: Using ep0 maxpacket: 8 [ 818.692921][T22301] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 818.701324][T22301] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 818.711730][T22301] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 818.721844][T22301] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 818.732868][T22301] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 818.746967][T22301] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 818.757136][T22301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.772661][ T5903] kovaplus 0003:1E7D:2D50.006C: couldn't init struct kovaplus_device [ 818.782853][ T9] usb 9-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 818.798708][ T5903] kovaplus 0003:1E7D:2D50.006C: couldn't install mouse [ 818.807087][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.828302][ T5903] kovaplus 0003:1E7D:2D50.006C: probe with driver kovaplus failed with error -71 [ 818.853152][ T9] usb 9-1: Product: syz [ 818.858069][ T9] usb 9-1: Manufacturer: syz [ 818.859800][ T5903] usb 1-1: USB disconnect, device number 82 [ 818.862684][ T9] usb 9-1: SerialNumber: syz [ 818.883019][ T9] usb 9-1: config 0 descriptor?? [ 819.006337][T22301] usb 4-1: GET_CAPABILITIES returned 0 [ 819.021174][T22301] usbtmc 4-1:16.0: can't read capabilities [ 819.329923][T24067] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 819.330346][ T5925] usb 4-1: USB disconnect, device number 82 [ 819.338410][T24076] usbtmc 4-1:16.0: usb_control_msg returned -19 [ 819.462614][ T5918] gspca_sunplus: reg_w_riv err -71 [ 819.472729][ T5918] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 819.515493][ T5918] usb 2-1: USB disconnect, device number 84 [ 819.629292][T24081] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 819.641137][T24081] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 819.651218][T24081] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 819.662663][T24081] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 819.670626][T24081] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 820.320168][ T9] usb 9-1: f81604_read: reg: 200f failed: -EPROTO [ 820.342431][ T9] usb 9-1: USB disconnect, device number 4 [ 820.353474][ T9] usb 9-1: f81604_read: reg: 100f failed: -ENODEV [ 820.473258][ T9] usb 9-1: f81604_read: reg: 200f failed: -ENODEV [ 821.705702][T14668] Bluetooth: hci3: command tx timeout [ 822.425571][T14668] Bluetooth: hci2: command 0x0c1a tx timeout [ 822.431722][T24093] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 823.083153][T24093] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 823.104941][T24093] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 823.124104][T24093] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 823.131894][T24093] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 823.144085][T24093] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 823.441224][T24083] chnl_net:caif_netlink_parms(): no params data found [ 823.496396][ T5925] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 823.653006][T24083] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.664055][T24083] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.671486][ T5925] usb 9-1: Using ep0 maxpacket: 8 [ 823.678191][T24083] bridge_slave_0: entered allmulticast mode [ 823.685301][ T5925] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 823.698480][T24083] bridge_slave_0: entered promiscuous mode [ 823.705727][ T5925] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 823.723756][T24083] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.731051][ T5925] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 823.741380][T24083] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.749193][T24083] bridge_slave_1: entered allmulticast mode [ 823.755269][ T5925] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 823.770521][T24083] bridge_slave_1: entered promiscuous mode [ 823.777495][ T5925] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 823.797016][ T5925] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.901423][T24083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 823.930523][T24083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 823.955671][ T980] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 824.051644][ T5925] usb 9-1: usb_control_msg returned -32 [ 824.067327][ T5925] usbtmc 9-1:16.0: can't read capabilities [ 824.082338][T24083] team0: Port device team_slave_0 added [ 824.112262][T24083] team0: Port device team_slave_1 added [ 824.126122][ T980] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 824.155992][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 824.205973][ T980] usb 1-1: config 0 descriptor?? [ 824.242423][ T980] gspca_main: spca508-2.14.0 probing 8086:0110 [ 824.281994][T24083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 824.303354][T24083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 824.342112][T24083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 824.411377][T24083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 824.419498][T24083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 824.450128][ T980] gspca_spca508: reg_read err -71 [ 824.465362][ T980] gspca_spca508: reg_read err -71 [ 824.473633][T24083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 824.485135][ T980] gspca_spca508: reg_read err -71 [ 824.491882][ T980] gspca_spca508: reg_read err -71 [ 824.507820][ T980] gspca_spca508: reg_read err -71 [ 824.515918][T14668] Bluetooth: hci2: command 0x0c1a tx timeout [ 824.519426][ T980] gspca_spca508: reg write: error -71 [ 824.530918][ T980] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 824.584222][ T980] usb 1-1: USB disconnect, device number 83 [ 824.760685][T24083] hsr_slave_0: entered promiscuous mode [ 824.794257][T24083] hsr_slave_1: entered promiscuous mode [ 824.817610][T24083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 824.833039][T24083] Cannot create hsr debugfs directory [ 825.070079][ T5903] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 825.071516][T24083] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 825.088891][T24083] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 825.156231][T14668] Bluetooth: hci3: command 0x040f tx timeout [ 825.198313][T24083] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 825.208939][T24083] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 825.262727][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 825.278672][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 825.290346][ T5903] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 825.305197][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.317882][ T5903] usb 2-1: config 0 descriptor?? [ 825.358322][T24083] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 825.369929][T24083] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 825.421096][T24164] syzkaller1: entered promiscuous mode [ 825.427091][T24164] syzkaller1: entered allmulticast mode [ 825.512360][T24083] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 825.513507][ T980] usb 9-1: USB disconnect, device number 5 [ 825.523484][T24083] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 825.751019][T24166] loop2: detected capacity change from 0 to 7 [ 825.768082][ T5903] hid-thrustmaster 0003:044F:B65D.006D: unknown main item tag 0x0 [ 825.810041][T24166] loop2: [ 825.817711][T24166] loop2: partition table partially beyond EOD, truncated [ 825.834794][ T5903] hid-thrustmaster 0003:044F:B65D.006D: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0 [ 825.885693][ T5903] hid-thrustmaster 0003:044F:B65D.006D: Wrong number of endpoints? [ 826.037315][ C1] hid-thrustmaster 0003:044F:B65D.006D: URB to get model id failed with error -71 [ 826.047093][T22301] usb 2-1: USB disconnect, device number 85 [ 826.112890][T24172] fido_id[24172]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 826.236933][T24083] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 826.289322][T24083] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 826.352325][T24083] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 826.420198][T24083] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 826.585813][T14668] Bluetooth: hci2: command 0x0c1a tx timeout [ 826.988646][T24083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 827.084097][T24083] 8021q: adding VLAN 0 to HW filter on device team0 [ 827.147359][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.154574][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.226272][T14668] Bluetooth: hci3: command 0x040f tx timeout [ 827.279978][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.287223][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.622299][T24083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 827.737416][T24083] veth0_vlan: entered promiscuous mode [ 827.803771][T24083] veth1_vlan: entered promiscuous mode [ 827.977953][T24083] veth0_macvtap: entered promiscuous mode [ 828.009442][T24083] veth1_macvtap: entered promiscuous mode [ 828.057485][T24083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 828.121468][T24083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 828.179958][T24083] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.218365][T24083] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.251870][T24083] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.279919][T24083] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.767053][ T3510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.816948][ T3510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.966165][T18196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.984214][T18196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 829.316135][T14668] Bluetooth: hci3: command 0x040f tx timeout [ 829.805743][T13302] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 829.992761][T13302] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 830.003604][T13302] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 830.021148][T13302] usb 6-1: config 0 descriptor?? [ 830.044343][T13302] gspca_main: spca508-2.14.0 probing 8086:0110 [ 830.285085][T13302] gspca_spca508: