last executing test programs: 5m29.552381585s ago: executing program 3 (id=4051): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) fcntl$setstatus(r1, 0x4, 0x800) waitid$P_PIDFD(0x3, r1, 0x0, 0x8, 0x0) 5m29.361055133s ago: executing program 3 (id=4045): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r0}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x42, r1}, 0x38) 5m29.303255197s ago: executing program 3 (id=4046): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000001"], 0x48) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 5m28.978148132s ago: executing program 3 (id=4055): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 5m28.888297079s ago: executing program 3 (id=4056): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000003000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 5m28.484989436s ago: executing program 3 (id=4066): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r1}, 0xc) 5m28.408663225s ago: executing program 32 (id=4066): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r1}, 0xc) 3m42.334925033s ago: executing program 0 (id=5727): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)="88", 0x1}], 0x1}, 0x45) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000100), 0x4) sendmsg$inet(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000a80)="1843", 0x2}], 0x1}, 0x20000001) recvmsg$unix(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x2082) 3m42.334721605s ago: executing program 0 (id=5728): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x0, 0x3}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x1, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4081}, 0x200440d5) 3m42.261275176s ago: executing program 0 (id=5729): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x18, 0x2c, 0x0, @remote, @local, {[@routing={0x8, 0x2, 0x2, 0x9, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}]}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5, 0xe}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x18, 0x2c, 0x0, @remote, @local, {[@routing={0x1, 0x2, 0x1, 0x1, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}]}}}}}, 0x0) 3m42.26049422s ago: executing program 0 (id=5730): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount(0x0, &(0x7f0000000d40)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x40, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000340)='./file0/../file0/../file0\x00') 3m42.20011694s ago: executing program 0 (id=5731): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x1000000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r1 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 3m41.753515447s ago: executing program 0 (id=5743): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x1, 0xffff5865}}}}}}}, 0x3e) 3m41.688232478s ago: executing program 33 (id=5743): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x1, 0xffff5865}}}}}}}, 0x3e) 1m55.772633033s ago: executing program 2 (id=7480): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) r1 = dup(r0) r2 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000200)={0x90000009}) write$P9_RSTATFS(r1, 0x0, 0x0) 1m55.694503224s ago: executing program 2 (id=7481): bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x2000002, 0x3a, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m55.624518431s ago: executing program 2 (id=7482): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) close_range(r0, r1, 0x0) 1m55.53563588s ago: executing program 2 (id=7483): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000001900)='.\x00', &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 1m55.443185088s ago: executing program 2 (id=7484): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r0, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) 1m55.224015631s ago: executing program 2 (id=7485): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1m55.121026439s ago: executing program 34 (id=7485): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1m42.621268271s ago: executing program 6 (id=7682): r0 = socket(0x10, 0x80002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@delchain={0x24, 0x65, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x2}, {0x4, 0xffe8}, {0x0, 0xffe0}}}, 0x24}}, 0x20044000) 1m42.619277234s ago: executing program 6 (id=7683): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fedbdf251a00000008000300", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x440000d0) 1m42.513762622s ago: executing program 6 (id=7684): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) 1m42.313830101s ago: executing program 6 (id=7685): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00') 1m42.302146071s ago: executing program 6 (id=7686): r0 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$nci(r0, 0x0, 0x0) 1m42.001823118s ago: executing program 6 (id=7690): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x15) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 1m41.875330505s ago: executing program 35 (id=7690): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x15) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 39.074303774s ago: executing program 5 (id=8443): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beefff5d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="f78d9ca38fff48f3be52163448412ba8", 0xc45e158d1a96cd32}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe", 0x2c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d", 0x24}], 0x3, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x9cde14b4b725c073}], 0x1, 0x448d4) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000600)=""/85, 0x5}, {&(0x7f0000000680)=""/106, 0x20000253}], 0x2}, 0x6020) 38.984232321s ago: executing program 5 (id=8444): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x210a, r0}, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x44) 38.978712632s ago: executing program 5 (id=8445): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r0 = syz_clone3(&(0x7f0000000340)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) get_robust_list(r0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) 38.609679641s ago: executing program 5 (id=8450): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 38.541189233s ago: executing program 5 (id=8451): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@redirect_dir_nofollow}, {@nfs_export_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 38.307310156s ago: executing program 5 (id=8454): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r1, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) 38.192509838s ago: executing program 36 (id=8454): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r1, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) 2.832558692s ago: executing program 1 (id=9013): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) ppoll(&(0x7f0000000000)=[{r0, 0x4000}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40) 1.961580517s ago: executing program 1 (id=9031): socket$netlink(0x10, 0x3, 0x6) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4f23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x6}, {0x0, 0x0, 0x400000003, 0xfffffffffffffffc}, 0xfffffffc, 0x0, 0x1, 0x0, 0x6}, {{@in6=@loopback, 0x4, 0x32}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0xb7, 0x5, 0xfffffffe}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) 1.907548378s ago: executing program 1 (id=9035): unshare(0x42000000) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d010203010902"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001800dd8d00000000ffdbdf3502200004ff000006"], 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="38000000200001002bbd7000fddbdf2502"], 0x38}}, 0x0) 1.788153012s ago: executing program 4 (id=9038): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xffffffc6) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c2f2, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64) 1.347052244s ago: executing program 7 (id=9047): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 1.320530235s ago: executing program 4 (id=9049): r0 = socket$inet_sctp(0x2, 0x5, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f00000002c0)="85", 0x890c}], 0x20, &(0x7f00000000c0)=[@sndinfo={0x1c, 0x84, 0x2, {0x6, 0x4, 0x29, 0x200000e, r2}}], 0x1c, 0x2400e044}, 0x6) 1.275207004s ago: executing program 7 (id=9051): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050001000010"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000001000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800) 1.203670107s ago: executing program 7 (id=9052): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000311000/0x1000)=nil, 0x1000}, 0x6}) syz_io_uring_setup(0xefe, &(0x7f0000000140)={0x0, 0xcc19, 0x10806}, &(0x7f0000000000), &(0x7f0000000380), &(0x7f0000000000)) pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x4, 0xffffffffffffffff, 0x8000, 0x0, 0x0, 0x7}, &(0x7f00000000c0)={0x1f, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x0, 0x4000000000, 0x100000000000}, 0x0, 0x0, 0x0) 1.203410673s ago: executing program 4 (id=9053): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x100, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0x0, 0x7}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x7fff}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}, 0x1, 0x0, 0x0, 0x20008801}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 731.782622ms ago: executing program 8 (id=9055): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 621.493746ms ago: executing program 8 (id=9056): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x93) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f0000004180)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x440, 0xfffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50) 532.949311ms ago: executing program 8 (id=9057): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c358099bf8cf3007d00000014000000110001"], 0xf0}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 530.540458ms ago: executing program 1 (id=9065): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x1000000000, 0x5, 0x41, 0x4, 0x0, 0x2004cb, 0x0, 0x40000000000a1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000780)={0x1a0003, 0x0, {[0x2683, 0x9, 0x3, 0x8, 0x7, 0x3, 0x8, 0x1]}}) 459.987625ms ago: executing program 8 (id=9058): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r0 = userfaultfd(0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 356.420435ms ago: executing program 7 (id=9059): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 344.685775ms ago: executing program 4 (id=9060): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x1033, r0, 0x0) pipe2(&(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r0, 0xe, 0x4) write$binfmt_script(r3, &(0x7f0000001380)={'#! ', './file0'}, 0xb) 343.063065ms ago: executing program 1 (id=9068): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff) r1 = open(&(0x7f0000000240)='./file1\x00', 0x10d102, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e1e, 0x10000, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x400007}, {0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x3}, 0xffffffffffffffff, 0x7}}, 0xfffffefe) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="28685b6c54138a81b146ade2b316c1eb91403ccca1302f6a077b87e1343377fe3bea2787ee79b5265c84365ee55bd54e281bd1a47a52eb1ad83a0c719f7165775177ff5b0568a3a8b5dced0a9d0c2cd821ac70475da3d2a5929570e0bddd", 0x5e}], 0x1) r2 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x0) ftruncate(r2, 0x2007ffc) 223.511919ms ago: executing program 7 (id=9061): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x10) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$char_usb(r0, &(0x7f0000000700)="027ef4e4486467", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1}}, 0x40) 203.601885ms ago: executing program 7 (id=9062): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) shutdown(r0, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x7}, 0x8) close(0x3) 148.597975ms ago: executing program 4 (id=9063): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 143.230683ms ago: executing program 8 (id=9073): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x1, 0x0, 0x7fff0000}]}) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x1033, r0, 0x0) pipe2(&(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r0, 0xe, 0x4) write$binfmt_script(r3, &(0x7f0000001380)={'#! ', './file0'}, 0xb) 2.302613ms ago: executing program 1 (id=9064): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x48c0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 2.162319ms ago: executing program 4 (id=9066): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0xfffffffc, 0x25dfdbfc, {0xf}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffeff}]}, 0x140}}, 0x844) 0s ago: executing program 8 (id=9075): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4880}, 0x1) recvmsg(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000200)=""/59, 0x3b}], 0x1}, 0x40010021) kernel console output (not intermixed with test programs): face 0 has no altsetting 0 [ 507.378587][ T6003] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 507.381832][ T6003] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 507.385260][ T6003] usb 11-1: Product: syz [ 507.386685][ T6003] usb 11-1: Manufacturer: syz [ 507.388626][ T6003] usb 11-1: SerialNumber: syz [ 507.396494][ T6003] usb 11-1: config 0 descriptor?? [ 507.404374][ T6003] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0 [ 507.458102][T23694] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 507.611232][T23702] input: syz0 as /devices/virtual/input/input63 [ 507.618336][ T10] usb 11-1: USB disconnect, device number 4 [ 507.632908][ T10] yurex 11-1:0.0: USB YUREX #0 now disconnected [ 507.944766][T23716] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 508.004301][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 508.158112][T23722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7638'. [ 508.161993][T23722] netlink: 'syz.4.7638': attribute type 30 has an invalid length. [ 508.186731][ T1149] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.191073][ T1149] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.195033][T23722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7638'. [ 508.195061][T23722] netlink: 'syz.4.7638': attribute type 30 has an invalid length. [ 508.203051][ T1149] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.219653][ T1149] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 508.591941][T23742] kernel read not supported for file /batadv_slave_1 (pid: 23742 comm: syz.6.7648) [ 508.596256][ T40] audit: type=1800 audit(1776298162.933:5936): pid=23742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.7648" name="batadv_slave_1" dev="mqueue" ino=114954 res=0 errno=0 [ 508.655626][T20212] kernel read not supported for file /batadv_slave_1 (pid: 20212 comm: kworker/2:3) [ 508.785364][T23752] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7651'. [ 508.788874][T23752] bond0: ARP target 8.4.0.0 is already present [ 508.791723][T23752] bond0: option arp_ip_target: invalid value (1032) [ 509.044256][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 509.304240][ T10] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 509.455740][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.459607][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.463716][ T10] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 509.468130][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.475271][ T10] usb 6-1: config 0 descriptor?? [ 509.640813][T23776] netlink: 'syz.6.7661': attribute type 30 has an invalid length. [ 509.643436][T23776] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7661'. [ 509.824249][ T6003] usb 10-1: new high-speed USB device number 21 using dummy_hcd [ 509.899073][ T10] keytouch 0003:0926:3333.002E: fixing up Keytouch IEC report descriptor [ 509.926811][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:0926:3333.002E/input/input64 [ 509.992421][ T6003] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.004358][ T5940] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 510.014308][ T6003] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.026203][ T6003] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 510.040449][ T6003] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 510.043758][ T6003] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.055200][ T6003] usb 10-1: config 0 descriptor?? [ 510.069190][ T10] keytouch 