last executing test programs: 6m52.582843657s ago: executing program 32 (id=351): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x2, 0x0, @void}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000280)={r2, r1, 0x4, r1}, 0x10) 6m9.008705172s ago: executing program 33 (id=833): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000580)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f5034d564b"]) 4m36.839295598s ago: executing program 34 (id=2011): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000140)={0x1000, 0x109000}) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000040)={0x2000, 0x10000}) 4m20.896751626s ago: executing program 35 (id=2022): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) shutdown(r0, 0x1) 4m20.45156081s ago: executing program 36 (id=2128): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)='J', 0x1}], 0x1) 3m0.453311919s ago: executing program 7 (id=3116): r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0x3b9}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000880)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d00)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000cc0)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000d40)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, r4}}, 0x48) 3m0.324223591s ago: executing program 7 (id=3118): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000010c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xb, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x18000000}]}}]}, 0x38}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m0.130024976s ago: executing program 7 (id=3121): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000000), &(0x7f0000000380)=r1}, 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2m59.939386838s ago: executing program 7 (id=3125): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='pstore\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x1) mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 2m59.741468615s ago: executing program 7 (id=3126): r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000640)=0x14) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', r2, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', r3, 0x0, 0x0, 0x0, 0xa, 0x0, @dev, @rand_addr=' \x01\x00', 0x0, 0x1, 0xfffffffe}}) 2m59.295756934s ago: executing program 37 (id=3127): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x4000, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x25956122577a0e83}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 2m59.263698386s ago: executing program 7 (id=3133): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000140)={{0x6, @bcast, 0x2}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @default, @default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r0, 0x1ad72f7) syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0) writev(r1, &(0x7f0000001700)=[{&(0x7f00000001c0)="8a955aac55d4e69d96995cab15a0400ba691c1d9cf035a767b942c573d10f903ac56ab886d30c2b7acf492750dc91704bf4dc4ca14f9f22681883679a863e92923e1f056a7408941f2f569a48596cd37018b2f2b77a55854c34c2f403bebe35a52793240915ca9b85a65970c7784cf6b49bfea892c639d9f05897b581d335b3712eb8dbdc29216f11a98528dace2067f7191a06beae28fd5661a67193853942776076d6eb05df5739f7dd786474fa9432e63a2bdd7dafc96d63c7d354262e87731716e3059a21ca46561c127f678791902f4ba864f32e994c3809a701d486b68f1a90f16a7e7d972e8c625098321", 0xee}], 0x13) 2m59.01119055s ago: executing program 38 (id=3133): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000140)={{0x6, @bcast, 0x2}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @default, @default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r0, 0x1ad72f7) syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0) writev(r1, &(0x7f0000001700)=[{&(0x7f00000001c0)="8a955aac55d4e69d96995cab15a0400ba691c1d9cf035a767b942c573d10f903ac56ab886d30c2b7acf492750dc91704bf4dc4ca14f9f22681883679a863e92923e1f056a7408941f2f569a48596cd37018b2f2b77a55854c34c2f403bebe35a52793240915ca9b85a65970c7784cf6b49bfea892c639d9f05897b581d335b3712eb8dbdc29216f11a98528dace2067f7191a06beae28fd5661a67193853942776076d6eb05df5739f7dd786474fa9432e63a2bdd7dafc96d63c7d354262e87731716e3059a21ca46561c127f678791902f4ba864f32e994c3809a701d486b68f1a90f16a7e7d972e8c625098321", 0xee}], 0x13) 2m58.085942849s ago: executing program 5 (id=3143): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr, 0x1}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000), 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x0, "d9587b6f229fd54fd8331e225f5421c23d710eab780bb8916ea853e07d7f64d2", "487fbcc007793601d105c58277df5191d066c4d90598a7606a57df19f7a05acec6fc1ab9a3d19e0464eada8f80ffcaab", "47510ac65297662270e0606a8444e26b8c4c3520ae502a5614aafc44", {"663938a4773cfc3a4b2a56e81d3ef6ab", "a23fc3a2f05e08e7ea8d5c22e5a6aae0"}}}}}}}, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) 2m58.060358098s ago: executing program 5 (id=3144): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049363, 0x0) 2m58.003600071s ago: executing program 5 (id=3145): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1}, 0x18) sendmmsg(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000500)="bd9593e9b985b0f3", 0x8}], 0x1, &(0x7f0000001700)=ANY=[], 0x2d0}}], 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0) 2m57.846075484s ago: executing program 5 (id=3146): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000040)='.\x00', r0, &(0x7f0000000580)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r2, &(0x7f00000005c0)='./file0\x00', 0x1000, &(0x7f0000000680)={0x0, 0xa, 0x80000}, 0x20) 2m57.801328603s ago: executing program 5 (id=3147): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000ac0fce405d0500904431000000010902120001000080040904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000011c0)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000140)={0x20, 0x15}, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x1, 0x1, 0x5}, 0x0}) 2m55.308290989s ago: executing program 5 (id=3150): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8004}, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0000080000000200088b2f01000846"], 0xfdef) 2m55.149680036s ago: executing program 39 (id=3150): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8004}, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0000080000000200088b2f01000846"], 0xfdef) 1m46.569917145s ago: executing program 6 (id=3752): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) 1m46.398032844s ago: executing program 6 (id=3756): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r0, &(0x7f0000000e80)="0d0ad7", 0x3, 0x6d91fb6102d8910c, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) recvfrom(r0, &(0x7f0000001a80)=""/4087, 0xff7, 0x12, 0x0, 0x0) 1m45.498042122s ago: executing program 6 (id=3773): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x6e840) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0xdb74) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 1m45.410903698s ago: executing program 6 (id=3774): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0xbc1880, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) 1m45.372998961s ago: executing program 6 (id=3775): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000007100)="06", 0x1, 0x0, &(0x7f0000000340)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x6d, &(0x7f0000000640)={r2}, &(0x7f0000000180)=0x8) 1m45.029917655s ago: executing program 6 (id=3778): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1218024, &(0x7f00000005c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0xee01, @ANYBLOB=',uid=', @ANYRESHEX=0x0]) 1m44.877128211s ago: executing program 40 (id=3778): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1218024, &(0x7f00000005c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0xee01, @ANYBLOB=',uid=', @ANYRESHEX=0x0]) 1m19.739105009s ago: executing program 0 (id=4023): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000007640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr, @loopback}}}], 0x20}}], 0x1, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1c) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000000)={{0x77359400}}, 0xfe4f) 1m19.545491083s ago: executing program 0 (id=4026): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x161000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000180)="0f01f60f01ef0f20460f01b2006066b9320a000066b80400000066ba000000000f300f01caf20f38f061e32666815006689e1f760f01d10f00d8", 0x3a}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m18.329264938s ago: executing program 0 (id=4035): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdir(&(0x7f00000000c0)='./file0\x00', 0x478e6026372e7b7f) mount(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000500)='gadgetfs\x00', 0x14800, 0x0) readv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)=""/112, 0x70}], 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x7, 0x0) 1m18.239144825s ago: executing program 0 (id=4038): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='debugfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') 1m18.085724993s ago: executing program 0 (id=4042): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000001200), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x5, 0x0, 0x0, {0x77359400}, {}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "121f4496bd54e16c"}}, 0x48}}, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x5, 0x0, 0x0, {}, {}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "f8ca44b8874fdf8a"}}, 0x48}}, 0x0) close(r1) 1m17.887812088s ago: executing program 0 (id=4045): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 1m17.705133454s ago: executing program 41 (id=4045): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 29.235883302s ago: executing program 9 (id=4448): syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6}]}) timer_create(0x5, 0x0, 0x0) r0 = syz_io_uring_setup(0x5169, &(0x7f0000000600)={0x0, 0x4000, 0x10100, 0x7fffffe}, &(0x7f0000000100), &(0x7f0000000040)=0x0) syz_io_uring_setup(0x360b, &(0x7f0000001040), &(0x7f0000000340)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0xb15, 0x0, 0x0, 0x0, 0x0) 28.082982968s ago: executing program 9 (id=4459): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1000, 0x80) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') pread64(r1, &(0x7f0000001440)=""/126, 0x7e, 0x0) 27.08586972s ago: executing program 9 (id=4473): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44, 0x2c, 0xd27, 0x400, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_EMATCHES={0x10, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 27.075036887s ago: executing program 9 (id=4474): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x2101c84, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x167) 26.986054468s ago: executing program 9 (id=4475): r0 = socket$pppoe(0x18, 0x1, 0x0) close(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/current\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) r2 = syz_io_uring_setup(0x4076, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/4, 0x4}, {0x0}], 0x2}) io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0) 26.683945157s ago: executing program 9 (id=4477): set_mempolicy(0x4005, &(0x7f0000000040)=0x10000000005, 0x7) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendto$packet(r1, &(0x7f00000000c0)="3f030278a8900100db901e0089e9aaa911d7c2290f2b86dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x10048, 0x0, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 26.451247761s ago: executing program 42 (id=4477): set_mempolicy(0x4005, &(0x7f0000000040)=0x10000000005, 0x7) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendto$packet(r1, &(0x7f00000000c0)="3f030278a8900100db901e0089e9aaa911d7c2290f2b86dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x10048, 0x0, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 4.205604117s ago: executing program 1 (id=4730): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40042, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) 3.991773757s ago: executing program 4 (id=4733): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)=""/94, 0x5e}, 0x400101}], 0x1, 0x10000, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 3.804773861s ago: executing program 4 (id=4735): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='debugfs\x00', 0x0, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 3.68621604s ago: executing program 1 (id=4736): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x161000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000180)="0f01f60f01ef0f20460f01b2006066b9320a000066b80400000066ba000000000f300f01caf20f38f061e32666815006689e1f760f01d10f00d8", 0x3a}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.63255728s ago: executing program 4 (id=4737): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xfff9}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.36759033s ago: executing program 4 (id=4740): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xb, "08405af3"}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "6fe695cd"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_int(r2, 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000100)={0x3, 0x100, 0xe}) 2.684787558s ago: executing program 8 (id=4747): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001300)={0x14, 0x2, 0x7, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x4004034) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000180)=0x7ff, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000000000000020000003c00048047fd011b4aaff2ce5d83ba00140002800800024000000000080001400000000d180001801175010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0x90}}, 0x0) 2.636053597s ago: executing program 3 (id=4748): setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}}, 0x9c) r0 = syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000001340)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x40000000, 0x0, 0x0, 0x0) 2.51397528s ago: executing program 8 (id=4749): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x20) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x7, 0x0, "c96c8fe9124f9ba1"}) 2.432780892s ago: executing program 3 (id=4750): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x2, 0x2}}]}}]}, 0x40}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.372232091s ago: executing program 8 (id=4751): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x28}}, 0x0) 2.170006317s ago: executing program 8 (id=4752): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001380)=""/140, 0x8c}], 0x1) ioctl$TCSETS(r0, 0x5402, &(0x7f00000014c0)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "076a1400"}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"}) r1 = syz_open_pts(r0, 0x42) r2 = dup3(r1, r0, 0x0) write$UHID_INPUT(r2, &(0x7f00000001c0)={0xd, {"08c39ee52f329f1698b1c4865f8b0a0a5eee9f496a0809c3d21c25867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76013256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) 2.169654187s ago: executing program 3 (id=4753): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="5c00000014006b", 0x7}, {&(0x7f00000017c0)="00000000ffffffff1f01a0c9a1171aa56a7f9138a6c073e99f8f2ffed6bd642c1238663e9e5189a46cb56c776afa8ec3d4d4d9c0648fc18bad3a6b5656235d60cb5af5c5a69e10ed9fd4ea", 0x4b}, {&(0x7f0000001840)="9a9245a259250adbc6e2", 0xa}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.070827717s ago: executing program 1 (id=4754): r0 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x4180) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$NBD_DISCONNECT(r0, 0xab08) r3 = dup3(r2, r1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r3) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 2.035038119s ago: executing program 3 (id=4755): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) dup2(r1, r0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES16, @ANYBLOB="17090000000000000000010000000500070000000000080009000000000014002000000000"], 0x5c}, 0x1, 0x620b}, 0x0) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000001001"], 0x18, 0x500}}], 0x2, 0x0) 1.929891703s ago: executing program 8 (id=4756): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x0, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="5300000007000046009de8bd4663c767e54b154965ceff42241204b72ad9716795c921db086b98ff"], 0x67) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 1.875067368s ago: executing program 3 (id=4757): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x64, 0x0, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b098b9b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b64f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.749860778s ago: executing program 8 (id=4758): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r2 = gettid() ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.642999295s ago: executing program 3 (id=4759): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x80, 0x40}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x11, {0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 1.642297412s ago: executing program 2 (id=4760): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x5a, 0x0, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080207004d564b"]) 1.478693138s ago: executing program 1 (id=4761): syz_emit_ethernet(0x66, &(0x7f0000000080)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x30, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @loopback, @local}}}}}}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 1.366039707s ago: executing program 2 (id=4762): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x0) connect$vsock_stream(r0, &(0x7f0000000440), 0x10) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000000600)=""/205, 0xfffffcc1, 0x40020042, 0x0, 0x0) 1.21829206s ago: executing program 2 (id=4763): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f0000000180)={&(0x7f0000000200)={0x5, 0x0, 0x0, {0x77359400}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "5893df66bf3ce816"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x5, 0x0, 0x0, {}, {}, {0x0, 0x0, 0x1}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "e3d266a962175abb"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000100)={0x6, 0x0, 0x0, {0x0, 0xea60}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "1d0b6382972f4b8f"}}, 0x48}}, 0x0) 1.156741734s ago: executing program 1 (id=4764): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x3, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x10040000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 981.840011ms ago: executing program 2 (id=4765): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff0000820095000000d3031a006da911b0d632b4e2e86b7ad015836e4d27f5182b60bbb7c19e21eec859fe68f9428ac407630eac8eb682f5b2d86b4abf9e63ad263fec7db9338ca9eebf2218c8b9ca64bcdcdaa06fc4c7aa217fcecd9443c54143bde8ddcbc3b8ac619930206d8d0881af823d6d18c66f"], &(0x7f0000000100)='GPL\x00', 0x4, 0xec, &(0x7f0000000140)=""/236, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 374.160327ms ago: executing program 4 (id=4766): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) setrlimit(0x40000000000008, &(0x7f0000000000)) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) 270.429794ms ago: executing program 4 (id=4767): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x4e00, 0x0, 0x0, 0xbdff, 0x0, "fdffffffffffffff"}) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="c4e179f6810885f9"], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 269.627279ms ago: executing program 2 (id=4777): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="38010000fe0000", @ANYRES64], 0x138) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}]}}) 162.022955ms ago: executing program 1 (id=4768): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0) r1 = timerfd_create(0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000200)) timerfd_settime(r1, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8000000}) 0s ago: executing program 2 (id=4769): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000340)=0x0) kernel console output (not intermixed with test programs): .624805][T15424] hsr_slave_1: entered promiscuous mode [ 400.631908][T15424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.640090][T15424] Cannot create hsr debugfs directory [ 400.725126][ T46] usb 3-1: config 0 has an invalid interface number: 206 but max is 0 [ 400.733773][ T46] usb 3-1: config 0 has no interface number 0 [ 400.739986][ T46] usb 3-1: config 0 interface 206 altsetting 211 has 0 endpoint descriptors, different from the interface descriptor's value: 19 [ 400.753409][ T46] usb 3-1: config 0 interface 206 has no altsetting 0 [ 400.760208][ T46] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 400.769581][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.779542][ T46] usb 3-1: config 0 descriptor?? [ 400.911686][T15424] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.016692][T15475] overlayfs: failed to decode file handle (len=5, type=248, flags=0, err=-22) [ 401.017693][T15424] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.169355][T15424] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.294125][T15424] bond0: (slave netdevsim0): Releasing backup interface [ 401.310869][T15424] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.349003][T15483] netlink: 'syz.9.3804': attribute type 5 has an invalid length. [ 401.407651][ T46] usb 3-1: Cannot read MAC address [ 401.413700][ T46] MOSCHIP usb-ethernet driver 3-1:0.206: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 401.455177][ T46] usb 3-1: USB disconnect, device number 12 [ 401.520659][ T5836] Bluetooth: hci4: command tx timeout [ 401.577270][T15424] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 401.600309][T15424] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 401.615000][T15424] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 401.631593][T15424] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 401.808498][T15424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.847439][T15424] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.870650][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.877857][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.917642][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.924843][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.436472][T15424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 402.499322][T15424] veth0_vlan: entered promiscuous mode [ 402.512399][T15424] veth1_vlan: entered promiscuous mode [ 402.532822][T15424] veth0_macvtap: entered promiscuous mode [ 402.575054][T15424] veth1_macvtap: entered promiscuous mode [ 402.607775][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.624848][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.634775][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.645375][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.655269][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.666062][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.676322][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.686833][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.696687][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.707298][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.718405][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.729919][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.739820][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.750282][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.760128][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.770610][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.781681][T15424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.809999][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.821769][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.832934][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.843491][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.853680][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.864207][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.874591][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.885115][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.895379][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.905982][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.916074][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.927718][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.938503][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.949011][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.958894][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.969543][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.980513][T15424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.990640][T15424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.999431][T15424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.008212][T15424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.016983][T15424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.113018][ T5982] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 403.131276][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.147464][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.212109][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.230274][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.306831][ T5982] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 403.329195][ T5982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.345898][ T5982] usb 4-1: Product: syz [ 403.355529][ T5982] usb 4-1: Manufacturer: syz [ 403.360172][ T5982] usb 4-1: SerialNumber: syz [ 403.377312][ T5982] usb 4-1: config 0 descriptor?? [ 403.401271][ T5982] ch341 4-1:0.0: ch341-uart converter detected [ 403.583069][ T5836] Bluetooth: hci4: command tx timeout [ 403.753070][ T3074] usb 10-1: new high-speed USB device number 20 using dummy_hcd [ 404.401364][ T5982] ch341-uart ttyUSB0: break control not supported, using simulated break [ 404.418257][ T5982] usb 4-1: ch341-uart converter now attached to ttyUSB0 [ 404.443415][ T5982] usb 4-1: USB disconnect, device number 17 [ 404.459967][ T5982] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 404.482374][ T5982] ch341 4-1:0.0: device disconnected [ 404.954016][ T5982] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 404.963022][ T5850] kernel write not supported for file /314/projid_map (pid: 5850 comm: kworker/1:4) [ 405.133953][ T5982] usb 3-1: Using ep0 maxpacket: 32 [ 405.143470][ T5982] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 405.170807][ T5982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 405.182595][ T5982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 405.195778][ T5982] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 405.216200][ T5982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.237413][ T5982] usb 3-1: config 0 descriptor?? [ 405.245654][T15581] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 405.260551][ T5982] hub 3-1:0.0: USB hub found [ 405.479984][ T5982] hub 3-1:0.0: 2 ports detected [ 405.662953][ T5836] Bluetooth: hci4: command tx timeout [ 405.893093][ T5982] hub 3-1:0.0: set hub depth failed [ 405.905589][ T5982] usb 3-1: USB disconnect, device number 13 [ 406.367810][T15634] KVM: debugfs: duplicate directory 15634-4 [ 406.514099][ T3074] usb 10-1: unable to get BOS descriptor or descriptor too short [ 406.562955][ T3074] usb 10-1: unable to read config index 0 descriptor/start: -71 [ 406.570657][ T3074] usb 10-1: can't read configurations, error -71 [ 406.648834][T15648] batadv_slave_1: entered promiscuous mode [ 406.669000][T15645] batadv_slave_1: left promiscuous mode [ 406.772263][T15657] syz.2.3863[15657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 406.772357][T15657] syz.2.3863[15657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 406.814140][T15657] syz.2.3863[15657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 406.894752][T15661] veth0_vlan: left promiscuous mode [ 406.946257][T15661] veth0_vlan: entered promiscuous mode [ 407.142272][ T5982] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 407.303205][ T5982] usb 3-1: Using ep0 maxpacket: 16 [ 407.344241][ T5982] usb 3-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 407.373010][ T5982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.394876][ T5982] usb 3-1: Product: syz [ 407.399130][ T5982] usb 3-1: Manufacturer: syz [ 407.408871][ T5982] usb 3-1: SerialNumber: syz [ 407.415863][ T5982] usb 3-1: config 0 descriptor?? [ 407.451675][ T5982] ftdi_sio 3-1:0.0: Ignoring interface reserved for JTAG [ 407.744381][ T5836] Bluetooth: hci4: command tx timeout [ 407.800164][ T5887] usb 3-1: USB disconnect, device number 14 [ 408.112996][ T970] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 408.274869][ T970] usb 10-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 408.302106][ T970] usb 10-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 408.327391][ T970] usb 10-1: Manufacturer: syz [ 408.353572][ T970] usb 10-1: config 0 descriptor?? [ 408.523941][T15700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.558538][T15700] bond0: (slave rose0): Enslaving as an active interface with an up link [ 408.596978][T15704] bond0: (slave rose0): Releasing backup interface [ 408.702157][T15706] lo speed is unknown, defaulting to 1000 [ 408.708988][T15706] lo speed is unknown, defaulting to 1000 [ 408.718604][T15706] lo speed is unknown, defaulting to 1000 [ 408.767707][ T970] gs_usb 10-1:0.0: Configuring for 1 interfaces [ 408.784106][T15706] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 408.810846][T15706] lo speed is unknown, defaulting to 1000 [ 408.824847][T15706] lo speed is unknown, defaulting to 1000 [ 408.841718][T15706] lo speed is unknown, defaulting to 1000 [ 408.849038][T15706] lo speed is unknown, defaulting to 1000 [ 408.862761][T15706] lo speed is unknown, defaulting to 1000 [ 408.870589][T15706] lo speed is unknown, defaulting to 1000 [ 408.877889][T15706] lo speed is unknown, defaulting to 1000 [ 408.884909][T15706] lo speed is unknown, defaulting to 1000 [ 408.891667][T15706] lo speed is unknown, defaulting to 1000 [ 408.949286][ T53] Bluetooth: (null): Invalid header checksum [ 408.956256][ T53] Bluetooth: (null): Invalid header checksum [ 408.993096][ T46] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 409.042153][T15713] Bluetooth: (null): Too short H5 packet [ 409.172341][ T46] usb 4-1: Using ep0 maxpacket: 8 [ 409.178654][ T970] gs_usb 10-1:0.0: Disabling termination support for channel 0 (-EPIPE) [ 409.194781][ T46] usb 4-1: config index 0 descriptor too short (expected 74, got 45) [ 409.202077][ T970] gs_usb 10-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 409.207915][ T46] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 409.222247][ T46] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 409.222730][ T970] gs_usb 10-1:0.0: probe with driver gs_usb failed with error -22 [ 409.242752][ T46] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 409.253157][ T46] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 409.267207][ T46] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 409.276743][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.411165][ T970] usb 10-1: USB disconnect, device number 22 [ 409.443045][ T5886] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 409.492237][ T46] usb 4-1: GET_CAPABILITIES returned 0 [ 409.497854][ T46] usbtmc 4-1:16.0: can't read capabilities [ 409.615708][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 409.640272][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 409.656601][ T5886] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 409.681961][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.699872][ T3074] usb 4-1: USB disconnect, device number 18 [ 409.702493][ T5886] usb 3-1: config 0 descriptor?? [ 410.138790][ T5886] ath6kl: Failed to submit usb control message: -71 [ 410.151139][ T5886] ath6kl: unable to send the bmi data to the device: -71 [ 410.172888][ T5886] ath6kl: Unable to send get target info: -71 [ 410.179864][ T5886] ath6kl: Failed to init ath6kl core: -71 [ 410.192813][ T5886] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 410.205838][ T5886] usb 3-1: USB disconnect, device number 15 [ 410.292730][T15739] cgroup: fork rejected by pids controller in /syz3 [ 410.705811][ T53] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.803621][T15754] netlink: 54 bytes leftover after parsing attributes in process `syz.2.3902'. [ 410.804483][T15752] bridge_slave_0: left allmulticast mode [ 410.851357][T15752] bridge_slave_0: left promiscuous mode [ 410.861923][T15752] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.882795][T15752] bridge_slave_1: left allmulticast mode [ 410.890016][T15752] bridge_slave_1: left promiscuous mode [ 410.922060][T15752] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.954013][T15752] bond0: (slave bond_slave_0): Releasing backup interface [ 410.974886][T15752] bond0: (slave bond_slave_1): Releasing backup interface [ 411.025889][T15752] team0: Port device team_slave_0 removed [ 411.048046][T15752] team0: Port device team_slave_1 removed [ 411.057284][T15752] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.073991][T15752] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.093592][T15752] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.129738][T15752] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.204295][T15752] bond1: (slave bridge1): Releasing active interface [ 411.310263][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 411.322535][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 411.331083][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 411.376421][ T53] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.409260][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 411.420481][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 411.442065][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 411.654173][ T53] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.670596][T15769] lo speed is unknown, defaulting to 1000 [ 411.794554][ T53] bond0: (slave netdevsim0): Releasing backup interface [ 411.809688][T15788] kvm: emulating exchange