reg_read err -32 [ 830.316232][T13302] gspca_spca508: reg_read err -32 [ 830.332609][T13302] gspca_spca508: reg_read err -32 [ 830.563944][T13302] gspca_spca508: reg_read err -32 [ 830.773737][T13302] gspca_spca508: reg write: error -71 [ 830.788716][T13302] spca508 6-1:0.0: probe with driver spca508 failed with error -71 [ 830.826314][T13302] usb 6-1: USB disconnect, device number 69 [ 830.892933][T24261] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 831.395783][T14668] Bluetooth: hci3: command 0x040f tx timeout [ 833.478806][T14668] Bluetooth: hci3: command 0x040f tx timeout [ 834.745858][T22301] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 834.928223][T22301] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 834.958482][T22301] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 834.995536][T22301] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.021064][T22301] usb 6-1: config 0 descriptor?? [ 835.247356][T24310] syz.3.6461: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 835.251351][T22301] usbhid 6-1:0.0: can't add hid device: -71 [ 835.270285][T24310] CPU: 0 UID: 0 PID: 24310 Comm: syz.3.6461 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) [ 835.270331][T24310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 835.270348][T24310] Call Trace: [ 835.270358][T24310] [ 835.270371][T24310] dump_stack_lvl+0x189/0x250 [ 835.270421][T24310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 835.270462][T24310] ? __pfx__printk+0x10/0x10 [ 835.270490][T24310] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 835.270518][T24310] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 835.270548][T24310] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 835.270590][T24310] warn_alloc+0x214/0x310 [ 835.270626][T24310] ? __pfx_warn_alloc+0x10/0x10 [ 835.270665][T24310] ? __get_vm_area_node+0x28f/0x300 [ 835.270693][T24310] ? hash_ipportnet_create+0x358/0xfe0 [ 835.270737][T24310] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 835.270763][T24310] ? __do_fast_syscall_32+0xb6/0x2b0 [ 835.270824][T24310] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 835.270859][T24310] ? rcu_is_watching+0x15/0xb0 [ 835.270898][T24310] ? hash_ipportnet_create+0x358/0xfe0 [ 835.270935][T24310] ? hash_ipportnet_create+0x358/0xfe0 [ 835.270970][T24310] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 835.270996][T24310] ? hash_ipportnet_create+0x358/0xfe0 [ 835.271035][T24310] ? hash_ipportnet_create+0x2fe/0xfe0 [ 835.271078][T24310] hash_ipportnet_create+0x358/0xfe0 [ 835.271126][T24310] ? __nla_parse+0x40/0x60 [ 835.271163][T24310] ? __pfx_hash_ipportnet_create+0x10/0x10 [ 835.271202][T24310] ip_set_create+0xa97/0x1940 [ 835.271243][T24310] ? ip_set_create+0x4a2/0x1940 [ 835.271295][T24310] ? __pfx_ip_set_create+0x10/0x10 [ 835.271375][T24310] nfnetlink_rcv_msg+0xb4a/0x1130 [ 835.271416][T24310] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 835.271476][T24310] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 835.271510][T24310] ? kasan_save_free_info+0x46/0x50 [ 835.271607][T24310] netlink_rcv_skb+0x208/0x470 [ 835.271639][T24310] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 835.271678][T24310] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 835.271722][T24310] ? bpf_lsm_capable+0x9/0x20 [ 835.271744][T24310] ? security_capable+0x7e/0x2e0 [ 835.271786][T24310] nfnetlink_rcv+0x26a/0x2520 [ 835.271828][T24310] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 835.271869][T24310] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 835.271912][T24310] ? __dev_queue_xmit+0x27e/0x3a70 [ 835.271947][T24310] ? do_fast_syscall_32+0x34/0x80 [ 835.271983][T24310] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 835.272020][T24310] ? __pfx___dev_queue_xmit+0x10/0x10 [ 835.272072][T24310] ? ref_tracker_free+0x63a/0x7d0 [ 835.272103][T24310] ? __copy_skb_header+0xa7/0x550 [ 835.272138][T24310] ? __pfx_ref_tracker_free+0x10/0x10 [ 835.272172][T24310] ? __skb_clone+0x63/0x7a0 [ 835.272209][T24310] ? __skb_clone+0x483/0x7a0 [ 835.272249][T24310] ? skb_clone+0x246/0x3a0 [ 835.272287][T24310] ? __netlink_deliver_tap+0x807/0x850 [ 835.272315][T24310] ? netlink_deliver_tap+0x2e/0x1b0 [ 835.272353][T24310] ? netlink_deliver_tap+0x2e/0x1b0 [ 835.272381][T24310] ? netlink_deliver_tap+0x2e/0x1b0 [ 835.272417][T24310] netlink_unicast+0x75b/0x8d0 [ 835.272458][T24310] netlink_sendmsg+0x805/0xb30 [ 835.272498][T24310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 835.272532][T24310] ? __import_iovec+0x5d4/0x7f0 [ 835.272555][T24310] ? aa_sock_msg_perm+0x94/0x160 [ 835.272596][T24310] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 835.272628][T24310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 835.272659][T24310] __sock_sendmsg+0x219/0x270 [ 835.272702][T24310] ____sys_sendmsg+0x505/0x830 [ 835.272742][T24310] ? __pfx_____sys_sendmsg+0x10/0x10 [ 835.272782][T24310] ? __pfx_futex_wake_mark+0x10/0x10 [ 835.272843][T24310] ___sys_sendmsg+0x21f/0x2a0 [ 835.272879][T24310] ? __pfx____sys_sendmsg+0x10/0x10 [ 835.272944][T24310] ? __fget_files+0x2a/0x420 [ 835.272967][T24310] ? __fget_files+0x3a0/0x420 [ 835.273003][T24310] __sys_sendmsg+0x164/0x220 [ 835.273034][T24310] ? __pfx___sys_sendmsg+0x10/0x10 [ 835.273073][T24310] ? rcu_is_watching+0x15/0xb0 [ 835.273110][T24310] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 835.273147][T24310] ? lockdep_hardirqs_on+0x9c/0x150 [ 835.273183][T24310] __do_fast_syscall_32+0xb6/0x2b0 [ 835.273206][T24310] ? lockdep_hardirqs_on+0x9c/0x150 [ 835.273244][T24310] do_fast_syscall_32+0x34/0x80 [ 835.273267][T24310] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 835.273295][T24310] RIP: 0023:0xf703e539 [ 835.273314][T24310] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 835.273334][T24310] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 835.273357][T24310] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 835.273371][T24310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 835.273384][T24310] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 835.273396][T24310] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 835.273410][T24310] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 835.273446][T24310] [ 835.296790][T24310] Mem-Info: [ 835.296907][T24310] active_anon:7393 inactive_anon:0 isolated_anon:0 [ 835.296907][T24310] active_file:19994 inactive_file:3865 isolated_file:0 [ 835.296907][T24310] unevictable:768 dirty:248 writeback:0 [ 835.296907][T24310] slab_reclaimable:8028 slab_unreclaimable:115693 [ 835.296907][T24310] mapped:30288 shmem:1387 pagetables:1647 [ 835.296907][T24310] sec_pagetables:0 bounce:0 [ 835.296907][T24310] kernel_misc_reclaimable:0 [ 835.296907][T24310] free:1316027 free_pcp:18901 free_cma:0 [ 835.296968][T24310] Node 0 active_anon:29572kB inactive_anon:0kB active_file:79976kB inactive_file:15328kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121152kB dirty:992kB writeback:0kB shmem:4012kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14332kB pagetables:6420kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 835.297024][T24310] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 835.297076][T24310] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 835.297138][T24310] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 835.297184][T24310] Node 0 DMA32 free:1361600kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29460kB inactive_anon:0kB active_file:79796kB inactive_file:13776kB unevictable:1536kB writepending:992kB present:3129332kB managed:2561044kB mlocked:0kB bounce:0kB free_pcp:43440kB local_pcp:21896kB free_cma:0kB [ 835.297248][T24310] lowmem_reserve[]: 0 0 1 1 1 [ 835.297295][T24310] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:112kB inactive_anon:0kB active_file:180kB inactive_file:1552kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:12kB free_cma:0kB [ 835.297356][T24310] lowmem_reserve[]: 0 0 0 0 0 [ 835.354673][T22301] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 835.505710][T24310] Node 1 [ 835.522313][T22301] usb 6-1: USB disconnect, device number 70 [ 835.567995][T24310] Normal free:3887132kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32124kB local_pcp:16744kB free_cma:0kB [ 835.837470][ C0] vkms_vblank_simulate: vblank timer overrun [ 835.871134][ C0] vkms_vblank_simulate: vblank timer overrun [ 835.903098][ C0] vkms_vblank_simulate: vblank timer overrun [ 835.906354][T13302] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 835.932379][ C0] vkms_vblank_simulate: vblank timer overrun [ 835.933258][T24310] lowmem_reserve[]: [ 835.938316][T22301] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 835.970454][ C0] vkms_vblank_simulate: vblank timer overrun [ 836.015495][T24310] 0 [ 836.059074][ C0] vkms_vblank_simulate: vblank timer overrun [ 836.165371][T24310] 0 0 0 0 [ 836.170697][T24310] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 836.184483][T24310] Node 0 DMA32: 855*4kB (ME) 480*8kB (ME) 545*16kB (UME) 474*32kB (UME) 339*64kB (UME) 155*128kB (UME) 147*256kB (UME) 65*512kB (UME) 48*1024kB (UME) 7*2048kB (UME) 282*4096kB (M) = 1362156kB [ 836.186028][T13302] usb 9-1: Using ep0 maxpacket: 8 [ 836.204122][T24310] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 836.204273][T24310] Node 1 Normal: 184*4kB (UME) 52*8kB (UME) 27*16kB [ 836.210581][T22301] usb 6-1: Using ep0 maxpacket: 32 [ 836.252465][T24310] (UME) 117*32kB (UM) 32*64kB (UME) 7*128kB (UME) 6*256kB (UME) 5*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (UM) = 3887184kB [ 836.257986][T13302] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 836.278733][T24310] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 836.281429][T22301] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 836.289184][T24310] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 836.305477][T13302] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 836.322045][T24310] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 836.325536][T22301] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 836.343105][T24310] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 836.354163][T24310] 25244 total