0003:0926:3333.002E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 510.084217][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 510.105400][ T10] usb 6-1: USB disconnect, device number 49 [ 510.149484][T23788] fido_id[23788]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb6/6-1/report_descriptor': No such file or directory [ 510.173145][ T5940] usb 9-1: config index 0 descriptor too short (expected 39, got 27) [ 510.182975][ T5940] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 510.191026][ T5940] usb 9-1: config 0 interface 0 has no altsetting 0 [ 510.196207][ T5940] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 510.206033][ T5940] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 510.214266][ T5940] usb 9-1: Product: syz [ 510.215852][ T5940] usb 9-1: Manufacturer: syz [ 510.220054][ T5940] usb 9-1: SerialNumber: syz [ 510.230021][ T5940] usb 9-1: config 0 descriptor?? [ 510.236164][ T5940] hub 9-1:0.0: bad descriptor, ignoring hub [ 510.240465][ T5940] hub 9-1:0.0: probe with driver hub failed with error -5 [ 510.247048][ T5940] usb 9-1: selecting invalid altsetting 0 [ 510.481286][ T6003] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 510.736212][T23805] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 510.845728][T23780] usb 9-1: reset high-speed USB device number 38 using dummy_hcd [ 511.134199][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 511.422427][T23832] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7683'. [ 511.438033][ T6003] usb 9-1: USB disconnect, device number 38 [ 511.891810][T23846] pim6reg1: entered promiscuous mode [ 511.893790][T23846] pim6reg1: entered allmulticast mode [ 512.052427][ T216] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.174206][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 512.202531][ T216] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.250518][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 512.264034][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 512.279105][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 512.283361][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 512.299208][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 512.362411][T23858] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7694'. [ 512.383384][ T216] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.492341][ T216] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.595568][ T5940] usb 10-1: USB disconnect, device number 21 [ 512.727567][T23882] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7701'. [ 512.731381][T23882] netlink: 'syz.1.7701': attribute type 20 has an invalid length. [ 512.737440][T23882] netlink: 'syz.1.7701': attribute type 21 has an invalid length. [ 512.815511][T23852] chnl_net:caif_netlink_parms(): no params data found [ 512.872072][T23885] syzkaller1: entered promiscuous mode [ 512.874374][T23885] syzkaller1: entered allmulticast mode [ 513.024838][ T216] bridge_slave_1: left allmulticast mode [ 513.030795][ T216] bridge_slave_1: left promiscuous mode [ 513.040436][ T216] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.077820][ T216] bridge_slave_0: left allmulticast mode [ 513.079971][ T216] bridge_slave_0: left promiscuous mode [ 513.081966][ T216] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.204181][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 513.360960][ T216] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.366840][ T216] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.372479][ T216] bond0 (unregistering): Released all slaves [ 513.423945][T23852] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.428411][T23852] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.432319][T23852] bridge_slave_0: entered allmulticast mode [ 513.436867][T23852] bridge_slave_0: entered promiscuous mode [ 513.443905][T23852] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.446910][T23852] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.450164][T23852] bridge_slave_1: entered allmulticast mode [ 513.455018][T23852] bridge_slave_1: entered promiscuous mode [ 513.491200][T23852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.499771][T23852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.552324][T23852] team0: Port device team_slave_0 added [ 513.562246][T23852] team0: Port device team_slave_1 added [ 513.619498][T23852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.621860][T23852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 513.631491][T23852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.647135][T23930] syzkaller1: entered promiscuous mode [ 513.650949][T23930] syzkaller1: entered allmulticast mode [ 513.655626][T23852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.657949][T23852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 513.667242][T23852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.738461][ T5644] 8021q: adding VLAN 0 to HW filter on device eth10 [ 513.744333][ T29] usb 9-1: new full-speed USB device number 39 using dummy_hcd [ 513.752544][T23852] hsr_slave_0: entered promiscuous mode [ 513.757077][T23852] hsr_slave_1: entered promiscuous mode [ 513.759729][T23852] debugfs: 'hsr0' already exists in 'hsr' [ 513.762173][T23852] Cannot create hsr debugfs directory [ 513.863562][ T216] hsr_slave_0: left promiscuous mode [ 513.877090][ T216] hsr_slave_1: left promiscuous mode [ 513.880221][ T216] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 513.883071][ T216] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 513.894917][ T216] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 513.901522][ T216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 513.908555][ T29] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 513.911724][ T29] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 513.914804][ T29] usb 9-1: Product: syz [ 513.915649][ T216] veth1_macvtap: left promiscuous mode [ 513.916293][ T29] usb 9-1: Manufacturer: syz [ 513.920005][ T29] usb 9-1: SerialNumber: syz [ 513.923877][ T216] veth0_macvtap: left promiscuous mode [ 513.926290][ T216] veth1_vlan: left promiscuous mode [ 513.927623][ T29] usb 9-1: config 0 descriptor?? [ 513.928135][ T216] veth0_vlan: left promiscuous mode [ 514.140674][ T29] usb 9-1: USB disconnect, device number 39 [ 514.244304][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 514.276540][ T216] team0 (unregistering): Port device team_slave_1 removed [ 514.287991][ T216] team0 (unregistering): Port device team_slave_0 removed [ 514.405302][ T5937] Bluetooth: hci2: command tx timeout [ 514.606260][T23972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7727'. [ 514.610421][T23972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7727'. [ 514.641912][T23852] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 514.722525][T23852] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 514.728435][T23852] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 514.737860][T23852] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 514.771680][T23852] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 514.787962][T23852] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 514.791106][T23852] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 514.865605][T23852] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 514.869437][ T5644] 8021q: adding VLAN 0 to HW filter on device eth11 [ 514.949430][T23852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.006602][T23852] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.013688][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.016365][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.043991][ T785] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.046944][ T785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.161016][ T5644] 8021q: adding VLAN 0 to HW filter on device eth12 [ 515.294212][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 515.296181][T23852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.428512][ T5644] 8021q: adding VLAN 0 to HW filter on device eth13 [ 515.444323][ T829] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 515.487009][T23852] veth0_vlan: entered promiscuous mode [ 515.493247][T23852] veth1_vlan: entered promiscuous mode [ 515.522737][T23852] veth0_macvtap: entered promiscuous mode [ 515.529749][T23852] veth1_macvtap: entered promiscuous mode [ 515.539761][T23852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 515.550570][T23852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 515.556868][T24041] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 515.563763][ T785] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.570967][ T785] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.575889][ T785] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.579410][ T785] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.632802][ T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.635882][ T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.637683][ T829] usb 6-1: config index 0 descriptor too short (expected 39, got 27) [ 515.643342][ T829] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 515.651771][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 515.688354][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.694636][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.704631][ T829] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 515.707917][ T829] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 515.711276][ T829] usb 6-1: Product: syz [ 515.712636][ T829] usb 6-1: Manufacturer: syz [ 515.730224][ T829] usb 6-1: SerialNumber: syz [ 515.734310][ T829] usb 6-1: config 0 descriptor?? [ 515.738072][ T829] hub 6-1:0.0: bad descriptor, ignoring hub [ 515.740069][ T829] hub 6-1:0.0: probe with driver hub failed with error -5 [ 515.743841][ T829] usb 6-1: selecting invalid altsetting 0 [ 516.117375][T24070] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.7756'. [ 516.136685][T24072] syzkaller1: entered promiscuous mode [ 516.138531][T24072] syzkaller1: entered allmulticast mode [ 516.324493][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 516.484305][ T5937] Bluetooth: hci2: command tx timeout [ 516.560360][T24101] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7769'. [ 516.654302][T24020] usb 6-1: reset high-speed USB device number 50 using dummy_hcd [ 517.269013][ T1024] usb 6-1: USB disconnect, device number 50 [ 517.374204][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 517.729565][T24136] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.7783'. [ 518.203723][T24166] syzkaller1: entered promiscuous mode [ 518.208368][T24166] syzkaller1: entered allmulticast mode [ 518.298543][ T1024] kernel read not supported for file /video37 (pid: 1024 comm: kworker/1:2) [ 518.414185][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 518.564313][ T5937] Bluetooth: hci2: command tx timeout [ 519.444280][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 519.618977][T24234] kvm: user requested TSC rate below hardware speed [ 520.495197][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 520.645265][ T5937] Bluetooth: hci2: command tx timeout [ 520.662002][T24276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7849'. [ 520.668853][T24276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7849'. [ 521.524252][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 521.563243][T24339] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7869'. [ 521.637521][ T24] kernel write not supported for file /sg0 (pid: 24 comm: kworker/2:0) [ 522.564205][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 523.347828][T24428] io-wq is not configured for unbound workers [ 523.614186][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 524.644173][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 524.841116][T24484] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7929'. [ 524.845822][T24484] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7929'. [ 524.901248][T24488] sctp: [Deprecated]: syz.4.7931 (pid 24488) Use of struct sctp_assoc_value in delayed_ack socket option. [ 524.901248][T24488] Use struct sctp_sack_info instead [ 524.910910][T24488] sctp: [Deprecated]: syz.4.7931 (pid 24488) Use of struct sctp_assoc_value in delayed_ack socket option. [ 524.910910][T24488] Use struct sctp_sack_info instead [ 525.684193][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 525.729395][T24542] loop5: detected capacity change from 0 to 7 [ 525.733144][T24542] Dev loop5: unable to read RDB block 7 [ 525.735931][T24542] loop5: unable to read partition table [ 525.738161][T24542] loop5: partition table beyond EOD, truncated [ 525.740290][T24542] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 526.138265][T24572] binder: 24570:24572 ioctl c0306201 0 returned -14 [ 526.596387][T24616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7986'. [ 526.724615][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 526.774851][ T5940] usb 12-1: new high-speed USB device number 2 using dummy_hcd [ 526.797838][ T40] audit: type=1326 audit(1776298181.133:5937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24626 comm="syz.4.7990" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f83fcc code=0x0 [ 526.891348][ T5951] Bluetooth: hci4: sending frame failed (-49) [ 526.897159][ T5937] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 526.924247][ T5940] usb 12-1: Using ep0 maxpacket: 8 [ 526.928012][ T5940] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.932548][ T5940] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.936966][ T5940] usb 12-1: config 0 interface 0 has no altsetting 0 [ 526.939979][ T5940] usb 12-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 526.943589][ T5940] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.949162][ T5940] usb 12-1: config 0 descriptor?? [ 527.067771][T24646] input: syz1 as /devices/virtual/input/input67 [ 527.070051][T24646] input: failed to attach handler leds to device input67, error: -6 [ 527.376753][ T5940] hid_parser_main: 33 callbacks suppressed [ 527.376770][ T5940] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0 [ 527.386297][ T5940] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0 [ 527.389296][ T5940] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0 [ 527.391758][ T5940] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0 [ 527.394346][ T5940] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0 [ 527.397269][ T5940] mcp2221 0003:04D8:00DD.0030: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0 [ 527.572544][T24609] i2c i2c-2: unsupported multi-msg i2c transaction [ 527.579974][ T24] usb 12-1: USB disconnect, device number 2 [ 527.614352][ T29] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 527.634234][T19241] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 527.764279][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 527.764338][ T29] usb 6-1: Using ep0 maxpacket: 8 [ 527.771912][ T29] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.776218][ T29] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 527.779619][ T29] usb 6-1: config 0 interface 0 has no altsetting 0 [ 527.784358][T19241] usb 10-1: Using ep0 maxpacket: 8 [ 527.789002][T19241] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 527.792236][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 527.793801][ T29] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 527.796349][T19241] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 527.799182][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.804297][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 527.804319][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 527.805926][T19241] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 527.811918][ T29] usb 6-1: config 0 descriptor?? [ 527.815971][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 527.815993][T19241] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 527.816007][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 527.816021][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 527.816817][T19241] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 527.841222][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 527.846957][T19241] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 527.850720][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 527.854976][T19241] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 527.861381][T19241] usb 10-1: string descriptor 0 read error: -22 [ 527.863746][T19241] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 