last executing test programs: 21.526626125s ago: executing program 2 (id=2214): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000006c02"]) 21.327325385s ago: executing program 2 (id=2215): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 20.817693037s ago: executing program 2 (id=2217): r0 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r0, &(0x7f0000000000)="11868a0fceae284c0000000100000010", 0x10) 20.735729873s ago: executing program 2 (id=2218): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000080)=0x1) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x0, 0x1, 0x9, 0x7, 0x9, 0x0, 0x8, 0x0, 0x8000000000000001}) 20.50548509s ago: executing program 2 (id=2220): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x105}, &(0x7f0000000400)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0}) io_uring_enter(r1, 0x8aa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0x0, r4, 0x11, {0x27fffffffffffff, 0x8}, 0x54}, 0x1) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) copy_file_range(r5, &(0x7f0000000100)=0x7, r5, 0x0, 0x3, 0x0) ioctl$TUNSETOFFLOAD(r5, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000180)=ANY=[@ANYBLOB="00000300aaaaaaaaaa33a2aaaaaa080000e91c76d69d0fdbd8dd04c4fae9c2044fed4654796eb929f99246c733789866a79ba688ec06e2"]) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000080)=""/43) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) r7 = socket(0x11, 0x800000002, 0x0) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8953, 0x0) preadv2(r6, &(0x7f0000000080), 0x0, 0x2000, 0x0, 0x1f) fchdir(0xffffffffffffffff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) acct(0x0) 19.794467466s ago: executing program 2 (id=2221): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x88200, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)) syz_open_dev$video(&(0x7f0000000100), 0x40, 0x680201) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r6, 0x0, &(0x7f00000000c0)) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x7, 0x80, 0x9, 0x110, 0x1b, "96010000000000000000000000000000000008"}) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 17.766527317s ago: executing program 4 (id=2227): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 17.440933771s ago: executing program 4 (id=2231): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xe, 0x100000000f29, 0x4}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4) 16.241337429s ago: executing program 4 (id=2234): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x4000, 0x13580}, &(0x7f0000000440)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x0, 0x0}) io_uring_enter(r2, 0x14, 0xb9c, 0x3, 0x0, 0xffffffd5) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000}) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=@mpls_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0xfc}}, 0x1c}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r6, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) pread64(r6, &(0x7f0000000080)=""/110, 0x88, 0x400) r7 = add_key$keyring(&(0x7f00000018c0), &(0x7f0000001900)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) add_key$fscrypt_v1(0x0, &(0x7f0000001800)={'fscrypt:', @desc3}, &(0x7f0000001840)={0x0, "e857c32234bfbc6e2ee8cc17d2fcb69c1f772ae98abbabb6a592da302abdd67c82ff8fe37596bfcdb6c800ca766581cd46000d12e10854de6591cd74a7aab2ff", 0x14}, 0x48, r7) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) 12.415060316s ago: executing program 1 (id=2244): accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0x3}, 0x9c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={0x0}}, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x4d) close_range(r4, r4, 0x0) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f475", @ANYRES32], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0) 9.311211872s ago: executing program 3 (id=2252): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4c840) 9.122579333s ago: executing program 4 (id=2253): mknod$loop(&(0x7f0000000100)='./file0\x00', 0x100, 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = dup2(r2, r0) flock(r3, 0x8) 9.029231566s ago: executing program 3 (id=2254): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)="3bcbdb", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="13a8892019f1989dcb3695d96b609322d26e29fc35fee071c96d80bd46d6966cbe6b7a2cae610580a28150f9f09c86ff97e05d454faac2546a34871e68f5cbd68fd4b71e2aac0dc7620672a5d97f2b82603a6f9c25d5b78524ab47fb3c477a39625e82d11bae649b50912c5c3749d587d40f3b177c88c8e1a95a9580e76e4915e7a4d9d1bac139a4c4b3ea19d86435997790b8f33ed64746f783dcbca965f77a4ebc4ee05aaa5e68d551b3cb668bb5be8cb0f5c6d64346d4aa329d80f904bee073", 0xc1}, {&(0x7f0000000500)='T[X!', 0x4}], 0x2}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f00000012c0)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647", 0xda}], 0x1}}], 0x3, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 8.989645425s ago: executing program 4 (id=2255): socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008844, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0) sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0) r6 = openat$cgroup_procs(r0, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) pread64(r6, &(0x7f0000001840)=""/4096, 0x1000, 0x1) 8.7943803s ago: executing program 0 (id=2256): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xd, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0xe9}, @TCA_ROUTE4_IIF={0x8, 0x4, r2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8c8}, 0x20004804) 8.681929274s ago: executing program 1 (id=2257): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b) geteuid() 8.667642559s ago: executing program 3 (id=2258): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x1) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x200000e, 0x2172, 0xffffffffffffffff, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040)="415b7ac700000000", 0x8) r5 = accept(r4, 0x0, 0x0) recvmsg(r5, 0x0, 0x0) r6 = dup(r1) syz_kvm_setup_cpu$x86(r6, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="65f0ff454ef30f3066b83e000f00d0db53000fc778000f01c5660fc77509b9060300000f32c4e2790e1666b83a018ed8", 0x30}], 0x1, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0xa2040) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x13, r8, 0x100000000) r9 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0xa01, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x2, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 7.545665179s ago: executing program 1 (id=2259): bind$alg(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) getpid() syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r0, &(0x7f0000000280)=""/239, 0xef) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) read$char_usb(r0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 7.22413397s ago: executing program 0 (id=2260): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200000000000000", @ANYRES32=0x41424344], 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010", @ANYBLOB="ebffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.284660973s ago: executing program 0 (id=2261): bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x88200, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)) syz_open_dev$video(&(0x7f0000000100), 0x40, 0x680201) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r6, 0x0, &(0x7f00000000c0)) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x7, 0x80, 0x9, 0x110, 0x1b, "96010000000000000000000000000000000008"}) mount_setattr(r0, 0x0, 0x8000, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 5.926383532s ago: executing program 4 (id=2262): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @local}, @TCA_FLOWER_KEY_ENC_IPV4_SRC={0x8, 0x1b, @broadcast}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0) 4.957637095s ago: executing program 0 (id=2263): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4c840) 4.599753215s ago: executing program 0 (id=2264): mknod$loop(&(0x7f0000000100)='./file0\x00', 0x100, 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = dup2(r2, r0) flock(r3, 0x8) 4.35035622s ago: executing program 0 (id=2265): sendmmsg(0xffffffffffffffff, &(0x7f0000005e00)=[{{0x0, 0x0, &(0x7f0000002480)=[{&(0x7f0000000180)="253e749760721c", 0x7}], 0x1}}], 0x1, 0x48d4) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x400}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vxcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') lseek(r6, 0x10001, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) openat$kvm(0xffffffffffffff9c, 0x0, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$packet(r7, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r8, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$can_j1939(r3, &(0x7f0000000000)={0x1d, r2, 0x0, {}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r2, 0x0, {}, 0x2}, 0x18, &(0x7f0000000180)={&(0x7f00000003c0)="08030005c7373d5b", 0x8}}, 0xee) close(r3) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r2, {0x6, 0x8}, {0x5, 0xffff}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) 3.460517775s ago: executing program 1 (id=2266): accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0x3}, 0x9c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={0x0}}, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x4d) close_range(r4, r4, 0x0) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f475", @ANYRES32], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0) 2.638639686s ago: executing program 3 (id=2267): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)="3bcbdb", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="13a8892019f1989dcb3695d96b609322d26e29fc35fee071c96d80bd46d6966cbe6b7a2cae610580a28150f9f09c86ff97e05d454faac2546a34871e68f5cbd68fd4b71e2aac0dc7620672a5d97f2b82603a6f9c25d5b78524ab47fb3c477a39625e82d11bae649b50912c5c3749d587d40f3b177c88c8e1a95a9580e76e4915e7a4d9d1bac139a4c4b3ea19d86435997790b8f33ed64746f783dcbca965f77a4ebc4ee05aaa5e68d551b3cb668bb5be8cb0f5c6d64346d4aa329d80f904bee073", 0xc1}, {&(0x7f0000000500)='T[X!', 0x4}], 0x2}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f00000012c0)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647", 0xda}], 0x1}}], 0x3, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 2.480876936s ago: executing program 3 (id=2268): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b) geteuid() 1.237598755s ago: executing program 3 (id=2269): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b0009000000000904000201003504000905"], 0x0) 1.022596798s ago: executing program 1 (id=2270): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f2", 0x286}], 0x1, 0x0, 0x6b}, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x200a83, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000340)='./file0\x00', 0x80000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@allow_other}], [{@uid_gt={'uid>', 0xee01}}, {@dont_measure}, {@obj_type={'obj_type', 0x3d, 'cgroup.type\x00'}}, {@dont_hash}]}}, 0x0, 0x0, &(0x7f00000004c0)="631d315a20a9345047d5f7e16e5a1896c7912f2a180f78be8c4bcd47939449573a2c0aaae5a88802cebec53cc8e1510156c509f72303734dd9cf1fa99fe1f94e8a8e9be1f6456047d0") r1 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0xf2cf, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x90c0}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r7 = openat$cgroup_type(r6, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r7, &(0x7f0000000280), 0x9) r8 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f0000000c40), 0x12) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_ro(r9, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12) 0s ago: executing program 1 (id=2271): socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008844, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0) sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0) r6 = openat$cgroup_procs(r0, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) pread64(r6, &(0x7f0000001840)=""/4096, 0x1000, 0x1) kernel console output (not intermixed with test programs): 37][ T5935] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 529ms [ 468.138034][ T5935] gfs2: fsid=syz:syz.0: jid=0: Done [ 468.146983][T10175] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 468.185205][T10175] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 468.438410][T10229] binder: 10228:10229 ioctl 40046205 0 returned -22 [ 468.737365][T10231] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1243'. [ 469.860983][T10236] use of bytesused == 0 is deprecated and will be removed in the future, [ 469.869826][T10236] use the actual size instead. [ 469.976838][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1244'. [ 470.384977][T10242] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1247'. [ 470.617616][T10244] loop1: detected capacity change from 0 to 32768 [ 471.112808][T10244] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=gzip,str_hash=crc32c,journal_flush_disabled,recovery_pass_last=set_may_go_rw,reconstruct_alloc [ 471.112831][T10244] allowing incompatible features above 0.0: (unknown version) [ 471.112840][T10244] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 471.159129][T10244] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 471.167485][T10244] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 471.175671][T10244] bcachefs (loop1): Version upgrade required: [ 471.175671][T10244] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 471.175671][T10244] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 471.175671][T10244] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 471.201292][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1252'. [ 471.292118][T10244] bcachefs (loop1): dropping and reconstructing all alloc info [ 471.340102][T10244] bcachefs (loop1): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 471.367963][T10244] bcachefs (loop1): check_topology... [ 471.368032][T10244] bcachefs (loop1): btree root extents unreadable, must recover from scan [ 471.382155][T10244] bcachefs (loop1): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 471.394145][T10244] bcachefs (loop1): bch2_check_root(): error restart_recovery [ 471.401786][T10244] bcachefs (loop1): check_topology(): error restart_recovery [ 471.409307][T10244] bcachefs (loop1): scan_for_btree_nodes... [ 471.620835][T10244] bcachefs (loop1): btree node scan found 1 nodes after overwrites [ 471.635880][T10244] done [ 471.638742][T10244] bcachefs (loop1): check_topology... [ 471.638824][T10244] bcachefs (loop1): btree root extents unreadable, must recover from scan [ 471.654199][T10244] bcachefs (loop1): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 471.671783][T10244] bcachefs (loop1): empty interior btree node at btree=extents level=1 [ 471.671803][T10244] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 471.687073][T10244] bcachefs (loop1): bch2_btree_repair_topology_recurse(): error ECHILD [ 471.695587][T10244] bcachefs (loop1): empty btree root extents [ 471.705522][T10244] done [ 471.708673][T10244] bcachefs (loop1): accounting_read... done [ 471.724229][T10244] bcachefs (loop1): alloc_read... done [ 471.743761][T10244] bcachefs (loop1): snapshots_read... done [ 471.766473][T10244] bcachefs (loop1): check_allocations... done [ 471.840309][T10244] bcachefs (loop1): going read-write [ 471.879539][T10244] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean [ 472.782428][ T5986] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 472.782474][ T5986] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 472.916345][ T6079] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 472.916366][ T6079] u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing [ 472.993453][ T6079] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 472.993474][ T6079] u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing [ 473.160254][ T5845] bcachefs (loop1): unclean shutdown complete, journal seq 14 [ 473.386239][T10266] loop4: detected capacity change from 0 to 32768 [ 473.446151][T10266] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 473.464366][T10266] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 473.596162][T10266] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 473.641040][ T5857] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 473.651577][ T5857] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 473.860557][ T5857] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 208ms [ 473.918826][ T5857] gfs2: fsid=syz:syz.0: jid=0: Done [ 473.924129][T10266] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 474.406974][T10308] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1271'. [ 477.247597][ T5935] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 477.407520][ T5935] usb 4-1: Using ep0 maxpacket: 32 [ 477.414895][ T5935] usb 4-1: config 0 has an invalid interface number: 180 but max is 0 [ 477.434028][ T5935] usb 4-1: config 0 has no interface number 0 [ 477.458774][ T5935] usb 4-1: config 0 interface 180 has no altsetting 0 [ 477.493809][ T5935] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0113, bcdDevice=f0.8f [ 477.523842][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.570001][ T5935] usb 4-1: Product: syz [ 477.587416][ T5935] usb 4-1: Manufacturer: syz [ 477.611847][ T5935] usb 4-1: SerialNumber: syz [ 477.696168][ T5935] usb 4-1: config 0 descriptor?? [ 477.967296][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 477.975983][ T5935] kvaser_usb 4-1:0.180: error -ENODEV: Cannot get usb endpoint(s) [ 477.987881][ T5935] usb 4-1: USB disconnect, device number 12 [ 478.567140][T10342] loop0: detected capacity change from 0 to 1024 [ 479.900157][T10332] loop4: detected capacity change from 0 to 32768 [ 480.088333][ T5857] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 480.106114][ T30] audit: type=1326 audit(1752925155.036:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.138263][ T30] audit: type=1326 audit(1752925155.076:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.178472][ T30] audit: type=1326 audit(1752925155.076:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.201236][ T30] audit: type=1326 audit(1752925155.076:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.203068][T10332] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 480.255968][ T30] audit: type=1326 audit(1752925155.076:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.303773][ T30] audit: type=1326 audit(1752925155.076:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.334204][ T30] audit: type=1326 audit(1752925155.076:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.337388][ T5857] usb 2-1: Using ep0 maxpacket: 16 [ 480.358634][ T30] audit: type=1326 audit(1752925155.076:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.405469][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.417402][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.431658][ T5857] usb 2-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 480.441509][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.464995][ T5857] usb 2-1: config 0 descriptor?? [ 480.483942][ T30] audit: type=1326 audit(1752925155.076:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.521443][ T30] audit: type=1326 audit(1752925155.076:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.2.1286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 480.554567][T10332] XFS (loop4): Ending clean mount [ 480.602303][T10332] XFS (loop4): Quotacheck needed: Please wait. [ 480.697553][T10344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 480.706532][T10344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 480.735316][T10332] XFS (loop4): Quotacheck: Done. [ 480.743428][ T5857] usbhid 2-1:0.0: can't add hid device: -71 [ 480.776235][ T5857] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 480.802373][ T5844] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 480.833208][T10372] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1290'. [ 480.838908][ T5857] usb 2-1: USB disconnect, device number 14 [ 481.226671][T10377] batadv_slave_0: entered promiscuous mode [ 481.249402][T10377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1293'. [ 481.267884][T10377] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 481.287803][ T3547] hfsplus: b-tree write err: -5, ino 4 [ 481.458582][T10377] batadv_slave_0 (unregistering): left promiscuous mode [ 481.465693][T10377] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 481.906571][ T5847] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 482.092707][ T5847] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 482.108045][ T5847] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 482.259933][ T5847] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 482.269327][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 482.281797][ T5847] usb 2-1: SerialNumber: syz [ 482.670870][ T5847] usb 2-1: 0:2 : does not exist [ 482.707500][ T5847] usb 2-1: USB disconnect, device number 15 [ 482.938298][ T5904] udevd[5904]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 484.792660][ T5903] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 485.154121][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 485.176183][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.340339][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 485.352170][ T5903] usb 5-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 485.363140][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.376841][ T5903] usb 5-1: config 0 descriptor?? [ 485.767278][T10413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 485.792128][T10413] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.953329][T10442] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1314'. [ 486.962534][T10442] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1314'. [ 486.971807][T10442] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1314'. [ 486.981076][T10442] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1314'. [ 487.497056][ T5903] usbhid 5-1:0.0: can't add hid device: -71 [ 487.498751][ T30] kauditd_printk_skb: 429 callbacks suppressed [ 487.498769][ T30] audit: type=1326 audit(1752925162.426:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 487.503357][ T5903] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 487.583013][ T30] audit: type=1326 audit(1752925162.456:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 487.606432][ T5903] usb 5-1: USB disconnect, device number 20 [ 487.712035][ T30] audit: type=1326 audit(1752925162.456:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 487.801263][ T30] audit: type=1326 audit(1752925162.456:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 487.874284][ T30] audit: type=1326 audit(1752925162.456:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 487.898194][ T30] audit: type=1326 audit(1752925162.456:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 488.094430][ T30] audit: type=1326 audit(1752925162.456:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 488.117266][ T30] audit: type=1326 audit(1752925162.456:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 488.139786][ C0] vkms_vblank_simulate: vblank timer overrun [ 488.311745][ T30] audit: type=1326 audit(1752925162.456:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 488.402062][ T30] audit: type=1326 audit(1752925162.456:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10445 comm="syz.2.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 488.500144][T10461] trusted_key: encrypted_key: insufficient parameters specified [ 489.063306][T10464] binder: 10463:10464 ioctl 40046205 0 returned -22 [ 489.540088][T10469] loop1: detected capacity change from 0 to 32768 [ 489.550725][T10470] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1320'. [ 490.256229][T10469] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=gzip,str_hash=crc32c,journal_flush_disabled,recovery_pass_last=set_may_go_rw,reconstruct_alloc [ 490.256253][T10469] allowing incompatible features above 0.0: (unknown version) [ 490.256262][T10469] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 490.302062][T10469] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 490.310388][T10469] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 490.318636][T10469] bcachefs (loop1): Version upgrade required: [ 490.318636][T10469] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 490.318636][T10469] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 490.318636][T10469] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 490.423659][T10469] bcachefs (loop1): dropping and reconstructing all alloc info [ 490.497912][T10469] bcachefs (loop1): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 490.560231][T10469] bcachefs (loop1): check_topology... [ 490.560310][T10469] bcachefs (loop1): btree root extents unreadable, must recover from scan [ 490.574480][T10469] bcachefs (loop1): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 490.586529][T10469] bcachefs (loop1): bch2_check_root(): error restart_recovery [ 490.594122][T10469] bcachefs (loop1): check_topology(): error restart_recovery [ 490.602915][T10469] bcachefs (loop1): scan_for_btree_nodes... [ 490.997123][T10469] bcachefs (loop1): btree node scan found 1 nodes after overwrites [ 491.014126][T10469] done [ 491.016918][T10469] bcachefs (loop1): check_topology... [ 491.016980][T10469] bcachefs (loop1): btree root extents unreadable, must recover from scan [ 491.031195][T10469] bcachefs (loop1): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 491.052503][T10469] bcachefs (loop1): empty interior btree node at btree=extents level=1 [ 491.052519][T10469] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 491.068026][T10469] bcachefs (loop1): bch2_btree_repair_topology_recurse(): error ECHILD [ 491.076377][T10469] bcachefs (loop1): empty btree root extents [ 491.087270][T10469] done [ 491.090194][T10469] bcachefs (loop1): accounting_read... done [ 491.098265][T10469] bcachefs (loop1): alloc_read... done [ 491.104599][T10469] bcachefs (loop1): snapshots_read... done [ 491.113846][T10469] bcachefs (loop1): check_allocations... done [ 491.144284][T10469] bcachefs (loop1): going read-write [ 491.176092][T10469] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean [ 491.483521][ T147] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 491.483556][ T147] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 491.695058][ T147] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 491.695110][ T147] u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing [ 491.897016][ T147] bcachefs (loop1): bucket incorrectly unset in freespace btree [ 491.897031][ T147] u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing [ 492.066094][ T5845] bcachefs (loop1): unclean shutdown complete, journal seq 13 [ 493.027976][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 493.027991][ T30] audit: type=1326 audit(1752925167.946:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.137531][ T30] audit: type=1326 audit(1752925167.956:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.214478][ T30] audit: type=1326 audit(1752925167.956:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.291882][ T30] audit: type=1326 audit(1752925167.956:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.316354][ T30] audit: type=1326 audit(1752925167.956:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.343269][ T30] audit: type=1326 audit(1752925167.956:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.369536][ T30] audit: type=1326 audit(1752925167.956:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.393180][ T30] audit: type=1326 audit(1752925167.956:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.425961][ T30] audit: type=1326 audit(1752925167.956:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.449950][ T30] audit: type=1326 audit(1752925167.956:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10511 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x7ff00000 [ 493.490674][T10515] binder: 10514:10515 ioctl 40046205 0 returned -22 [ 493.771130][T10517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1335'. [ 494.542312][T10521] xt_hashlimit: max too large, truncated to 1048576 [ 494.560631][T10521] No such timeout policy "syz1" [ 495.378123][T10526] warning: `syz.2.1339' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 496.133136][T10531] loop3: detected capacity change from 0 to 32768 [ 496.320472][T10531] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=gzip,str_hash=crc32c,journal_flush_disabled,recovery_pass_last=set_may_go_rw,reconstruct_alloc [ 496.320497][T10531] allowing incompatible features above 0.0: (unknown version) [ 496.320507][T10531] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 496.367509][T10531] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 496.375832][T10531] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 496.384391][T10531] bcachefs (loop3): Version upgrade required: [ 496.384391][T10531] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 496.384391][T10531] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 496.384391][T10531] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 496.462531][T10544] loop1: detected capacity change from 0 to 16 [ 497.398431][T10544] erofs (device loop1): too large lz4 pclusterblks 16832 [ 497.505792][T10531] bcachefs (loop3): dropping and reconstructing all alloc info [ 497.561715][T10531] bcachefs (loop3): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 497.600898][T10531] bcachefs (loop3): check_topology... [ 497.600978][T10531] bcachefs (loop3): btree root extents unreadable, must recover from scan [ 497.615216][T10531] bcachefs (loop3): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 497.616640][T10549] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1343'. [ 497.627126][T10531] bcachefs (loop3): bch2_check_root(): error restart_recovery [ 497.627161][T10531] bcachefs (loop3): check_topology(): error restart_recovery [ 497.651447][T10531] bcachefs (loop3): scan_for_btree_nodes... [ 497.760597][T10531] bcachefs (loop3): btree node scan found 1 nodes after overwrites [ 497.780837][T10531] done [ 497.783762][T10531] bcachefs (loop3): check_topology... [ 497.783848][T10531] bcachefs (loop3): btree root extents unreadable, must recover from scan [ 497.798012][T10531] bcachefs (loop3): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 497.816965][T10531] bcachefs (loop3): empty interior btree node at btree=extents level=1 [ 497.816984][T10531] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 497.833375][T10531] bcachefs (loop3): bch2_btree_repair_topology_recurse(): error ECHILD [ 497.841878][T10531] bcachefs (loop3): empty btree root extents [ 497.889517][T10531] done [ 497.892353][T10531] bcachefs (loop3): accounting_read... done [ 497.920899][T10531] bcachefs (loop3): alloc_read... done [ 497.929215][T10531] bcachefs (loop3): snapshots_read... done [ 497.940050][T10531] bcachefs (loop3): check_allocations... done [ 498.018212][T10531] bcachefs (loop3): going read-write [ 498.046584][T10531] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 498.409585][ T6079] bcachefs (loop3): bucket incorrectly unset in freespace btree [ 498.409633][ T6079] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 498.599051][ T5903] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 498.625560][ T6079] bcachefs (loop3): bucket incorrectly unset in freespace btree [ 498.625600][ T6079] u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing [ 498.697035][ T6079] bcachefs (loop3): bucket incorrectly unset in freespace btree [ 498.697051][ T6079] u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing [ 498.790396][T10567] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 498.790441][T10567] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 498.790494][T10567] vhci_hcd vhci_hcd.0: Device attached [ 498.817865][ T5903] usb 5-1: Using ep0 maxpacket: 32 [ 498.829256][ T5903] usb 5-1: config 0 has an invalid interface number: 180 but max is 0 [ 498.829286][ T5903] usb 5-1: config 0 has no interface number 0 [ 498.829319][ T5903] usb 5-1: config 0 interface 180 has no altsetting 0 [ 498.831371][ T5903] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0113, bcdDevice=f0.8f [ 498.831401][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.831422][ T5903] usb 5-1: Product: syz [ 498.831439][ T5903] usb 5-1: Manufacturer: syz [ 498.831455][ T5903] usb 5-1: SerialNumber: syz [ 498.834464][ T5903] usb 5-1: config 0 descriptor?? [ 499.050742][ T10] usb 33-1: new high-speed USB device number 3 using vhci_hcd [ 499.071666][T10570] vhci_hcd: connection reset by peer [ 499.077091][ T12] vhci_hcd: stop threads [ 499.077123][ T12] vhci_hcd: release socket [ 499.077160][ T12] vhci_hcd: disconnect device [ 499.134602][ T5903] kvaser_usb 5-1:0.180: error -ENODEV: Cannot get usb endpoint(s) [ 499.138145][ T5903] usb 5-1: USB disconnect, device number 21 [ 499.372921][ T5849] bcachefs (loop3): unclean shutdown complete, journal seq 14 [ 500.520369][T10589] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1352'. [ 500.530239][T10589] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1352'. [ 500.540406][T10589] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1352'. [ 500.549748][T10589] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1352'. [ 501.525390][T10595] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1355'. [ 501.613824][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.620503][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.044078][T10606] openvswitch: netlink: Key 6 has unexpected len 0 expected 2 [ 502.107929][ T5935] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 502.229146][T10608] fuse: Bad value for 'fd' [ 502.274749][ T5935] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 502.287037][ T5935] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 502.323378][ T5935] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 502.342602][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 502.382797][ T5935] usb 1-1: SerialNumber: syz [ 502.807013][ T5935] usb 1-1: 0:2 : does not exist [ 502.848331][ T5935] usb 1-1: USB disconnect, device number 27 [ 502.940222][ T5904] udevd[5904]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 503.491631][T10617] loop0: detected capacity change from 0 to 1024 [ 503.537223][T10615] loop1: detected capacity change from 0 to 2048 [ 503.959226][T10615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 504.017861][T10615] ext4 filesystem being mounted at /255/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 504.159206][ T10] vhci_hcd: vhci_device speed not set [ 504.192111][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 505.085101][T10635] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1367'. [ 506.581197][T10655] loop3: detected capacity change from 0 to 2048 [ 506.751805][T10655] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 506.864519][T10655] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 507.014834][ T5849] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 507.130720][T10671] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1380'. [ 507.322470][ T6079] hfsplus: b-tree write err: -5, ino 4 [ 508.409705][T10691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1384'. [ 508.419648][T10691] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1384'. [ 508.429540][T10691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1384'. [ 508.438810][T10691] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1384'. [ 509.187726][ T5847] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 509.331366][T10693] loop4: detected capacity change from 0 to 32768 [ 509.505980][T10693] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=gzip,str_hash=crc32c,journal_flush_disabled,recovery_pass_last=set_may_go_rw,reconstruct_alloc [ 509.506004][T10693] allowing incompatible features above 0.0: (unknown version) [ 509.506013][T10693] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 509.544474][ T5847] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 509.552345][T10693] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 509.569692][T10693] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 509.577963][T10693] bcachefs (loop4): Version upgrade required: [ 509.577963][T10693] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 509.577963][T10693] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 509.577963][T10693] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 509.682630][T10693] bcachefs (loop4): dropping and reconstructing all alloc info [ 509.716365][T10693] bcachefs (loop4): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 509.775773][ T5847] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 509.797301][T10693] bcachefs (loop4): check_topology... [ 509.797461][T10693] bcachefs (loop4): btree root extents unreadable, must recover from scan [ 509.811769][T10693] bcachefs (loop4): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 509.823756][T10693] bcachefs (loop4): bch2_check_root(): error restart_recovery [ 509.831394][T10693] bcachefs (loop4): check_topology(): error restart_recovery [ 509.838889][T10693] bcachefs (loop4): scan_for_btree_nodes... [ 509.864499][ T5847] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 509.887814][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 509.906794][ T5847] usb 1-1: SerialNumber: syz [ 509.980423][T10693] bcachefs (loop4): btree node scan found 1 nodes after overwrites [ 509.987598][ T5998] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 510.006676][T10693] done [ 510.009604][T10693] bcachefs (loop4): check_topology... [ 510.009691][T10693] bcachefs (loop4): btree root extents unreadable, must recover from scan [ 510.023799][T10693] bcachefs (loop4): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 510.044980][T10693] bcachefs (loop4): empty interior btree node at btree=extents level=1 [ 510.044995][T10693] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 510.061458][T10693] bcachefs (loop4): bch2_btree_repair_topology_recurse(): error ECHILD [ 510.069941][T10693] bcachefs (loop4): empty btree root extents [ 510.083471][T10693] done [ 510.086277][T10693] bcachefs (loop4): accounting_read... done [ 510.094163][T10693] bcachefs (loop4): alloc_read... done [ 510.102086][T10693] bcachefs (loop4): snapshots_read... done [ 510.125347][T10693] bcachefs (loop4): check_allocations... [ 510.157543][ T5998] usb 2-1: Using ep0 maxpacket: 32 [ 510.254426][ T5847] usb 1-1: 0:2 : does not exist [ 510.269230][ T5998] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 510.279447][T10693] done [ 510.285109][T10693] bcachefs (loop4): going read-write [ 510.298723][ T5998] usb 2-1: config 0 has no interface number 0 [ 510.319437][T10693] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean [ 510.387636][ T5998] usb 2-1: config 0 interface 184 has no altsetting 0 [ 510.686430][ T5998] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 510.695826][ T5847] usb 1-1: USB disconnect, device number 28 [ 510.753561][ T5998] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.795743][ T5998] usb 2-1: Product: syz [ 510.826709][ T5998] usb 2-1: Manufacturer: syz [ 510.847887][ T5998] usb 2-1: SerialNumber: syz [ 510.888619][ T5998] usb 2-1: config 0 descriptor?? [ 510.918196][ T5998] smsc75xx v1.0.0 [ 510.934415][ T5998] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 510.958807][ T12] bcachefs (loop4): bucket incorrectly unset in freespace btree [ 510.958841][ T12] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 511.025138][ T5998] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22 [ 511.128684][T10705] binder: 10694:10705 ioctl c0306201 200000000100 returned -11 [ 511.491117][ T12] bcachefs (loop4): bucket incorrectly unset in freespace btree [ 511.491166][ T12] u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing [ 511.605887][ T12] bcachefs (loop4): bucket incorrectly unset in freespace btree [ 511.605911][ T12] u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing [ 511.888630][ T5844] bcachefs (loop4): unclean shutdown complete, journal seq 14 [ 512.957629][ T5847] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 513.127500][ T5847] usb 4-1: Using ep0 maxpacket: 8 [ 513.134705][ T5847] usb 4-1: unable to get BOS descriptor or descriptor too short [ 513.146911][ T5847] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 513.158859][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 513.179019][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 513.215946][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 513.235177][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 513.245439][ T5847] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0 [ 513.255789][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 513.282382][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 513.294594][ T10] usb 2-1: USB disconnect, device number 16 [ 513.295531][ T5847] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 513.310684][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.327649][ T5847] usb 4-1: Product: syz [ 513.346532][ T5847] usb 4-1: Manufacturer: syz [ 513.409869][ T5847] usb 4-1: SerialNumber: syz [ 513.443691][ T5847] usb 4-1: config 0 descriptor?? [ 513.472925][ T5847] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 513.657834][ T5847] usb 4-1: USB disconnect, device number 13 [ 513.681578][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 514.344116][T10740] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1398'. [ 514.354727][T10740] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1398'. [ 514.363839][T10740] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1398'. [ 514.372962][T10740] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1398'. [ 515.741555][T10766] binfmt_misc: register: failed to install interpreter file ./file2 [ 515.996134][T10769] xt_CT: You must specify a L4 protocol and not use inversions on it [ 520.133698][T10809] loop4: detected capacity change from 0 to 32768 [ 520.240183][T10809] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 520.249982][T10809] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 520.358275][T10809] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 520.373652][ T5847] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 520.391005][ T5847] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 520.594418][ T5847] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 203ms [ 520.629134][ T5847] gfs2: fsid=syz:syz.0: jid=0: Done [ 520.833039][T10809] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 520.902088][T10829] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1427'. [ 520.914295][T10829] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1427'. [ 520.923396][T10829] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1427'. [ 520.932491][T10829] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1427'. [ 521.158383][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 521.158397][ T30] audit: type=1800 audit(1752925196.086:727): pid=10809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1420" name="file1" dev="loop4" ino=9378 res=0 errno=0 [ 522.470164][T10853] binfmt_misc: register: failed to install interpreter file ./file2 [ 524.525000][T10880] binder: 10878:10880 ioctl c0306201 200000000640 returned -22 [ 524.555202][T10882] loop1: detected capacity change from 0 to 1024 [ 525.494377][ T6079] hfsplus: b-tree write err: -5, ino 4 [ 526.190685][T10895] kvm: emulating exchange as write [ 528.899262][T10924] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 528.972671][T10925] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 528.972671][T10925] The task syz.4.1458 (10925) triggered the difference, watch for misbehavior. [ 529.853728][T10933] binfmt_misc: register: failed to install interpreter file ./file2 [ 529.907865][ T983] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 530.097630][ T983] usb 2-1: Using ep0 maxpacket: 16 [ 530.133844][ T983] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 530.168151][ T983] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 530.197510][ T983] usb 2-1: Product: syz [ 530.201727][ T983] usb 2-1: Manufacturer: syz [ 530.206361][ T983] usb 2-1: SerialNumber: syz [ 530.238771][ T983] usb 2-1: config 0 descriptor?? [ 530.667614][ T5998] usb 2-1: USB disconnect, device number 17 [ 531.721583][ T983] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 531.967399][ T983] usb 2-1: Using ep0 maxpacket: 32 [ 532.006365][ T983] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 532.065718][ T983] usb 2-1: config 0 has no interface number 0 [ 532.142664][ T983] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 532.176155][ T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.206944][ T983] usb 2-1: Product: syz [ 532.227397][ T983] usb 2-1: Manufacturer: syz [ 532.251217][ T983] usb 2-1: SerialNumber: syz [ 532.382233][ T983] usb 2-1: config 0 descriptor?? [ 532.434968][ T983] smsc95xx v2.0.0 [ 532.836837][ T983] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 532.872963][ T983] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 533.367924][T10975] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1471'. [ 533.376976][T10975] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1471'. [ 533.386303][T10975] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1471'. [ 533.395380][T10975] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1471'. [ 533.467778][ T5998] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 533.627533][ T5998] usb 4-1: Using ep0 maxpacket: 8 [ 533.640234][ T5998] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 533.662847][ T5998] usb 4-1: config 0 has no interface number 0 [ 533.682090][ T5998] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 533.729828][ T5998] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 533.744151][ T5998] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 533.756192][ T5998] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 533.775125][ T5998] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 533.794124][ T5998] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 533.830818][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.018896][ T5998] usb 4-1: config 0 descriptor?? [ 534.042151][ T5998] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 534.236580][T10974] ldusb 4-1:0.55: Couldn't submit interrupt_in_urb -90 [ 534.261022][ T5998] usb 4-1: USB disconnect, device number 14 [ 534.279119][ T5998] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 534.652891][T10991] binfmt_misc: register: failed to install interpreter file ./file2 [ 534.717444][ T983] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -61 [ 534.930709][ T983] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -61 [ 536.013880][ T5847] usb 2-1: USB disconnect, device number 18 [ 537.021620][T11016] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 537.028202][T11016] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 537.036043][T11016] vhci_hcd vhci_hcd.0: Device attached [ 537.078396][T11017] vhci_hcd: connection closed [ 538.674357][ T12] vhci_hcd: stop threads [ 538.683597][ T5847] usb 33-1: new high-speed USB device number 4 using vhci_hcd [ 538.859791][ T12] vhci_hcd: release socket [ 538.952229][ T12] vhci_hcd: disconnect device [ 539.387499][ T5998] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 539.549900][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 540.220830][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 540.247449][ T5998] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 540.256576][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.375915][ T5998] usb 4-1: config 0 descriptor?? [ 540.425485][ T5998] usb 4-1: can't set config #0, error -71 [ 540.479466][ T5998] usb 4-1: USB disconnect, device number 15 [ 540.854549][ T30] audit: type=1326 audit(1752925215.746:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 540.924118][ T30] audit: type=1326 audit(1752925215.746:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.098540][ T30] audit: type=1326 audit(1752925215.746:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.210836][ T30] audit: type=1326 audit(1752925215.746:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.240320][ T30] audit: type=1326 audit(1752925215.746:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.546977][ T30] audit: type=1326 audit(1752925215.746:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.571607][ T30] audit: type=1326 audit(1752925215.746:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.651516][ T30] audit: type=1326 audit(1752925215.746:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.765368][ T30] audit: type=1326 audit(1752925215.746:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 541.832804][ T30] audit: type=1326 audit(1752925215.756:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11037 comm="syz.3.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x7ffc0000 [ 543.001797][T11064] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1499'. [ 543.337283][T11068] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 543.343947][T11068] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 543.352459][T11068] vhci_hcd vhci_hcd.0: Device attached [ 543.419956][T11069] vhci_hcd: connection closed [ 543.687593][ T5998] usb 39-1: new high-speed USB device number 3 using vhci_hcd [ 543.830072][T11070] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 543.917858][ T5847] vhci_hcd: vhci_device speed not set [ 543.976248][ T49] vhci_hcd: stop threads [ 544.063876][ T49] vhci_hcd: release socket [ 544.144108][ T49] vhci_hcd: disconnect device [ 545.327866][ T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 545.437756][ T983] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 545.487555][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 545.764921][ T10] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 545.773606][ T983] usb 5-1: Using ep0 maxpacket: 8 [ 545.792041][ T983] usb 5-1: unable to get BOS descriptor or descriptor too short [ 545.828127][ T10] usb 4-1: config 0 has no interface number 0 [ 545.849009][ T983] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 546.047242][ T10] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 546.052378][T11098] tipc: Enabling of bearer rejected, failed to enable media [ 546.056986][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 546.085852][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.096241][ T10] usb 4-1: Product: syz [ 546.104296][ T10] usb 4-1: Manufacturer: syz [ 546.116119][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 546.130095][ T10] usb 4-1: SerialNumber: syz [ 546.148576][ T10] usb 4-1: config 0 descriptor?? [ 546.156238][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 546.177723][ T10] smsc95xx v2.0.0 [ 546.184651][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 546.724493][ T983] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0 [ 546.763376][ T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 546.783310][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 546.797464][ T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 546.816537][ T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 546.840779][ T983] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 547.095100][ T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.104709][ T983] usb 5-1: Product: syz [ 547.109042][ T983] usb 5-1: Manufacturer: syz [ 547.113695][ T983] usb 5-1: SerialNumber: syz [ 547.136491][ T983] usb 5-1: config 0 descriptor?? [ 547.153130][ T983] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 547.248337][T11110] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 547.333538][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 547.370930][ T983] usb 5-1: USB disconnect, device number 22 [ 548.327450][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 548.732555][T11116] syz.1.1515 (11116): drop_caches: 2 [ 548.957889][ T5998] vhci_hcd: vhci_device speed not set [ 549.059843][ T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -61 [ 549.093455][ T10] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61 [ 550.261194][ T5857] usb 4-1: USB disconnect, device number 16 [ 550.648108][T11137] loop3: detected capacity change from 0 to 32768 [ 550.681068][T11137] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 550.689319][T11137] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 550.743709][T11137] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 550.754064][ T5903] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 550.763681][ T5903] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 550.797465][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 550.928746][T11146] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1524'. [ 551.007835][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 551.053660][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 551.073941][ T5903] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 310ms [ 551.097499][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 551.107296][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 551.119222][ T5903] gfs2: fsid=syz:syz.0: jid=0: Done [ 551.143845][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 551.153866][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.162228][T11137] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 551.216001][ T10] usb 1-1: config 0 descriptor?? [ 551.499723][ T30] audit: type=1800 audit(1752925226.436:738): pid=11137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1522" name="file1" dev="loop3" ino=9378 res=0 errno=0 [ 551.819208][ T10] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max [ 551.968141][ T10] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 553.792065][T11197] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1538'. [ 553.899140][ T5857] usb 1-1: USB disconnect, device number 29 [ 555.128000][ T5903] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 555.323264][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 555.372720][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.449204][ T5903] usb 2-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 555.486478][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.540855][ T5903] usb 2-1: config 0 descriptor?? [ 555.928583][ T983] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 555.978737][ T5903] hid-generic 0003:04F3:0754.0003: failed to start in urb: -90 [ 555.994887][ T5903] hid-generic 0003:04F3:0754.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0754] on usb-dummy_hcd.1-1/input0 [ 556.119617][ T983] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 556.140262][ T983] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 556.173942][ T5903] usb 2-1: USB disconnect, device number 19 [ 556.186078][ T983] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 556.224181][ T983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 556.231698][T11213] fido_id[11213]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 556.271578][ T983] usb 5-1: SerialNumber: syz [ 556.522069][ T983] usb 5-1: 0:2 : does not exist [ 556.590514][ T983] usb 5-1: USB disconnect, device number 23 [ 556.816985][ T5904] udevd[5904]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 558.276628][T11257] random: crng reseeded on system resumption [ 559.595018][T11272] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 561.689377][T11297] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1571'. [ 561.698799][T11297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1571'. [ 561.707848][T11297] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1571'. [ 561.716882][T11297] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1571'. [ 563.052845][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.059300][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.804685][T11329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1584'. [ 563.815070][T11329] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1584'. [ 563.824119][T11329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1584'. [ 563.833157][T11329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1584'. [ 564.238866][T11344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1588'. [ 565.552060][T11362] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 568.027668][ T5857] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 568.211247][ T5857] usb 5-1: Using ep0 maxpacket: 8 [ 568.300705][ T5857] usb 5-1: unable to get BOS descriptor or descriptor too short [ 568.330104][ T5857] usb 5-1: config 7 has an invalid interface number: 6 but max is 0 [ 568.371209][ T5857] usb 5-1: config 7 has no interface number 0 [ 568.387588][ T5857] usb 5-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254 [ 568.429586][ T5857] usb 5-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 568.494936][ T5857] usb 5-1: config 7 interface 6 has no altsetting 0 [ 568.523596][ T5857] usb 5-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e [ 568.534457][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.550946][ T5857] usb 5-1: Product: syz [ 568.575909][ T5857] usb 5-1: Manufacturer: syz [ 568.596155][ T5857] usb 5-1: SerialNumber: syz [ 572.263534][ T5857] option 5-1:7.6: GSM modem (1-port) converter detected [ 572.306700][T11439] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1620'. [ 572.318660][ T5857] usb 5-1: USB disconnect, device number 24 [ 572.350337][ T5857] option 5-1:7.6: device disconnected [ 572.553323][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1621'. [ 572.605995][T11445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'. [ 574.387589][ T5847] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 574.557491][ T5847] usb 5-1: Using ep0 