pagecache pages [ 836.362000][T24310] 0 pages in swap cache [ 836.371770][T24310] Free swap = 124996kB [ 836.375991][T13302] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 836.376026][T13302] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 836.376077][T13302] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 836.376101][T13302] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.390029][T22301] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.412076][T24310] Total swap = 124996kB [ 836.431035][T24310] 2097051 pages RAM [ 836.434890][T24310] 0 pages HighMem/MovableOnly [ 836.440212][T24310] 424684 pages reserved [ 836.444611][T24310] 0 pages cma reserved [ 836.486821][T22301] usb 6-1: config 0 descriptor?? [ 836.506313][T24353] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6479'. [ 836.508329][T22301] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 836.530344][T22301] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 836.594430][T13302] usb 9-1: GET_CAPABILITIES returned 0 [ 836.600343][T13302] usbtmc 9-1:16.0: can't read capabilities [ 836.951284][T24182] Set syz1 is full, maxelem 65536 reached [ 836.962569][ T5918] usb 9-1: USB disconnect, device number 6 [ 837.091713][T22301] usb 6-1: USB disconnect, device number 71 [ 837.117281][T22301] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 837.148445][T13302] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 837.333058][T13302] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 837.362713][T13302] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 837.400751][T24376] netlink: 5 bytes leftover after parsing attributes in process `syz.1.6488'. [ 837.402997][T13302] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 837.428269][T13302] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 837.459386][T13302] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 837.489158][T13302] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 837.509277][T13302] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 837.544581][T13302] usb 4-1: Product: syz [ 837.562522][T13302] usb 4-1: Manufacturer: syz [ 837.583136][T13302] cdc_wdm 4-1:1.0: skipping garbage [ 837.589968][T13302] cdc_wdm 4-1:1.0: skipping garbage [ 837.611941][T13302] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 837.620349][T13302] cdc_wdm 4-1:1.0: Unknown control protocol [ 837.839861][ T5925] usb 4-1: USB disconnect, device number 83 [ 838.509677][ T980] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 838.528858][T24411] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 838.707495][ T980] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 838.729430][ T980] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 838.775664][ T980] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 838.831896][ T980] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 838.876080][ T980] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 838.934531][ T980] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 838.958238][ T980] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 838.976284][ T980] usb 4-1: Product: syz [ 838.980512][ T980] usb 4-1: Manufacturer: syz [ 839.029692][ T980] cdc_wdm 4-1:1.0: skipping garbage [ 839.034974][ T980] cdc_wdm 4-1:1.0: skipping garbage [ 839.066481][ T980] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 839.085491][ T980] cdc_wdm 4-1:1.0: Unknown control protocol [ 839.260786][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.266567][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 839.272359][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.278502][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.284529][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.290457][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.296612][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.302307][ C0] cdc_wdm 4-1:1.0: Cannot schedule work [ 839.308181][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.314359][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.320909][ C0] cdc_wdm 4-1:1.0: Stall on int endpoint [ 839.326732][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 839.343392][T22301] usb 4-1: USB disconnect, device number 84 [ 839.468243][ T980] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 839.627709][ T980] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 839.639641][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 839.650972][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 839.661259][ T980] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 839.675224][ T980] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 839.693069][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 839.703606][ T980] usb 1-1: config 0 descriptor?? [ 840.168353][ T980] plantronics 0003:047F:FFFF.006E: No inputs registered, leaving [ 840.222390][ T980] plantronics 0003:047F:FFFF.006E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 840.523133][ T5925] usb 1-1: USB disconnect, device number 84 [ 840.635553][T22301] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 840.825947][T22301] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 840.845588][T22301] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 840.866339][T22301] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 840.885999][T22301] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.924744][T22301] usb 6-1: config 0 descriptor?? [ 841.404123][T22301] hid-steam 0003:28DE:1142.006F: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 841.515270][T24478] loop8: detected capacity change from 0 to 7 [ 841.522350][T22301] hid-steam 0003:28DE:1142.006F: Steam wireless receiver connected [ 841.534765][T22301] hid-steam 0003:28DE:1142.006F: No HID_FEATURE_REPORT submitted - nothing to read [ 841.549396][T21343] Dev loop8: unable to read RDB block 7 [ 841.565282][T21343] loop8: AHDI p3 [ 841.596598][T22301] hid-steam 0003:28DE:1142.0070: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 841.612070][T21343] loop8: partition table partially beyond EOD, truncated [ 841.651793][T22301] usb 6-1: USB disconnect, device number 72 [ 841.660312][ T6159] Dev loop8: unable to read RDB block 7 [ 841.677791][ T6159] loop8: AHDI p3 [ 841.690500][ T6159] loop8: partition table partially beyond EOD, truncated [ 841.707196][T22301] hid-steam 0003:28DE:1142.006F: Steam wireless receiver disconnected [ 841.745114][T24478] Dev loop8: unable to read RDB block 7 [ 841.755128][T24478] loop8: AHDI p3 [ 841.776641][T24478] loop8: partition table partially beyond EOD, truncated [ 841.797289][T24479] Dev loop8: unable to read RDB block 7 [ 841.803106][T24479] loop8: AHDI p3 [ 841.810979][T24479] loop8: partition table partially beyond EOD, truncated [ 841.819119][T24482] fido_id[24482]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 843.085535][ T5925] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 843.281705][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 843.334568][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 843.375696][ T5925] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 843.415723][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.450741][ T5925] usb 2-1: config 0 descriptor?? [ 843.586428][T24524] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 843.921552][ T5925] cp2112 0003:10C4:EA90.0071: unknown main item tag 0x0 [ 844.006292][ T5925] cp2112 0003:10C4:EA90.0071: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 844.144494][ T5925] cp2112 0003:10C4:EA90.0071: Part Number: 0x82 Device Version: 0xFE [ 844.662615][T24544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6556'. [ 844.973258][ T980] usb 2-1: USB disconnect, device number 86 [ 845.775603][T13302] usb 1-1: new full-speed USB device number 85 using dummy_hcd [ 845.950554][T13302] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 845.966091][ T9] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 845.973225][T13302] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 845.990107][T13302] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 845.999825][T13302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 846.157359][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 846.180382][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 846.210522][ T9] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 846.241962][T24561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 846.250193][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 846.252734][T13302] usb 1-1: usb_control_msg returned -32 [ 846.279450][ T9] usb 6-1: config 0 descriptor?? [ 846.288076][T24561] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 846.314827][T13302] usbtmc 1-1:16.0: can't read capabilities [ 846.338431][T24584] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6573'. [ 846.365705][T13302] usb 1-1: USB disconnect, device number 85 [ 846.388655][T24584] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6573'. [ 846.406977][T24586] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6575'. [ 847.025751][ T980] usb 9-1: new full-speed USB device number 7 using dummy_hcd [ 847.190493][ T980] usb 9-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 847.212940][ T980] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.228013][ T980] usb 9-1: Product: syz [ 847.234952][ T980] usb 9-1: Manufacturer: syz [ 847.240506][ T980] usb 9-1: SerialNumber: syz [ 847.253927][ T980] usb 9-1: config 0 descriptor?? [ 847.530284][ T9] uclogic 0003:256C:006D.0072: v1 frame probing failed: -71 [ 847.565929][ T9] uclogic 0003:256C:006D.0072: failed probing parameters: -71 [ 847.594926][ T9] uclogic 0003:256C:006D.0072: probe with driver uclogic failed with error -71 [ 847.624188][ T9] usb 6-1: USB disconnect, device number 73 [ 847.681733][ T980] airspy 9-1:0.0: Board ID: 05 [ 847.693371][ T980] airspy 9-1:0.0: Firmware version:  [ 847.775561][T13743] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 847.946166][T13743] usb 2-1: Using ep0 maxpacket: 8 [ 847.961893][T13743] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 847.975450][T13743] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.984104][T13743] usb 