527.867125][T19241] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.877837][T19241] adutux 10-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 528.128960][ T54] usb 10-1: USB disconnect, device number 22 [ 528.246057][ T29] mcp2221 0003:04D8:00DD.0031: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 528.363890][T24700] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8016'. [ 528.439777][ T29] usb 6-1: USB disconnect, device number 51 [ 528.804274][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 529.317735][T24751] kvm: user requested TSC rate below hardware speed [ 529.541764][T24773] input: syz0 as /devices/virtual/input/input68 [ 529.844523][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 530.317151][T24825] netlink: 156 bytes leftover after parsing attributes in process `syz.7.8069'. [ 530.581948][T24847] netlink: 'syz.7.8082': attribute type 10 has an invalid length. [ 530.615890][T19215] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 530.629198][T24847] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 530.688511][T24854] loop2: detected capacity change from 0 to 7 [ 530.692623][T24854] Dev loop2: unable to read RDB block 7 [ 530.695766][T24854] loop2: unable to read partition table [ 530.698087][T24854] loop2: partition table beyond EOD, truncated [ 530.700477][T24854] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 530.805382][T19215] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 530.884214][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 530.994279][ T5940] usb 9-1: new high-speed USB device number 40 using dummy_hcd [ 531.145921][ T5940] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 531.149849][ T5940] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 531.153080][ T5940] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 531.158693][ T5940] usb 9-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 531.161854][ T5940] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.165013][ T5940] usb 9-1: Product: syz [ 531.166400][ T5940] usb 9-1: Manufacturer: syz [ 531.167879][ T5940] usb 9-1: SerialNumber: syz [ 531.172107][ T5940] usb 9-1: config 0 descriptor?? [ 531.379668][ T5940] adutux 9-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 531.404281][ T29] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 531.554356][ T29] usb 12-1: Using ep0 maxpacket: 32 [ 531.557871][ T29] usb 12-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 531.561289][ T29] usb 12-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 531.565175][ T29] usb 12-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 531.569198][ T29] usb 12-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 531.575995][ T29] usb 12-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 531.579463][ T29] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.581895][ T1323] usb 9-1: USB disconnect, device number 40 [ 531.582563][ T29] usb 12-1: Product: syz [ 531.582576][ T29] usb 12-1: Manufacturer: syz [ 531.582586][ T29] usb 12-1: SerialNumber: syz [ 531.594332][ C1] imon 12-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 531.626237][ T29] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/input/input69 [ 531.814178][ T29] imon 12-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 531.816999][ T29] (id 0x00) [ 531.884283][ T29] rc_core: IR keymap rc-imon-pad not found [ 531.886308][ T29] Registered IR keymap rc-empty [ 531.887924][ T29] imon 12-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 531.891193][ T29] imon 12-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 531.924269][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 532.031337][ T29] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/rc/rc0 [ 532.036617][ T29] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:155.0/rc/rc0/input70 [ 532.042584][ T29] imon 12-1:155.0: iMON device (15c2:ffdc, intf0) on usb<12:3> initialized [ 532.199023][T24880] imon:vfd_write: invalid payload size [ 532.211749][T20864] usb 12-1: USB disconnect, device number 3 [ 532.434430][T19241] usb 9-1: new high-speed USB device number 41 using dummy_hcd [ 532.585219][T19241] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 532.588937][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.591841][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.595995][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.599311][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.602424][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.606153][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.609348][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.612329][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.615809][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.618858][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.622130][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.627059][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.630025][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.633088][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.636631][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.639570][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.642515][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.646859][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.649937][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.652994][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.657408][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.661212][T19241] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 532.665335][T19241] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 532.669707][T19241] usb 9-1: config 0 interface 0 has no altsetting 0 [ 532.674939][T19241] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 532.678863][T19241] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 532.682295][T19241] usb 9-1: Product: syz [ 532.684056][T19241] usb 9-1: Manufacturer: syz [ 532.686781][T19241] usb 9-1: SerialNumber: syz [ 532.692001][T19241] usb 9-1: config 0 descriptor?? [ 532.703456][T19241] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0 [ 532.836566][T24913] syzkaller1: entered promiscuous mode [ 532.838507][T24913] syzkaller1: entered allmulticast mode [ 532.964314][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 533.953678][T24950] netlink: 'syz.7.8127': attribute type 5 has an invalid length. [ 533.956705][T24950] netlink: 3657 bytes leftover after parsing attributes in process `syz.7.8127'. [ 534.014209][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 534.082722][T24954] serio: Serial port ptm0 [ 534.357198][T24963] pim6reg: entered allmulticast mode [ 534.361115][T24963] pim6reg: left allmulticast mode [ 534.512526][T24971] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.8137'. [ 534.714371][ T29] usb 12-1: new high-speed USB device number 4 using dummy_hcd [ 534.864312][ T29] usb 12-1: Using ep0 maxpacket: 8 [ 534.868754][ T29] usb 12-1: config index 0 descriptor too short (expected 301, got 45) [ 534.872513][ T29] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 534.877425][ T1024] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 534.881007][ T29] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 534.885526][ T29] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 534.890431][ T29] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.895992][ T29] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 534.900144][ T29] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.965897][ C0] usb 9-1: yurex_control_callback - control failed: -2 [ 534.970731][ T1323] usb 9-1: USB disconnect, device number 41 [ 534.982522][ T1323] yurex 9-1:0.0: USB YUREX #0 now disconnected [ 535.054268][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 535.064264][ T1024] usb 10-1: Using ep0 maxpacket: 8 [ 535.067792][ T1024] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.070976][ T1024] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.074318][ T1024] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.077707][ T1024] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.082041][ T1024] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 535.085372][ T1024] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.115916][ T29] usb 12-1: usb_control_msg returned -32 [ 535.117811][ T29] usbtmc 12-1:16.0: can't read capabilities [ 535.297306][ T1024] usb 10-1: GET_CAPABILITIES returned 0 [ 535.299222][ T1024] usbtmc 10-1:16.0: can't read capabilities [ 535.474005][T24978] usbtmc 12-1:16.0: INDICATOR_PULSE returned 0 [ 535.503395][ C1] usbtmc 12-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 535.511414][ T1323] usb 10-1: USB disconnect, device number 23 [ 535.677239][ T5940] usb 12-1: USB disconnect, device number 4 [ 536.064398][ T1323] usb 9-1: new full-speed USB device number 42 using dummy_hcd [ 536.094202][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 536.215922][ T1323] usb 9-1: config 0 has an invalid interface number: 8 but max is 0 [ 536.218540][ T1323] usb 9-1: config 0 has no interface number 0 [ 536.220482][ T1323] usb 9-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 536.224230][ T1323] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 536.227908][ T1323] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 536.232203][ T1323] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 536.235426][ T1323] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 536.237984][ T1323] usb 9-1: Product: syz [ 536.239317][ T1323] usb 9-1: SerialNumber: syz [ 536.242940][ T1323] usb 9-1: config 0 descriptor?? [ 536.247157][ T1323] cm109 9-1:0.8: invalid payload size 0, expected 4 [ 536.250363][ T1323] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.8/input/input71 [ 536.334228][ T1024] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 536.448985][ C2] cm109 9-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 536.485723][ T1024] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 536.489320][ T1024] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 536.492406][ T1024] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 536.497066][ T1024] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 536.499950][ T1024] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.503869][ T1024] usb 10-1: config 0 descriptor?? [ 536.657475][T25003] TCP: TCP_TX_DELAY enabled [ 536.681344][ C2] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.683293][ T5940] usb 9-1: USB disconnect, device number 42 [ 536.683592][ C2] cm109 9-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 536.704215][ T5940] cm109 9-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 536.747870][T25008] hugetlbfs: syz.7.8153 (25008): Using mlock ulimits for SHM_HUGETLB is obsolete [ 536.921948][ T1024] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 537.054284][ T29] usb 12-1: new high-speed USB device number 5 using dummy_hcd [ 537.124266][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 537.189632][ T5940] usb 10-1: USB disconnect, device number 24 [ 537.205987][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 537.214597][ T5937] Bluetooth: hci2: Malformed LE Event: 0x0d [ 537.215536][ T29] usb 12-1: unable to get BOS descriptor or descriptor too short [ 537.224229][ T29] usb 12-1: unable to read config index 0 descriptor/start: -71 [ 537.227557][ T29] usb 12-1: can't read configurations, error -71 [ 537.230047][T25013] misc userio: Begin command sent, but we're already running [ 537.507602][T25015] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8156'. [ 537.521821][T25015] bond3: Invalid ad_actor_system MAC address. [ 537.523918][T25015] bond3: option ad_actor_system: invalid value (281419142266867) [ 537.527856][T25015] bond3 (unregistering): Released all slaves [ 537.764445][T25026] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8160'. [ 537.999327][T25042] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8169'. [ 538.164235][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 538.209865][T25060] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.8177'. [ 538.919290][ T1149] Bluetooth: (null): Invalid header checksum [ 538.934428][ T1323] usb 9-1: new high-speed USB device number 43 using dummy_hcd [ 539.094241][ T1323] usb 9-1: Using ep0 maxpacket: 32 [ 539.098092][ T1323] usb 9-1: unable to get BOS descriptor or descriptor too short [ 539.101946][ T1323] usb 9-1: config 8 has an invalid interface number: 188 but max is 0 [ 539.105591][ T1323] usb 9-1: config 8 has no interface number 0 [ 539.107703][ T1323] usb 9-1: config 8 interface 188 has no altsetting 0 [ 539.112266][ T1323] usb 9-1: string descriptor 0 read error: -22 [ 539.114587][ T1323] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 539.117486][ T1323] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.124241][ T1323] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 539.126948][ T1323] dw2102: su3000_power_ctrl: 1, initialized 0 [ 539.128895][ T1323] dvb-usb: bulk message failed: -22 (2/0) [ 539.140660][ T1323] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 539.144728][ T1323] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 539.147393][ T1323] usb 9-1: media controller created [ 539.149113][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.150929][ T1323] dw2102: i2c transfer failed. [ 539.152471][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.161590][ T1323] dw2102: i2c transfer failed. [ 539.163169][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.165970][ T1323] dw2102: i2c transfer failed. [ 539.167944][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.170018][ T1323] dw2102: i2c transfer failed. [ 539.171826][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.174392][ T1323] dw2102: i2c transfer failed. [ 539.176139][ T1323] dvb-usb: bulk message failed: -22 (6/0) [ 539.178262][ T1323] dw2102: i2c transfer failed. [ 539.180199][ T1323] dvb-usb: MAC address: 02:02:02:02:02:02 [ 539.189787][ T1323] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 539.204230][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 539.210415][ T1323] dvb-usb: bulk message failed: -22 (3/0) [ 539.212743][ T1323] dw2102: command 0x0e transfer failed. [ 539.215261][ T1323] dvb-usb: bulk message failed: -22 (3/0) [ 539.217106][ T1323] dw2102: command 0x0e transfer failed. [ 539.537615][ T1323] dvb-usb: bulk message failed: -22 (3/0) [ 539.539450][ T1323] dw2102: command 0x0e transfer failed. [ 539.541661][ T1323] dvb-usb: bulk message failed: -22 (3/0) [ 539.543551][ T1323] dw2102: command 0x0e transfer failed. [ 539.545540][ T1323] dvb-usb: bulk message failed: -22 (1/0) [ 539.547398][ T1323] dw2102: command 0x51 transfer failed. [ 539.568232][ T1323] DVB: Unable to find symbol ds3000_attach() [ 539.570224][ T1323] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3' [ 539.614272][ T1323] rc_core: IR keymap rc-su3000 not found [ 539.616159][ T1323] Registered IR keymap rc-empty [ 539.620354][ T1323] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.4/usb9/9-1/rc/rc0 [ 539.627916][ T1323] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.4/usb9/9-1/rc/rc0/input73 [ 539.644366][ T1323] dvb-usb: schedule remote query interval to 150 msecs. [ 539.649279][ T1323] dw2102: su3000_power_ctrl: 0, initialized 1 [ 539.651280][ T1323] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected. [ 539.663840][ T1323] usb 9-1: USB disconnect, device number 43 [ 539.703000][ T1323] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully deinitialized and disconnected. [ 540.246746][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 540.498225][ T5951] Bluetooth: hci4: command 0x1003 tx timeout [ 540.500970][ T5937] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 540.694469][ T54] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 540.844919][ T54] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 