as write [ 411.812046][ T53] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.134501][T15769] chnl_net:caif_netlink_parms(): no params data found [ 412.331935][T15814] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3920'. [ 412.341800][ T53] bridge_slave_1: left allmulticast mode [ 412.347753][ T53] bridge_slave_1: left promiscuous mode [ 412.353792][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.388525][ T53] bridge_slave_0: left allmulticast mode [ 412.404973][ T53] bridge_slave_0: left promiscuous mode [ 412.410690][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.263171][ T970] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 413.433207][ T970] usb 3-1: Using ep0 maxpacket: 8 [ 413.441228][ T970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 413.461629][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.471198][ T970] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 413.484046][ T970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.494040][T15861] input: syz0 as /devices/virtual/input/input83 [ 413.494911][ T970] usb 3-1: config 0 descriptor?? [ 413.503223][ T5845] Bluetooth: hci3: command tx timeout [ 413.516082][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.564504][ T53] bond0 (unregistering): Released all slaves [ 413.736263][ T970] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 413.757088][T15769] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.766857][T15769] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.796328][T15769] bridge_slave_0: entered allmulticast mode [ 413.803541][T15769] bridge_slave_0: entered promiscuous mode [ 413.811158][T15769] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.818321][T15769] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.825756][T15769] bridge_slave_1: entered allmulticast mode [ 413.832713][T15769] bridge_slave_1: entered promiscuous mode [ 413.865537][T15769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 413.878588][T15769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.922128][ T970] usb 3-1: USB disconnect, device number 16 [ 413.931137][ T970] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 414.020961][ T29] audit: type=1400 audit(1732542414.373:171): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15876 comm="syz.9.3946" [ 414.160645][T15769] team0: Port device team_slave_0 added [ 414.201625][T15769] team0: Port device team_slave_1 added [ 414.246325][T15884] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 414.341165][ T53] hsr_slave_0: left promiscuous mode [ 414.348348][ T53] hsr_slave_1: left promiscuous mode [ 414.359556][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.369343][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.379160][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.388648][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.450241][ T53] veth1_macvtap: left promiscuous mode [ 414.459223][ T53] veth0_macvtap: left promiscuous mode [ 414.465755][ T53] veth1_vlan: left promiscuous mode [ 414.471073][ T53] veth0_vlan: left promiscuous mode [ 415.148800][ T53] team0 (unregistering): Port device team_slave_1 removed [ 415.210155][ T53] team0 (unregistering): Port device team_slave_0 removed [ 415.583072][ T5845] Bluetooth: hci3: command tx timeout [ 415.794834][T15769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.801834][T15769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.838280][T15769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 415.850991][T15769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 415.858100][T15769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.884266][T15769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.107217][T15769] hsr_slave_0: entered promiscuous mode [ 416.152465][T15769] hsr_slave_1: entered promiscuous mode [ 416.174515][T15769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 416.187788][T15769] Cannot create hsr debugfs directory [ 416.655615][T15923] lo speed is unknown, defaulting to 1000 [ 417.227703][T15769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 417.296289][T15769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 417.324839][T15769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 417.346805][ T5982] IPVS: starting estimator thread 0... [ 417.365612][T15769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 417.434528][T15941] IPVS: using max 24 ests per chain, 57600 per kthread [ 417.664503][ T5836] Bluetooth: hci3: command tx timeout [ 417.809317][T15769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.816611][T15951] fuse: root generation should be zero [ 417.950232][T15769] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.052161][T15958] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 418.056852][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.065609][T15958] cramfs: wrong magic [ 418.065796][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 418.087066][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.094276][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.107936][ T53] IPVS: stop unused estimator thread 0... [ 418.523296][ T5982] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 418.579793][T15769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.629941][T15769] veth0_vlan: entered promiscuous mode [ 418.654615][T15769] veth1_vlan: entered promiscuous mode [ 418.693235][ T5982] usb 10-1: Using ep0 maxpacket: 8 [ 418.694449][T15769] veth0_macvtap: entered promiscuous mode [ 418.710649][ T5982] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 418.726751][T15769] veth1_macvtap: entered promiscuous mode [ 418.730416][ T5982] usb 10-1: config 0 has no interface number 0 [ 418.758369][ T5982] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 418.771767][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.783936][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 418.815643][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.819649][ T5982] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 418.835161][ T5982] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.845155][ T5982] usb 10-1: config 0 descriptor?? [ 418.850581][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.854027][ T5982] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 418.894221][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.919605][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.934898][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.954621][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.965482][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.987507][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.003809][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.014375][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.027145][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.037341][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.047964][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.077340][ T5887] usb 10-1: USB disconnect, device number 23 [ 419.089048][ T5887] iowarrior 10-1:0.1: I/O-Warror #0 now disconnected [ 419.099028][T15769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 419.120769][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.131491][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.141683][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.152393][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.168254][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.182713][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.200120][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.210856][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.220913][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.235859][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.251853][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.262338][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.272633][T15769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.285441][T15769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.296408][T15769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 419.324931][T15769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.358641][T15769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.367936][T15769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.376713][T15769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.521612][T10411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.539878][T10411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.629062][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 419.653128][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 419.743752][ T5845] Bluetooth: hci3: command tx timeout [ 419.750748][T16003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3990'. [ 419.854860][T16003] erspan0: entered promiscuous mode [ 419.863348][T16003] macvtap1: entered promiscuous mode [ 419.869196][T16003] macvtap1: entered allmulticast mode [ 419.875011][T16003] erspan0: entered allmulticast mode [ 419.925151][T16012] IPv4: Oversized IP packet from 127.202.26.0 [ 420.003476][T16008] erspan0: left allmulticast mode [ 420.009966][T16008] erspan0: left promiscuous mode [ 420.204317][T16023] input: syz0 as /devices/virtual/input/input84 [ 420.513130][ T5915] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 420.636807][T16049] kernel read not supported for file /#! [ 420.636807][T16049] 2gv-dt"zRF(vt1RWHz a=ڼ (pid: 16049 comm: syz.0.4009) [ 420.665300][ T29] audit: type=1800 audit(1732542421.013:172): pid=16049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.4009" name=2321200ACD3208678A76F42D64DEFE74F822CC7A52B8C9F09946289B029183E47674EE900E01D80F94F8953194529F57487A90EDE3CED0CD208BB361E3E0EF3DDABC dev="mqueue" ino=65772 res=0 errno=0 [ 420.713740][ T5915] usb 10-1: Using ep0 maxpacket: 8 [ 420.739979][ T5915] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 420.752988][ T5915] usb 10-1: config 179 has no interface number 0 [ 420.759388][ T5915] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 420.803067][ T5915] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 420.815762][ T5915] usb 10-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 420.828910][ T5915] usb 10-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 420.854976][ T5915] usb 10-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 420.865009][ T5915] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.875815][T16029] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 420.983105][ T3074] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 421.158984][ T3074] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 421.161736][ T5915] input: Generic X-Box pad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:179.65/input/input85 [ 421.171570][ T3074] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 421.212716][ T3074] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 421.235370][ T3074] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 421.249883][ T3074] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 421.270661][ T3074] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.297394][ T3074] usb 5-1: config 0 descriptor?? [ 421.312728][T16053] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 421.366923][ T5915] usb 10-1: USB disconnect, device number 24 [ 421.373154][ C0] xpad 10-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 421.373202][ C0] xpad 10-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 421.399590][ T5915] xpad 10-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 421.733813][ T3074] plantronics 0003:047F:FFFF.0043: unknown main item tag 0x0 [ 421.742072][ T3074] plantronics 0003:047F:FFFF.0043: No inputs registered, leaving [ 421.773505][ T3074] plantronics 0003:047F:FFFF.0043: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 422.064115][ T5887] usb 5-1: USB disconnect, device number 36 [ 423.701305][T16071] vlan2: entered allmulticast mode [ 423.709561][T16071] bridge0: port 3(vlan2) entered blocking state [ 423.716478][T16071] bridge0: port 3(vlan2) entered disabled state [ 423.724464][T16071] vlan2: entered promiscuous mode [ 423.729915][T16071] bridge0: port 3(vlan2) entered blocking state [ 423.736277][T16071] bridge0: port 3(vlan2) entered forwarding state [ 423.778932][T16075] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.814186][T16075] bridge_slave_1: left allmulticast mode [ 423.819948][T16075] bridge_slave_1: left promiscuous mode [ 423.826880][T16075] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.841309][T16075] bond0: (slave bond_slave_0): Releasing backup interface [ 423.864574][T16075] bond0: (slave bond_slave_1): Releasing backup interface [ 423.898829][T16075] team0: Port device team_slave_0 removed [ 423.916794][T16075] team0: Port device team_slave_1 removed [ 423.928567][T16075] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 423.943161][T16075] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.961384][T16075] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 423.973525][T16075] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.998574][T16075] vlan2: left promiscuous mode [ 424.009500][T16075] bridge_slave_0: left promiscuous mode [ 424.019140][T16075] bridge0: port 3(vlan2) entered disabled state [ 424.052391][T16087] input: syz1 as /devices/virtual/input/input86 [ 424.446719][T16103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4028'. [ 424.633793][T16108] batadv_slave_1: entered promiscuous mode [ 424.664469][T16108] batadv_slave_1: left promiscuous mode [ 424.852954][ T5850] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 425.025000][ T5850] usb 3-1: Using ep0 maxpacket: 32 [ 425.044495][ T5850] usb 3-1: config 0 has an invalid interface number: 5 but max is 0 [ 425.056080][ T5850] usb 3-1: config 0 has no interface number 0 [ 425.062669][ T5850] usb 3-1: config 0 interface 5 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.083321][ T5850] usb 3-1: config 0 interface 5 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.093315][ T5850] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 425.102393][ T5850] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.121602][ T5850] usb 3-1: config 0 descriptor?? [ 425.144236][T16112] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 425.484149][T16123] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4037'. [ 425.528493][T16123] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4037'. [ 425.555921][ T5850] ft260 0003:0403:6030.0044: unknown main item tag 0x0 [ 425.562798][ T5850] ft260 0003:0403:6030.0044: unknown main item tag 0x0 [ 425.750626][ T5850] ft260 0003:0403:6030.0044: chip code: 5e81 abf2 [ 425.803151][ T5886] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 425.952278][ T5850] ft260 0003:0403:6030.0044: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input5 [ 426.015408][ T5886] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.032925][ T5886] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 426.061104][ T5886] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 426.078147][ T5886] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.096958][T16138] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 426.104652][ T5886] usb 10-1: config 0 descriptor?? [ 426.165235][ T5850] ft260 0003:0403:6030.0044: failed to retrieve status: -32, no wakeup [ 426.379413][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 426.398669][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 426.407255][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 426.417874][ T5850] usb 3-1: USB disconnect, device number 17 [ 426.427606][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 426.440066][ T5841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 426.455903][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 426.517052][ T5886] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 426.525109][ T5886] plantronics 0003:047F:FFFF.0045: No inputs registered, leaving [ 426.552455][ T5886] plantronics 0003:047F:FFFF.0045: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 426.560095][T16144] lo speed is unknown, defaulting to 1000 [ 426.623312][T16110] Bluetooth: hci5: command 0x1003 tx timeout [ 426.623691][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 426.775198][ T25] usb 10-1: USB disconnect, device number 25 [ 426.844971][T16144] chnl_net:caif_netlink_parms(): no params data found [ 427.023401][ T5845] Bluetooth: hci1: command 0x0406 tx timeout [ 427.127989][ T1154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.160614][T16144] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.189807][T16144] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.209961][T16144] bridge_slave_0: entered allmulticast mode [ 427.234632][T16144] bridge_slave_0: entered promiscuous mode [ 427.311734][ T1154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.341448][T16144] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.358916][T16144] bridge0: port 2(bridge_slave_1) entered disabled state [ 427.375093][T16144] bridge_slave_1: entered allmulticast mode [ 427.393367][T16144] bridge_slave_1: entered promiscuous