2-1: Product: syz [ 848.005481][T13743] usb 2-1: Manufacturer: syz [ 848.010145][T13743] usb 2-1: SerialNumber: syz [ 848.028514][T13743] usb 2-1: config 0 descriptor?? [ 848.485302][T13743] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 848.681177][T13743] gspca_sunplus: reg_w_riv err -71 [ 848.709439][T13743] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 848.729476][ T980] airspy 9-1:0.0: usb_control_msg() failed -71 request 10 [ 848.749518][ T980] airspy 9-1:0.0: Registered as swradio24 [ 848.755342][ T980] airspy 9-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 848.775516][T13743] usb 2-1: USB disconnect, device number 87 [ 848.847921][ T980] usb 9-1: USB disconnect, device number 7 [ 849.456170][T24655] loop3: detected capacity change from 0 to 1 [ 849.479121][ T7392] loop3: [POWERTEC] p1 p2 [ 849.482859][T24658] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6605'. [ 849.500368][ T7392] loop3: p1 size 256 extends beyond EOD, truncated [ 849.540938][ T7392] loop3: p2 start 1886744434 is beyond EOD, truncated [ 849.580003][T24655] loop3: [POWERTEC] p1 p2 [ 849.593925][T24655] loop3: p1 size 256 extends beyond EOD, truncated [ 849.607457][T24655] loop3: p2 start 1886744434 is beyond EOD, truncated [ 849.759173][ T6159] udevd[6159]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 849.897177][ T6159] udevd[6159]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 850.164820][T24679] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6613'. [ 850.816207][T24694] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6620'. [ 851.727187][T24719] loop2: detected capacity change from 0 to 7 [ 851.756268][T24719] Dev loop2: unable to read RDB block 7 [ 851.764509][T24719] loop2: unable to read partition table [ 851.781532][T24719] loop2: partition table beyond EOD, truncated [ 851.814026][T24719] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 852.738204][T24740] netlink: 'syz.8.6639': attribute type 1 has an invalid length. [ 852.773667][T24740] 8021q: adding VLAN 0 to HW filter on device bond1 [ 852.861717][T24740] bond1: (slave veth0_to_bond): making interface the new active one [ 852.917884][T24740] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 854.485550][ T5918] usb 1-1: new full-speed USB device number 86 using dummy_hcd [ 854.690353][ T5918] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 854.720599][ T5918] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 854.775685][ T5918] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 854.802302][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 855.052421][ T5918] usb 1-1: GET_CAPABILITIES returned 0 [ 855.066838][ T5918] usbtmc 1-1:16.0: can't read capabilities [ 855.403472][T22301] usb 1-1: USB disconnect, device number 86 [ 856.452166][ T30] audit: type=1800 audit(1749562683.148:8993): pid=24802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6662" name="dmabuf" dev="dmabuf" ino=27 res=0 errno=0 [ 856.675205][T24806] loop7: detected capacity change from 0 to 16384 [ 856.945046][T24810] loop7: detected capacity change from 16384 to 16383 [ 858.417634][T24836] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6675'. [ 858.971498][T24706] Set syz1 is full, maxelem 65536 reached [ 859.461174][T24865] netlink: 'syz.8.6689': attribute type 39 has an invalid length. [ 859.942858][T24888] netlink: 'syz.1.6695': attribute type 1 has an invalid length. [ 860.010463][T24888] 8021q: adding VLAN 0 to HW filter on device bond3 [ 860.035999][ T5925] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 860.217880][ T5925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 860.253078][ T5925] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 860.285056][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 860.322398][ T5925] usb 4-1: Product: syz [ 860.337895][ T5925] usb 4-1: Manufacturer: syz [ 860.342566][ T5925] usb 4-1: SerialNumber: syz [ 861.235741][T13743] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 861.418865][T13743] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 861.453654][ T5925] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 861.481446][T13743] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 861.504636][ T5925] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 861.523400][T13743] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 861.534967][ T5925] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 861.543342][T13743] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.576005][T24927] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 861.609832][T13743] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 861.865413][ T5925] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 861.931570][T13743] usb 1-1: USB disconnect, device number 87 [ 862.024372][ T5925] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 862.102675][ T5925] usb 4-1: USB disconnect, device number 85 [ 862.147782][ T5925] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 862.604797][T24941] loop2: detected capacity change from 0 to 7 [ 862.623054][T24941] Dev loop2: unable to read RDB block 7 [ 862.630855][T24941] loop2: unable to read partition table [ 862.644082][T24941] loop2: partition table beyond EOD, truncated [ 862.662962][T24941] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 863.805796][ T5925] usb 6-1: new full-speed USB device number 74 using dummy_hcd [ 863.959809][ T5925] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 863.989840][ T5925] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 864.025927][ T5925] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 864.069257][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 864.084030][ T5925] usb 6-1: New USB device strings: Mfr=8, Product=0, SerialNumber=1 [ 864.093042][ T5925] usb 6-1: Manufacturer: syz [ 864.098166][ T5925] usb 6-1: SerialNumber: syz [ 864.380229][T24963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 864.395173][T24963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 864.414554][ T5925] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 864.458368][ T5925] cdc_acm 6-1:1.0: ttyACM0: USB ACM device [ 864.484770][ T5925] usb 6-1: USB disconnect, device number 74 [ 865.173298][T24991] macvlan2: entered promiscuous mode [ 865.205815][T24991] bond_slave_0: entered promiscuous mode [ 865.212530][T24991] bond_slave_1: entered promiscuous mode [ 865.231357][T24991] bond0: entered promiscuous mode [ 865.313176][T24991] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 865.363398][T24991] team0: Port device macvlan2 added [ 865.900538][T25003] fuse: root generation should be zero [ 866.214217][T25009] policy can only be matched on NF_INET_PRE_ROUTING [ 866.214243][T25009] unable to load match [ 866.252808][T25013] netlink: 72 bytes leftover after parsing attributes in process `syz.5.6737'. [ 866.387153][T25015] netlink: 1052 bytes leftover after parsing attributes in process `syz.1.6740'. [ 866.627132][ T30] audit: type=1326 audit(1749562693.318:8994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 866.692867][ T30] audit: type=1326 audit(1749562693.318:8995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 866.802266][ T980] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 866.816974][ T30] audit: type=1326 audit(1749562693.318:8996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 866.885201][ T30] audit: type=1326 audit(1749562693.358:8997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 866.920532][ T30] audit: type=1326 audit(1749562693.358:8998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 867.009293][ T980] usb 1-1: Using ep0 maxpacket: 8 [ 867.037564][ T980] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 867.064351][ T30] audit: type=1326 audit(1749562693.358:8999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=256 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 867.096064][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.126055][ T980] usb 1-1: Product: syz [ 867.130294][ T980] usb 1-1: Manufacturer: syz [ 867.187074][ T980] usb 1-1: SerialNumber: syz [ 867.205971][ T30] audit: type=1326 audit(1749562693.358:9000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 867.234185][ T980] usb 1-1: config 0 descriptor?? [ 867.316670][T13302] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 867.325704][ T30] audit: type=1326 audit(1749562693.358:9001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25018 comm="syz.3.6742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 867.497647][T13302] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 867.551215][T13302] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 867.582092][ T980] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 867.589843][T13302] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 867.610817][T13302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 867.628318][T13302] usb 2-1: SerialNumber: syz [ 867.903155][T13302] usb 2-1: 0:2 : does not exist [ 867.968420][T13302] usb 2-1: USB disconnect, device number 88 [ 868.211013][ T7392] udevd[7392]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 868.831245][ T980] gspca_sunplus: reg_w_riv err -71 [ 868.836615][ T980] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 868.850297][ T980] usb 1-1: USB disconnect, device number 88 [ 869.232578][T24921] Set syz1 is full, maxelem 65536 reached [ 870.186055][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 870.193042][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.200091][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.737482][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888055a48000: rx timeout, send abort [ 870.746584][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888055a48000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 872.151400][T25118] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 873.071195][T25133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6787'. [ 874.006688][T25145] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6792'. [ 874.008134][T25147] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 874.073292][T25145] erspan0: entered promiscuous