540.848653][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.851641][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.855571][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.858934][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.862179][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.866850][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.872045][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.876293][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.881111][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.885374][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.889469][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.894345][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.898331][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.901290][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.904929][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.908135][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.911119][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.915179][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.920932][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.928496][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.932312][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.936359][ T54] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 540.939252][ T54] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 540.944228][ T54] usb 6-1: config 0 interface 0 has no altsetting 0 [ 540.950500][ T54] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 540.954781][ T54] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 540.959846][ T54] usb 6-1: Product: syz [ 540.961313][ T54] usb 6-1: Manufacturer: syz [ 540.962995][ T54] usb 6-1: SerialNumber: syz [ 540.971248][ T54] usb 6-1: config 0 descriptor?? [ 540.981757][ T54] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 541.284191][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 541.645429][T25176] input: syz1 as /devices/virtual/input/input74 [ 541.765767][ T40] audit: type=1326 audit(1776298196.103:5938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25181 comm="syz.7.8235" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa2fcc code=0x0 [ 542.324185][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 543.204370][ C3] usb 6-1: yurex_control_callback - control failed: -2 [ 543.209381][ T1024] usb 6-1: USB disconnect, device number 52 [ 543.213212][ T1024] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 543.365218][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 544.244359][ T1024] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 544.396018][ T1024] usb 10-1: too many configurations: 9, using maximum allowed: 8 [ 544.399522][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.402673][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.404283][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 544.406534][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.411900][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.416188][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.419965][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.422903][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.425944][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.429404][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.432503][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.443280][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.446979][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.450628][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.454170][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.458645][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.465794][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.469568][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.473988][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.481876][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.485130][ T1323] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 544.489943][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.493639][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.498526][ T1024] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 544.501634][ T1024] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 544.505288][ T1024] usb 10-1: config 0 interface 0 has no altsetting 0 [ 544.508981][ T1024] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 544.512029][ T1024] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 544.514914][ T1024] usb 10-1: Product: syz [ 544.516270][ T1024] usb 10-1: Manufacturer: syz [ 544.517839][ T1024] usb 10-1: SerialNumber: syz [ 544.523182][ T1024] usb 10-1: config 0 descriptor?? [ 544.529838][ T1024] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0 [ 544.570842][T25246] sctp: [Deprecated]: syz.1.8253 (pid 25246) Use of struct sctp_assoc_value in delayed_ack socket option. [ 544.570842][T25246] Use struct sctp_sack_info instead [ 544.577600][T25246] sctp: [Deprecated]: syz.1.8253 (pid 25246) Use of struct sctp_assoc_value in delayed_ack socket option. [ 544.577600][T25246] Use struct sctp_sack_info instead [ 545.444403][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 546.484191][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 546.804592][ C1] usb 10-1: yurex_control_callback - control failed: -2 [ 546.811641][ T54] usb 10-1: USB disconnect, device number 25 [ 546.817353][ T54] yurex 10-1:0.0: USB YUREX #0 now disconnected [ 547.524233][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 548.564236][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 549.614195][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 550.644379][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 551.684215][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 552.734521][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 553.764280][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 554.656209][T25303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8265'. [ 554.657100][T25304] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8262'. [ 554.684710][T25304] vxlan0: entered promiscuous mode [ 554.690398][ T12] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 554.693251][ T12] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 554.696249][ T12] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 554.699431][ T12] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 554.804190][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 555.374215][ T6003] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 555.524274][ T6003] usb 10-1: Using ep0 maxpacket: 8 [ 555.530018][ T6003] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 555.534567][ T6003] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.537813][ T6003] usb 10-1: Product: syz [ 555.539374][ T6003] usb 10-1: Manufacturer: syz [ 555.541139][ T6003] usb 10-1: SerialNumber: syz [ 555.545746][ T6003] usb 10-1: config 0 descriptor?? [ 555.756612][ T6003] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 555.771458][ T6003] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 555.776976][ T6003] usb 10-1: USB disconnect, device number 26 [ 555.854162][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 555.889628][T25358] input: syz0 as /devices/virtual/input/input75 [ 556.118086][T25368] input: syz0 as /devices/virtual/input/input76 [ 556.148093][ T54] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 556.306057][ T54] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 556.310872][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 556.317540][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 556.322231][ T54] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 556.328908][ T54] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 556.332814][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.339214][ T54] usb 6-1: config 0 descriptor?? [ 556.348914][T25360] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 556.434647][T19241] usb 9-1: new high-speed USB device number 44 using dummy_hcd [ 556.545720][ T5940] usb 10-1: new high-speed USB device number 27 using dummy_hcd [ 556.586354][T19241] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 556.593713][T19241] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 556.597139][T19241] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 556.599688][T19241] usb 9-1: Product: syz [ 556.601159][T19241] usb 9-1: Manufacturer: syz [ 556.603105][T19241] usb 9-1: SerialNumber: syz [ 556.724240][ T5940] usb 10-1: Using ep0 maxpacket: 32 [ 556.728173][ T5940] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.732403][ T5940] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 556.736443][ T5940] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 556.739408][ T5940] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.745031][ T5940] usb 10-1: config 0 descriptor?? [ 556.767092][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.772259][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.774810][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.777172][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.779562][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.782067][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.785968][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.788889][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.791362][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.793841][ T54] plantronics 0003:047F:FFFF.0033: unknown main item tag 0x0 [ 556.803191][ T54] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 556.816618][T19241] usblp 9-1:1.0: usblp1: USB Unidirectional printer dev 44 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 556.894196][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 557.028531][ T54] usb 9-1: USB disconnect, device number 44 [ 557.029133][ T24] usb 6-1: USB disconnect, device number 53 [ 557.047531][ T54] usblp1: removed [ 557.189911][ T5940] savu 0003:1E7D:2D5A.0034: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 557.446803][ T54] usb 10-1: USB disconnect, device number 27 [ 557.706843][T25418] warn_alloc: 6 callbacks suppressed [ 557.706859][T25418] syz.4.8313: vmalloc error: size 2147479872, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 557.714677][T25418] CPU: 0 UID: 0 PID: 25418 Comm: syz.4.8313 Tainted: G L syzkaller #0 PREEMPT(full) [ 557.714701][T25418] Tainted: [L]=SOFTLOCKUP [ 557.714706][T25418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 557.714717][T25418] Call Trace: [ 557.714724][T25418] [ 557.714730][T25418] dump_stack_lvl+0x100/0x190 [ 557.714760][T25418] warn_alloc.cold+0x95/0x1c1 [ 557.714776][T25418] ? __pfx_warn_alloc+0x10/0x10 [ 557.714800][T25418] ? __lock_acquire+0x4a5/0x2630 [ 557.714819][T25418] ? __lock_acquire+0x4a5/0x2630 [ 557.714840][T25418] __vmalloc_node_range_noprof+0x136c/0x1630 [ 557.714853][T25418] ? reacquire_held_locks+0xce/0x1e0 [ 557.714871][T25418] ? release_sock+0x21/0x280 [ 557.714892][T25418] ? do_raw_spin_lock+0x128/0x260 [ 557.714906][T25418] ? netlink_alloc_large_skb+0x9b/0x150 [ 557.714920][T25418] ? alloc_pages_mpol+0x25a/0x540 [ 557.714941][T25418] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 557.714957][T25418] ? rcu_is_watching+0x12/0xc0 [ 557.714973][T25418] __kvmalloc_node_noprof+0x3de/0xa00 [ 557.714991][T25418] ? netlink_alloc_large_skb+0x9b/0x150 [ 557.715004][T25418] ? netlink_alloc_large_skb+0x9b/0x150 [ 557.715019][T25418] netlink_alloc_large_skb+0x9b/0x150 [ 557.715031][T25418] netlink_sendmsg+0x680/0xda0 [ 557.715045][T25418] ? __pfx_netlink_sendmsg+0x10/0x10 [ 557.715058][T25418] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 557.715083][T25418] sock_write_iter+0x524/0x5a0 [ 557.715096][T25418] ? __pfx_netlink_sendmsg+0x10/0x10 [ 557.715107][T25418] ? __pfx_sock_write_iter+0x10/0x10 [ 557.715131][T25418] ? bpf_lsm_file_permission+0x9/0x10 [ 557.715151][T25418] ? security_file_permission+0x76/0x210 [ 557.715168][T25418] ? rw_verify_area+0xce/0x6d0 [ 557.715188][T25418] vfs_write+0x6ac/0x1070 [ 557.715206][T25418] ? __pfx_sock_write_iter+0x10/0x10 [ 557.715220][T25418] ? __pfx_vfs_write+0x10/0x10 [ 557.715238][T25418] ? find_held_lock+0x2b/0x80 [ 557.715263][T25418] ksys_write+0x1f8/0x250 [ 557.715283][T25418] ? __pfx_ksys_write+0x10/0x10 [ 557.715301][T25418] ? rcu_is_watching+0x12/0xc0 [ 557.715315][T25418] __do_fast_syscall_32+0xe7/0x950 [ 557.715333][T25418] do_fast_syscall_32+0x32/0x70 [ 557.715348][T25418] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 557.715364][T25418] RIP: 0023:0xf7f83fcc [ 557.715376][T25418] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 557.715390][T25418] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 557.715408][T25418] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280 [ 557.715418][T25418] RDX: 00000000ffffff03 RSI: 0000000000000000 RDI: 0000000000000000 [ 557.715427][T25418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 557.715437][T25418] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 557.715447][T25418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 557.715471][T25418] [ 557.715479][T25418] Mem-Info: [ 557.831782][T25418] active_anon:6733 inactive_anon:3495 isolated_anon:0 [ 557.831782][T25418] active_file:3549 inactive_file:16968 isolated_file:0 [ 557.831782][T25418] unevictable:1768 dirty:414 writeback:0 [ 557.831782][T25418] slab_reclaimable:6642 slab_unreclaimable:67753 [ 557.831782][T25418] mapped:23132 shmem:8636 pagetables:1750 [ 557.831782][T25418] sec_pagetables:314 bounce:0 [ 557.831782][T25418] kernel_misc_reclaimable:0 [ 557.831782][T25418] free:47734 free_pcp:10466 free_cma:0 [ 557.849666][T25418] Node 0 active_anon:0kB inactive_anon:88kB active_file:16kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8064kB pagetables:1260kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 557.860444][T25418] Node 1 active_anon:27432kB inactive_anon:13892kB active_file:14180kB inactive_file:67872kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:92504kB dirty:1648kB writeback:0kB shmem:31408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6636kB pagetables:5740kB sec_pagetables:100kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 557.873152][T25418] Node 0 DMA free:2728kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:8kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 557.883368][T25418] lowmem_reserve[]: 0 284 284 284 284 [ 557.885494][T25418] Node 0 DMA32 free:32672kB boost:16384kB min:29440kB low:32704kB high:35968kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:88kB active_file:12kB inactive_file:0kB unevictable:3536kB writepending:8kB zspages:800kB present:1032196kB managed:291320kB mlocked:0kB bounce:0kB free_pcp:1164kB local_pcp:296kB free_cma:0kB [ 557.897148][T25418] lowmem_reserve[]: 0 0 0 0 0 [ 557.899083][T25418] Node 1 DMA32 free:155536kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27432kB inactive_anon:13892kB active_file:14180kB inactive_file:67872kB unevictable:3536kB writepending:1648kB zspages:4844kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:40928kB local_pcp:14164kB free_cma:0kB [ 557.911287][T25418] lowmem_reserve[]: 0 0 0 0 0 [ 557.913079][T25418] Node 0 DMA: 78*4kB (U) 34*8kB (U) 16*16kB (U) 7*32kB (U) 2*64kB (U) 2*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2728kB [ 557.918114][T25418] Node 0 DMA32: 1070*4kB (UME) 573*8kB (UME) 306*16kB (UM) 213*32kB (UME) 77*64kB (UME) 34*128kB (UME) 9*256kB (UME) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 32672kB [ 557.923348][T25418] Node 1 DMA32: 5194*4kB (UM) 4488*8kB (UME) 3206*16kB (UME) 2*32kB (ME) 38*64kB (UM) 66*128kB (ME) 47*256kB (UM) 28*512kB (M) 12*1024kB (UM) 1*2048kB (M) 0*4096kB = 159624kB [ 557.929992][T25418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.933335][T25418] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 557.934182][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 557.937470][T25418] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.943726][T25418] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 557.947746][T25418] 26686 total pagecache pages [ 557.949726][T25418] 1211 pages in swap cache [ 557.951513][T25418] Free swap = 101296kB [ 557.953276][T25418] Total swap = 124996kB [ 557.955159][T25418] 524155 pages RAM [ 557.956776][T25418] 0 pages HighMem/MovableOnly [ 557.958718][T25418] 210432 pages reserved [ 557.960388][T25418] 0 pages cma reserved [ 558.068171][T25430] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8318'. [ 558.081720][T25430] ip6gre1: entered promiscuous mode [ 558.083725][T25430] ip6gre1: entered allmulticast mode [ 558.135468][T25437] bridge1: entered promiscuous mode [ 558.137678][T25437] bridge1: entered allmulticast mode [ 558.144529][T25437] team0: Port device bridge1 added [ 558.156108][T25437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8321'. [ 558.565357][T25460] netlink: 40 bytes leftover after parsing attributes in process `syz.7.8331'. [ 558.601642][T25463] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8332'. [ 558.754305][ T6003] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 558.914352][ T6003] usb 6-1: Using ep0 maxpacket: 8 [ 558.917916][ T6003] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 558.920792][ T6003] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 558.924170][ T6003] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 558.927542][ T6003] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 558.931063][ T6003] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 558.936015][ T6003] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 558.939073][ T6003] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.964260][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 559.162658][ T6003] usb 6-1: usb_control_msg returned -32 [ 559.164676][ T6003] usbtmc 6-1:16.0: can't read capabilities [ 559.189408][T25490] netlink: 'syz.7.8345': attribute type 1 has an invalid length. [ 559.207540][T25490] 8021q: adding VLAN 0 to HW filter on device bond1 [ 559.240112][T25490] bond1: (slave geneve2): making interface the new active one [ 559.243851][T25490] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 559.487537][T25500] netlink: 'syz.4.8349': attribute type 5 has an invalid length. [ 559.490805][T25500] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.8349'. [ 559.695705][T25515] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8355'. [ 559.698569][T25515] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8355'. [ 559.804309][T20864] usb 10-1: new full-speed USB device number 28 using dummy_hcd [ 559.869894][T25522] usbtmc 6-1:16.0: usb_clear_halt returned -32 [ 559.955962][T20864] usb 10-1: config 0 has an invalid interface number: 8 but max is 0 [ 559.958612][T20864] usb 10-1: config 0 has no interface number 0 [ 559.960580][T20864] usb 10-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 559.964640][T20864] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 559.968187][T20864] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 559.972531][T20864] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 559.976008][T20864] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 559.978636][T20864] usb 10-1: Product: syz [ 559.980093][T20864] usb 10-1: SerialNumber: syz [ 559.982977][T20864] usb 10-1: config 0 descriptor?? [ 559.987574][T20864] cm109 10-1:0.8: invalid payload size 0, expected 4 [ 559.990877][T20864] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input77 [ 560.004250][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 560.072432][ T6003] usb 6-1: USB disconnect, device number 54 [ 560.198030][ C0] cm109 10-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 560.442061][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 560.449814][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 560.451363][ T24] usb 10-1: USB disconnect, device number 28 [ 560.452767][ C3] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 560.466006][ T24] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 560.621291][T25528] netlink: 'syz.1.8359': attribute type 5 has an invalid length. [ 560.623839][T25528] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.8359'. [ 560.854841][T20864] usb 9-1: new high-speed USB device number 45 using dummy_hcd [ 560.914348][T25538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8367'. [ 560.919200][T25538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8367'. [ 560.924306][T25538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8367'. [ 560.998441][T25542] netlink: 'syz.5.8369': attribute type 1 has an invalid length. [ 561.016884][T25542] bond2: entered promiscuous mode [ 561.018929][T25542] 8021q: adding VLAN 0 to HW filter on device bond2 [ 561.028421][T20864] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 561.036553][T20864] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 561.040171][T20864] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 561.046013][T25542] bond2: (slave bridge1): making interface the new active one [ 561.046254][T20864] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 561.048777][T25542] bridge1: entered promiscuous mode [ 561.051371][T20864] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.052696][T20864] usb 9-1: config 0 descriptor?? [ 561.054295][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 561.060197][T25542] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 561.074219][ T6003] usb 12-1: new high-speed USB device number 7 using dummy_hcd [ 561.172036][T25553] "syz.5.8372" (25553) uses obsolete ecb(arc4) skcipher [ 561.224228][ T6003] usb 12-1: Using ep0 maxpacket: 8 [ 561.228231][ T6003] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 561.230774][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 561.234950][ T6003] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 561.239468][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 561.243131][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 561.249052][ T6003] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 561.251564][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 561.255232][ T6003] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 561.259617][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 561.263777][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 561.268503][ T6003] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 561.270930][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 561.274623][ T6003] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 561.279203][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 561.283595][ T6003] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 561.291658][ T6003] usb 12-1: string descriptor 0 read error: -22 [ 561.294735][ T6003] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 561.298490][ T6003] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.307235][ T6003] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 561.470081][T20864] plantronics 0003:047F:FFFF.0035: reserved main item tag 0xd [ 561.479651][T20864] plantronics 0003:047F:FFFF.0035: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 561.572455][ T6003] usb 12-1: USB disconnect, device number 7 [ 561.668944][T20864] usb 9-1: USB disconnect, device number 45 [ 562.084790][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 562.288949][T25577] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8380'. [ 562.331758][T25579] netlink: 'syz.4.8381': attribute type 1 has an invalid length. [ 562.346156][T25579] bond3: entered promiscuous mode [ 562.348044][T25579] 8021q: adding VLAN 0 to HW filter on device bond3 [ 562.380800][T25579] bond3: (slave bridge1): making interface the new active one [ 562.383272][T25579] bridge1: entered promiscuous mode [ 562.386083][T25579] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 563.124179][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 564.114270][ T29] usb 6-1: new full-speed USB device number 55 using dummy_hcd [ 564.174247][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 564.214759][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 564.286651][ T29] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 564.289427][ T29] usb 6-1: config 0 has no interface number 0 [ 564.298808][ T29] usb 6-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 564.303812][ T29] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 564.310022][ T29] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 564.316230][ T29] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 564.319118][ T29] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 564.321776][ T29] usb 6-1: Product: syz [ 564.323374][ T29] usb 6-1: SerialNumber: syz [ 564.328251][ T29] usb 6-1: config 0 descriptor?? [ 564.346604][ T29] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 564.357033][ T29] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input79 [ 564.547075][ C1] cm109 6-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 564.804679][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 564.807207][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 564.809605][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 564.811908][ T24] usb 6-1: USB disconnect, device number 55 [ 564.813902][ C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 564.813917][ C2] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 564.831381][ T24] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 565.214179][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 565.457518][T25699] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8424'. [ 565.461745][T25699] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8424'. [ 566.244221][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 567.284282][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 568.334223][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 569.364215][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 570.414255][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 571.444273][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 572.494239][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 573.524281][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 574.564258][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 574.645840][T25723] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 574.700072][T25731] netlink: 212328 bytes leftover after parsing attributes in process `syz.7.8435'. [ 574.703233][T25731] netlink: Conntrack attr has 4 unknown bytes [ 574.727695][T25734] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 574.730159][T25734] syzkaller1: Refused to change device type [ 574.949096][T16863] libceph: connect (1)[c::]:6789 error -101 [ 574.955522][T16863] libceph: mon0 (1)[c::]:6789 connect error [ 575.018599][ T10] usb 12-1: new high-speed USB device number 8 using dummy_hcd [ 575.042265][T25752] ceph: No mds server is up or the cluster is laggy [ 575.174722][ T10] usb 12-1: Using ep0 maxpacket: 32 [ 575.179316][ T10] usb 12-1: config index 0 descriptor too short (expected 29220, got 36) [ 575.183487][ T10] usb 12-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 575.187965][ T10] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 575.191763][ T10] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 575.196119][ T10] usb 12-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 575.200067][ T10] usb 12-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 575.206556][ T10] usb 12-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 575.210444][ T10] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.216533][ T10] usb 12-1: config 0 descriptor?? [ 575.362923][T25774] netlink: 1363 bytes leftover after parsing attributes in process `syz.4.8449'. [ 575.429581][ T10] usblp 12-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 575.569713][ T13] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.604313][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 575.658639][ T10] usb 12-1: USB disconnect, device number 8 [ 575.667178][ T10] usblp0: removed [ 575.685871][ T13] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.764024][ T13] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.875962][ T13] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.911140][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 575.931106][ T5951] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 575.943172][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 575.947216][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 575.953696][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 576.485862][T19241] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 576.589452][ T13] bond2 (unregistering): (slave bridge1): Releasing backup interface [ 576.593093][ T13] bridge1 (unregistering): left promiscuous mode [ 576.644916][ C3] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 576.646954][T19241] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 576.651749][T19241] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.657159][T19241] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.661683][T19241] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 576.664875][ T13] bond0 (unregistering): Released all slaves [ 576.667486][T19241] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 576.674959][T19241] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.675293][ T13] bond1 (unregistering): Released all slaves [ 576.681101][T19241] usb 6-1: config 0 descriptor?? [ 576.693270][ T13] bond2 (unregistering): Released all slaves [ 576.794534][T25786] chnl_net:caif_netlink_parms(): no params data found [ 576.896679][ T13] tipc: Disabling bearer [ 576.898670][ T13] tipc: Left network mode [ 576.925755][T25786] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.928519][T25786] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.935867][T25786] bridge_slave_0: entered allmulticast mode [ 576.941321][T25786] bridge_slave_0: entered promiscuous mode [ 576.951049][T25786] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.957362][T25786] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.960830][T25786] bridge_slave_1: entered allmulticast mode [ 576.963895][T25786] bridge_slave_1: entered promiscuous mode [ 576.981580][T25786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.987163][T25786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.006840][T25786] team0: Port device team_slave_0 added [ 577.010280][T25786] team0: Port device team_slave_1 added [ 577.035053][T25786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 577.037825][T25786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 577.050408][T25786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.058366][T25786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 577.060682][T25786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 577.069130][T25786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 577.095023][T25786] hsr_slave_0: entered promiscuous mode [ 577.097450][T25786] hsr_slave_1: entered promiscuous mode [ 577.099879][T25786] debugfs: 'hsr0' already exists in 'hsr' [ 577.102017][T25786] Cannot create hsr debugfs directory [ 577.152747][ T13] IPVS: stopping backup sync thread 20831 ... [ 577.169391][T19241] plantronics 0003:047F:FFFF.0036: reserved main item tag 0xd [ 577.183840][ T5644] 8021q: adding VLAN 0 to HW filter on device eth14 [ 577.185542][T19241] plantronics 0003:047F:FFFF.0036: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 577.431817][T19241] usb 6-1: USB disconnect, device number 56 [ 577.577293][ T13] hsr_slave_0: left promiscuous mode [ 577.580995][ T13] hsr_slave_1: left promiscuous mode [ 577.585340][ T13] veth1_macvtap: left promiscuous mode [ 577.587296][ T13] veth0_macvtap: left promiscuous mode [ 577.593665][ T13] veth1_vlan: left promiscuous mode [ 577.596224][ T13] veth0_vlan: left promiscuous mode [ 577.911955][ T5644] 8021q: adding VLAN 0 to HW filter on device eth15 [ 577.921762][T25786] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 577.928479][T25786] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 577.932684][T25786] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 577.948127][T25786] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 577.954471][T25786] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 577.962253][T25786] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 577.975598][T25786] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 577.995202][T25786] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 578.094985][ T5937] Bluetooth: hci1: command tx timeout [ 578.153896][T25786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.170841][T25786] 8021q: adding VLAN 0 to HW filter on device team0 [ 578.185891][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.188994][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 578.203422][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.206635][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 578.348996][ T5644] 8021q: adding VLAN 0 to HW filter on device eth16 [ 578.432995][ T13] IPVS: stop unused estimator thread 0... [ 578.447557][T25786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 578.543025][T25843] overlayfs: statfs failed on './file0' [ 578.552060][T25896] netlink: 'syz.7.8483': attribute type 8 has an invalid length. [ 578.557237][T25896] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8483'. [ 578.564215][T25896] bond0: entered promiscuous mode [ 578.567470][T25896] bond_slave_0: entered promiscuous mode [ 578.572033][T25896] bond_slave_1: entered promiscuous mode [ 