mode [ 427.424141][T16166] lo speed is unknown, defaulting to 1000 [ 427.473458][ T5915] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 427.496255][ T1154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.575474][T16144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 427.588568][T16144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 427.646259][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 427.674439][ T1154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.685020][ T5915] usb 3-1: config 0 has an invalid interface number: 143 but max is 0 [ 427.693493][ T5915] usb 3-1: config 0 has no interface number 0 [ 427.701160][ T5915] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 427.712023][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.742232][ T5915] usb 3-1: config 0 descriptor?? [ 427.801482][T16144] team0: Port device team_slave_0 added [ 427.845891][T16190] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 427.863789][ T5915] viperboard 3-1:0.143: version 0.00 found at bus 003 address 018 [ 427.884245][T16144] team0: Port device team_slave_1 added [ 427.890204][ T5915] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 427.903876][ T5915] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 427.971164][ T9] usb 3-1: USB disconnect, device number 18 [ 428.059944][T16144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 428.067609][T16144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.096565][T16144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 428.164428][T16144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 428.171494][T16144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.211515][T16144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 428.235975][ T1154] bridge_slave_1: left allmulticast mode [ 428.242351][ T1154] bridge_slave_1: left promiscuous mode [ 428.253209][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.266699][ T1154] bridge_slave_0: left allmulticast mode [ 428.272376][ T1154] bridge_slave_0: left promiscuous mode [ 428.282621][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.547936][ T5836] Bluetooth: hci4: command tx timeout [ 429.120638][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.140885][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.168304][ T1154] bond0 (unregistering): Released all slaves [ 429.299693][T16144] hsr_slave_0: entered promiscuous mode [ 429.317512][T16144] hsr_slave_1: entered promiscuous mode [ 429.329526][T16144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 429.367577][T16144] Cannot create hsr debugfs directory [ 429.808059][T16223] netlink: 'syz.4.4077': attribute type 1 has an invalid length. [ 429.919830][T16223] 8021q: adding VLAN 0 to HW filter on device bond1 [ 429.996619][T16225] bond1: (slave bridge1): making interface the new active one [ 430.025178][T16225] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 430.193375][ T1154] hsr_slave_0: left promiscuous mode [ 430.199496][ T1154] hsr_slave_1: left promiscuous mode [ 430.205584][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.213740][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.232242][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.250122][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.281846][ T1154] veth1_macvtap: left promiscuous mode [ 430.294626][ T1154] veth0_macvtap: left promiscuous mode [ 430.306765][ T1154] veth1_vlan: left promiscuous mode [ 430.312090][ T1154] veth0_vlan: left promiscuous mode [ 430.642922][ T5845] Bluetooth: hci4: command tx timeout [ 431.014807][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 431.147115][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 431.756121][ T5836] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 431.982378][T16259] netlink: 40 bytes leftover after parsing attributes in process `syz.9.4088'. [ 432.372956][ T3074] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 432.533094][ T3074] usb 10-1: Using ep0 maxpacket: 16 [ 432.553518][ T3074] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 432.614642][ T3074] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 432.632990][ T3074] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.651625][ T3074] usb 10-1: Product: syz [ 432.657216][ T3074] usb 10-1: Manufacturer: syz [ 432.676256][ T3074] usb 10-1: SerialNumber: syz [ 432.700288][ T3074] usb 10-1: config 0 descriptor?? [ 432.705602][ T5836] Bluetooth: hci4: command tx timeout [ 432.726502][ T3074] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 432.743028][ T3074] em28xx 10-1:0.0: DVB interface 0 found: bulk [ 432.881633][T16144] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 432.896193][T16144] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 432.922338][T16144] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 432.946608][T16144] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 433.101926][T16144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.151501][T16144] 8021q: adding VLAN 0 to HW filter on device team0 [ 433.187362][ T80] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.194582][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state [ 433.265877][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.273043][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 433.337672][ T3074] em28xx 10-1:0.0: unknown em28xx chip ID (0) [ 433.426135][T16277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4096'. [ 433.551318][T16280] bond2: (slave ipip0): The slave device specified does not support setting the MAC address [ 433.610291][T16280] bond2: (slave ipip0): Error -95 calling set_mac_address [ 433.779478][T16144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.865074][T16144] veth0_vlan: entered promiscuous mode [ 433.876875][T16144] veth1_vlan: entered promiscuous mode [ 433.928964][T16144] veth0_macvtap: entered promiscuous mode [ 433.949957][T16144] veth1_macvtap: entered promiscuous mode [ 433.951807][ T3074] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 433.970026][ T3074] em28xx 10-1:0.0: board has no eeprom [ 433.982064][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.004435][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.015039][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.028814][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.044546][ T3074] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 434.047225][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.066004][ T3074] em28xx 10-1:0.0: dvb set to bulk mode. [ 434.073848][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.093671][ T5982] em28xx 10-1:0.0: Binding DVB extension [ 434.094207][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.106072][ T3074] usb 10-1: USB disconnect, device number 26 [ 434.123770][ T3074] em28xx 10-1:0.0: Disconnecting em28xx [ 434.131571][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.163226][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.182978][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.183687][ T5982] em28xx 10-1:0.0: Registering input extension [ 434.203005][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.212095][ T3074] em28xx 10-1:0.0: Closing input extension [ 434.225291][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.242495][ T3074] em28xx 10-1:0.0: Freeing device [ 434.247613][T16144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.254681][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.266508][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.278346][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.299314][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.313241][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.323992][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.334093][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.344871][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.356994][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.367874][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.380674][T16144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 434.395411][T16144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.408375][T16144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 434.430768][T16144] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.439774][T16144] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.452088][T16144] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.482929][T16144] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.654493][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.687122][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.748196][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 434.775610][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 434.784975][ T5836] Bluetooth: hci4: command tx timeout [ 435.961435][T16345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 436.252375][T16354] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 436.282994][T16354] overlayfs: failed to set xattr on upper [ 436.288858][T16354] overlayfs: ...falling back to redirect_dir=nofollow. [ 436.303104][T16354] overlayfs: ...falling back to index=off. [ 436.757499][T16381] Process accounting resumed [ 436.783224][ T3074] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 436.883310][T16385] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4134'. [ 436.908893][T16385] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4134'. [ 436.932996][ T3074] usb 2-1: Using ep0 maxpacket: 16 [ 436.939991][ T3074] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.955552][ T3074] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.966247][ T29] audit: type=1326 audit(1732542437.323:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16384 comm="syz.9.4133" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x0 [ 436.975615][ T3074] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 437.021017][ T3074] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 437.043393][ T3074] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.058414][ T3074] usb 2-1: config 0 descriptor?? [ 437.473039][ T46] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 437.488634][ T3074] microsoft 0003:045E:07DA.0046: No inputs registered, leaving [ 437.512958][ T3074] microsoft 0003:045E:07DA.0046: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 437.538450][ T3074] microsoft 0003:045E:07DA.0046: no inputs found [ 437.552936][ T3074] microsoft 0003:045E:07DA.0046: could not initialize ff, continuing anyway [ 437.652980][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 437.661992][ T46] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 437.681799][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.702970][ T46] usb 3-1: Product: syz [ 437.707179][ T46] usb 3-1: Manufacturer: syz [ 437.711793][ T46] usb 3-1: SerialNumber: syz [ 437.764795][ T46] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 437.816463][ T3074] usb 2-1: USB disconnect, device number 25 [ 437.991655][T16416] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 438.020304][ T5836] Bluetooth: hci1: unexpected event for opcode 0x0c20 [ 438.510849][ T3074] kernel write not supported for file /552/attr/current (pid: 3074 comm: kworker/1:2) [ 439.175314][ T46] gspca_stk1135: reg_w 0xf err -71 [ 439.182105][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.201807][ T46] gspca_stk1135: Sensor write failed [ 439.211994][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.225062][ T46] gspca_stk1135: Sensor write failed [ 439.235009][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.252658][ T46] gspca_stk1135: Sensor read failed [ 439.258148][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.273013][ T46] gspca_stk1135: Sensor read failed [ 439.281119][ T46] gspca_stk1135: Detected sensor type unknown (0x0) [ 439.298718][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.312944][ T46] gspca_stk1135: Sensor read failed [ 439.318299][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.337284][ T46] gspca_stk1135: Sensor read failed [ 439.357184][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.374644][ T46] gspca_stk1135: Sensor write failed [ 439.390246][ T46] gspca_stk1135: serial bus timeout: status=0x00 [ 439.409328][ T46] gspca_stk1135: Sensor write failed [ 439.420279][T16460] bridge_slave_0: left allmulticast mode [ 439.426993][ T46] stk1135 3-1:64.0: probe with driver stk1135 failed with error -71 [ 439.440977][T16460] bridge_slave_0: left promiscuous mode [ 439.446913][ T46] usb 3-1: USB disconnect, device number 19 [ 439.455322][T16460] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.477662][T16463] netlink: 54 bytes leftover after parsing attributes in process `syz.9.4174'. [ 439.478937][T16460] bridge_slave_1: left allmulticast mode [ 439.496831][T16460] bridge_slave_1: left promiscuous mode [ 439.502690][T16460] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.536939][T16460] bond0: (slave bond_slave_0): Releasing backup interface [ 439.589524][T16460] bond0: (slave bond_slave_1): Releasing backup interface [ 439.687738][T16460] team0: Port device team_slave_0 removed [ 439.739768][T16460] team0: Port device team_slave_1 removed [ 439.762630][T16460] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 439.790831][T16460] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.344090][T16460] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.351547][T16460] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.588612][T16473] netlink: 'syz.2.4166': attribute type 3 has an invalid length. [ 440.651535][T16473] netlink: 'syz.2.4166': attribute type 3 has an invalid length. [ 441.013213][ T5886] usb 10-1: new high-speed USB device number 27 using dummy_hcd [ 441.203150][ T5886] usb 10-1: Using ep0 maxpacket: 16 [ 441.221500][ T5886] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.242981][ T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 441.250761][ T5886] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.294661][ T5886] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 441.336997][ T5886] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 441.349737][ T5886] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.380184][ T5886] usb 10-1: config 0 descriptor?? [ 441.409003][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.426324][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.436389][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 441.445702][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.461607][ T9] usb 4-1: config 0 descriptor?? [ 441.513015][ T29] audit: type=1326 audit(1732542441.863:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.536725][ T29] audit: type=1326 audit(1732542441.893:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.577342][ T29] audit: type=1326 audit(1732542441.903:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.660514][ T29] audit: type=1326 audit(1732542441.903:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.684629][ T29] audit: type=1326 audit(1732542441.903:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.707331][ T29] audit: type=1326 audit(1732542441.903:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.736344][ T29] audit: type=1326 audit(1732542441.903:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.762043][ T29] audit: type=1326 audit(1732542441.903:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.784776][ T29] audit: type=1326 audit(1732542441.903:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16495 comm="syz.1.