maxpacket: 8 [ 574.594886][ T5847] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 574.607107][ T5847] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 574.631467][ T5847] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 574.651776][ T5847] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 574.672051][ T5847] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 574.710374][ T5847] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 574.733832][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.027749][ T5847] usb 5-1: GET_CAPABILITIES returned 0 [ 575.033316][ T5847] usbtmc 5-1:16.0: can't read capabilities [ 575.308674][T11474] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 575.311765][ T5847] usb 5-1: USB disconnect, device number 25 [ 575.354152][T11493] tipc: Started in network mode [ 575.377943][T11493] tipc: Node identity 8, cluster identity 4711 [ 575.405300][T11493] tipc: Node number set to 8 [ 575.720377][ T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 575.877839][T11503] bridge0: entered allmulticast mode [ 575.916346][T11503] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 576.137697][ T10] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 576.161198][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 576.183888][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 576.239896][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 576.292529][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 576.329381][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 576.346138][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 576.394976][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 576.418805][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 576.430433][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 576.444926][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 576.567527][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 576.597626][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 576.619282][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 576.658104][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 576.726184][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 576.816762][T11516] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1652'. [ 576.827201][T11516] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1652'. [ 576.836274][T11516] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1652'. [ 576.845295][T11516] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1652'. [ 576.872879][T11521] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 576.936454][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 576.956057][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 576.977534][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 576.997635][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 577.010339][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 577.018359][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 577.031021][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 577.047134][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 577.057824][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 577.065848][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 577.078767][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 577.094188][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 577.107868][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 577.116159][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 577.136827][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 577.164510][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 577.174806][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 577.184617][ T10] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 577.194320][ T10] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 577.206529][ T10] usb 4-1: Product: syz [ 577.213215][ T10] usb 4-1: Manufacturer: syz [ 577.365563][ T10] usb 4-1: SerialNumber: syz [ 577.377010][ T10] usb 4-1: config 0 descriptor?? [ 577.395509][ T10] yurex 4-1:0.0: Could not submitting URB [ 577.406446][ T10] yurex 4-1:0.0: probe with driver yurex failed with error -5 [ 577.599702][ T5857] usb 4-1: USB disconnect, device number 17 [ 577.727042][T11535] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1658'. [ 577.989618][T11544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1659'. [ 578.004339][T11544] xt_policy: neither incoming nor outgoing policy selected [ 578.019616][T11544] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1659'. [ 578.028871][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 578.227526][ T5903] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 578.315146][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 578.342715][ T10] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 578.351176][ T10] usb 5-1: config 0 has no interface number 0 [ 578.373022][ T10] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 578.467637][ T5903] usb 2-1: Using ep0 maxpacket: 8 [ 578.483147][ T5903] usb 2-1: unable to get BOS descriptor or descriptor too short [ 578.512008][ T10] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 578.533927][ T5903] usb 2-1: too many endpoints for config 4 interface 0 altsetting 102: 65, using maximum allowed: 30 [ 578.562625][ T5903] usb 2-1: config 4 interface 0 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 65 [ 578.581148][ T10] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 578.626641][ T10] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 578.642299][ T5903] usb 2-1: config 4 interface 0 has no altsetting 0 [ 578.659878][ T5903] usb 2-1: string descriptor 0 read error: -22 [ 578.667611][ T5903] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 578.682339][ T10] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 578.691672][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.710163][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.755346][ T5903] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 578.778448][ T10] usb 5-1: config 0 descriptor?? [ 578.837184][ T10] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 578.866841][ T5903] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 578.927028][ T5903] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 578.935594][T11535] usb 2-1: dvb_usb_au6610: wlen=0, aborting [ 578.967132][ T5903] usb 2-1: media controller created [ 579.037847][T11535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 579.083888][T11535] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 579.299806][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 579.566139][ T5903] zl10353_read_register: readreg error (reg=127, ret==0) [ 579.836151][ T5903] usb 2-1: USB disconnect, device number 20 [ 580.738035][ T9] usb 5-1: USB disconnect, device number 26 [ 580.792052][ T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 581.547417][ T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 581.814280][ T9] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 581.838280][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 581.859763][ T9] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 581.887461][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 582.035153][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.111114][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 582.176790][ T9] usb 5-1: invalid MIDI out EP 0 [ 583.322281][ T5904] udevd[5904]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 583.410524][T11601] syz.0.1680 (11601): drop_caches: 2 [ 583.808807][ T9] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 584.308198][ T5847] usb 5-1: USB disconnect, device number 27 [ 584.671490][T11626] fuse: Unknown parameter 'group_i00000000000000000000' [ 584.927643][ T5847] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 585.102393][ T5847] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 585.167503][ T5847] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 585.236721][ T5847] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 585.277122][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.304721][ T5847] usb 5-1: config 0 descriptor?? [ 585.343419][ T5847] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 585.526181][ T5998] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 585.714246][ T5998] usb 1-1: Using ep0 maxpacket: 8 [ 585.738663][ T5998] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 585.769244][ T5998] usb 1-1: config 0 has no interface number 0 [ 585.782892][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 585.814552][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 585.853957][ T5998] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 585.869433][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 585.884617][T11651] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 585.916994][ T5998] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 585.926519][ T5998] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.960379][ T5998] usb 1-1: config 0 descriptor?? [ 586.013190][ T5998] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 587.296415][T11670] loop4: detected capacity change from 0 to 7 [ 587.321218][T11670] Dev loop4: unable to read RDB block 7 [ 587.330950][T11670] loop4: unable to read partition table [ 587.341500][T11670] loop4: partition table beyond EOD, truncated [ 587.388360][T11670] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 587.561533][ T5998] usb 5-1: USB disconnect, device number 28 [ 587.831209][T11685] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 587.877611][ T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 588.073835][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 588.081006][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 588.104815][ T9] usb 4-1: config 0 has no interface number 0 [ 588.116708][ T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 588.216463][ T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 588.257830][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.267561][ T5927] usb 1-1: USB disconnect, device number 30 [ 588.294864][ T5927] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 588.303110][ T9] usb 4-1: config 0 descriptor?? [ 588.362046][ T9] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 588.665492][ T9] usb 4-1: USB disconnect, device number 18 [ 588.975231][T11705] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 588.995627][T11705] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 590.307590][ T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 590.477594][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 590.492314][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 590.505687][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 590.536997][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 590.562975][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 590.577614][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 590.587822][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 590.598227][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0 [ 590.608031][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 590.612298][T11741] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1736'. [ 590.618113][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 590.667073][ T9] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 590.686689][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.707017][ T9] usb 5-1: Product: syz [ 590.712429][ T9] usb 5-1: Manufacturer: syz [ 590.727589][ T9] usb 5-1: SerialNumber: syz [ 590.750197][ T9] usb 5-1: config 0 descriptor?? [ 590.763977][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 590.802016][T11747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1738'. [ 590.979655][ T9] usb 5-1: USB disconnect, device number 29 [ 591.074706][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 592.864782][T11775] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1748'. [ 592.871947][T11773] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1749'. [ 593.042270][T11781] fuse: Unknown parameter 'group_i00000000000000000000' [ 594.009413][T11802] syz.0.1755 (11802): drop_caches: 2 [ 594.367452][ T5927] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 594.607581][ T5927] usb 2-1: Using ep0 maxpacket: 16 [ 594.624563][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.637596][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.759087][ T5927] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 594.812873][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.886046][ T5927] usb 2-1: config 0 descriptor?? [ 595.820007][T11828] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 597.043783][ T9] usb 2-1: USB disconnect, device number 21 [ 597.220882][T11843] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1774'. [ 597.497499][T11851] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 597.951101][T11858] syz.0.1779 (11858): drop_caches: 2 [ 598.341880][T11872] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1785'. [ 598.521989][T11876] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1787'. [ 600.019753][ T30] audit: type=1326 audit(1752925274.946:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11892 comm="syz.1.1791" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb7258e9a9 code=0x0 [ 600.042063][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.484604][ T30] audit: type=1326 audit(1752925275.416:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11899 comm="syz.0.1793" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59678e9a9 code=0x0 [ 600.506496][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.088536][T11905] loop1: detected capacity change from 0 to 16 [ 601.130974][T11905] erofs (device loop1): too large lz4 pclusterblks 16832 [ 602.321012][T11910] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1798'. [ 602.632658][T11921] bond0: option lp_interval: invalid value (0) [ 602.651093][T11921] bond0: option lp_interval: allowed values 1 - 2147483647 [ 603.396349][ T10] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 603.573243][ T10] usb 4-1: config 1 interface 0 has no altsetting 0 [ 603.593163][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 603.672795][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.757855][ T10] usb 4-1: Product: syz [ 603.762096][ T10] usb 4-1: Manufacturer: syz [ 603.769299][ T10] usb 4-1: SerialNumber: syz [ 604.600265][ T10] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 605.268654][T11953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 605.282811][T11953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 605.331758][T11955] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1813'. [ 605.778412][ T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 605.958234][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 605.965628][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 605.979950][ T10] usb 2-1: config 0 has no interface number 0 [ 606.004853][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 606.030091][ T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 606.046230][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.061407][ T10] usb 2-1: config 0 descriptor?? [ 606.075134][ T10] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 606.274844][ T10] usb 2-1: USB disconnect, device number 22 [ 606.293693][T11963] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 606.331939][ C0] usblp0: nonzero write bulk status received: -71 [ 606.334059][ T5927] usb 4-1: USB disconnect, device number 19 [ 606.414772][T11947] usblp0: removed [ 606.656380][T11968] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1816'. [ 607.424885][T11993] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1824'. [ 608.027515][ T10] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 608.232255][ T10] usb 4-1: config 1 interface 0 has no altsetting 0 [ 608.262392][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 608.272204][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.307050][ T10] usb 4-1: Product: syz [ 608.313324][ T10] usb 4-1: Manufacturer: syz [ 608.333731][ T10] usb 4-1: SerialNumber: syz [ 608.808080][ T10] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 609.001018][T12032] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1837'. [ 609.336515][T12046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1840'. [ 609.373786][T12046] xt_policy: neither incoming nor outgoing policy selected [ 609.500034][T12047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 609.531614][T12047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.722354][T12049] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1842'. [ 610.535652][T12065] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1849'. [ 610.651132][ C1] usblp0: nonzero write bulk status received: -71 [ 610.659612][ T5998] usb 4-1: USB disconnect, device number 20 [ 610.696864][T12000] usblp0: removed [ 614.297401][ T5998] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 614.486781][T12105] loop0: detected capacity change from 0 to 2048 [ 614.529799][ T5998] usb 5-1: Using ep0 maxpacket: 8 [ 614.538782][ T5998] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 614.573471][ T5998] usb 5-1: config 0 has no interface number 0 [ 614.662071][T12119] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1867'. [ 614.683709][T12105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 614.698721][ T5998] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 614.789396][T12105] ext4 filesystem being mounted at /350/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.800895][ T5998] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 614.800931][ T5998] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 614.800959][ T5998] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 614.838630][ T5998] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 614.848199][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.859102][ T5998] usb 5-1: config 0 descriptor?? [ 614.890978][ T5998] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 615.314652][ T5998] usb 5-1: USB disconnect, device number 30 [ 615.328730][ T5998] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 615.424060][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.781212][T12162] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1878'. [ 617.963373][T12165] loop0: detected capacity change from 0 to 2048 [ 618.272272][T12165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 618.397677][T12165] ext4 filesystem being mounted at /353/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 619.067692][ T5927] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 619.350311][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.437462][ T5927] usb 4-1: device descriptor read/64, error -71 [ 619.687406][ T5927] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 620.127470][ T5927] usb 4-1: device descriptor read/64, error -71 [ 620.257860][ T5927] usb usb4-port1: attempt power cycle [ 620.307472][ T5903] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 620.487710][ T5903] usb 1-1: device descriptor read/64, error -71 [ 620.607853][ T5927] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 620.638249][ T5927] usb 4-1: device descriptor read/8, error -71 [ 620.748296][ T5903] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 621.049777][ T5903] usb 1-1: device descriptor read/64, error -71 [ 621.165568][ T5927] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 621.187448][ T5903] usb usb1-port1: attempt power cycle [ 621.280803][ T5927] usb 4-1: device descriptor read/8, error -71 [ 621.398021][ T5927] usb usb4-port1: unable to enumerate USB device [ 621.698179][ T5903] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 621.728451][ T5903] usb 1-1: device descriptor read/8, error -71 [ 622.091579][ T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 622.197625][ T5903] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 622.284070][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 622.470281][ T5903] usb 1-1: device descriptor read/8, error -71 [ 622.761585][ T5903] usb usb1-port1: unable to enumerate USB device [ 622.839641][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 622.850853][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 622.862240][ T9] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 622.892100][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.488773][ T9] usb 2-1: config 0 descriptor?? [ 623.767629][ T5998] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 623.970905][ T5998] usb 5-1: config 0 has no interfaces? [ 624.053823][ T5998] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 624.096970][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.109527][ T9] usb 2-1: can't set config #0, error -71 [ 624.141968][ T5998] usb 5-1: Product: syz [ 624.146280][ T5998] usb 5-1: Manufacturer: syz [ 624.171712][ T9] usb 2-1: USB disconnect, device number 23 [ 624.203641][ T5998] usb 5-1: SerialNumber: syz [ 624.271965][ T5998] usb 5-1: config 0 descriptor?? [ 624.492957][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.499751][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.178362][T12253] loop3: detected capacity change from 0 to 1024 [ 626.175909][ T1153] hfsplus: b-tree write err: -5, ino 4 [ 626.246844][ T5927] usb 5-1: USB disconnect, device number 31 [ 626.378385][ T10] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 626.550100][ T10] usb 1-1: device descriptor read/64, error -71 [ 626.738400][ T5927] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 626.921483][ T10] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 626.980120][ T5927] usb 5-1: device descriptor read/64, error -71 [ 627.097776][ T10] usb 1-1: device descriptor read/64, error -71 [ 627.210288][ T10] usb usb1-port1: attempt power cycle [ 627.288394][ T5927] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 627.447580][ T5927] usb 5-1: device descriptor read/64, error -71 [ 627.557902][ T5927] usb usb5-port1: attempt power cycle [ 627.597475][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 627.629835][ T10] usb 1-1: device descriptor read/8, error -71 [ 627.688519][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 627.872839][ T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 627.881844][ T10] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 627.893537][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.897852][ T5927] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 627.907563][ T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 627.927090][ T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 627.935469][ T10] usb 1-1: device descriptor read/8, error -71 [ 627.945519][ T9] usb 4-1: Manufacturer: syz [ 627.948517][ T5927] usb 5-1: device descriptor read/8, error -71 [ 627.958559][ T9] usb 4-1: config 0 descriptor?? [ 628.049004][ T10] usb usb1-port1: unable to enumerate USB device [ 628.055713][ T9] rc_core: IR keymap rc-hauppauge not found [ 628.067760][ T9] Registered IR keymap rc-empty [ 628.075744][ T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 628.095229][ T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8 [ 628.175750][ C0] igorplugusb 4-1:0.0: Error: urb status = -32 [ 628.178158][T12287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.190684][ T5927] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 628.199710][T12287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.225632][ T5927] usb 5-1: device descriptor read/8, error -71 [ 628.234085][ T5998] usb 4-1: USB disconnect, device number 25 [ 628.338627][ T5927] usb usb5-port1: unable to enumerate USB device [ 630.400963][T12359] syz.3.1943 (12359): drop_caches: 2 [ 630.556456][ T30] audit: type=1326 audit(1752925305.486:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12354 comm="syz.2.1948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x0 [ 631.284886][T12372] fuse: Bad value for 'rootmode' [ 631.958021][ T5927] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 632.097960][ T5927] usb 1-1: device descriptor read/64, error -71 [ 632.159489][T12386] CIFS: VFS: Malformed UNC in devname [ 632.227513][ T10] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 632.396064][ T5927] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 632.457243][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 632.617343][ T5927] usb 1-1: device descriptor read/64, error -71 [ 632.629452][ T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 632.659771][ T10] usb 2-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 632.669450][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.683207][ T10] usb 2-1: config 0 descriptor?? [ 632.737911][ T5927] usb usb1-port1: attempt power cycle [ 633.178377][ T5927] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 633.238153][ T5927] usb 1-1: device descriptor read/8, error -71 [ 633.517955][ T5927] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 633.708765][ T5927] usb 1-1: device descriptor read/8, error -71 [ 633.717622][ T10] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 633.817705][ T5927] usb usb1-port1: unable to enumerate USB device [ 634.042136][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 634.078709][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.110956][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.155074][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 634.203151][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.291489][ T10] usb 5-1: config 0 descriptor?? [ 634.795327][ T30] audit: type=1326 audit(1752925309.726:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm="syz.0.1962" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59678e9a9 code=0x0 [ 634.930040][ T5847] usb 5-1: USB disconnect, device number 36 [ 634.989038][ T5857] usb 2-1: USB disconnect, device number 24 [ 635.050739][T12418] fuse: Unknown parameter 'use00000000000000000000' [ 636.242040][T12449] loop0: detected capacity change from 0 to 1024 [ 636.627417][ T9] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 637.328672][ T147] hfsplus: b-tree write err: -5, ino 4 [ 637.370374][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 637.398025][ T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 637.423602][ T9] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 637.473312][T12462] fuse: Unknown parameter 'use00000000000000000000' [ 637.478149][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.518515][ T9] usb 4-1: config 0 descriptor?? [ 637.769465][ T30] audit: type=1326 audit(1752925312.706:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.4.1983" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c0638e9a9 code=0x0 [ 638.017588][ T5847] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 638.167453][ T5847] usb 2-1: Using ep0 maxpacket: 8 [ 638.174504][ T5847] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 638.183007][ T5847] usb 2-1: config 0 has no interface number 0 [ 638.189259][ T5847] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 638.200326][ T5847] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 638.213065][ T5847] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 638.224245][ T5847] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 638.237504][ T5847] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 638.246649][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.265108][ T5847] usb 2-1: config 0 descriptor?? [ 638.275896][ T5847] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 638.373865][T12486] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 638.484898][ T5927] usb 2-1: USB disconnect, device number 25 [ 638.512495][ T5927] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 638.631240][T12492] fuse: Unknown parameter 'use00000000000000000000' [ 639.168618][T12507] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 639.453497][ T9] usb 4-1: USB disconnect, device number 26 [ 639.937003][ T30] audit: type=1326 audit(1752925314.866:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12517 comm="syz.2.2002" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d51d8e9a9 code=0x0 [ 640.141998][T12527] fuse: Unknown parameter 'user_i00000000000000000000' [ 640.201872][ T9] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 640.217545][ T5847] usb 4-1: new low-speed USB device number 27 using dummy_hcd [ 640.410471][ T9] usb 1-1: device descriptor read/64, error -71 [ 640.871712][ T5847] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 640.925302][ T5847] usb 4-1: config 0 has no interface number 0 [ 640.962863][ T5847] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 641.037427][ T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 641.055543][ T5847] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 641.077466][ T5847] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 