578.575730][T25896] mac80211_hwsim hwsim28 wlan1: entered promiscuous mode [ 578.593420][T25896] gretap0: entered promiscuous mode [ 578.597224][T25896] bridge0: entered promiscuous mode [ 578.605211][T25896] hsr1: entered promiscuous mode [ 578.613889][ T5644] 8021q: adding VLAN 0 to HW filter on device eth17 [ 578.705890][T25786] veth0_vlan: entered promiscuous mode [ 578.716926][T25786] veth1_vlan: entered promiscuous mode [ 578.744614][T25786] veth0_macvtap: entered promiscuous mode [ 578.752675][T25786] veth1_macvtap: entered promiscuous mode [ 578.764221][T25786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.787031][T25913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8488'. [ 578.788739][T25786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.838272][T25913] vxlan3: entered promiscuous mode [ 578.874425][ T1149] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.878416][ T1149] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.888211][ T1149] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.891746][ T1149] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.110337][ T785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.126748][ T785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.154746][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.159360][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.406878][T25938] netlink: 9 bytes leftover after parsing attributes in process `syz.1.8496'. [ 579.410877][T25938] gretap0: entered promiscuous mode [ 579.417106][T25938] netlink: 5 bytes leftover after parsing attributes in process `syz.1.8496'. [ 579.421206][T25938] 0ªî{X¹¦: renamed from gretap0 [ 579.425154][T25938] 0ªî{X¹¦: left promiscuous mode [ 579.427540][T25938] 0ªî{X¹¦: entered allmulticast mode [ 579.433995][T25938] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 579.586262][T20212] usb 13-1: new high-speed USB device number 2 using dummy_hcd [ 579.753418][T20212] usb 13-1: Using ep0 maxpacket: 8 [ 579.757622][T20212] usb 13-1: config 162 has an invalid interface number: 84 but max is 2 [ 579.761095][T20212] usb 13-1: config 162 has an invalid descriptor of length 0, skipping remainder of the config [ 579.764781][T20212] usb 13-1: config 162 has 1 interface, different from the descriptor's value: 3 [ 579.768611][T20212] usb 13-1: config 162 has no interface number 0 [ 579.771356][T20212] usb 13-1: config 162 interface 84 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 579.777315][T20212] usb 13-1: config 162 interface 84 has no altsetting 0 [ 579.783186][T20212] usb 13-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 579.787829][T20212] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.795173][T20212] usb 13-1: Product: syz [ 579.797354][T20212] usb 13-1: Manufacturer: syz [ 579.807024][T20212] usb 13-1: SerialNumber: syz [ 579.996851][ T5940] psmouse serio14: Failed to reset mouse on : -5 [ 580.040314][T20212] usb 13-1: USB disconnect, device number 2 [ 580.053488][T25976] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8514'. [ 580.059483][T25976] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8514'. [ 580.064261][ T1024] usb 6-1: new full-speed USB device number 57 using dummy_hcd [ 580.066459][T25976] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8514'. [ 580.174335][ T5937] Bluetooth: hci1: command tx timeout [ 580.216970][ T1024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 580.234263][ T1024] usb 6-1: config 0 interface 0 altsetting 69 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 580.240118][ T1024] usb 6-1: config 0 interface 0 has no altsetting 0 [ 580.242886][ T1024] usb 6-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00 [ 580.247352][ T1024] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.260194][ T1024] usb 6-1: config 0 descriptor?? [ 580.269604][ T1024] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input82 [ 580.470907][ T5325] bcm5974 6-1:0.0: could not read from device [ 580.480163][ T5325] bcm5974 6-1:0.0: could not read from device [ 580.485130][ T1024] usb 6-1: USB disconnect, device number 57 [ 580.488224][ T5325] bcm5974 6-1:0.0: could not read from device [ 581.092884][ T40] audit: type=1326 audit(1776298235.423:5939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.100100][ T40] audit: type=1326 audit(1776298235.423:5940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.107538][ T40] audit: type=1326 audit(1776298235.433:5941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.115758][ T40] audit: type=1326 audit(1776298235.433:5942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.124343][ T40] audit: type=1326 audit(1776298235.433:5943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.133508][ T40] audit: type=1326 audit(1776298235.433:5944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.141767][ T40] audit: type=1326 audit(1776298235.433:5945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.149716][ T40] audit: type=1326 audit(1776298235.433:5946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.157398][ T40] audit: type=1326 audit(1776298235.433:5947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 581.164975][ T40] audit: type=1326 audit(1776298235.433:5948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26010 comm="syz.1.8530" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 582.244286][ T5937] Bluetooth: hci1: command tx timeout [ 582.912158][T26081] netlink: 'syz.8.8564': attribute type 1 has an invalid length. [ 583.189428][T26094] veth5: entered promiscuous mode [ 583.191380][T26094] veth5: entered allmulticast mode [ 583.784340][ T5940] misc userio: Buffer overflowed, userio client isn't keeping up [ 584.155628][T26116] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 584.162617][T26116] bond1: (slave lo): Enslaving as an active interface with an up link [ 584.168569][T26116] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 584.324354][ T5937] Bluetooth: hci1: command tx timeout [ 584.843120][ T5940] input: PS/2 Generic Mouse as /devices/serio14/input/input81 [ 585.074351][ T5940] psmouse serio14: Failed to enable mouse on [ 585.854220][ T24] usb 9-1: new high-speed USB device number 46 using dummy_hcd [ 586.016055][ T24] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 586.020500][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.025639][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.029835][ T24] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 586.037733][ T24] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 586.041785][ T24] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 586.046769][ T24] usb 9-1: Manufacturer: syz [ 586.050810][ T24] usb 9-1: config 0 descriptor?? [ 586.289528][T26213] syzkaller1: entered promiscuous mode [ 586.291416][T26213] syzkaller1: entered allmulticast mode [ 586.468738][ T24] hid_parser_main: 5 callbacks suppressed [ 586.468756][ T24] appleir 0003:05AC:8243.0037: unknown main item tag 0x0 [ 586.484969][ T24] appleir 0003:05AC:8243.0037: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 586.504249][ T1024] usb 12-1: new high-speed USB device number 9 using dummy_hcd [ 586.664241][ T1024] usb 12-1: Using ep0 maxpacket: 8 [ 586.667960][ T1024] usb 12-1: config index 0 descriptor too short (expected 301, got 45) [ 586.670899][ T1024] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 586.675677][ T1024] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 586.680389][ T1024] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 586.684024][ T1024] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.689265][ T1024] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 586.692878][ T1024] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.906545][ T1024] usb 12-1: usb_control_msg returned -32 [ 586.908443][ T1024] usbtmc 12-1:16.0: can't read capabilities [ 586.996490][T26234] netlink: 8 bytes leftover after parsing attributes in process `syz.8.8628'. [ 587.006121][ T5940] usb 9-1: USB disconnect, device number 46 [ 587.051800][T26236] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 587.087265][T26236] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 587.091661][T26236] overlayfs: failed to look up (tracing) for ino (-66) [ 587.380847][T26248] kernel read not supported for file /zero (pid: 26248 comm: syz.1.8634) [ 587.771741][T26268] netlink: 164 bytes leftover after parsing attributes in process `syz.4.8643'. [ 587.775177][T26268] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8643'. [ 588.098119][T26281] netlink: 12 bytes leftover after parsing attributes in process `syz.8.8648'. [ 588.101203][T26281] netlink: 12 bytes leftover after parsing attributes in process `syz.8.8648'. [ 588.393257][T26291] netlink: 'syz.4.8652': attribute type 4 has an invalid length. [ 588.444023][T26293] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 588.495354][T26293] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 588.499269][T26293] overlayfs: failed to look up (tracing) for ino (-66) [ 589.137210][T26310] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8661'. [ 589.140277][T26310] netlink: 'syz.4.8661': attribute type 7 has an invalid length. [ 589.143350][T26310] netlink: 'syz.4.8661': attribute type 8 has an invalid length. [ 589.147021][T26310] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8661'. [ 589.179685][T26308] netlink: 164 bytes leftover after parsing attributes in process `syz.8.8659'. [ 589.182855][T26308] netlink: 36 bytes leftover after parsing attributes in process `syz.8.8659'. [ 589.283324][ T5940] usb 12-1: USB disconnect, device number 9 [ 589.479298][T26325] binder: 26324:26325 ioctl c0306201 800003c0 returned -14 [ 589.805355][T26338] IPv4: Oversized IP packet from 127.202.26.0 [ 590.065571][T26360] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 590.070733][T26360] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only [ 590.505278][T26384] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 590.947262][T26406] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8692'. [ 590.965809][ T39] libceph: connect (1)[c::]:6789 error -101 [ 590.968297][T26410] team0: No ports can be present during mode change [ 590.971173][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 591.008262][ T5940] libceph: connect (1)[b::]:6789 error -101 [ 591.010431][ T5940] libceph: mon0 (1)[b::]:6789 connect error [ 591.238374][T16863] libceph: connect (1)[c::]:6789 error -101 [ 591.240666][T16863] libceph: mon0 (1)[c::]:6789 connect error [ 591.264617][ T5940] libceph: connect (1)[b::]:6789 error -101 [ 591.268509][ T5940] libceph: mon0 (1)[b::]:6789 connect error [ 591.274507][ T24] usb 13-1: new full-speed USB device number 3 using dummy_hcd [ 591.425850][ T24] usb 13-1: config 0 has an invalid interface number: 8 but max is 0 [ 591.428788][ T24] usb 13-1: config 0 has no interface number 0 [ 591.431001][ T24] usb 13-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 591.435775][ T24] usb 13-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 591.441213][ T24] usb 13-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 591.446089][ T24] usb 13-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 591.449102][ T24] usb 13-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 591.451699][ T24] usb 13-1: Product: syz [ 591.453059][ T24] usb 13-1: SerialNumber: syz [ 591.457298][ T24] usb 13-1: config 0 descriptor?? [ 591.462098][ T24] cm109 13-1:0.8: invalid payload size 0, expected 4 [ 591.465779][ T24] input: CM109 USB driver as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.8/input/input83 [ 591.666608][ C2] cm109 13-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 591.754466][T16863] libceph: connect (1)[c::]:6789 error -101 [ 591.756754][T16863] libceph: mon0 (1)[c::]:6789 connect error [ 591.779945][T26405] ceph: No mds server is up or the cluster is laggy [ 591.779974][T26415] ceph: No mds server is up or the cluster is laggy [ 591.788487][ T5940] libceph: connect (1)[b::]:6789 error -101 [ 591.793444][ T5940] libceph: mon0 (1)[b::]:6789 connect error [ 591.915860][ C0] cm109 13-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 591.918713][ C0] cm109 13-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 591.921455][ C0] cm109 13-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 591.924037][ T10] usb 13-1: USB disconnect, device number 3 [ 591.926667][ C0] cm109 13-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 591.926696][ C0] cm109 13-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 591.958552][ T10] cm109 13-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 592.575040][T26443] binder: 26442:26443 ioctl c0306201 800003c0 returned -14 [ 593.297821][T26490] netlink: 12 bytes leftover after parsing attributes in process `syz.8.8727'. [ 593.305290][T26490] netlink: 12 bytes leftover after parsing attributes in process `syz.8.8727'. [ 594.294430][ T10] usb 12-1: new high-speed USB device number 10 using dummy_hcd [ 594.444283][ T10] usb 12-1: Using ep0 maxpacket: 8 [ 594.449600][ T10] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 594.453362][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 594.459417][ T10] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 594.465101][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 594.469772][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 594.476517][ T10] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 594.479944][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 594.484642][ T10] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 594.489741][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 594.495423][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 594.502259][ T10] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 594.506040][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 594.511023][ T10] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 594.514229][ T24] usb 13-1: new high-speed USB device number 4 using dummy_hcd [ 594.516488][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 594.525156][ T10] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 594.533219][ T10] usb 12-1: string descriptor 0 read error: -22 [ 594.536800][ T10] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 594.541055][ T10] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.556968][ T10] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 594.581447][T20212] libceph: connect (1)[c::]:6789 error -101 [ 594.584456][T20212] libceph: mon0 (1)[c::]:6789 connect error [ 594.587496][T20212] libceph: connect (1)[c::]:6789 error -101 [ 594.590147][T20212] libceph: mon0 (1)[c::]:6789 connect error [ 594.680091][T26526] ceph: No mds server is up or the cluster is laggy [ 594.690779][ T24] usb 13-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 594.721731][ T24] usb 13-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 594.726015][ T24] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 594.730382][ T24] usb 13-1: Product: syz [ 594.732456][ T24] usb 13-1: Manufacturer: syz [ 594.738135][ T24] usb 13-1: SerialNumber: syz [ 594.962835][ T24] usblp 13-1:1.0: usblp1: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 595.054415][ T6004] usb 9-1: new high-speed USB device number 47 using dummy_hcd [ 595.179053][ T216] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 595.184773][T26540] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 595.205452][ T6004] usb 9-1: Using ep0 maxpacket: 8 [ 595.208521][ T6004] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 595.212198][ T6004] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 595.215990][ T6004] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 595.219292][ T6004] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 595.223575][ T6004] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 595.226857][ T6004] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.435607][ T6004] usb 9-1: GET_CAPABILITIES returned 0 [ 595.437432][ T6004] usbtmc 9-1:16.0: can't read capabilities [ 595.502078][T26548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8750'. [ 595.689072][T26554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.693287][T26554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.365567][T26575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8761'. [ 596.700687][T26586] nbd: nbd1 already in use [ 596.702969][T26586] block nbd1: NBD_DISCONNECT [ 596.704462][T26586] block nbd1: Send disconnect failed -32 [ 596.816170][ T10] usb 12-1: USB disconnect, device number 10 [ 