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5cf7e819 code=0x7fc00000 [ 441.903453][ T9] isku 0003:1E7D:319C.0047: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 441.912970][ T5982] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 441.916136][ T5886] microsoft 0003:045E:07DA.0048: No inputs registered, leaving [ 441.941529][T16503] bond_slave_0: entered promiscuous mode [ 441.947663][T16503] bond_slave_1: entered promiscuous mode [ 441.954365][ T5886] microsoft 0003:045E:07DA.0048: hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0 [ 441.965892][ T5886] microsoft 0003:045E:07DA.0048: no inputs found [ 441.972233][ T5886] microsoft 0003:045E:07DA.0048: could not initialize ff, continuing anyway [ 441.984299][T16503] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 441.997664][T16503] bond_slave_0: left promiscuous mode [ 442.003213][T16503] bond_slave_1: left promiscuous mode [ 442.073003][ T5982] usb 5-1: Using ep0 maxpacket: 8 [ 442.089942][ T5982] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 442.125449][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.133860][ T5982] usb 5-1: Product: syz [ 442.138991][ T5982] usb 5-1: Manufacturer: syz [ 442.148443][ T9] usb 10-1: USB disconnect, device number 27 [ 442.157176][ T5982] usb 5-1: SerialNumber: syz [ 442.202483][ T5982] usb 5-1: config 0 descriptor?? [ 442.283056][T16507] overlayfs: failed to decode file handle (len=5, type=248, flags=0, err=-22) [ 442.308862][ T46] usb 4-1: USB disconnect, device number 19 [ 442.440818][ T5982] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 442.781301][T16523] block nbd2: shutting down sockets [ 443.075876][T16532] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4190'. [ 443.089912][T16531] netlink: 'syz.9.4191': attribute type 3 has an invalid length. [ 443.099067][T16531] netlink: 'syz.9.4191': attribute type 3 has an invalid length. [ 443.222977][ T5886] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 443.276314][ T5982] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 443.306398][ T5982] usb 5-1: USB disconnect, device number 37 [ 443.412962][ T5886] usb 3-1: Using ep0 maxpacket: 16 [ 443.428988][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.457257][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.498436][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 443.538767][ T5886] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 443.552978][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.563717][ T5886] usb 3-1: config 0 descriptor?? [ 443.985021][ T5886] microsoft 0003:045E:07DA.0049: No inputs registered, leaving [ 444.020397][ T5886] microsoft 0003:045E:07DA.0049: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 444.062449][ T5886] microsoft 0003:045E:07DA.0049: no inputs found [ 444.089910][ T5886] microsoft 0003:045E:07DA.0049: could not initialize ff, continuing anyway [ 444.193284][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 444.255386][ T5886] usb 3-1: USB disconnect, device number 20 [ 444.424754][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 444.452918][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 444.482239][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 444.497824][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 444.511119][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 444.521194][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.543596][ T9] usb 2-1: config 0 descriptor?? [ 444.549141][T16545] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 444.628089][T16559] nbd: device at index 4 is going down [ 445.167967][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 445.189721][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 445.227657][ T9] usb 2-1: USB disconnect, device number 26 [ 445.918530][T16577] bridge_slave_0: left allmulticast mode [ 445.959778][T16577] bridge_slave_0: left promiscuous mode [ 445.992681][T16577] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.016673][T16577] bridge_slave_1: left allmulticast mode [ 446.022474][T16577] bridge_slave_1: left promiscuous mode [ 446.031179][T16579] netlink: 54 bytes leftover after parsing attributes in process `syz.1.4208'. [ 446.032435][T16575] block nbd3: shutting down sockets [ 446.060346][T16577] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.092310][T16577] bond0: (slave bond_slave_0): Releasing backup interface [ 446.151232][T16577] bond0: (slave bond_slave_1): Releasing backup interface [ 446.248420][T16577] team0: Port device team_slave_0 removed [ 446.277435][T16577] team0: Port device team_slave_1 removed [ 446.304626][T16577] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 446.344285][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 446.344305][ T29] audit: type=1326 audit(1732542446.683:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16589 comm="syz.3.4213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fecb997e819 code=0x0 [ 446.371660][T16577] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 446.405496][T16577] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 446.428694][T16577] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.073313][ T3074] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 447.348414][ T3074] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.360250][ T3074] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.370488][ T3074] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 447.402937][ T3074] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 447.412091][ T3074] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.427282][T16619] netlink: 'syz.1.4222': attribute type 3 has an invalid length. [ 447.444678][T16619] netlink: 'syz.1.4222': attribute type 3 has an invalid length. [ 447.456903][ T3074] usb 5-1: config 0 descriptor?? [ 447.503144][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 447.886697][ T3074] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x4 [ 447.894800][T16637] block nbd9: shutting down sockets [ 447.925208][ T3074] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 447.944468][ T3074] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 447.951914][ T3074] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 447.969819][ T3074] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 447.982570][ T3074] plantronics 0003:047F:FFFF.004A: No inputs registered, leaving [ 448.008780][ T3074] plantronics 0003:047F:FFFF.004A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 449.132352][T16607] usb 5-1: string descriptor 0 read error: -71 [ 449.765140][T16646] bridge_slave_0: left allmulticast mode [ 449.770859][T16646] bridge_slave_0: left promiscuous mode [ 449.798867][T16646] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.847716][T16646] bridge_slave_1: left allmulticast mode [ 449.853814][T16651] netlink: 54 bytes leftover after parsing attributes in process `syz.4.4229'. [ 449.863553][T16646] bridge_slave_1: left promiscuous mode [ 449.869334][T16646] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.915691][ T46] usb 5-1: USB disconnect, device number 38 [ 449.938753][T16646] bond0: (slave bond_slave_0): Releasing backup interface [ 450.029053][T16646] bond0: (slave bond_slave_1): Releasing backup interface [ 450.201651][T16646] team0: Port device team_slave_0 removed [ 450.253406][T16646] team0: Port device team_slave_1 removed [ 450.280400][T16646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.293405][T16646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.334768][T16646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.342229][T16646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.390572][T16646] bond1: (slave bridge1): Releasing active interface [ 450.492950][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 450.663483][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 450.672000][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 450.682409][T16670] Bluetooth: MGMT ver 1.23 [ 450.696755][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 450.715793][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 450.728864][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 450.739906][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.750105][ T9] usb 2-1: config 0 descriptor?? [ 450.760780][T16665] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 450.769231][ T9] hub 2-1:0.0: USB hub found [ 451.000764][ T9] hub 2-1:0.0: 2 ports detected [ 451.207230][T16689] netlink: 'syz.3.4251': attribute type 10 has an invalid length. [ 451.254900][T16689] syz_tun: entered promiscuous mode [ 451.279579][T16689] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 451.420563][ T9] hub 2-1:0.0: set hub depth failed [ 451.429346][ T9] usb 2-1: USB disconnect, device number 27 [ 452.775234][T16707] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4257'. [ 452.821243][T16706] bond0: (slave syz_tun): Releasing backup interface [ 452.838468][ T29] audit: type=1326 audit(1732542453.183:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 452.915872][ T29] audit: type=1326 audit(1732542453.183:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.003120][ T29] audit: type=1326 audit(1732542453.183:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.049951][ C0] Unknown status report in ack skb [ 453.073014][ T29] audit: type=1326 audit(1732542453.183:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.144421][ T29] audit: type=1326 audit(1732542453.183:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.221355][ T29] audit: type=1326 audit(1732542453.183:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.259553][ T29] audit: type=1326 audit(1732542453.193:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.335325][T16730] netlink: 'syz.9.4268': attribute type 1 has an invalid length. [ 453.363095][ T29] audit: type=1326 audit(1732542453.193:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.458324][ T29] audit: type=1326 audit(1732542453.193:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 453.543198][ T29] audit: type=1326 audit(1732542453.193:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16708 comm="syz.9.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f973557e819 code=0x7ffc0000 [ 454.048897][T16755] netlink: 54 bytes leftover after parsing attributes in process `syz.4.4276'. [ 454.169428][T16761] netlink: 'syz.3.4279': attribute type 12 has an invalid length. [ 454.335365][T16767] Dead loop on virtual device ip6_vti0, fix it urgently! [ 454.547285][T16769] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22) [ 454.744528][T16780] lo speed is unknown, defaulting to 1000 [ 454.782282][T16782] netlink: 12 bytes leftover after parsing attributes in process `syz.9.4287'. [ 455.335071][ T9] IPVS: starting estimator thread 0... [ 455.423016][T16808] IPVS: using max 22 ests per chain, 52800 per kthread [ 455.513009][ T5982] usb 10-1: new high-speed USB device number 28 using dummy_hcd [ 455.556231][T16814] siw: device registration error -23 [ 455.743767][T10408] IPVS: stop unused estimator thread 0... [ 455.757917][ T5982] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 455.768944][ T5982] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 455.798215][ T5982] usb 10-1: config 1 has no interface number 0 [ 455.811878][ T5982] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.835116][ T5982] usb 10-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 455.855192][ T5982] usb 10-1: too many endpoints for config 1 interface 1 altsetting 1: 117, using maximum allowed: 30 [ 455.880398][ T5982] usb 10-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 117 [ 455.910824][ T5982] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 455.930827][ T5982] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.948889][ T5982] usb 10-1: Product: syz [ 455.953873][ T5982] usb 10-1: Manufacturer: syz [ 455.958589][ T5982] usb 10-1: SerialNumber: syz [ 456.561754][T16845] lo speed is unknown, defaulting to 1000 [ 456.906309][T16852] siw: device registration error -23 [ 456.935159][T16854] netlink: 'syz.1.4312': attribute type 29 has an invalid length. [ 456.958829][T16854] netlink: 'syz.1.4312': attribute type 29 has an invalid length. [ 456.980710][T16854] netlink: 'syz.1.4312': attribute type 29 has an invalid length. [ 456.992692][ T5982] cdc_ncm 10-1:1.1: bind() failure [ 457.006069][T16854] netlink: 'syz.1.4312': attribute type 29 has an invalid length. [ 457.207728][ T5982] usb 10-1: USB disconnect, device number 28 [ 457.357656][ T46] IPVS: starting estimator thread 0... [ 457.453124][T16869] IPVS: using max 23 ests per chain, 55200 per kthread [ 458.457270][ T80] IPVS: stop unused estimator thread 0... [ 458.931133][T16879] cgroup: fork rejected by pids controller in /syz4 [ 459.222983][ T46] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 459.384981][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 459.391289][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 459.402619][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 459.414882][ T46] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 459.424010][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.434658][ T46] usb 2-1: config 0 descriptor?? [ 459.565638][T10413] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.678353][ T46] usbhid 2-1:0.0: can't add hid device: -71 [ 459.695021][ T46] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 459.707090][T10413] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.714818][ T46] usb 2-1: USB disconnect, device number 28 [ 459.831933][T10413] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.070088][T10413] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.671358][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 460.682110][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 460.690402][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 460.699733][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 460.724800][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 460.734063][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 460.866806][T16916] block nbd3: shutting down sockets [ 460.948730][T16915] cgroup: fork rejected by pids controller in /syz2 [ 461.602260][T10413] bond0 (unregistering): Released all slaves [ 461.814561][T10413] bond1 (unregistering): Released all slaves [ 461.837428][T10413] bond2 (unregistering): Released all slaves [ 461.860968][T16918] bond0: (slave rose0): Enslaving as an active interface with an up link [ 461.877675][T16920] bond0: (slave rose0): Releasing backup interface [ 462.087268][T16925] netlink: 'syz.9.4339': attribute type 13 has an invalid length. [ 462.322304][T16906] lo speed is unknown, defaulting to 1000 [ 462.586087][T10413] hsr_slave_0: left promiscuous mode [ 462.592074][T10413] hsr_slave_1: left promiscuous mode [ 462.730063][T10413] veth1_macvtap: left promiscuous mode [ 462.736402][ T5845] Bluetooth: hci1: unexpected event for opcode 0x2019 [ 462.760532][T10413] veth0_macvtap: left promiscuous mode [ 462.768462][T10413] veth1_vlan: left promiscuous mode [ 462.773877][T10413] veth0_vlan: left promiscuous mode [ 462.865181][ T5845] Bluetooth: hci2: command tx timeout [ 462.953409][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 462.964725][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 462.972704][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 463.010868][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 463.021626][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 463.044903][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 463.808024][T16976] syz.9.4359: attempt to access beyond end of device [ 463.808024][T16976] loop19: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 463.825666][T16976] EXT4-fs (loop19): unable to read superblock [ 464.945566][ T5845] Bluetooth: hci2: command tx timeout [ 464.986786][T16954] lo speed is unknown, defaulting to 1000 [ 465.006372][T16906] chnl_net:caif_netlink_parms(): no params data found [ 465.103361][ T5845] Bluetooth: hci0: command tx timeout [ 465.193561][ T46] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 465.333151][T16906] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.340267][T16906] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.378392][T16906] bridge_slave_0: entered allmulticast mode [ 465.387617][ T46] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 465.397005][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.414594][T16906] bridge_slave_0: entered promiscuous mode [ 465.421069][ T46] usb 2-1: Product: syz [ 465.425471][ T46] usb 2-1: Manufacturer: syz [ 465.430061][ T46] usb 2-1: SerialNumber: syz [ 465.447429][T16906] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.456504][ T46] usb 2-1: config 0 descriptor?? [ 465.461577][T16906] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.473472][ T46] powermate 2-1:0.0: probe with driver powermate failed with error -22 [ 465.493077][T16906] bridge_slave_1: entered allmulticast mode [ 465.500083][T16906] bridge_slave_1: entered promiscuous mode [ 465.591057][T16906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.610703][T16906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 465.689605][ T5850] usb 2-1: USB disconnect, device number 29 [ 465.772614][T16906] team0: Port device team_slave_0 added [ 465.785126][T16906] team0: Port device team_slave_1 added [ 465.815889][T16954] chnl_net:caif_netlink_parms(): no params data found [ 465.836641][T16906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 465.844958][T16906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 465.871846][T16906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 465.895904][T16906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 465.905373][T16906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 465.933359][T16906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.013096][ T46] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 466.059963][T16906] hsr_slave_0: entered promiscuous mode [ 466.082040][T16906] hsr_slave_1: entered promiscuous mode [ 466.093590][T16906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.118116][T16906] Cannot create hsr debugfs directory [ 466.123999][T16954] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.131093][T16954] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.138892][T16954] bridge_slave_0: entered allmulticast mode [ 466.163973][T16954] bridge_slave_0: entered promiscuous mode [ 466.173081][ T46] usb 10-1: Using ep0 maxpacket: 16 [ 466.179839][T16954] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.192659][T16954] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.203230][ T46] usb 10-1: config 0 has an invalid interface number: 41 but max is 0 [ 466.211419][ T46] usb 