641.114143][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.197363][ T9] usb 1-1: device descriptor read/64, error -71 [ 641.221444][ T5847] usb 4-1: config 0 descriptor?? [ 641.262529][T12524] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 641.297629][ T5847] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 641.328043][ T9] usb usb1-port1: attempt power cycle [ 641.707444][ T9] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 641.736614][ T5927] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 641.759654][T12540] binfmt_misc: register: failed to install interpreter file ./file2 [ 641.908467][ T9] usb 1-1: device descriptor read/8, error -71 [ 641.928340][ T5927] usb 2-1: Using ep0 maxpacket: 8 [ 641.963809][ T5927] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 641.993513][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.016997][ T5927] usb 2-1: Product: syz [ 642.030738][ T5927] usb 2-1: Manufacturer: syz [ 642.045194][ T5927] usb 2-1: SerialNumber: syz [ 642.312688][ T5927] usb 2-1: config 0 descriptor?? [ 642.357426][ T9] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 642.373462][ T5927] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 642.400429][ T9] usb 1-1: device descriptor read/8, error -71 [ 642.528103][ T9] usb usb1-port1: unable to enumerate USB device [ 643.057457][ T5857] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 643.230008][ T5857] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 643.262393][ T5857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 643.304340][ T5857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 643.326508][T12553] fuse: Unknown parameter 'user_i00000000000000000000' [ 643.327486][ T5998] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 643.361879][ T5857] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 643.424794][ T5857] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 643.458161][ T5857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.513115][ T5857] usb 5-1: config 0 descriptor?? [ 643.537815][ T5998] usb 1-1: Using ep0 maxpacket: 8 [ 643.551616][ T5998] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 643.567389][ T5998] usb 1-1: config 0 has no interface number 0 [ 643.583878][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 643.618281][ T5847] usb 4-1: USB disconnect, device number 27 [ 643.625574][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 643.639002][ T5998] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 643.661658][ T5998] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 643.679837][ T5998] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 643.691700][ T5998] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.709667][ T5998] usb 1-1: config 0 descriptor?? [ 643.753971][ T5998] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 643.966891][ T5998] usb 1-1: USB disconnect, device number 47 [ 644.011142][ T5998] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 644.040862][ T5857] usbhid 5-1:0.0: can't add hid device: -71 [ 644.046979][ T5857] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 644.093454][ T5857] usb 5-1: USB disconnect, device number 37 [ 644.645863][ T5927] gspca_sonixj: reg_w1 err -71 [ 644.691054][ T5927] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 644.720532][ T5927] usb 2-1: USB disconnect, device number 26 [ 644.877670][ T5998] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 645.179865][ T5998] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 645.278720][ T5998] usb 1-1: config 0 has no interfaces? [ 645.289761][ T5998] usb 1-1: config 0 has no interfaces? [ 645.306150][ T5998] usb 1-1: config 0 has no interfaces? [ 645.313522][ T5998] usb 1-1: config 0 has no interfaces? [ 645.320772][ T5998] usb 1-1: config 0 has no interfaces? [ 645.333431][ T5998] usb 1-1: config 0 has no interfaces? [ 645.342010][ T5998] usb 1-1: config 0 has no interfaces? [ 645.356799][ T5998] usb 1-1: config 0 has no interfaces? [ 645.376978][ T5998] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 645.417577][ T5998] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 645.450825][ T5998] usb 1-1: Product: syz [ 645.458434][ T5998] usb 1-1: Manufacturer: syz [ 645.463104][ T5998] usb 1-1: SerialNumber: syz [ 645.496471][ T5998] usb 1-1: config 0 descriptor?? [ 645.736866][ T9] usb 1-1: USB disconnect, device number 48 [ 646.777847][T12614] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2037'. [ 646.931183][T12618] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 647.915983][T12612] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2036'. [ 647.928168][T12612] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2036'. [ 647.937239][T12612] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2036'. [ 647.946637][T12612] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2036'. [ 647.965337][T12626] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2040'. [ 649.696538][T12658] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 649.749112][ T9] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 649.905143][T12665] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2051'. [ 649.919707][T12665] xt_policy: neither incoming nor outgoing policy selected [ 650.014202][ T9] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 650.031144][ T9] usb 1-1: config 0 has no interfaces? [ 650.042240][ T9] usb 1-1: config 0 has no interfaces? [ 650.055967][ T9] usb 1-1: config 0 has no interfaces? [ 650.069099][ T9] usb 1-1: config 0 has no interfaces? [ 650.086392][ T9] usb 1-1: config 0 has no interfaces? [ 650.100496][ T9] usb 1-1: config 0 has no interfaces? [ 650.111255][ T9] usb 1-1: config 0 has no interfaces? [ 650.125406][ T9] usb 1-1: config 0 has no interfaces? [ 650.143014][ T9] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 650.182236][ T9] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 650.231384][ T9] usb 1-1: Product: syz [ 650.254361][ T9] usb 1-1: Manufacturer: syz [ 650.265409][ T9] usb 1-1: SerialNumber: syz [ 650.293935][ T9] usb 1-1: config 0 descriptor?? [ 650.532863][ T10] usb 1-1: USB disconnect, device number 49 [ 651.387239][T12687] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2059'. [ 652.701159][ T30] audit: type=1326 audit(1752925327.636:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12709 comm="syz.3.2068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8bb98e9a9 code=0x0 [ 655.099297][T12734] binfmt_misc: register: failed to install interpreter file ./file2 [ 656.656969][T12759] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 657.014730][ T30] audit: type=1326 audit(1752925331.946:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12765 comm="syz.4.2083" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c0638e9a9 code=0x0 [ 657.109224][T12770] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2084'. [ 658.287633][ T5927] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 658.297499][ T5857] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 658.505645][ T5927] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 658.531023][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.547990][ T5857] usb 4-1: config 0 has no interfaces? [ 658.625132][ T5857] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 658.645034][ T5927] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 658.667633][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.675698][ T5857] usb 4-1: Product: syz [ 658.704353][ T5927] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 658.717194][ T5857] usb 4-1: Manufacturer: syz [ 658.722079][ T5927] usb 5-1: Manufacturer: syz [ 658.731910][ T5857] usb 4-1: SerialNumber: syz [ 658.754197][ T5927] usb 5-1: config 0 descriptor?? [ 658.779402][ T5857] usb 4-1: config 0 descriptor?? [ 658.888972][ T5927] rc_core: IR keymap rc-hauppauge not found [ 658.894984][ T5927] Registered IR keymap rc-empty [ 658.906292][ T5927] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 658.953431][ T5927] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input9 [ 659.066397][ C1] igorplugusb 5-1:0.0: Error: urb status = -32 [ 659.101998][ T5927] usb 5-1: USB disconnect, device number 38 [ 659.862300][ T30] audit: type=1326 audit(1752925334.796:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12817 comm="syz.4.2099" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c0638e9a9 code=0x0 [ 660.258415][T12828] binfmt_misc: register: failed to install interpreter file ./file2 [ 662.274536][ T9] usb 4-1: USB disconnect, device number 28 [ 662.568059][T12864] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2113'. [ 662.616309][T12864] vlan2: entered promiscuous mode [ 662.630432][T12864] gretap0: entered promiscuous mode [ 662.705091][T12867] fuse: Unknown parameter 'user_i00000000000000000000' [ 664.857383][ T5927] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 665.347494][ T24] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 665.369765][ T5927] usb 4-1: config 0 has no interfaces? [ 665.446760][T12909] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 666.112936][ T5927] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 666.137356][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 666.158655][ T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 666.166859][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.203336][ T24] usb 5-1: config 0 has no interface number 0 [ 666.215859][ T5927] usb 4-1: Product: syz [ 666.247811][ T24] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 666.258668][ T5927] usb 4-1: Manufacturer: syz [ 666.263275][ T5927] usb 4-1: SerialNumber: syz [ 666.362995][ T24] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 666.385343][ T5927] usb 4-1: config 0 descriptor?? [ 666.811575][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.854646][ T24] usb 5-1: config 0 descriptor?? [ 666.883179][ T24] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 667.066930][ T24] usb 5-1: USB disconnect, device number 39 [ 668.749409][T12944] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 669.066861][ T24] usb 4-1: USB disconnect, device number 29 [ 669.237584][ T10] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 670.127950][ T10] usb 2-1: config 0 has no interfaces? [ 670.249116][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 670.300165][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.395588][ T10] usb 2-1: Product: syz [ 670.423032][ T10] usb 2-1: Manufacturer: syz [ 670.534810][ T10] usb 2-1: SerialNumber: syz [ 670.620979][ T10] usb 2-1: config 0 descriptor?? [ 671.098028][T12944] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2140'. [ 671.115679][T12944] pimreg: entered allmulticast mode [ 671.577825][ T10] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 671.737375][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 671.745006][ T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 671.753586][ T10] usb 5-1: config 0 has no interface number 0 [ 671.763326][ T10] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 671.826881][ T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 671.856823][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.913157][ T10] usb 5-1: config 0 descriptor?? [ 671.934892][ T10] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 672.155047][ T10] usb 5-1: USB disconnect, device number 40 [ 672.241230][ T983] usb 2-1: USB disconnect, device number 27 [ 673.100555][T12985] fuse: Bad value for 'fd' [ 673.530667][ T5927] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 673.602415][T12999] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 673.634001][T12997] kvm: pic: non byte write [ 673.731333][ T5927] usb 5-1: config 0 has no interfaces? [ 673.753363][ T5927] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 673.780549][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.802814][ T5927] usb 5-1: Product: syz [ 673.821439][ T5927] usb 5-1: Manufacturer: syz [ 673.826079][ T5927] usb 5-1: SerialNumber: syz [ 673.854568][ T5927] usb 5-1: config 0 descriptor?? [ 674.544014][T13014] binfmt_misc: register: failed to install interpreter file ./file2 [ 675.467654][T13020] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2165'. [ 675.481274][T13020] xt_policy: neither incoming nor outgoing policy selected [ 676.918034][ T10] usb 5-1: USB disconnect, device number 41 [ 679.442259][T13081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2184'. [ 681.997386][ T5927] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 682.154765][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.767748][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.777824][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 682.790900][ T5927] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 682.800080][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.813707][ T5927] usb 5-1: config 0 descriptor?? [ 683.074122][T13125] kvm: pic: non byte write [ 683.251449][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.274909][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.305513][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.318246][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.331653][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.339720][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.351804][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.361418][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.385478][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.403615][ T5927] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 683.443730][ T5927] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 683.662334][ T5927] usb 5-1: USB disconnect, device number 42 [ 683.771700][T13139] fido_id[13139]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 683.947936][ T9] usb 2-1: new low-speed USB device number 28 using dummy_hcd [ 684.256519][T13157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2209'. [ 684.379057][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 684.407510][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 684.438677][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 684.493731][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 684.524875][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 684.591356][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 684.627387][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 684.863318][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 