mode [ 874.085911][T25145] macvtap0: entered promiscuous mode [ 874.098816][T25145] macvtap0: entered allmulticast mode [ 874.111882][T25145] erspan0: entered allmulticast mode [ 874.165355][T25148] erspan0: left allmulticast mode [ 874.175972][T25148] erspan0: left promiscuous mode [ 875.149634][T25159] netlink: 'syz.0.6797': attribute type 1 has an invalid length. [ 876.005749][ T5925] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 876.180028][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 876.232222][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 876.276008][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 876.325621][ T5925] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 876.364528][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 876.388270][ T5925] usb 2-1: config 0 descriptor?? [ 876.881572][ T5925] plantronics 0003:047F:FFFF.0073: reserved main item tag 0xd [ 876.911030][ T5925] plantronics 0003:047F:FFFF.0073: No inputs registered, leaving [ 876.967010][ T5925] plantronics 0003:047F:FFFF.0073: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 877.200301][T13743] usb 2-1: USB disconnect, device number 89 [ 877.241464][T25193] fido_id[25193]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 877.275815][ T5925] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 877.457595][ T5925] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 877.475700][ T5925] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 877.512900][ T5925] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 877.537221][ T5925] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 877.562317][ T5925] usb 9-1: SerialNumber: syz [ 877.818326][ T5925] usb 9-1: 0:2 : does not exist [ 877.888322][ T5925] usb 9-1: USB disconnect, device number 8 [ 877.954222][ T6159] udevd[6159]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 878.132739][ T30] audit: type=1326 audit(1749562704.828:9002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.0.6814" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 878.181599][ T30] audit: type=1326 audit(1749562704.828:9003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.0.6814" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 878.236252][ T30] audit: type=1326 audit(1749562704.858:9004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.0.6814" exe="/root/syz-executor" sig=0 arch=40000003 syscall=116 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 878.285511][ T30] audit: type=1326 audit(1749562704.858:9005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.0.6814" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f42539 code=0x7ffc0000 [ 878.734200][T25104] Set syz1 is full, maxelem 65536 reached [ 878.808704][T25212] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 878.816030][T25212] IPv6: NLM_F_CREATE should be set when creating new route [ 879.043538][T25222] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6823'. [ 879.084937][T25222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6823'. [ 879.120868][T25222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6823'. [ 879.258460][ T30] audit: type=1800 audit(1749562705.958:9006): pid=25228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6825" name=789995D6C0BDB87AA869C4E6FA9FA1BD9345CE1D269273DD143925C7DE0233B8FE809BED212020736D61783D756D61783D736D617833323D756D617833323D3531302C7661725F6F66663D283078303B20307831666629290A333A202839352920657869740A dev="tmpfs" ino=7108 res=0 errno=0 [ 879.405192][ T30] audit: type=1804 audit(1749562705.998:9007): pid=25228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.6825" name=2F6E6577726F6F742F313338302F789995D6C0BDB87AA869C4E6FA9FA1BD9345CE1D269273DD143925C7DE0233B8FE809BED212020736D61783D756D61783D736D617833323D756D617833323D3531302C7661725F6F66663D283078303B20307831666629290A333A202839352920657869740A dev="tmpfs" ino=7108 res=1 errno=0 [ 879.617055][T25240] netlink: 'syz.5.6830': attribute type 13 has an invalid length. [ 879.688548][T25240] netlink: 'syz.5.6830': attribute type 27 has an invalid length. [ 879.990144][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.017866][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.033477][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.052144][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.069907][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.085606][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.102055][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.117902][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.140181][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.158803][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.178494][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.196539][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.213151][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.229264][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.247410][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.267002][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.284921][ T5918] hid-generic 0002:0004:0009.0074: unknown main item tag 0x0 [ 880.346584][ T5918] hid-generic 0002:0004:0009.0074: hidraw0: HID v0.04 Device [syz0] on syz0 [ 880.592690][T25256] fido_id[25256]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 880.625748][T13743] usb 1-1: new full-speed USB device number 89 using dummy_hcd [ 880.799854][T13743] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 880.825612][T13743] usb 1-1: config 0 has no interfaces? [ 880.863228][T13743] usb 1-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 880.912106][T13743] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 880.927649][T13743] usb 1-1: Product: syz [ 880.931865][T13743] usb 1-1: Manufacturer: syz [ 880.954091][T13743] usb 1-1: SerialNumber: syz [ 880.996576][T13743] usb 1-1: config 0 descriptor?? [ 881.024473][T25265] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6841'. [ 881.045545][T25265] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6841'. [ 881.255817][T25271] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6843'. [ 881.392571][T13743] usb 1-1: USB disconnect, device number 89 [ 881.408572][T25274] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.6845'. [ 881.768084][T25284] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6849'. [ 881.821338][T25284] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0 [ 881.842257][T25286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6849'. [ 882.965738][ T5918] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 883.145997][ T5918] usb 6-1: Using ep0 maxpacket: 8 [ 883.162799][ T5918] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 883.185475][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 883.230419][ T5918] usb 6-1: config 0 descriptor?? [ 883.273476][T25324] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6866'. [ 883.475645][T22301] usb 4-1: new full-speed USB device number 86 using dummy_hcd [ 883.487954][ T5918] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 883.601804][T25332] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 883.678555][T22301] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 883.689522][T22301] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 883.703810][T22301] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 883.713739][T22301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 883.940869][T22301] usb 4-1: usb_control_msg returned -32 [ 883.947810][T22301] usbtmc 4-1:16.0: can't read capabilities [ 884.132182][T25345] loop4: detected capacity change from 0 to 7 [ 884.141074][T25345] loop4: [POWERTEC] p1 p2 p3 [ 884.150235][T25345] loop4: p1 start 1600481121 is beyond EOD, truncated [ 884.157709][T25345] loop4: p2 size 2147483648 extends beyond EOD, truncated [ 884.166781][T25345] loop4: p3 start 1680801792 is beyond EOD, truncated [ 884.238031][ T6159] udevd[6159]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 884.375469][T13743] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 884.510153][ T980] usb 4-1: USB disconnect, device number 86 [ 884.517352][ T9] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 884.528853][T13743] usb 9-1: Using ep0 maxpacket: 32 [ 884.541707][T13743] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 884.550552][T13743] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 884.562028][T13743] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 884.572606][T13743] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 884.583292][T13743] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 884.593464][T13743] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 884.607381][T13743] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 884.616817][T13743] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 884.628551][T13743] usb 9-1: config 0 descriptor?? [ 884.685864][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 884.707271][ T9] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 884.715726][ T9] usb 2-1: config 0 has no interface number 0 [ 884.719179][ T5918] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 884.726854][ T9] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 884.748070][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.754073][ T5918] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 884.756932][ T9] usb 2-1: Product: syz [ 884.771042][ T9] usb 2-1: Manufacturer: syz [ 884.777337][ T9] usb 2-1: SerialNumber: syz [ 884.791067][ T5918] asix 6-1:0.0: probe with driver asix failed with error -71 [ 884.815694][ T9] usb 2-1: config 0 descriptor?? [ 884.818682][ T5918] usb 6-1: USB disconnect, device number 75 [ 884.849530][ T9] smsc95xx v2.0.0 [ 884.869444][T13743] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 884.907833][T13743] usb 9-1: USB disconnect, device number 9 [ 884.928468][T13743] usblp0: removed [ 885.018784][T25354] __nla_validate_parse: 1 callbacks suppressed [ 885.018805][T25354] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6878'. [ 885.416477][T13743] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 885.578154][T13743] usb 9-1: Using ep0 