10-1: config 0 has no interface number 0 [ 466.218885][T16954] bridge_slave_1: entered allmulticast mode [ 466.225213][ T46] usb 10-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 466.243995][T16954] bridge_slave_1: entered promiscuous mode [ 466.260999][ T46] usb 10-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 466.288109][ T46] usb 10-1: config 0 interface 41 has no altsetting 0 [ 466.310353][ T46] usb 10-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 466.323205][ T46] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.331311][ T46] usb 10-1: Product: syz [ 466.340738][ T46] usb 10-1: Manufacturer: syz [ 466.345520][ T46] usb 10-1: SerialNumber: syz [ 466.363828][ T46] usb 10-1: config 0 descriptor?? [ 466.370082][T17019] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 466.391353][T16954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.393428][T17019] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 466.451677][T16954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.520253][T16954] team0: Port device team_slave_0 added [ 466.531820][T16954] team0: Port device team_slave_1 added [ 466.586457][T16954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.593823][T16954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.632971][T16954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.652020][T16954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.661013][T16954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.688185][T17019] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 466.699674][T17019] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 466.707207][T16954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.718644][ T3074] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 466.832707][T16954] hsr_slave_0: entered promiscuous mode [ 466.839498][T16954] hsr_slave_1: entered promiscuous mode [ 466.851405][T16954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.859107][T16954] Cannot create hsr debugfs directory [ 466.873037][ T3074] usb 4-1: Using ep0 maxpacket: 32 [ 466.909743][ T3074] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 466.930141][ T3074] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.952738][ T3074] usb 4-1: config 0 descriptor?? [ 466.957955][ T5850] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 466.972386][ T3074] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 467.023117][ T5845] Bluetooth: hci2: command tx timeout [ 467.133101][ T5850] usb 2-1: Using ep0 maxpacket: 32 [ 467.150487][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 467.175707][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 467.190872][T16954] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.207216][ T5850] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 467.212967][ T5845] Bluetooth: hci0: command tx timeout [ 467.216822][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.233943][T16906] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 467.245737][ T5850] usb 2-1: config 0 descriptor?? [ 467.250567][T16906] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 467.251457][T17038] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 467.267334][T16906] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 467.277864][T16906] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 467.299572][ T5850] hub 2-1:0.0: USB hub found [ 467.338664][T16954] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.350265][ T46] CoreChips 10-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 467.451264][T16954] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.482031][T16906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.544291][T17038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.553457][T16954] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.555378][T17038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.590429][T16906] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.597891][ T5850] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 467.624139][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.631251][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.655906][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.663064][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.785078][ T46] CoreChips 10-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 467.788720][T16954] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 467.813337][ T5850] usbhid 2-1:0.0: can't add hid device: -71 [ 467.817369][T16906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 467.823709][ T5850] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 467.838988][ T46] CoreChips 10-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 467.848960][ T46] CoreChips 10-1:0.41: probe with driver CoreChips failed with error -71 [ 467.854959][T16954] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 467.862162][ T46] usb 10-1: USB disconnect, device number 29 [ 467.874438][ T5850] usb 2-1: USB disconnect, device number 30 [ 467.899541][T16954] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 467.936138][T16954] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 468.056764][T16954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 468.078887][T16954] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.090671][ T80] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.097832][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.138323][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.145457][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.216663][ T3074] gspca_nw80x: reg_w err -71 [ 468.221349][ T3074] nw80x 4-1:0.0: probe with driver nw80x failed with error -71 [ 468.223359][T16906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.242596][ T3074] usb 4-1: USB disconnect, device number 20 [ 468.428788][T16954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.491089][T16954] veth0_vlan: entered promiscuous mode [ 468.532413][T16954] veth1_vlan: entered promiscuous mode [ 468.598156][T16954] veth0_macvtap: entered promiscuous mode [ 468.631221][T16954] veth1_macvtap: entered promiscuous mode [ 468.718192][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.752949][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.770193][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.789244][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.803776][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.825683][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.847737][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.875037][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.897635][T16954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.920540][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.936136][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.948075][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.959228][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.969939][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.981201][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.991241][T16954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.002474][T16954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.015587][T16954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.071718][T16954] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.092605][T16954] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.103415][ T5845] Bluetooth: hci2: command tx timeout [ 469.112557][T16954] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.153075][T16954] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.263545][ T5845] Bluetooth: hci0: command tx timeout [ 469.380834][T16906] veth0_vlan: entered promiscuous mode [ 469.454408][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.462318][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.487894][T16906] veth1_vlan: entered promiscuous mode [ 469.573232][T16906] veth0_macvtap: entered promiscuous mode [ 469.597798][ T3469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.613298][ T3469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.628966][T16906] veth1_macvtap: entered promiscuous mode [ 469.709562][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.737453][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.783124][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.810035][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.840375][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.865685][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.901296][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.925385][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.946233][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.966809][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.989346][T16906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 470.101582][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.133089][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.172957][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.202694][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.218454][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.231273][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.241687][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.253394][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.263651][T16906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.282967][T16906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.304596][T16906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 470.344538][T16906] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.373031][T16906] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.402189][T16906] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.421776][T16906] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.473416][ T5915] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 470.593606][ T3074] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 470.618656][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.640430][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.656559][ T5915] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 470.682972][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.709989][T10413] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.724656][ T5915] usb 4-1: config 0 descriptor?? [ 470.731551][ T5915] cp210x 4-1:0.0: cp210x converter detected [ 470.744263][T10413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.762986][ T3074] usb 2-1: Using ep0 maxpacket: 8 [ 470.775271][ T3074] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.801365][ T3074] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 470.825736][ T3074] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.842980][ T3074] usb 2-1: Product: syz [ 470.875596][ T3074] usb 2-1: Manufacturer: syz [ 470.880249][ T3074] usb 2-1: SerialNumber: syz [ 471.149236][ T3074] cdc_ncm 2-1:1.0: bind() failure [ 471.152743][ T5915] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 471.173887][ T5915] usb 4-1: cp210x converter now attached to ttyUSB0 [ 471.176226][ T3074] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 471.211981][ T3074] cdc_ncm 2-1:1.1: bind() failure [ 471.234776][ T3074] usb 2-1: USB disconnect, device number 31 [ 471.370030][ T5845] Bluetooth: hci0: command tx timeout [ 471.391767][ T5915] usb 4-1: USB disconnect, device number 21 [ 471.404742][ T5915] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 471.420564][ T5915] cp210x 4-1:0.0: device disconnected [ 471.641037][T17113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 471.662165][T17113] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 472.144085][ T46] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 472.264352][T17140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4411'. [ 472.315725][ T46] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 472.355570][ T46] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 472.374020][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.412640][ T46] usb 2-1: Product: syz [ 472.422642][ T46] usb 2-1: Manufacturer: syz [ 472.437997][ T46] usb 2-1: SerialNumber: syz [ 472.455611][ T46] usb 2-1: config 0 descriptor?? [ 472.507035][ T46] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 472.714831][ T46] usb 2-1: USB disconnect, device number 32 [ 473.155704][T17164] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 473.173738][T17164] overlayfs: failed to set xattr on upper [ 473.179496][T17164] overlayfs: ...falling back to redirect_dir=nofollow. [ 473.191855][T17164] overlayfs: ...falling back to index=off. [ 473.324281][ T25] IPVS: starting estimator thread 0... [ 473.338776][T17168] tipc: Started in network mode [ 473.373340][T17168] tipc: Node identity ac1414aa, cluster identity 4711 [ 473.381513][T17168] tipc: Enabled bearer , priority 10 [ 473.423289][T17171] IPVS: using max 24 ests per chain, 57600 per kthread [ 473.966888][T17194] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4435'. [ 474.000132][T17194] netlink: 'syz.4.4435': attribute type 1 has an invalid length. [ 474.017771][T17194] netlink: 'syz.4.4435': attribute type 2 has an invalid length. [ 474.043104][T17194] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4435'. [ 474.353623][ T5915] IPVS: starting estimator thread 0... [ 474.443093][T17216] IPVS: using max 23 ests per chain, 55200 per kthread [ 474.503261][ T970] tipc: Node number set to 2886997162 [ 474.585094][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 474.585112][ T29] audit: type=1326 audit(1732542474.943:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17226 comm="syz.9.4448" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f973557e819 code=0x0 [ 476.163708][ T46] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 476.323173][ T46] usb 4-1: Using ep0 maxpacket: 32 [ 476.343053][ T46] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 476.352132][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.370573][ T46] usb 4-1: config 0 descriptor?? [ 476.378439][ T46] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 476.693244][ T3074] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 476.855032][ T3074] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 476.876613][ T3074] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 476.887775][ T3074] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 476.896930][ T3074] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.907465][ T3074] usb 2-1: config 0 descriptor?? [ 477.155085][ T80] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.274197][ T80] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.356983][ T3074] ath6kl: Failed to submit usb control message: -71 [ 477.366113][ T3074] ath6kl: unable to send the bmi data to the device: -71 [ 477.382914][ T3074] ath6kl: Unable to send get target info: -71 [ 477.411346][ T80] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.437614][ T3074] ath6kl: Failed to init ath6kl core: -71 [ 477.444318][ T3074] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 477.469830][ T3074] usb 2-1: USB disconnect, device number 33 [ 477.570132][ T80] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.672315][T16110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 477.703208][T16110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 477.718984][T16110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 477.729603][T16110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 477.738896][T16110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 477.747893][T16110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 477.809383][ T46] gspca_vc032x: reg_w err -71 [ 477.814395][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.819710][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.825446][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.830756][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.836128][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.841427][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.846905][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.852235][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.857612][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.862986][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.868302][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.879156][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.887826][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.895714][T17309] Process accounting resumed [ 477.900528][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.907369][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.915267][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.920698][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.942943][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 477.948263][ T46] gspca_vc032x: Unknown sensor... [ 477.963077][ T46] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 477.989244][ T46] usb 4-1: USB disconnect, device number 22 [ 478.303145][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 478.303179][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 