596.825408][T19241] usb 13-1: USB disconnect, device number 4 [ 596.828222][ T6004] usb 9-1: USB disconnect, device number 47 [ 596.877569][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 596.877585][ T40] audit: type=1326 audit(1776298251.213:5956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.882952][T19241] usblp1: removed [ 596.887609][ T40] audit: type=1326 audit(1776298251.213:5957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.896448][ T40] audit: type=1326 audit(1776298251.213:5958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.903563][ T40] audit: type=1326 audit(1776298251.213:5959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.922403][ T40] audit: type=1326 audit(1776298251.213:5960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.931480][ T40] audit: type=1326 audit(1776298251.213:5961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.938806][ T40] audit: type=1326 audit(1776298251.213:5962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.946696][ T40] audit: type=1326 audit(1776298251.213:5963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.953508][ T40] audit: type=1326 audit(1776298251.213:5964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 596.962334][ T40] audit: type=1326 audit(1776298251.213:5965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26593 comm="syz.1.8770" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf704efcc code=0x7ffc0000 [ 597.237022][ T46] bridge_slave_0: left allmulticast mode [ 597.239236][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.413749][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 597.421837][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 597.432361][ T46] bond0 (unregistering): Released all slaves [ 597.538400][ T46] tipc: Disabling bearer [ 597.540354][ T46] tipc: Left network mode [ 597.703857][ T5644] 8021q: adding VLAN 0 to HW filter on device eth18 [ 597.892237][ T46] IPVS: stopping backup sync thread 19044 ... [ 597.984612][ T46] batman_adv: batadv0: Removing interface: macvtap1 [ 598.052399][ T5644] 8021q: adding VLAN 0 to HW filter on device eth19 [ 598.231098][ T46] hsr_slave_0: left promiscuous mode [ 598.233784][ T46] hsr_slave_1: left promiscuous mode [ 598.240736][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 598.248934][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 598.956607][T26669] netlink: 'syz.7.8792': attribute type 3 has an invalid length. [ 598.983783][T26632] input: syz1 as /devices/virtual/input/input84 [ 599.383625][ T46] team0 (unregistering): Port device team_slave_1 removed [ 599.411298][ T46] team0 (unregistering): Port device team_slave_0 removed [ 599.534334][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 599.559447][ T5644] 8021q: adding VLAN 0 to HW filter on device eth20 [ 599.909513][T26698] /dev/nullb0: Can't lookup blockdev [ 599.921445][ T5644] 8021q: adding VLAN 0 to HW filter on device eth21 [ 600.179108][ T46] IPVS: stop unused estimator thread 0... [ 600.295272][T26728] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1688227217 (3376454434 ns) > initial count (1786943000 ns). Using initial count to start timer. [ 600.540475][T26742] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.8821'. [ 600.561915][T26742] netlink: Unknown conntrack attr (0) [ 600.774279][T26756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.234536][ T6004] usb 12-1: new high-speed USB device number 11 using dummy_hcd [ 601.238362][T26785] batadv_slave_0: entered promiscuous mode [ 601.242998][T26784] batadv_slave_0: left promiscuous mode [ 601.386287][ T6004] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 601.391083][ T6004] usb 12-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 601.396125][ T6004] usb 12-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 601.412191][ T6004] usb 12-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 601.417021][ T6004] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 601.420327][ T6004] usb 12-1: Product: syz [ 601.421944][ T6004] usb 12-1: Manufacturer: syz [ 601.423647][ T6004] usb 12-1: SerialNumber: syz [ 601.638120][ T6004] usblp 12-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 601.838011][ T29] usb 12-1: USB disconnect, device number 11 [ 601.849406][ T29] usblp0: removed [ 602.123340][T26842] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.8858'. [ 602.127655][T26842] netlink: Unknown conntrack attr (type=2304, max=9) [ 602.316970][T26851] input: syz0 as /devices/virtual/input/input86 [ 603.082047][T26886] input: syz1 as /devices/virtual/input/input87 [ 603.162919][T26892] netlink: 'syz.7.8878': attribute type 12 has an invalid length. [ 603.208986][T26896] netlink: 'syz.7.8881': attribute type 1 has an invalid length. [ 603.226638][T26896] bond2: entered promiscuous mode [ 603.228951][T26896] 8021q: adding VLAN 0 to HW filter on device bond2 [ 603.356313][T26864] overlayfs: failed to resolve './file0/file0': -103 [ 603.605711][T26919] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8890'. [ 603.622876][T26919] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8890'. [ 603.628993][T26919] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8890'. [ 603.680541][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 603.680564][ T40] audit: type=1326 audit(1776298258.013:5986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.695730][ T40] audit: type=1326 audit(1776298258.013:5987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.703782][ T40] audit: type=1326 audit(1776298258.033:5988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.711655][ T40] audit: type=1326 audit(1776298258.033:5989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.732229][ T40] audit: type=1326 audit(1776298258.033:5990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.742328][ T40] audit: type=1326 audit(1776298258.033:5991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.750340][ T40] audit: type=1326 audit(1776298258.043:5992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.765965][ T40] audit: type=1326 audit(1776298258.043:5993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.777008][ T40] audit: type=1326 audit(1776298258.043:5994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.781370][T26937] netlink: 'syz.8.8900': attribute type 10 has an invalid length. [ 603.784848][ T40] audit: type=1326 audit(1776298258.043:5995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26925 comm="syz.8.8893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 603.793119][T26937] 8021q: adding VLAN 0 to HW filter on device team0 [ 603.807856][T26937] bond0: (slave team0): Enslaving as an active interface with an up link [ 603.815492][T26941] overlayfs: failed to set uuid (2252/file1, err=-1); falling back to uuid=null. [ 603.819119][T26941] overlayfs: failed to verify upper root origin [ 603.821483][T26935] 9pnet: p9_errstr2errno: server reported unknown error ./file0 [ 604.474221][ T1024] usb 9-1: new high-speed USB device number 48 using dummy_hcd [ 604.634323][ T1024] usb 9-1: Using ep0 maxpacket: 16 [ 604.639191][ T1024] usb 9-1: config 0 has no interfaces? [ 604.643849][ T1024] usb 9-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 604.648132][ T1024] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.652134][ T1024] usb 9-1: Product: syz [ 604.654607][ T1024] usb 9-1: Manufacturer: syz [ 604.656805][ T1024] usb 9-1: SerialNumber: syz [ 604.661511][ T1024] usb 9-1: config 0 descriptor?? [ 604.854730][T19241] usb 12-1: new high-speed USB device number 12 using dummy_hcd [ 604.930295][T26980] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8917'. [ 604.980322][ T10] usb 9-1: USB disconnect, device number 48 [ 605.389567][ T829] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 605.564285][ T829] usb 13-1: Using ep0 maxpacket: 16 [ 605.572125][ T829] usb 13-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 605.578062][ T829] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.582553][ T829] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.597561][ T829] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 605.608292][ T829] usb 13-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 605.612492][ T829] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.619735][ T829] usb 13-1: config 0 descriptor?? [ 605.925894][T27046] tls_set_device_offload_rx: netdev not found [ 606.055920][ T829] input: HID 0458:5013 as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:0458:5013.0038/input/input88 [ 606.117070][ T829] input: HID 0458:5013 as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:0458:5013.0038/input/input89 [ 606.181601][ T829] kye 0003:0458:5013.0038: input,hiddev0,hidraw0: USB HID vff.fa Device [HID 0458:5013] on usb-dummy_hcd.8-1/input0 [ 606.253463][ T829] usb 13-1: USB disconnect, device number 5 [ 607.385292][T27088] tipc: Started in network mode [ 607.387262][T27088] tipc: Node identity 84e, cluster identity 4711 [ 607.389665][T27088] tipc: Node number set to 2126 [ 607.740916][T27103] 9pnet: p9_errstr2errno: server reported unknown error ./file0 [ 607.744289][T27108] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8968'. [ 608.005012][T25788] Bluetooth: hci4: command 0x1003 tx timeout [ 608.007930][ T5937] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 608.024264][ T5940] usb 13-1: new high-speed USB device number 6 using dummy_hcd [ 608.127590][T27122] overlayfs: failed to set uuid (1275/file1, err=-1); falling back to uuid=null. [ 608.130946][T27122] overlayfs: failed to verify upper root origin [ 608.185915][ T5940] usb 13-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 608.189902][ T5940] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.194294][ T5940] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.200165][ T5940] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 608.206302][ T5940] usb 13-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 608.209833][ T5940] usb 13-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 608.212860][ T5940] usb 13-1: Manufacturer: syz [ 608.217515][ T5940] usb 13-1: config 0 descriptor?? [ 608.337974][T27131] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 608.344531][T27131] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 608.361440][T27131] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 608.374812][T27131] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3) [ 608.380773][T27131] overlayfs: d_ino too big (292, ino=9223372036854777320, xinobits=3) [ 608.386603][T27131] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3) [ 608.390491][T27131] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3) [ 608.394654][T27131] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3) [ 608.399102][T27131] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3) [ 608.403582][T27131] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3) [ 608.408003][T27131] overlayfs: d_ino too big (dev, ino=4611686018427387923, xinobits=3) [ 608.413657][T27131] overlayfs: d_ino too big (kernel, ino=4611686018427387911, xinobits=3) [ 608.455459][ T50] usb 9-1: new high-speed USB device number 49 using dummy_hcd [ 608.614392][ T50] usb 9-1: Using ep0 maxpacket: 8 [ 608.617580][ T50] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 608.620671][ T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 608.625023][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 608.627921][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 608.631534][ T50] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 608.633720][ T5940] appleir 0003:05AC:8243.0039: unknown main item tag 0x0 [ 608.635906][ T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 608.641181][ T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.643355][T27150] IPv4: Oversized IP packet from 127.202.26.0 [ 608.645896][ T5940] appleir 0003:05AC:8243.0039: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 608.654202][ C3] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 608.855032][ T50] usb 9-1: usb_control_msg returned -32 [ 608.856998][ T50] usbtmc 9-1:16.0: can't read capabilities [ 609.168741][ T50] usb 13-1: USB disconnect, device number 6 [ 610.429785][T27189] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 611.220675][ T29] usb 9-1: USB disconnect, device number 49 [ 611.365295][T27232] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9016'. [ 611.438189][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 611.438262][ T40] audit: type=1326 audit(1776298265.773:6004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.454659][ T40] audit: type=1326 audit(1776298265.773:6005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.461592][ T40] audit: type=1326 audit(1776298265.773:6006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.476916][ T40] audit: type=1326 audit(1776298265.773:6007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.484059][ T40] audit: type=1326 audit(1776298265.773:6008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.488165][T27239] input: syz1 as /devices/virtual/input/input90 [ 611.491750][ T40] audit: type=1326 audit(1776298265.773:6009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.502517][ T40] audit: type=1326 audit(1776298265.773:6010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.510684][ T40] audit: type=1326 audit(1776298265.773:6011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.518374][ T40] audit: type=1326 audit(1776298265.773:6012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.525584][ T40] audit: type=1326 audit(1776298265.773:6013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27236 comm="syz.8.9018" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf703efcc code=0x7ffc0000 [ 611.629284][T27248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9021'. [ 611.633751][T27248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9021'. [ 611.953010][T27267] nbd8: detected capacity change from 0 to 63 [ 611.957979][T27273] block nbd8: NBD_DISCONNECT [ 611.959991][T27273] block nbd8: Disconnected due to user request. [ 611.965107][T27273] block nbd8: shutting down sockets [ 611.998463][ C3] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.002069][ C3] Buffer I/O error on dev nbd8, logical block 0, async page read [ 612.008533][ T216] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 612.017183][T27277] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 612.024742][ C3] I/O error, dev nbd8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.027915][ C3] Buffer I/O error on dev nbd8, logical block 1, async page read [ 612.035482][ C3] I/O error, dev nbd8, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.038597][ C3] Buffer I/O error on dev nbd8, logical block 2, async page read [ 612.041588][ C3] I/O error, dev nbd8, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.045273][ C3] Buffer I/O error on dev nbd8, logical block 3, async page read [ 612.048098][T25974] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.051779][T25974] Buffer I/O error on dev nbd8, logical block 0, async page read [ 612.055269][T25974] I/O error, dev nbd8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.059828][T25974] Buffer I/O error on dev nbd8, logical block 1, async page read [ 612.062920][T25974] I/O error, dev nbd8, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.068663][T25974] Buffer I/O error on dev nbd8, logical block 2, async page read [ 612.071826][T25974] I/O error, dev nbd8, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.086486][T25974] Buffer I/O error on dev nbd8, logical block 3, async page read [ 612.091127][T25974] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.100257][T25974] Buffer I/O error on dev nbd8, logical block 0, async page read [ 612.109758][T25974] I/O error, dev nbd8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 612.113562][T25974] Buffer I/O error on dev nbd8, logical block 1, async page read [ 612.114206][T27286] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9036'. [ 612.123438][T27289] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 612.127188][T25974] ldm_validate_partition_table(): Disk read failed. [ 612.128749][T25974] Dev nbd8: unable to read RDB block 0 [ 612.133620][T27289] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 612.134044][T25974] nbd8: unable to read partition table [ 612.154032][T25974] ldm_validate_partition_table(): Disk read failed. [ 612.160563][T25974] Dev nbd8: unable to read RDB block 0 [ 612.166476][T25974] nbd8: unable to read partition table [ 