maxpacket: 32 [ 885.583921][T25362] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6882'. [ 885.604193][T13743] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 885.615119][T13743] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 885.634170][T13743] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 885.643790][T13743] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 885.664061][T13743] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 885.681896][ T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 885.702836][ T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 885.712776][T13743] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 885.726535][T13743] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 885.736437][T13743] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.778752][T13743] usb 9-1: config 0 descriptor?? [ 885.859561][T25368] input: syz1 as /devices/virtual/input/input122 [ 886.056206][T13743] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 886.140464][ T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 886.181479][ T9] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 886.219522][ T9] usb 2-1: USB disconnect, device number 90 [ 886.607876][T13743] usb 9-1: USB disconnect, device number 10 [ 886.637077][T13743] usblp0: removed [ 886.826122][ T5903] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 886.903091][T24081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 886.916183][T24081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 886.925057][T24081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 886.935214][T24081] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 886.943936][T24081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 886.995546][ T5903] usb 4-1: Using ep0 maxpacket: 8 [ 887.005201][ T5903] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 887.015948][ T5903] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 887.026990][ T5903] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 887.037430][ T5903] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 887.050891][ T5903] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 887.063470][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.298832][ T5903] usb 4-1: GET_CAPABILITIES returned 0 [ 887.315189][ T5903] usbtmc 4-1:16.0: can't read capabilities [ 887.550563][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 887.562169][T13743] usb 4-1: USB disconnect, device number 87 [ 887.564815][T25388] chnl_net:caif_netlink_parms(): no params data found [ 887.962113][T25388] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.988144][T25388] bridge0: port 1(bridge_slave_0) entered disabled state [ 888.016926][T25388] bridge_slave_0: entered allmulticast mode [ 888.024581][T25388] bridge_slave_0: entered promiscuous mode [ 888.053660][T25388] bridge0: port 2(bridge_slave_1) entered blocking state [ 888.085599][T25388] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.092925][T25388] bridge_slave_1: entered allmulticast mode [ 888.124445][T25388] bridge_slave_1: entered promiscuous mode [ 888.401284][T25388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 888.445134][T25388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 888.577509][T25388] team0: Port device team_slave_0 added [ 888.622798][T25388] team0: Port device team_slave_1 added [ 888.833661][T25388] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 888.875711][T25388] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 888.901674][ C1] vkms_vblank_simulate: vblank timer overrun [ 888.932917][T25428] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6904'. [ 888.947642][T25388] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 888.980524][T25388] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 888.986374][T14668] Bluetooth: hci0: command tx timeout [ 888.988229][T25388] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.019496][ C1] vkms_vblank_simulate: vblank timer overrun [ 889.027650][T25388] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 889.646297][T25388] hsr_slave_0: entered promiscuous mode [ 889.653071][T25388] hsr_slave_1: entered promiscuous mode [ 889.696356][T25388] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 889.703975][T25388] Cannot create hsr debugfs directory [ 891.004883][T25388] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 891.059433][T25388] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 891.066093][T14668] Bluetooth: hci0: command tx timeout [ 891.106451][T25388] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 891.167464][T25388] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 891.392956][T25472] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 891.573638][T25388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 891.669962][T25388] 8021q: adding VLAN 0 to HW filter on device team0 [ 891.719465][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 891.726694][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 891.820319][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 891.827610][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 892.094503][T25388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 892.410330][T25388] veth0_vlan: entered promiscuous mode [ 892.445323][T25388] veth1_vlan: entered promiscuous mode [ 892.555287][T25388] veth0_macvtap: entered promiscuous mode [ 892.604434][T25388] veth1_macvtap: entered promiscuous mode [ 892.733551][T25388] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 892.809054][T25388] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 892.869461][T25388] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 892.915710][T25388] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 892.954847][T25388] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 892.995982][T25388] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.146187][T14668] Bluetooth: hci0: command tx timeout [ 893.519342][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.546703][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.590649][T17351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.600550][T17351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 894.668351][T25567] input: syz0 as /devices/virtual/input/input123 [ 894.819533][ T30] audit: type=1326 audit(1749562721.508:9008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25568 comm="syz.8.6953" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x0 [ 895.226281][T14668] Bluetooth: hci0: command tx timeout [ 895.357691][T25582] loop2: detected capacity change from 0 to 7 [ 895.378289][T25582] Dev loop2: unable to read RDB block 7 [ 895.383936][T25582] loop2: unable to read partition table [ 895.416400][T25582] loop2: partition table beyond EOD, truncated [ 895.434834][T25582] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 897.505777][T25612] kvm: kvm [25611]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x40600 [ 898.315768][ T9] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 898.485826][ T9] usb 9-1: Using ep0 maxpacket: 8 [ 898.538655][ T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 898.615562][ T9] usb 9-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 898.663165][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 898.717790][ T9] usb 9-1: config 0 descriptor?? [ 898.768932][ T9] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 898.985962][ T5918] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 899.159814][ T5918] usb 6-1: Using ep0 maxpacket: 32 [ 899.186874][ T5918] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 899.209835][ T5918] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 899.242378][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 899.293078][ T5918] usb 6-1: Product: syz [ 899.303475][ T5918] usb 6-1: Manufacturer: syz [ 899.322613][ T5918] usb 6-1: SerialNumber: syz [ 899.350916][ T5918] usb 6-1: config 0 descriptor?? [ 899.366966][T25638] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 899.379541][ T5918] hub 6-1:0.0: bad descriptor, ignoring hub [ 899.402156][ T5918] hub 6-1:0.0: probe with driver hub failed with error -5 [ 900.204379][ T9] usb 9-1: USB disconnect, device number 11 [ 900.338637][ T5925] usb 6-1: USB disconnect, device number 76 [ 902.485427][T13302] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 902.735666][T13302] usb 9-1: Using ep0 maxpacket: 8 [ 902.764497][T13302] usb 9-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 902.805429][T13302] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.827201][T13302] usb 9-1: Product: syz [ 902.831439][T13302] usb 9-1: Manufacturer: syz [ 902.868603][T13302] usb 9-1: SerialNumber: syz [ 902.886501][T13302] usb 9-1: config 0 descriptor?? [ 902.919126][T13302] gspca_main: se401-2.14.0 probing 047d:5003 [ 903.332115][T13302] gspca_se401: Frame size: 0x2 1/4th janggu [ 903.355185][T13302] gspca_se401: Frame size: 0x127 bayer [ 903.371180][T13302] gspca_se401: Frame size: 256x0 bayer [ 903.404285][T13302] gspca_se401: Frame size: 0x0 1/16th janggu [ 903.420952][T13302] gspca_se401: Frame size: 0x4 bayer [ 903.559461][T13302] input: se401 as /devices/platform/dummy_hcd.8/usb9/9-1/input/input124 [ 903.657343][T13302] usb 9-1: USB disconnect, device number 12 [ 904.632645][T25796] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7045'. [ 905.056275][ T9] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 905.233194][ T9] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 905.257156][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.275083][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.294563][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.302690][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.322441][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.351792][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.365789][ T5918] usb 6-1: new full-speed USB device number 77 using dummy_hcd [ 905.369754][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.392784][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.406809][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.414770][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.425828][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.440696][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.451473][T25821] veth0: entered promiscuous mode [ 905.458330][T25821] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7056'. [ 905.469341][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.484783][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.504195][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.513013][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.536932][ T5918] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 905.553069][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.556076][ T5918] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 905.600949][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 905.603183][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.622374][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 905.640301][ T5918] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 905.657364][ T5918] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 905.667508][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 905.683630][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.703032][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.713995][ T5918] usb 6-1: Product: syz [ 905.714016][ T5918] usb 6-1: Manufacturer: syz [ 905.714032][ T5918] usb 6-1: SerialNumber: syz [ 905.718188][ T5918] usb 6-1: config 0 descriptor?? [ 905.749078][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.765018][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 905.774167][ T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 905.785883][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.796631][ T9] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 905.831454][ T9] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 905.850965][ T9] usb 4-1: Product: syz [ 905.870915][ T9] usb 4-1: Manufacturer: syz [ 905.895998][ T9] usb 4-1: SerialNumber: syz [ 905.909354][ T9] usb 4-1: config 0 descriptor?? [ 905.931991][ T9] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 905.992658][ T5918] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 906.030223][ T5918] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 906.199505][ T5918] radio-si470x 6-1:0.0: software version 0, hardware version 0 [ 906.236144][ T5918] radio-si470x 6-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 906.261328][ T5918] radio-si470x 6-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 906.331106][T25834] netlink: 'syz.9.7061': attribute type 9 has an invalid length. [ 906.408668][ T5918] radio-si470x 6-1:0.0: submitting int urb failed (-90) [ 906.512369][T25838] syzkaller1: entered promiscuous mode [ 906.524125][T25838] syzkaller1: entered allmulticast mode [ 906.591301][ T5903] usb 4-1: USB disconnect, device number 88 [ 906.665013][ T30] audit: type=1326 audit(1749562733.358:9009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25843 comm="syz.1.7066" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff7539 code=0x0 [ 907.215435][ T5918] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 907.231097][ T5918] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -22 [ 907.250989][ T5918] usb 6-1: USB disconnect, device number 77 [ 907.814061][ T5903] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 908.192299][T25894] [ 908.194791][T25894] ===================================================== [ 908.201744][T25894] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 908.209229][T25894] 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 Not tainted [ 908.216365][T25894] ----------------------------------------------------- [ 908.223351][T25894] syz.8.7086/25894 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 908.231092][T25894] ffff888065d94d38 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 908.239848][T25894] [ 908.239848][T25894] and this task is already holding: [ 908.247223][T25894] ffff888029b23230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 908.256928][T25894] which would create a new lock dependency: [ 908.262816][T25894] (&dev->event_lock#2){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 908.270764][T25894] [ 908.270764][T25894] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 908.280217][T25894] (&dev->event_lock#2){..-.}-{3:3} [ 908.280251][T25894] [ 908.280251][T25894] ... which became SOFTIRQ-irq-safe at: [ 908.293168][T25894] lock_acquire+0x120/0x360 [ 908.297779][T25894] _raw_spin_lock_irqsave+0xa7/0xf0 [ 908.303074][T25894] input_inject_event+0xab/0x320 [ 908.308119][T25894] led_trigger_event+0x138/0x210 [ 908.313158][T25894] kbd_bh+0x1c6/0x2e0 [ 908.317238][T25894] tasklet_action_common+0x36c/0x580 [ 908.322619][T25894] handle_softirqs+0x286/0x870 [ 908.327504][T25894] run_ksoftirqd+0x9b/0x100 [ 908.332092][T25894] smpboot_thread_fn+0x53f/0xa60 [ 908.337127][T25894] kthread+0x70e/0x8a0 [ 908.341288][T25894] ret_from_fork+0x3fc/0x770 [ 908.345971][T25894] ret_from_fork_asm+0x1a/0x30 [ 908.350838][T25894] [ 908.350838][T25894] to a SOFTIRQ-irq-unsafe lock: [ 908.357855][T25894] (tasklist_lock){.+.+}-{3:3} [ 908.357882][T25894] [ 908.357882][T25894] ... which became SOFTIRQ-irq-unsafe at: [ 908.370521][T25894] ... [ 908.370530][T25894] lock_acquire+0x120/0x360 [ 908.377710][T25894] _raw_read_lock+0x36/0x50 [ 908.382307][T25894] __do_wait+0xde/0x740 [ 908.386559][T25894] do_wait+0x1f8/0x520 [ 908.390724][T25894] kernel_wait+0xab/0x170 [ 908.395144][T25894] call_usermodehelper_exec_work+0xbe/0x230 [ 908.401136][T25894] process_scheduled_works+0xae1/0x17b0 [ 908.406781][T25894] worker_thread+0x8a0/0xda0 [ 908.411473][T25894] kthread+0x70e/0x8a0 [ 908.415633][T25894] ret_from_fork+0x3fc/0x770 [ 908.420322][T25894] ret_from_fork_asm+0x1a/0x30 [ 908.425178][T25894] [ 908.425178][T25894] other info that might help us debug this: [ 908.425178][T25894] [ 908.435426][T25894] Chain exists of: [ 908.435426][T25894] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 908.435426][T25894] [ 908.448435][T25894] Possible interrupt unsafe locking scenario: [ 908.448435][T25894] [ 908.456750][T25894] CPU0 CPU1 [ 908.462179][T25894] ---- ---- [ 908.467567][T25894] lock(tasklist_lock); [ 908.471816][T25894] local_irq_disable(); [ 908.478577][T25894] lock(&dev->event_lock#2); [ 908.485794][T25894] lock(&new->fa_lock); [ 908.492566][T25894] [ 908.496020][T25894] lock(&dev->event_lock#2); [ 908.500903][T25894] [ 908.500903][T25894] *** DEADLOCK *** [ 908.500903][T25894] [ 908.509053][T25894] 6 locks held by syz.8.7086/25894: [ 908.514252][T25894] #0: ffff888029b25118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 908.523431][T25894] #1: ffff888029b23230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 908.533586][T25894] #2: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 908.543276][T25894] #3: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 908.552867][T25894] #4: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: mousedev_notify_readers+0x2c/0xc00 [ 908.562976][T25894] #5: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 908.572061][T25894] [ 908.572061][T25894] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 908.582467][T25894] -> (&dev->event_lock#2){..-.}-{3:3} { [ 908.588055][T25894] IN-SOFTIRQ-W at: [ 908.592108][T25894] lock_acquire+0x120/0x360 [ 908.598314][T25894] _raw_spin_lock_irqsave+0xa7/0xf0 [ 908.605186][T25894] input_inject_event+0xab/0x320 [ 908.611792][T25894] led_trigger_event+0x138/0x210 [ 908.618396][T25894] kbd_bh+0x1c6/0x2e0 [ 908.624047][T25894] tasklet_action_common+0x36c/0x580 [ 908.630995][T25894] handle_softirqs+0x286/0x870 [ 908.637428][T25894] run_ksoftirqd+0x9b/0x100 [ 908.643592][T25894] smpboot_thread_fn+0x53f/0xa60 [ 908.650202][T25894] kthread+0x70e/0x8a0 [ 908.655936][T25894] ret_from_fork+0x3fc/0x770 [ 908.662194][T25894] ret_from_fork_asm+0x1a/0x30 [ 908.668614][T25894] INITIAL USE at: [ 908.672510][T25894] lock_acquire+0x120/0x360 [ 908.678587][T25894] _raw_spin_lock_irqsave+0xa7/0xf0 [ 908.685357][T25894] input_inject_event+0xab/0x320 [ 908.691878][T25894] kbd_led_trigger_activate+0xbc/0x100 [ 908.698908][T25894] led_trigger_set+0x52a/0x950 [ 908.705253][T25894] led_trigger_set_default+0x260/0x2a0 [ 908.712289][T25894] led_classdev_register_ext+0x73d/0x930 [ 908.719505][T25894] input_leds_connect+0x517/0x790 [ 908.726114][T25894] input_register_device+0xcee/0x10b0 [ 908.733080][T25894] atkbd_connect+0x70e/0x9c0 [ 908.739246][T25894] serio_driver_probe+0x7f/0xa0 [ 908.745680][T25894] really_probe+0x26a/0x9a0 [ 908.751772][T25894] __driver_probe_device+0x18c/0x2f0 [ 908.758632][T25894] driver_probe_device+0x4f/0x430 [ 908.765237][T25894] __driver_attach+0x452/0x700 [ 908.771572][T25894] bus_for_each_dev+0x230/0x2b0 [ 908.778005][T25894] serio_handle_event+0x1a2/0x860 [ 908.784633][T25894] process_scheduled_works+0xae1/0x17b0 [ 908.791763][T25894] worker_thread+0x8a0/0xda0 [ 908.797947][T25894] kthread+0x70e/0x8a0 [ 908.803588][T25894] ret_from_fork+0x3fc/0x770 [ 908.809771][T25894] ret_from_fork_asm+0x1a/0x30 [ 908.816111][T25894] } [ 908.818617][T25894] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 908.827649][T25894] [ 908.827649][T25894] the dependencies between the lock to be acquired [ 908.827660][T25894] and SOFTIRQ-irq-unsafe lock: [ 908.841178][T25894] -> (tasklist_lock){.+.