478.651146][ T29] audit: type=1326 audit(1732542479.003:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.724147][ T29] audit: type=1326 audit(1732542479.003:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.786811][ T29] audit: type=1326 audit(1732542479.033:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.851926][ T29] audit: type=1326 audit(1732542479.033:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.911936][ T29] audit: type=1326 audit(1732542479.033:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.971337][ T80] bond0 (unregistering): Released all slaves [ 478.977361][ T29] audit: type=1326 audit(1732542479.033:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.977402][ T29] audit: type=1326 audit(1732542479.033:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.977463][ T29] audit: type=1326 audit(1732542479.033:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 478.977495][ T29] audit: type=1326 audit(1732542479.043:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17325 comm="syz.4.4492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 479.192959][ T46] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 479.312498][ T80] bond1 (unregistering): Released all slaves [ 479.344488][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 479.351335][ T46] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 479.359736][ T46] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 479.364268][ T80] bond2 (unregistering): Released all slaves [ 479.372186][ T46] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 479.389912][ T46] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 479.403420][ T46] usb 5-1: config 0 interface 0 has no altsetting 0 [ 479.413985][ T46] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 479.424029][ T46] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 479.433095][ T46] usb 5-1: Product: syz [ 479.437673][ T46] usb 5-1: Manufacturer: syz [ 479.442289][ T46] usb 5-1: SerialNumber: syz [ 479.451388][ T46] usb 5-1: config 0 descriptor?? [ 479.458792][ T46] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 479.469433][ T46] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 479.495012][T17340] tipc: Started in network mode [ 479.510846][T17340] tipc: Node identity ac1414aa, cluster identity 4711 [ 479.545017][T17340] tipc: New replicast peer: 100.1.1.1 [ 479.561660][T17340] tipc: Enabled bearer , priority 10 [ 479.572007][T17305] lo speed is unknown, defaulting to 1000 [ 479.708646][ T46] usb 5-1: USB disconnect, device number 39 [ 479.724038][ T46] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 479.843137][ T5845] Bluetooth: hci1: command tx timeout [ 480.290084][ T80] hsr_slave_0: left promiscuous mode [ 480.309723][ T80] hsr_slave_1: left promiscuous mode [ 480.389466][ T80] veth1_macvtap: left promiscuous mode [ 480.402995][ T80] veth0_macvtap: left promiscuous mode [ 480.408609][ T80] veth1_vlan: left promiscuous mode [ 480.424922][ T80] veth0_vlan: left promiscuous mode [ 480.687435][ T3074] tipc: Node number set to 2886997162 [ 481.134786][ T5886] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 481.333677][ T5886] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.356148][ T5886] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 481.373017][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.381040][ T5886] usb 5-1: Product: syz [ 481.412864][ T5886] usb 5-1: Manufacturer: syz [ 481.417502][ T5886] usb 5-1: SerialNumber: syz [ 481.915066][ T5845] Bluetooth: hci1: command tx timeout [ 482.501816][ T5886] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 482.510959][ T5886] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 482.530927][ T5886] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 482.659470][T17392] veth0_vlan: entered allmulticast mode [ 482.685030][T17305] chnl_net:caif_netlink_parms(): no params data found [ 482.839809][T17392] veth0_vlan: left allmulticast mode [ 482.936584][ T5886] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 482.991693][ T5886] cdc_ncm 5-1:1.0 eth12: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 483.075518][ T5886] usb 5-1: USB disconnect, device number 40 [ 483.081906][ T5886] cdc_ncm 5-1:1.0 eth12: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 483.229697][T17305] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.247220][T17305] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.258812][T17305] bridge_slave_0: entered allmulticast mode [ 483.267174][T17305] bridge_slave_0: entered promiscuous mode [ 483.283603][T17305] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.290777][T17305] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.319459][T17305] bridge_slave_1: entered allmulticast mode [ 483.337722][T17305] bridge_slave_1: entered promiscuous mode [ 483.437199][T17305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.449177][T17305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.522074][T17433] input: syz0 as /devices/virtual/input/input91 [ 483.532262][T17305] team0: Port device team_slave_0 added [ 483.565713][T17305] team0: Port device team_slave_1 added [ 483.634681][T17305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.644788][T17305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.679672][T17305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.695549][T17305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.703553][T17305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.732547][T17305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.892911][T17305] hsr_slave_0: entered promiscuous mode [ 483.919095][T17305] hsr_slave_1: entered promiscuous mode [ 483.966168][T17305] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.976819][T17447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.987444][ T5845] Bluetooth: hci1: command tx timeout [ 484.004136][T17305] Cannot create hsr debugfs directory [ 484.289488][T17305] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.303374][ T3074] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 484.366883][T17305] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.430461][T17305] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.464990][ T3074] usb 3-1: Using ep0 maxpacket: 16 [ 484.471738][ T3074] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 484.494816][ T3074] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 484.515284][ T3074] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 484.524813][ T3074] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.555814][ T3074] usb 3-1: Product: syz [ 484.560022][ T3074] usb 3-1: Manufacturer: syz [ 484.575026][T17305] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.582960][ T3074] usb 3-1: SerialNumber: syz [ 484.600953][ T3074] usb 3-1: config 0 descriptor?? [ 484.773089][ T5886] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 484.802150][T17305] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 484.814514][T17305] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 484.834084][T17305] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 484.856208][T17305] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 484.866015][ T5887] usb 3-1: USB disconnect, device number 21 [ 484.936194][ T5886] usb 2-1: config 128 has too many interfaces: 254, using maximum allowed: 32 [ 484.972906][ T5886] usb 2-1: config 128 has 0 interfaces, different from the descriptor's value: 254 [ 485.006644][ T5886] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 485.026769][T17305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 485.043001][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 485.051030][ T5886] usb 2-1: SerialNumber: syz [ 485.077543][T17305] 8021q: adding VLAN 0 to HW filter on device team0 [ 485.114766][ T3469] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.121925][ T3469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 485.122862][ T5915] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 485.152409][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.159549][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.291735][ T9] usb 2-1: USB disconnect, device number 34 [ 485.302737][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.323984][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 485.339573][ T5915] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 485.373120][ T5915] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 485.382197][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.419858][ T5915] usb 4-1: config 0 descriptor?? [ 485.468968][T17305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.816929][T17305] veth0_vlan: entered promiscuous mode [ 485.841101][ T5915] plantronics 0003:047F:FFFF.004B: unknown main item tag 0x0 [ 485.849482][T17305] veth1_vlan: entered promiscuous mode [ 485.865551][ T5915] plantronics 0003:047F:FFFF.004B: No inputs registered, leaving [ 485.890333][ T5915] plantronics 0003:047F:FFFF.004B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 485.930516][T17305] veth0_macvtap: entered promiscuous mode [ 485.953337][T17305] veth1_macvtap: entered promiscuous mode [ 485.977944][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 485.999132][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.009151][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.019892][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.029804][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.040354][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.050290][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.060793][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.070793][ T5845] Bluetooth: hci1: command tx timeout [ 486.077374][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.087902][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.097810][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.110839][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.122350][T17305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.133149][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.143961][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.155987][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.166563][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.177109][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.188140][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.198066][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.208624][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.218596][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.229260][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.239229][T17305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.249735][T17305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.260706][T17305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.280262][T17305] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.289251][T17305] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.312748][T17305] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.321632][T17305] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.476441][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.501620][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.540714][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.568691][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.338247][T17535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4567'. [ 487.972963][T17567] netlink: 'syz.2.4582': attribute type 12 has an invalid length. [ 488.014068][ T46] usb 4-1: USB disconnect, device number 23 [ 488.383061][ T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 488.538263][ T9] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 488.548865][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.558891][ T9] usb 2-1: config 0 descriptor?? [ 488.569490][ T9] usb 2-1: selecting invalid altsetting 1 [ 488.588586][ T9] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 488.791615][ T9] usb 2-1: USB disconnect, device number 35 [ 488.923231][ T5850] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 489.085271][ T5850] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 489.097165][ T5850] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 489.107361][ T5850] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 489.122966][ T5850] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 489.131780][ T5850] usb 3-1: SerialNumber: syz [ 489.147216][ T5836] Bluetooth: hci5: sending frame failed (-49) [ 489.154695][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 489.358777][ T5850] usb 3-1: 0:2 : does not exist [ 489.425774][T17616] futex_wake_op: syz.1.4602 tries to shift op by 36; fix this program [ 489.427665][ T5850] usb 3-1: USB disconnect, device number 22 [ 489.569706][T17621] Bluetooth: MGMT ver 1.23 [ 489.611495][T17623] mkiss: ax0: crc mode is auto. [ 490.763768][T17652] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4614'. [ 491.743048][ T9] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 491.922917][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 491.933928][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.962848][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 491.983260][ T9] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 491.992335][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.024727][ T9] usb 5-1: config 0 descriptor?? [ 492.446827][ T9] ft260 0003:0403:6030.004C: unknown main item tag 0x0 [ 492.644780][ T9] ft260 0003:0403:6030.004C: chip code: 5e81 abf2 [ 492.796994][T17710] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4639'. [ 492.821184][T17710] netlink: 4640 bytes leftover after parsing attributes in process `syz.8.4639'. [ 492.847851][ T9] ft260 0003:0403:6030.004C: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0 [ 493.453417][ T9] ft260 0003:0403:6030.004C: failed to retrieve status: -32, no wakeup [ 493.473034][ T9] ft260 0003:0403:6030.004C: i2c bus error: 0x8a [ 493.683091][ T9] ft260 0003:0403:6030.004C: failed to reset I2C controller: -71 [ 493.792946][ T9] usb 5-1: USB disconnect, device number 41 [ 494.782722][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 494.782739][ T29] audit: type=1326 audit(1732542495.133:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 494.824694][ T29] audit: type=1326 audit(1732542495.133:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 494.846509][ T29] audit: type=1326 audit(1732542495.163:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 494.883207][T17762] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4658'. [ 494.932868][ T29] audit: type=1326 audit(1732542495.163:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 494.980479][ T29] audit: type=1326 audit(1732542495.163:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 495.014696][ T29] audit: type=1326 audit(1732542495.173:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f1f1d37e819 code=0x7ffc0000 [ 495.383286][ T970] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 495.545245][ T970] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 495.565231][ T970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 495.585719][ T970] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 495.606346][ T970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 495.645168][ T970] usb 2-1: SerialNumber: syz [ 495.754096][T17789] Dead loop on virtual device ip6_vti0, fix it urgently! [ 495.770267][ T29] audit: type=1326 audit(1732542496.123:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17790 comm="syz.8.4674" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ddd97e819 code=0x0 [ 495.832340][T17786] team0: Port device macvlan1 added [ 495.842313][T17793] team0: entered promiscuous mode [ 495.860262][T17793] team_slave_0: entered promiscuous mode [ 495.876908][T17793] team_slave_1: entered promiscuous mode [ 495.882752][T17793] macvlan1: entered promiscuous mode [ 495.899981][ T970] usb 2-1: 0:2 : does not exist [ 495.906687][ T970] usb 2-1: unit 255 not found! [ 495.917917][ T970] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5) [ 495.935126][T17786] macvlan1: left promiscuous mode [ 495.942601][ T970] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5) [ 495.969040][ T970] usb 2-1: 5:0: cannot get min/max values for control 6 (id 5) [ 495.987458][ T970] usb 2-1: 5:0: cannot get min/max values for control 7 (id 5) [ 496.016572][ T970] usb 2-1: USB disconnect, device number 36 [ 496.022669][T17786] team0: Port device macvlan1 removed [ 496.036162][T17785] team0: left promiscuous mode [ 496.044804][T17785] team_slave_0: left promiscuous mode [ 496.050440][T17785] team_slave_1: left promiscuous mode [ 496.759933][T17822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4686'. [ 496.960452][ T5836] Bluetooth: hci5: sending frame failed (-49) [ 496.970710][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 498.678794][T17907] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 498.720792][T17907] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 500.434645][T17957] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4739'. [ 500.693164][ T9] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 