612.414812][ T29] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 612.549352][T27316] netlink: 44 bytes leftover after parsing attributes in process `syz.8.9046'. [ 612.574262][ T29] usb 6-1: Using ep0 maxpacket: 16 [ 612.577750][ T29] usb 6-1: config 0 has no interfaces? [ 612.581781][ T29] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 612.586022][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.588624][ T29] usb 6-1: Product: syz [ 612.589962][ T29] usb 6-1: Manufacturer: syz [ 612.591426][ T29] usb 6-1: SerialNumber: syz [ 612.598014][ T29] usb 6-1: config 0 descriptor?? [ 612.635205][T27319] netlink: 'syz.7.9047': attribute type 4 has an invalid length. [ 612.656815][T27319] netlink: 'syz.7.9047': attribute type 4 has an invalid length. [ 612.825705][T27335] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9053'. [ 612.843084][T27335] vxlan3: entered promiscuous mode [ 612.861313][T27285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9035'. [ 612.866018][T20212] usb 6-1: USB disconnect, device number 58 [ 613.170830][ T5937] block nbd1: Receive control failed (result -32) [ 613.979339][T27374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9066'. [ 613.989235][T27375] [ 613.990612][T27375] ====================================================== [ 613.993580][T27375] WARNING: possible circular locking dependency detected [ 613.996432][T27375] syzkaller #0 Tainted: G L [ 613.999095][T27375] ------------------------------------------------------ [ 614.002005][T27375] syz.8.9075/27375 is trying to acquire lock: [ 614.004627][T27375] ffffffff8e9b0e80 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 614.009180][T27375] [ 614.009180][T27375] but task is already holding lock: [ 614.012603][T27375] ffff88801293d360 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110 [ 614.016319][T27375] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 614.016319][T27375] which lock already depends on the new lock. [ 614.016319][T27375] [ 614.021295][T27375] [ 614.021295][T27375] the existing dependency chain (in reverse order) is: [ 614.026281][T27375] [ 614.026281][T27375] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 614.029705][T27375] lock_sock_nested+0x41/0xf0 [ 614.031824][T27375] inet_shutdown+0x67/0x410 [ 614.034018][T27375] nbd_mark_nsock_dead+0xae/0x5c0 [ 614.036606][T27375] sock_shutdown+0x16b/0x200 [ 614.038815][T27375] nbd_config_put+0x1eb/0x750 [ 614.041057][T27375] nbd_genl_connect+0xaf8/0x1a40 [ 614.043399][T27375] genl_family_rcv_msg_doit+0x214/0x300 [ 614.046108][T27375] genl_rcv_msg+0x560/0x800 [ 614.048358][T27375] netlink_rcv_skb+0x159/0x420 [ 614.050715][T27375] genl_rcv+0x28/0x40 [ 614.052790][T27375] netlink_unicast+0x585/0x850 [ 614.055092][T27375] netlink_sendmsg+0x8b0/0xda0 [ 614.057422][T27375] ____sys_sendmsg+0x9e1/0xb70 [ 614.059291][T27375] ___sys_sendmsg+0x190/0x1e0 [ 614.061203][T27375] __sys_sendmsg+0x170/0x220 [ 614.063556][T27375] __do_fast_syscall_32+0xe7/0x950 [ 614.066063][T27375] do_fast_syscall_32+0x32/0x70 [ 614.068361][T27375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.070793][T27375] [ 614.070793][T27375] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 614.073693][T27375] __mutex_lock+0x1a4/0x1b10 [ 614.075819][T27375] nbd_queue_rq+0x428/0x1080 [ 614.077647][T27375] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 614.080044][T27375] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 614.083511][T27375] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 614.086041][T27375] blk_mq_run_hw_queue+0x23c/0x670 [ 614.087868][T27375] blk_mq_dispatch_list+0x51d/0x1360 [ 614.089782][T27375] blk_mq_flush_plug_list+0x130/0x600 [ 614.091690][T27375] __blk_flush_plug+0x2c4/0x4b0 [ 614.093507][T27375] __submit_bio+0x584/0x6c0 [ 614.095117][T27375] submit_bio_noacct_nocheck+0x543/0xbf0 [ 614.096945][T27375] submit_bio_noacct+0xd18/0x2000 [ 614.099034][T27375] submit_bh_wbc+0x681/0x890 [ 614.101433][T27375] block_read_full_folio+0x264/0x8e0 [ 614.104186][T27375] filemap_read_folio+0xfc/0x3b0 [ 614.106805][T27375] do_read_cache_folio+0x2d7/0x6b0 [ 614.109006][T27375] read_part_sector+0xd1/0x370 [ 614.110767][T27375] adfspart_check_ICS+0x91/0x7d0 [ 614.112513][T27375] bdev_disk_changed+0x7a3/0x1250 [ 614.114341][T27375] blkdev_get_whole+0x187/0x290 [ 614.116211][T27375] bdev_open+0x2c7/0xe40 [ 614.117812][T27375] blkdev_open+0x34e/0x4f0 [ 614.119797][T27375] do_dentry_open+0x6d8/0x1660 [ 614.122232][T27375] vfs_open+0x82/0x3f0 [ 614.124285][T27375] path_openat+0x208c/0x31a0 [ 614.126660][T27375] do_file_open+0x20e/0x430 [ 614.128882][T27375] do_sys_openat2+0x10d/0x1e0 [ 614.131238][T27375] __x64_sys_openat+0x12d/0x210 [ 614.133948][T27375] do_syscall_64+0x10b/0xf80 [ 614.136637][T27375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.139184][T27375] [ 614.139184][T27375] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 614.141669][T27375] __mutex_lock+0x1a4/0x1b10 [ 614.143465][T27375] nbd_queue_rq+0xba/0x1080 [ 614.145183][T27375] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 614.147121][T27375] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 614.149296][T27375] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 614.151414][T27375] blk_mq_run_hw_queue+0x23c/0x670 [ 614.153360][T27375] blk_mq_dispatch_list+0x51d/0x1360 [ 614.155293][T27375] blk_mq_flush_plug_list+0x130/0x600 [ 614.157462][T27375] __blk_flush_plug+0x2c4/0x4b0 [ 614.159774][T27375] __submit_bio+0x584/0x6c0 [ 614.161938][T27375] submit_bio_noacct_nocheck+0x543/0xbf0 [ 614.164553][T27375] submit_bio_noacct+0xd18/0x2000 [ 614.166823][T27375] submit_bh_wbc+0x681/0x890 [ 614.168939][T27375] block_read_full_folio+0x264/0x8e0 [ 614.171315][T27375] filemap_read_folio+0xfc/0x3b0 [ 614.173501][T27375] do_read_cache_folio+0x2d7/0x6b0 [ 614.175801][T27375] read_part_sector+0xd1/0x370 [ 614.177944][T27375] adfspart_check_ICS+0x91/0x7d0 [ 614.179726][T27375] bdev_disk_changed+0x7a3/0x1250 [ 614.181494][T27375] blkdev_get_whole+0x187/0x290 [ 614.183233][T27375] bdev_open+0x2c7/0xe40 [ 614.184764][T27375] blkdev_open+0x34e/0x4f0 [ 614.186312][T27375] do_dentry_open+0x6d8/0x1660 [ 614.188163][T27375] vfs_open+0x82/0x3f0 [ 614.189708][T27375] path_openat+0x208c/0x31a0 [ 614.191447][T27375] do_file_open+0x20e/0x430 [ 614.193740][T27375] do_sys_openat2+0x10d/0x1e0 [ 614.195582][T27375] __x64_sys_openat+0x12d/0x210 [ 614.197303][T27375] do_syscall_64+0x10b/0xf80 [ 614.198816][T27375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.200847][T27375] [ 614.200847][T27375] -> #3 (set->srcu){.+.+}-{0:0}: [ 614.203114][T27375] __synchronize_srcu+0xa2/0x300 [ 614.204893][T27375] blk_mq_quiesce_queue+0x149/0x1c0 [ 614.206697][T27375] elevator_switch+0x17b/0x7e0 [ 614.208459][T27375] elevator_change+0x352/0x530 [ 614.210289][T27375] elevator_set_default+0x29e/0x360 [ 614.212286][T27375] blk_register_queue+0x48e/0x630 [ 614.214386][T27375] __add_disk+0x73f/0xe40 [ 614.216208][T27375] add_disk_fwnode+0x118/0x5c0 [ 614.217882][T27375] nbd_dev_add+0x77a/0xb10 [ 614.219876][T27375] nbd_init+0x291/0x2b0 [ 614.222055][T27375] do_one_initcall+0x121/0x750 [ 614.224930][T27375] kernel_init_freeable+0x6ea/0x7b0 [ 614.227594][T27375] kernel_init+0x1f/0x1e0 [ 614.229720][T27375] ret_from_fork+0x72b/0xd50 [ 614.231928][T27375] ret_from_fork_asm+0x1a/0x30 [ 614.234227][T27375] [ 614.234227][T27375] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 614.237465][T27375] __mutex_lock+0x1a4/0x1b10 [ 614.239558][T27375] elevator_change+0x1bc/0x530 [ 614.241862][T27375] elevator_set_none+0x92/0xf0 [ 614.244071][T27375] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 614.246402][T27375] nbd_start_device+0x1a6/0xbd0 [ 614.248182][T27375] nbd_genl_connect+0xff2/0x1a40 [ 614.249915][T27375] genl_family_rcv_msg_doit+0x214/0x300 [ 614.251809][T27375] genl_rcv_msg+0x560/0x800 [ 614.253592][T27375] netlink_rcv_skb+0x159/0x420 [ 614.255725][T27375] genl_rcv+0x28/0x40 [ 614.257695][T27375] netlink_unicast+0x585/0x850 [ 614.260246][T27375] netlink_sendmsg+0x8b0/0xda0 [ 614.262785][T27375] ____sys_sendmsg+0x9e1/0xb70 [ 614.265218][T27375] ___sys_sendmsg+0x190/0x1e0 [ 614.267440][T27375] __sys_sendmsg+0x170/0x220 [ 614.269636][T27375] __do_fast_syscall_32+0xe7/0x950 [ 614.272029][T27375] do_fast_syscall_32+0x32/0x70 [ 614.274344][T27375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.277300][T27375] [ 614.277300][T27375] -> #1 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 614.281333][T27375] blk_alloc_queue+0x610/0x790 [ 614.283779][T27375] blk_mq_alloc_queue+0x174/0x290 [ 614.286193][T27375] __blk_mq_alloc_disk+0x29/0x120 [ 614.288561][T27375] nbd_dev_add+0x492/0xb10 [ 614.290682][T27375] nbd_init+0x291/0x2b0 [ 614.292726][T27375] do_one_initcall+0x121/0x750 [ 614.295200][T27375] kernel_init_freeable+0x6ea/0x7b0 [ 614.298009][T27375] kernel_init+0x1f/0x1e0 [ 614.300216][T27375] ret_from_fork+0x72b/0xd50 [ 614.302424][T27375] ret_from_fork_asm+0x1a/0x30 [ 614.304400][T27375] [ 614.304400][T27375] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 614.306730][T27375] __lock_acquire+0x14b8/0x2630 [ 614.308463][T27375] lock_acquire+0x1b1/0x370 [ 614.310279][T27375] fs_reclaim_acquire+0xc4/0x100 [ 614.312215][T27375] kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 614.314623][T27375] __alloc_skb+0x140/0x710 [ 614.316237][T27375] tcp_send_active_reset+0x8b/0xa50 [ 614.318081][T27375] __tcp_close+0x41e/0x1110 [ 614.319723][T27375] tcp_close+0x28/0x110 [ 614.321234][T27375] inet_release+0xed/0x200 [ 614.322881][T27375] inet6_release+0x4f/0x70 [ 614.324684][T27375] __sock_release+0xb3/0x260 [ 614.326448][T27375] sock_close+0x1c/0x30 [ 614.328096][T27375] __fput+0x3ff/0xb50 [ 614.329631][T27375] task_work_run+0x150/0x240 [ 614.331324][T27375] exit_to_user_mode_loop+0x100/0x4a0 [ 614.333771][T27375] __do_fast_syscall_32+0x608/0x950 [ 614.336334][T27375] do_fast_syscall_32+0x32/0x70 [ 614.338457][T27375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.341389][T27375] [ 614.341389][T27375] other info that might help us debug this: [ 614.341389][T27375] [ 614.346045][T27375] Chain exists of: [ 614.346045][T27375] fs_reclaim --> &nsock->tx_lock --> sk_lock-AF_INET6 [ 614.346045][T27375] [ 614.351344][T27375] Possible unsafe locking scenario: [ 614.351344][T27375] [ 614.354548][T27375] CPU0 CPU1 [ 614.356846][T27375] ---- ---- [ 614.359132][T27375] lock(sk_lock-AF_INET6); [ 614.361225][T27375] lock(&nsock->tx_lock); [ 614.363977][T27375] lock(sk_lock-AF_INET6); [ 614.366929][T27375] lock(fs_reclaim); [ 614.368619][T27375] [ 614.368619][T27375] *** DEADLOCK *** [ 614.368619][T27375] [ 614.371968][T27375] 2 locks held by syz.8.9075/27375: [ 614.374317][T27375] #0: ffff888012d7c440 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 614.378872][T27375] #1: ffff88801293d360 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110 [ 614.382739][T27375] [ 614.382739][T27375] stack backtrace: [ 614.385312][T27375] CPU: 0 UID: 0 PID: 27375 Comm: syz.8.9075 Tainted: G L syzkaller #0 PREEMPT(full) [ 614.385339][T27375] Tainted: [L]=SOFTLOCKUP [ 614.385345][T27375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 614.385357][T27375] Call Trace: [ 614.385365][T27375] [ 614.385374][T27375] dump_stack_lvl+0x100/0x190 [ 614.385408][T27375] print_circular_bug.cold+0x178/0x1c7 [ 614.385436][T27375] check_noncircular+0x146/0x160 [ 614.385461][T27375] ? kasan_save_stack+0x30/0x50 [ 614.385485][T27375] __lock_acquire+0x14b8/0x2630 [ 614.385509][T27375] ? lock_acquire+0x1b1/0x370 [ 614.385532][T27375] lock_acquire+0x1b1/0x370 [ 614.385555][T27375] ? kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 614.385579][T27375] ? lock_acquire+0x1b1/0x370 [ 614.385603][T27375] fs_reclaim_acquire+0xc4/0x100 [ 614.385618][T27375] ? kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 614.385640][T27375] kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 614.385661][T27375] ? __alloc_skb+0x140/0x710 [ 614.385683][T27375] __alloc_skb+0x140/0x710 [ 614.385700][T27375] ? __alloc_skb+0x5b7/0x710 [ 614.385717][T27375] ? __pfx___alloc_skb+0x10/0x10 [ 614.385739][T27375] ? skb_attempt_defer_free+0x310/0x830 [ 614.385758][T27375] tcp_send_active_reset+0x8b/0xa50 [ 614.385784][T27375] __tcp_close+0x41e/0x1110 [ 614.385806][T27375] tcp_close+0x28/0x110 [ 614.385824][T27375] inet_release+0xed/0x200 [ 614.385840][T27375] inet6_release+0x4f/0x70 [ 614.385856][T27375] __sock_release+0xb3/0x260 [ 614.385873][T27375] ? __pfx_sock_close+0x10/0x10 [ 614.385889][T27375] sock_close+0x1c/0x30 [ 614.385904][T27375] __fput+0x3ff/0xb50 [ 614.385916][T27375] ? _raw_spin_unlock_irq+0x23/0x50 [ 614.385929][T27375] task_work_run+0x150/0x240 [ 614.385941][T27375] ? __pfx_task_work_run+0x10/0x10 [ 614.385951][T27375] ? rcu_is_watching+0x12/0xc0 [ 614.385964][T27375] exit_to_user_mode_loop+0x100/0x4a0 [ 614.385981][T27375] ? __do_fast_syscall_32+0x373/0x950 [ 614.385997][T27375] __do_fast_syscall_32+0x608/0x950 [ 614.386012][T27375] do_fast_syscall_32+0x32/0x70 [ 614.386026][T27375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.386044][T27375] RIP: 0023:0xf703efcc [ 614.386055][T27375] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 614.386066][T27375] RSP: 002b:00000000ffb82b7c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 614.386084][T27375] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 614.386091][T27375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 614.386097][T27375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 614.386104][T27375] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 614.386111][T27375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 614.386121][T27375] [ 614.978335][ T216] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 614.981724][ T216] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.087297][ T216] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.092034][ T216] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.168054][ T216] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.171393][ T216] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.238455][ T216] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.241791][ T216] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.318292][ T216] bridge_slave_1: left allmulticast mode [ 615.320731][ T216] bridge_slave_1: left promiscuous mode [ 615.323277][ T216] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.328605][ T216] bridge_slave_0: left allmulticast mode [ 615.330932][ T216] bridge_slave_0: left promiscuous mode [ 615.333353][ T216] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.411191][ T216] gretap0 (unregistering): left promiscuous mode [ 615.419829][ T216] bond1 (unregistering): (slave geneve2): Releasing active interface [ 615.433836][ T216] bridge0 (unregistering): left promiscuous mode [ 615.536356][ T216] bond0 (unregistering): left promiscuous mode [ 615.538850][ T216] bond_slave_0: left promiscuous mode [ 615.540712][ T216] bond_slave_1: left promiscuous mode [ 615.542515][ T216] mac80211_hwsim hwsim28 wlan1: left promiscuous mode [ 615.547635][ T216] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 615.552341][ T216] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 615.556582][ T216] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 615.559654][ T216] bond0 (unregistering): Released all slaves [ 615.563091][ T216] bond1 (unregistering): Released all slaves [ 615.567966][ T216] bond2 (unregistering): Released all slaves [ 615.690707][ T5644] 8021q: adding VLAN 0 to HW filter on device eth22 [ 615.814047][ T5644] 8021q: adding VLAN 0 to HW filter on device eth23 [ 615.952248][ T216] hsr_slave_0: left promiscuous mode [ 615.956515][ T216] hsr_slave_1: left promiscuous mode [ 615.958734][ T216] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.961195][ T216] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.963991][ T216] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.966622][ T216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.971886][ T216] veth1_macvtap: left promiscuous mode [ 615.974702][ T216] veth0_macvtap: left promiscuous mode [ 615.976779][ T216] veth1_vlan: left promiscuous mode [ 615.978723][ T216] veth0_vlan: left promiscuous mode [ 616.041924][ T216] team0 (unregistering): Port device team_slave_1 removed [ 616.047316][ T216] team0 (unregistering): Port device team_slave_0 removed [ 616.115799][ T5644] 8021q: adding VLAN 0 to HW filter on device eth24 [ 616.257522][ T5644] 8021q: adding VLAN 0 to HW filter on device eth25 [ 616.324387][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!