+}-{3:3} { [ 908.846497][T25894] HARDIRQ-ON-R at: [ 908.850667][T25894] lock_acquire+0x120/0x360 [ 908.857180][T25894] _raw_read_lock+0x36/0x50 [ 908.863691][T25894] __do_wait+0xde/0x740 [ 908.869847][T25894] do_wait+0x1f8/0x520 [ 908.875937][T25894] kernel_wait+0xab/0x170 [ 908.882276][T25894] call_usermodehelper_exec_work+0xbe/0x230 [ 908.890175][T25894] process_scheduled_works+0xae1/0x17b0 [ 908.897735][T25894] worker_thread+0x8a0/0xda0 [ 908.904325][T25894] kthread+0x70e/0x8a0 [ 908.910401][T25894] ret_from_fork+0x3fc/0x770 [ 908.917015][T25894] ret_from_fork_asm+0x1a/0x30 [ 908.923784][T25894] SOFTIRQ-ON-R at: [ 908.927954][T25894] lock_acquire+0x120/0x360 [ 908.934485][T25894] _raw_read_lock+0x36/0x50 [ 908.940996][T25894] __do_wait+0xde/0x740 [ 908.947158][T25894] do_wait+0x1f8/0x520 [ 908.953229][T25894] kernel_wait+0xab/0x170 [ 908.959563][T25894] call_usermodehelper_exec_work+0xbe/0x230 [ 908.967481][T25894] process_scheduled_works+0xae1/0x17b0 [ 908.975033][T25894] worker_thread+0x8a0/0xda0 [ 908.981630][T25894] kthread+0x70e/0x8a0 [ 908.987704][T25894] ret_from_fork+0x3fc/0x770 [ 908.994301][T25894] ret_from_fork_asm+0x1a/0x30 [ 909.001074][T25894] INITIAL USE at: [ 909.005148][T25894] lock_acquire+0x120/0x360 [ 909.011575][T25894] _raw_write_lock_irq+0xa2/0xf0 [ 909.018442][T25894] copy_process+0x224f/0x3c00 [ 909.025035][T25894] kernel_clone+0x21e/0x870 [ 909.031455][T25894] user_mode_thread+0xdd/0x140 [ 909.038141][T25894] rest_init+0x23/0x300 [ 909.044218][T25894] start_kernel+0x47d/0x500 [ 909.050655][T25894] x86_64_start_reservations+0x24/0x30 [ 909.058040][T25894] x86_64_start_kernel+0x143/0x1c0 [ 909.065071][T25894] common_startup_64+0x13e/0x147 [ 909.071925][T25894] INITIAL READ USE at: [ 909.076435][T25894] lock_acquire+0x120/0x360 [ 909.083306][T25894] _raw_read_lock+0x36/0x50 [ 909.090165][T25894] __do_wait+0xde/0x740 [ 909.096679][T25894] do_wait+0x1f8/0x520 [ 909.103113][T25894] kernel_wait+0xab/0x170 [ 909.109799][T25894] call_usermodehelper_exec_work+0xbe/0x230 [ 909.118053][T25894] process_scheduled_works+0xae1/0x17b0 [ 909.125968][T25894] worker_thread+0x8a0/0xda0 [ 909.132919][T25894] kthread+0x70e/0x8a0 [ 909.139337][T25894] ret_from_fork+0x3fc/0x770 [ 909.146283][T25894] ret_from_fork_asm+0x1a/0x30 [ 909.153400][T25894] } [ 909.156080][T25894] ... key at: [] tasklist_lock+0x18/0x40 [ 909.163986][T25894] ... acquired at: [ 909.167964][T25894] lock_acquire+0x120/0x360 [ 909.172655][T25894] _raw_read_lock+0x36/0x50 [ 909.177344][T25894] send_sigurg+0x12b/0x420 [ 909.181946][T25894] sk_send_sigurg+0x6c/0x2e0 [ 909.186735][T25894] queue_oob+0x699/0x8a0 [ 909.191165][T25894] unix_stream_sendmsg+0xaf9/0xc90 [ 909.196465][T25894] __sock_sendmsg+0x219/0x270 [ 909.201346][T25894] ____sys_sendmsg+0x52d/0x830 [ 909.206293][T25894] ___sys_sendmsg+0x21f/0x2a0 [ 909.211159][T25894] __sys_sendmmsg+0x28e/0x430 [ 909.216018][T25894] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 909.221753][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.227048][T25894] do_fast_syscall_32+0x34/0x80 [ 909.232079][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.238590][T25894] [ 909.240922][T25894] -> (&f_owner->lock){....}-{3:3} { [ 909.246248][T25894] INITIAL USE at: [ 909.250239][T25894] lock_acquire+0x120/0x360 [ 909.256495][T25894] _raw_write_lock_irq+0xa2/0xf0 [ 909.263186][T25894] __f_setown+0x67/0x370 [ 909.269188][T25894] generic_setlease+0xd5d/0x1240 [ 909.275884][T25894] fcntl_setlease+0x3a2/0x4c0 [ 909.282338][T25894] do_fcntl+0x6a9/0x1910 [ 909.288337][T25894] do_compat_fcntl64+0x477/0x720 [ 909.295033][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.301891][T25894] do_fast_syscall_32+0x34/0x80 [ 909.308488][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.316565][T25894] INITIAL READ USE at: [ 909.320996][T25894] lock_acquire+0x120/0x360 [ 909.327689][T25894] _raw_read_lock_irqsave+0xaf/0x100 [ 909.335165][T25894] send_sigio+0x38/0x370 [ 909.341594][T25894] kill_fasync+0x24d/0x4d0 [ 909.348207][T25894] lease_break_callback+0x26/0x30 [ 909.355434][T25894] __break_lease+0x6a5/0x1620 [ 909.362301][T25894] do_dentry_open+0xd62/0x1970 [ 909.369242][T25894] vfs_open+0x3b/0x340 [ 909.375517][T25894] path_openat+0x2ee5/0x3830 [ 909.382300][T25894] do_filp_open+0x1fa/0x410 [ 909.389019][T25894] do_sys_openat2+0x121/0x1c0 [ 909.395888][T25894] __ia32_compat_sys_openat+0x131/0x160 [ 909.403624][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.410916][T25894] do_fast_syscall_32+0x34/0x80 [ 909.417944][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.426465][T25894] } [ 909.429059][T25894] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 909.438025][T25894] ... acquired at: [ 909.441920][T25894] lock_acquire+0x120/0x360 [ 909.446609][T25894] _raw_read_lock_irqsave+0xaf/0x100 [ 909.452093][T25894] send_sigio+0x38/0x370 [ 909.456530][T25894] kill_fasync+0x24d/0x4d0 [ 909.461129][T25894] lease_break_callback+0x26/0x30 [ 909.466350][T25894] __break_lease+0x6a5/0x1620 [ 909.471213][T25894] do_dentry_open+0xd62/0x1970 [ 909.476162][T25894] vfs_open+0x3b/0x340 [ 909.480422][T25894] path_openat+0x2ee5/0x3830 [ 909.485200][T25894] do_filp_open+0x1fa/0x410 [ 909.489886][T25894] do_sys_openat2+0x121/0x1c0 [ 909.494741][T25894] __ia32_compat_sys_openat+0x131/0x160 [ 909.500467][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.505757][T25894] do_fast_syscall_32+0x34/0x80 [ 909.510785][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.517308][T25894] [ 909.519632][T25894] -> (&new->fa_lock){....}-{3:3} { [ 909.524767][T25894] INITIAL USE at: [ 909.528669][T25894] lock_acquire+0x120/0x360 [ 909.534750][T25894] _raw_write_lock_irq+0xa2/0xf0 [ 909.541265][T25894] fasync_insert_entry+0xc3/0x270 [ 909.547864][T25894] lease_setup+0x86/0x110 [ 909.553767][T25894] generic_setlease+0xd5d/0x1240 [ 909.560282][T25894] fcntl_setlease+0x3a2/0x4c0 [ 909.566536][T25894] do_fcntl+0x6a9/0x1910 [ 909.572352][T25894] do_compat_fcntl64+0x477/0x720 [ 909.578872][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.585573][T25894] do_fast_syscall_32+0x34/0x80 [ 909.591995][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.599888][T25894] INITIAL READ USE at: [ 909.604219][T25894] lock_acquire+0x120/0x360 [ 909.610727][T25894] _raw_read_lock_irqsave+0xaf/0x100 [ 909.618022][T25894] kill_fasync+0x199/0x4d0 [ 909.624444][T25894] lease_break_callback+0x26/0x30 [ 909.631476][T25894] __break_lease+0x6a5/0x1620 [ 909.638161][T25894] do_dentry_open+0xd62/0x1970 [ 909.644928][T25894] vfs_open+0x3b/0x340 [ 909.651008][T25894] path_openat+0x2ee5/0x3830 [ 909.657606][T25894] do_filp_open+0x1fa/0x410 [ 909.664138][T25894] do_sys_openat2+0x121/0x1c0 [ 909.670821][T25894] __ia32_compat_sys_openat+0x131/0x160 [ 909.678390][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.685548][T25894] do_fast_syscall_32+0x34/0x80 [ 909.692403][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.700733][T25894] } [ 909.703230][T25894] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 909.711909][T25894] ... acquired at: [ 909.715716][T25894] lock_acquire+0x120/0x360 [ 909.720409][T25894] _raw_read_lock_irqsave+0xaf/0x100 [ 909.725891][T25894] kill_fasync+0x199/0x4d0 [ 909.730492][T25894] mousedev_notify_readers+0x6f1/0xc00 [ 909.736136][T25894] mousedev_event+0x602/0x1320 [ 909.741085][T25894] input_handle_events_default+0xd1/0x1a0 [ 909.747006][T25894] input_pass_values+0x288/0x890 [ 909.752142][T25894] input_event_dispose+0x330/0x6b0 [ 909.757456][T25894] input_inject_event+0x1fe/0x320 [ 909.762683][T25894] evdev_write+0x2fc/0x480 [ 909.767294][T25894] vfs_write+0x27e/0xa90 [ 909.771735][T25894] ksys_write+0x145/0x250 [ 909.776250][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.781550][T25894] do_fast_syscall_32+0x34/0x80 [ 909.786592][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.793116][T25894] [ 909.795449][T25894] [ 909.795449][T25894] stack backtrace: [ 909.801345][T25894] CPU: 0 UID: 0 PID: 25894 Comm: syz.8.7086 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) [ 909.801368][T25894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 909.801379][T25894] Call Trace: [ 909.801390][T25894] [ 909.801399][T25894] dump_stack_lvl+0x189/0x250 [ 909.801431][T25894] ? __pfx_dump_stack_lvl+0x10/0x10 [ 909.801460][T25894] ? __pfx__printk+0x10/0x10 [ 909.801483][T25894] validate_chain+0x1f05/0x2140 [ 909.801510][T25894] __lock_acquire+0xab9/0xd20 [ 909.801539][T25894] ? kill_fasync+0x199/0x4d0 [ 909.801562][T25894] lock_acquire+0x120/0x360 [ 909.801586][T25894] ? kill_fasync+0x199/0x4d0 [ 909.801615][T25894] _raw_read_lock_irqsave+0xaf/0x100 [ 909.801642][T25894] ? kill_fasync+0x199/0x4d0 [ 909.801666][T25894] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 909.801696][T25894] kill_fasync+0x199/0x4d0 [ 909.801719][T25894] ? kill_fasync+0x53/0x4d0 [ 909.801744][T25894] mousedev_notify_readers+0x6f1/0xc00 [ 909.801772][T25894] ? mousedev_notify_readers+0x2c/0xc00 [ 909.801792][T25894] mousedev_event+0x602/0x1320 [ 909.801812][T25894] input_handle_events_default+0xd1/0x1a0 [ 909.801838][T25894] ? input_pass_values+0x8d/0x890 [ 909.801857][T25894] input_pass_values+0x288/0x890 [ 909.801879][T25894] ? input_handle_event+0x70c/0xf30 [ 909.801907][T25894] input_event_dispose+0x330/0x6b0 [ 909.801942][T25894] input_inject_event+0x1fe/0x320 [ 909.801969][T25894] ? input_inject_event+0xbc/0x320 [ 909.801997][T25894] evdev_write+0x2fc/0x480 [ 909.802020][T25894] ? __pfx_evdev_write+0x10/0x10 [ 909.802042][T25894] ? bpf_lsm_file_permission+0x9/0x20 [ 909.802068][T25894] ? security_file_permission+0x75/0x290 [ 909.802088][T25894] ? rw_verify_area+0x258/0x650 [ 909.802114][T25894] ? __pfx_evdev_write+0x10/0x10 [ 909.802136][T25894] vfs_write+0x27e/0xa90 [ 909.802167][T25894] ? __pfx_vfs_write+0x10/0x10 [ 909.802196][T25894] ? __fget_files+0x2a/0x420 [ 909.802217][T25894] ? __fget_files+0x2a/0x420 [ 909.802236][T25894] ? __fget_files+0x3a0/0x420 [ 909.802254][T25894] ? __fget_files+0x2a/0x420 [ 909.802276][T25894] ksys_write+0x145/0x250 [ 909.802293][T25894] ? __pfx_ksys_write+0x10/0x10 [ 909.802309][T25894] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 909.802339][T25894] ? lockdep_hardirqs_on+0x9c/0x150 [ 909.802367][T25894] __do_fast_syscall_32+0xb6/0x2b0 [ 909.802388][T25894] do_fast_syscall_32+0x34/0x80 [ 909.802405][T25894] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.802427][T25894] RIP: 0023:0xf7f87539 [ 909.802454][T25894] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 909.802471][T25894] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 909.802507][T25894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 909.802521][T25894] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000 [ 909.802532][T25894] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 909.802543][T25894] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 909.802554][T25894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.802571][T25894]