500.846544][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.867826][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 500.896614][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 500.934856][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 500.950994][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.967626][ T9] usb 5-1: config 0 descriptor?? [ 501.387981][ T9] plantronics 0003:047F:FFFF.004D: No inputs registered, leaving [ 501.407209][ T9] plantronics 0003:047F:FFFF.004D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 501.840734][T17995] 9pnet: p9_errstr2errno: server reported unknown error FcgKIeB$*qg!kH [ 501.870516][T17994] block nbd1: NBD_DISCONNECT [ 501.959729][T17999] block nbd1: Disconnected due to user request. [ 502.003013][T17999] block nbd1: shutting down sockets [ 502.383798][ T970] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 502.389373][T18010] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 502.562938][ T970] usb 4-1: Using ep0 maxpacket: 32 [ 502.594056][ T970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.612928][ T970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.622755][ T970] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 502.634341][ T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.664512][ T970] usb 4-1: config 0 descriptor?? [ 502.680919][ T970] hub 4-1:0.0: USB hub found [ 503.319597][ T970] hub 4-1:0.0: 1 port detected [ 504.159665][ T970] hub 4-1:0.0: activate --> -90 [ 504.379377][ T5886] usb 4-1: USB disconnect, device number 24 [ 608.732782][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 608.739779][ C0] rcu: 1-...!: (0 ticks this GP) idle=ad24/1/0x4000000000000000 softirq=76102/76102 fqs=356 [ 608.751990][ C0] rcu: (detected by 0, t=10502 jiffies, g=89613, q=952 ncpus=2) [ 608.759746][ C0] Sending NMI from CPU 0 to CPUs 1: [ 608.759792][ C1] NMI backtrace for cpu 1 [ 608.759806][ C1] CPU: 1 UID: 0 PID: 18002 Comm: syz.8.4758 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 608.759826][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 608.759836][ C1] RIP: 0010:kasan_check_range+0x5/0x290 [ 608.759860][ C1] Code: 8e e8 cf 0d e2 ff 90 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 <41> 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37 [ 608.759875][ C1] RSP: 0018:ffffc90000a18b70 EFLAGS: 00000097 [ 608.759891][ C1] RAX: 0000000000000004 RBX: dffffc0000000000 RCX: ffffffff81728012 [ 608.759904][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88807d6282e8 [ 608.759915][ C1] RBP: ffffc90000a18c60 R08: ffffffff942eaa0f R09: 1ffffffff285d541 [ 608.759928][ C1] R10: dffffc0000000000 R11: fffffbfff285d542 R12: ffff88807d6282e8 [ 608.759941][ C1] R13: 1ffff9200014317c R14: ffffc90000a18be0 R15: 1ffff1100fac505e [ 608.759954][ C1] FS: 00007f8dde7576c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 608.759969][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 608.759980][ C1] CR2: 00007f0d028656c0 CR3: 000000006c15e000 CR4: 00000000003526f0 [ 608.759995][ C1] Call Trace: [ 608.760003][ C1] [ 608.760013][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 608.760039][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 608.760058][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 608.760081][ C1] ? nmi_handle+0x2a/0x5a0 [ 608.760106][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 608.760129][ C1] ? nmi_handle+0x14f/0x5a0 [ 608.760146][ C1] ? nmi_handle+0x2a/0x5a0 [ 608.760165][ C1] ? kasan_check_range+0x5/0x290 [ 608.760180][ C1] ? default_do_nmi+0x63/0x160 [ 608.760196][ C1] ? exc_nmi+0x123/0x1f0 [ 608.760211][ C1] ? end_repeat_nmi+0xf/0x53 [ 608.760237][ C1] ? do_raw_spin_lock+0x142/0x370 [ 608.760266][ C1] ? kasan_check_range+0x5/0x290 [ 608.760282][ C1] ? kasan_check_range+0x5/0x290 [ 608.760299][ C1] ? kasan_check_range+0x5/0x290 [ 608.760316][ C1] [ 608.760321][ C1] [ 608.760327][ C1] do_raw_spin_lock+0x142/0x370 [ 608.760350][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 608.760371][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 608.760397][ C1] ? __pfx_advance_sched+0x10/0x10 [ 608.760412][ C1] ? __pfx_advance_sched+0x10/0x10 [ 608.760428][ C1] advance_sched+0xab/0xca0 [ 608.760444][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 608.760464][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 608.760487][ C1] ? __pfx_advance_sched+0x10/0x10 [ 608.760502][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 608.760532][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 608.760551][ C1] ? sched_clock+0x4a/0x70 [ 608.760573][ C1] ? read_tsc+0x9/0x20 [ 608.760593][ C1] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 608.760614][ C1] hrtimer_interrupt+0x403/0xa40 [ 608.760645][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 608.760665][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 608.760685][ C1] [ 608.760691][ C1] [ 608.760697][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 608.760720][ C1] RIP: 0010:lock_acquire+0x264/0x550 [ 608.760737][ C1] Code: 2b 00 74 08 4c 89 f7 e8 2a 7f 8c 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 608.760751][ C1] RSP: 0018:ffffc9001022f6a0 EFLAGS: 00000206 [ 608.760765][ C1] RAX: 0000000000000001 RBX: 1ffff92002045ee0 RCX: ffff88802573a8d8 [ 608.760776][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0aea80 RDI: ffffffff8c6080a0 [ 608.760789][ C1] RBP: ffffc9001022f7e8 R08: ffffffff942ea887 R09: 1ffffffff285d510 [ 608.760801][ C1] R10: dffffc0000000000 R11: fffffbfff285d511 R12: 1ffff92002045edc [ 608.760814][ C1] R13: dffffc0000000000 R14: ffffc9001022f700 R15: 0000000000000246 [ 608.760837][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 608.760864][ C1] mod_memcg_page_state+0xb8/0x800 [ 608.760885][ C1] ? mod_memcg_page_state+0x97/0x800 [ 608.760904][ C1] ? mod_memcg_page_state+0x97/0x800 [ 608.760923][ C1] ? __pfx_mod_memcg_page_state+0x10/0x10 [ 608.760944][ C1] ? free_unref_page+0x741/0x1130 [ 608.760968][ C1] vfree+0x17c/0x2e0 [ 608.760988][ C1] vb2_vmalloc_put+0x68/0xb0 [ 608.761006][ C1] ? __pfx_vb2_vmalloc_put+0x10/0x10 [ 608.761025][ C1] __vb2_buf_mem_free+0xfa/0x2a0 [ 608.761046][ C1] __vb2_queue_free+0x452/0xb70 [ 608.761069][ C1] vb2_core_queue_release+0x6c/0x150 [ 608.761089][ C1] v4l2_m2m_ctx_release+0x1e/0x40 [ 608.761106][ C1] vicodec_release+0x94/0x110 [ 608.761128][ C1] ? __pfx_vicodec_release+0x10/0x10 [ 608.761148][ C1] v4l2_release+0x1f5/0x3b0 [ 608.761172][ C1] ? __pfx_v4l2_release+0x10/0x10 [ 608.761195][ C1] __fput+0x23c/0xa50 [ 608.761221][ C1] task_work_run+0x24f/0x310 [ 608.761248][ C1] ? __pfx_task_work_run+0x10/0x10 [ 608.761272][ C1] get_signal+0x15f7/0x1750 [ 608.761301][ C1] ? __pfx_get_signal+0x10/0x10 [ 608.761326][ C1] arch_do_signal_or_restart+0x96/0x860 [ 608.761351][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 608.761373][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 608.761396][ C1] ? syscall_exit_to_user_mode+0xa3/0x340 [ 608.761417][ C1] syscall_exit_to_user_mode+0xce/0x340 [ 608.761438][ C1] do_syscall_64+0x100/0x230 [ 608.761459][ C1] ? clear_bhb_loop+0x35/0x90 [ 608.761482][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.761504][ C1] RIP: 0033:0x7f8ddd97e819 [ 608.761524][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.761538][ C1] RSP: 002b:00007f8dde757038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 608.761554][ C1] RAX: 0000000000000000 RBX: 00007f8dddb35fa0 RCX: 00007f8ddd97e819 [ 608.761566][ C1] RDX: 00000000200000c0 RSI: 00000000c0145608 RDI: 0000000000000003 [ 608.761577][ C1] RBP: 00007f8ddd9f175e R08: 0000000000000000 R09: 0000000000000000 [ 608.761587][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.761598][ C1] R13: 0000000000000000 R14: 00007f8dddb35fa0 R15: 00007fff6e1cfcc8 [ 608.761616][ C1] [ 608.761784][ C0] rcu: rcu_preempt kthread starved for 8720 jiffies! g89613 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 609.381596][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 609.391577][ C0] rcu: RCU grace-period kthread stack dump: [ 609.397468][ C0] task:rcu_preempt state:R running task stack:25624 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 609.409241][ C0] Call Trace: [ 609.412528][ C0] [ 609.415475][ C0] __schedule+0x17fb/0x4be0 [ 609.420024][ C0] ? __pfx___schedule+0x10/0x10 [ 609.424894][ C0] ? __pfx_lock_release+0x10/0x10 [ 609.429953][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 609.436298][ C0] ? schedule+0x90/0x320 [ 609.440554][ C0] schedule+0x14b/0x320 [ 609.444723][ C0] schedule_timeout+0x15a/0x290 [ 609.449586][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 609.454973][ C0] ? __pfx_process_timeout+0x10/0x10 [ 609.460281][ C0] ? prepare_to_swait_event+0x330/0x350 [ 609.465841][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 609.470703][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 609.475927][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 609.482100][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 609.487396][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 609.493309][ C0] ? finish_swait+0xd4/0x1e0 [ 609.497930][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 609.502610][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 609.507827][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 609.513748][ C0] ? __kthread_parkme+0x169/0x1d0 [ 609.518787][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 609.524000][ C0] kthread+0x2f0/0x390 [ 609.528082][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 609.533294][ C0] ? __pfx_kthread+0x10/0x10 [ 609.537901][ C0] ret_from_fork+0x4b/0x80 [ 609.542331][ C0] ? __pfx_kthread+0x10/0x10 [ 609.546934][ C0] ret_from_fork_asm+0x1a/0x30 [ 609.551734][ C0] [ 609.554762][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 609.561093][ C0] CPU: 0 UID: 0 PID: 3469 Comm: kworker/u8:7 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 609.571602][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 609.581666][ C0] Workqueue: writeback wb_workfn (flush-8:0) [ 609.587683][ C0] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2ca0 [ 609.594463][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 a6 e8 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 51 e4 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 35 e4 [ 609.614082][ C0] RSP: 0018:ffffc9000c895fa0 EFLAGS: 00000293 [ 609.620165][ C0] RAX: ffffffff8189fb8b RBX: 1ffff110170e88b9 RCX: ffff88803250bc00 [ 609.628146][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 609.636124][ C0] RBP: ffffc9000c8961a0 R08: ffffffff8189fb5a R09: 1ffff92001912be4 [ 609.644104][ C0] R10: dffffc0000000000 R11: ffffffff8143d3f0 R12: dffffc0000000000 [ 609.652083][ C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001 [ 609.660062][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 609.669001][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 609.675594][ C0] CR2: 00007f50e46d9485 CR3: 000000000e738000 CR4: 00000000003526f0 [ 609.683574][ C0] Call Trace: [ 609.686860][ C0] [ 609.689737][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 609.696109][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 609.701773][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 609.707606][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 609.713867][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 609.719262][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 609.724919][ C0] ? update_process_times+0x242/0x2f0 [ 609.730308][ C0] ? tick_nohz_handler+0x37c/0x500 [ 609.735447][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 609.740925][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 609.746331][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 609.752080][ C0] ? sched_clock+0x4a/0x70 [ 609.756515][ C0] ? read_tsc+0x9/0x20 [ 609.760603][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 609.766685][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 609.771832][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 609.778000][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 609.783821][ C0] [ 609.786758][ C0] [ 609.789696][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 609.795868][ C0] ? __pfx_tlb_is_not_lazy+0x10/0x10 [ 609.801174][ C0] ? smp_call_function_many_cond+0x19da/0x2ca0 [ 609.807339][ C0] ? smp_call_function_many_cond+0x1a0b/0x2ca0 [ 609.813509][ C0] ? smp_call_function_many_cond+0x19f3/0x2ca0 [ 609.819679][ C0] ? mark_lock+0x9a/0x360 [ 609.824024][ C0] ? __pfx_tlb_is_not_lazy+0x10/0x10 [ 609.829319][ C0] ? __lock_acquire+0x1397/0x2100 [ 609.834353][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 609.839588][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 609.845936][ C0] ? rcu_is_watching+0x15/0xb0 [ 609.850715][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 609.855929][ C0] ? __pfx_tlb_is_not_lazy+0x10/0x10 [ 609.861227][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 609.866356][ C0] flush_tlb_mm_range+0x329/0x5c0 [ 609.871401][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 609.876958][ C0] ? page_ext_get+0x1d6/0x2a0 [ 609.881658][ C0] ptep_clear_flush+0x11a/0x170 [ 609.886524][ C0] page_vma_mkclean_one+0x58a/0x9a0 [ 609.891747][ C0] ? __pfx_page_vma_mkclean_one+0x10/0x10 [ 609.897483][ C0] ? __pfx_validate_chain+0x10/0x10 [ 609.902714][ C0] page_mkclean_one+0x280/0x420 [ 609.907581][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 609.912975][ C0] ? __pfx_down_read_trylock+0x10/0x10 [ 609.918453][ C0] ? vma_interval_tree_iter_next+0x31b/0x340 [ 609.924441][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 609.929860][ C0] rmap_walk_file+0x52f/0x9f0 [ 609.934568][ C0] folio_mkclean+0x262/0x440 [ 609.939183][ C0] ? __pfx_folio_mkclean+0x10/0x10 [ 609.944312][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 609.949699][ C0] ? __pfx_invalid_mkclean_vma+0x10/0x10 [ 609.955348][ C0] ? __pfx_lock_release+0x10/0x10 [ 609.960386][ C0] ? folio_mapping+0x1b2/0x430 [ 609.965175][ C0] folio_clear_dirty_for_io+0x22b/0xd00 [ 609.970735][ C0] ? xas_find_marked+0xf67/0x10e0 [ 609.975778][ C0] ? __pfx_folio_clear_dirty_for_io+0x10/0x10 [ 609.981862][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 609.986816][ C0] ? filemap_get_folios_tag+0x1ce/0x890 [ 609.992380][ C0] mpage_submit_folio+0x88/0x230 [ 609.997336][ C0] mpage_process_page_bufs+0x6c9/0x8d0 [ 610.002820][ C0] mpage_prepare_extent_to_map+0xec7/0x1c80 [ 610.008729][ C0] ? kasan_save_track+0x51/0x80 [ 610.013595][ C0] ? kasan_save_track+0x3f/0x80 [ 610.018483][ C0] ? __pfx_mpage_prepare_extent_to_map+0x10/0x10 [ 610.024852][ C0] ? ext4_init_io_end+0x29/0x130 [ 610.029798][ C0] ? rcu_is_watching+0x15/0xb0 [ 610.034575][ C0] ? ext4_init_io_end+0x29/0x130 [ 610.039519][ C0] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 610.045174][ C0] ext4_do_writepages+0xc4d/0x3d10 [ 610.050344][ C0] ? __pfx_ext4_do_writepages+0x10/0x10 [ 610.055901][ C0] ? validate_chain+0x11e/0x5920 [ 610.060879][ C0] ? rcu_read_lock_any_held+0xb7/0x160 [ 610.066371][ C0] ext4_writepages+0x213/0x3c0 [ 610.071159][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 610.076473][ C0] ? reacquire_held_locks+0x3eb/0x690 [ 610.081862][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 610.087168][ C0] do_writepages+0x35f/0x880 [ 610.091778][ C0] ? __pfx_do_writepages+0x10/0x10 [ 610.096914][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 610.101947][ C0] ? writeback_sb_inodes+0x595/0x1370 [ 610.107336][ C0] ? __pfx_lock_release+0x10/0x10 [ 610.112370][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 610.117420][ C0] __writeback_single_inode+0x14f/0x10d0 [ 610.123100][ C0] ? wbc_attach_and_unlock_inode+0x561/0x580 [ 610.129102][ C0] writeback_sb_inodes+0x80c/0x1370 [ 610.134317][ C0] ? mark_lock+0x9a/0x360 [ 610.138686][ C0] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 610.144368][ C0] ? __pfx_move_expired_inodes+0x10/0x10 [ 610.150017][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 610.155063][ C0] __writeback_inodes_wb+0x11b/0x260 [ 610.160377][ C0] wb_writeback+0x427/0xbc0 [ 610.164907][ C0] ? queue_io+0x311/0x5a0 [ 610.169256][ C0] ? __pfx_wb_writeback+0x10/0x10 [ 610.174309][ C0] wb_workfn+0xba1/0x1090 [ 610.178670][ C0] ? __pfx_wb_workfn+0x10/0x10 [ 610.183456][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 610.189451][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.195795][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 610.201182][ C0] ? process_scheduled_works+0x976/0x1850 [ 610.206919][ C0] process_scheduled_works+0xa63/0x1850 [ 610.212506][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 610.218509][ C0] ? assign_work+0x364/0x3d0 [ 610.223118][ C0] worker_thread+0x870/0xd30 [ 610.227729][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 610.233642][ C0] ? __kthread_parkme+0x169/0x1d0 [ 610.238679][ C0] ? __pfx_worker_thread+0x10/0x10 [ 610.243798][ C0] kthread+0x2f0/0x390 [ 610.247878][ C0] ? __pfx_worker_thread+0x10/0x10 [ 610.252998][ C0] ? __pfx_kthread+0x10/0x10 [ 610.257598][ C0] ret_from_fork+0x4b/0x80 [ 610.262020][ C0] ? __pfx_kthread+0x10/0x10 [ 610.266628][ C0] ret_from_fork_asm+0x1a/0x30 [ 610.271424][ C0]