684.984813][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 685.079646][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 685.108469][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 685.122100][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 685.174515][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 685.375794][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 685.480143][T13175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2216'. [ 685.552910][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 685.733259][ T9] usb 2-1: string descriptor 0 read error: -22 [ 685.743516][ T9] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 685.778956][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.924773][ T9] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 685.939505][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.945919][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.077860][ T5998] usb 2-1: USB disconnect, device number 28 [ 688.247351][ T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 688.399285][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 688.426258][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 688.460876][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 688.481673][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 688.517478][ T10] usb 4-1: SerialNumber: syz [ 688.655792][T13200] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2227'. [ 688.775360][ T10] usb 4-1: 0:2 : does not exist [ 688.859032][ T10] usb 4-1: USB disconnect, device number 30 [ 689.011460][ T5904] udevd[5904]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 689.052846][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 689.064424][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 689.082209][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 689.094128][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 689.104368][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 689.380325][ T5987] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.510204][ T5987] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.641978][ T5987] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.897434][T13226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2233'. [ 690.056851][ T5987] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 690.807547][ T5998] usb 5-1: new low-speed USB device number 43 using dummy_hcd [ 691.001214][ T5998] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 691.025291][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 691.106388][ T5998] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 691.157929][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 691.209953][ T5850] Bluetooth: hci4: command tx timeout [ 691.242731][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 691.435020][ T5998] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 691.446790][ T5987] bridge_slave_1: left allmulticast mode [ 691.506882][ T5987] bridge_slave_1: left promiscuous mode [ 691.513194][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 691.570457][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.632923][ T5998] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 691.659087][ T983] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 691.730914][ T5987] bridge_slave_0: left allmulticast mode [ 691.736589][ T5987] bridge_slave_0: left promiscuous mode [ 691.752381][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 691.808035][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state [ 691.836088][ T983] usb 1-1: Using ep0 maxpacket: 16 [ 691.878743][T13236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 691.888424][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 691.918180][T13236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 691.977436][ T5998] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 692.027076][ T983] usb 1-1: unable to get BOS descriptor or descriptor too short [ 692.037436][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 692.038301][ T983] usb 1-1: no configurations [ 692.085825][ T5998] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 692.122704][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 692.155653][ T5998] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 692.155701][ T983] usb 1-1: can't read configurations, error -22 [ 692.198581][ T5998] usb 5-1: string descriptor 0 read error: -22 [ 692.205061][ T5998] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 692.214768][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.294393][ T5998] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 693.290853][ T5850] Bluetooth: hci4: command tx timeout [ 694.582108][T13281] binfmt_misc: register: failed to install interpreter file ./file2 [ 695.277428][T13282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2246'. [ 695.373512][ T5850] Bluetooth: hci4: command tx timeout [ 695.695162][T13291] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 696.168387][ T5987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 696.854253][ T5987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 696.993137][ T5987] bond0 (unregistering): Released all slaves [ 697.085087][ T9] usb 5-1: USB disconnect, device number 43 [ 697.254855][T13301] fuse: Bad value for 'fd' [ 697.443039][ T5987] tipc: Left network mode [ 697.460524][ T5850] Bluetooth: hci4: command tx timeout [ 698.032149][T13321] binfmt_misc: register: failed to install interpreter file ./file2 [ 698.902693][T13208] chnl_net:caif_netlink_parms(): no params data found [ 699.499560][ T5998] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 699.660417][ T5998] usb 2-1: Using ep0 maxpacket: 8 [ 699.703694][ T5998] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 699.743987][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 699.806122][ T5998] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 699.871541][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 699.889260][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 699.910168][ T5998] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 699.920685][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 699.933954][ T5998] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 699.986483][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 700.043196][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 700.070391][ T5998] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 700.089078][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 700.127594][ T5998] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 700.157746][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 700.269016][ T5998] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 700.500976][ T5998] usb 2-1: string descriptor 0 read error: -22 [ 700.520235][ T5998] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 700.547153][ T5998] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.391540][ T5998] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 701.670700][ T5987] hsr_slave_0: left promiscuous mode [ 701.790973][ T5987] hsr_slave_1: left promiscuous mode [ 701.810077][ T5987] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 701.837887][T13359] fuse: Bad value for 'fd' [ 701.843340][ T5987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.080888][ T5987] veth1_macvtap: left promiscuous mode [ 702.098131][ T5987] veth0_macvtap: left promiscuous mode [ 702.118249][ T5987] veth1_vlan: left promiscuous mode [ 702.145931][ T5987] veth0_vlan: left promiscuous mode [ 702.628657][T13368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2265'. [ 702.789748][ T5847] usb 2-1: USB disconnect, device number 29 [ 703.134754][ T5986] smc: removing ib device syz0 [ 704.347584][T13380] binfmt_misc: register: failed to install interpreter file ./file2 [ 705.106518][ T5987] team0 (unregistering): Port device team_slave_1 removed [ 705.183652][ T5987] team0 (unregistering): Port device team_slave_0 removed [ 705.288346][ T24] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 705.458299][ T24] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 705.496641][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.512243][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.533489][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.624788][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.664981][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.687341][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.748025][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.757005][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.768333][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.776245][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.786091][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.804729][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.816566][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.826147][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.864272][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.912753][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 705.922252][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 705.970243][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 706.004780][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 706.023174][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 706.035736][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 706.147926][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 706.180070][ T24] usb 4-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 706.193811][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 706.203425][ T24] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 706.223658][ T24] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 706.241074][ T24] usb 4-1: Product: syz [ 706.245364][ T24] usb 4-1: Manufacturer: syz [ 706.254366][ T24] usb 4-1: SerialNumber: syz [ 706.293790][ T24] usb 4-1: config 0 descriptor?? [ 706.311518][T13208] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.315780][ T24] yurex 4-1:0.0: Could not find endpoints [ 706.327117][T13208] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.336978][T13208] bridge_slave_0: entered allmulticast mode [ 706.383040][T13208] bridge_slave_0: entered promiscuous mode [ 706.445592][ T5847] ================================================================== [ 706.453712][ T5847] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190 [ 706.462654][ T5847] Read of size 8 at addr ffff88807b7ec2e8 by task kworker/1:3/5847 [ 706.470552][ T5847] [ 706.472908][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/1:3 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 706.472930][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 706.472942][ T5847] Workqueue: events smc_ib_port_event_work [ 706.472973][ T5847] Call Trace: [ 706.472983][ T5847] [ 706.472991][ T5847] dump_stack_lvl+0x189/0x250 [ 706.473011][ T5847] ? rcu_is_watching+0x15/0xb0 [ 706.473027][ T5847] ? __kasan_check_byte+0x12/0x40 [ 706.473053][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 706.473080][ T5847] ? rcu_is_watching+0x15/0xb0 [ 706.473095][ T5847] ? lock_release+0x4b/0x3e0 [ 706.473121][ T5847] ? __virt_addr_valid+0x1c8/0x5c0 [ 706.473141][ T5847] ? __virt_addr_valid+0x4a5/0x5c0 [ 706.473161][ T5847] print_report+0xca/0x240 [ 706.473176][ T5847] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 706.473195][ T5847] kasan_report+0x118/0x150 [ 706.473220][ T5847] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 706.473243][ T5847] __ethtool_get_link_ksettings+0x6e/0x190 [ 706.473264][ T5847] ib_get_eth_speed+0x15e/0x7b0 [ 706.473284][ T5847] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 706.473317][ T5847] ? do_raw_spin_unlock+0x122/0x240 [ 706.473340][ T5847] rxe_query_port+0x93/0x3b0 [ 706.473390][ T5847] ib_query_port+0x16d/0x830 [ 706.473412][ T5847] smc_ib_port_event_work+0x15a/0x940 [ 706.473438][ T5847] ? _raw_spin_unlock_irq+0x23/0x50 [ 706.473474][ T5847] ? process_scheduled_works+0x9ef/0x17b0 [ 706.473498][ T5847] ? process_scheduled_works+0x9ef/0x17b0 [ 706.473541][ T5847] process_scheduled_works+0xade/0x17b0 [ 706.473578][ T5847] ? __pfx_process_scheduled_works+0x10/0x10 [ 706.473610][ T5847] worker_thread+0x8a0/0xda0 [ 706.473636][ T5847] kthread+0x70e/0x8a0 [ 706.473656][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 706.473671][ T5847] ? __pfx_kthread+0x10/0x10 [ 706.473690][ T5847] ? _raw_spin_unlock_irq+0x23/0x50 [ 706.473711][ T5847] ? lockdep_hardirqs_on+0x9c/0x150 [ 706.473735][ T5847] ? __pfx_kthread+0x10/0x10 [ 706.473753][ T5847] ret_from_fork+0x3f9/0x770 [ 706.473770][ T5847] ? __pfx_ret_from_fork+0x10/0x10 [ 706.473787][ T5847] ? __switch_to_asm+0x39/0x70 [ 706.473807][ T5847] ? __switch_to_asm+0x33/0x70 [ 706.473826][ T5847] ? __pfx_kthread+0x10/0x10 [ 706.473845][ T5847] ret_from_fork_asm+0x1a/0x30 [ 706.473871][ T5847] [ 706.473877][ T5847] [ 706.702078][ T5847] Allocated by task 5853: [ 706.706409][ T5847] kasan_save_track+0x3e/0x80 [ 706.711104][ T5847] __kasan_kmalloc+0x93/0xb0 [ 706.715706][ T5847] __kvmalloc_node_noprof+0x30d/0x5f0 [ 706.721088][ T5847] alloc_netdev_mqs+0xa3/0x1170 [ 706.725946][ T5847] rtnl_create_link+0x31f/0xd10 [ 706.730815][ T5847] rtnl_newlink_create+0x25c/0xb00 [ 706.735954][ T5847] rtnl_newlink+0x16d6/0x1c70 [ 706.740652][ T5847] rtnetlink_rcv_msg+0x7cc/0xb70 [ 706.745617][ T5847] netlink_rcv_skb+0x205/0x470 [ 706.750410][ T5847] netlink_unicast+0x75c/0x8e0 [ 706.755193][ T5847] netlink_sendmsg+0x805/0xb30 [ 706.759962][ T5847] __sock_sendmsg+0x219/0x270 [ 706.764652][ T5847] __sys_sendto+0x3bd/0x520 [ 706.769165][ T5847] __x64_sys_sendto+0xde/0x100 [ 706.773950][ T5847] do_syscall_64+0xfa/0x3b0 [ 706.778465][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.784364][ T5847] [ 706.786694][ T5847] Freed by task 5987: [ 706.790676][ T5847] kasan_save_track+0x3e/0x80 [ 706.795366][ T5847] kasan_save_free_info+0x46/0x50 [ 706.800408][ T5847] __kasan_slab_free+0x62/0x70 [ 706.805185][ T5847] kfree+0x18e/0x440 [ 706.809173][ T5847] device_release+0x99/0x1c0 [ 706.813769][ T5847] kobject_put+0x22b/0x480 [ 706.818184][ T5847] netdev_run_todo+0xd2e/0xea0 [ 706.822958][ T5847] default_device_exit_batch+0x81e/0x890 [ 706.828599][ T5847] ops_undo_list+0x525/0x990 [ 706.833195][ T5847] cleanup_net+0x4c5/0x800 [ 706.837612][ T5847] process_scheduled_works+0xade/0x17b0 [ 706.843166][ T5847] worker_thread+0x8a0/0xda0 [ 706.847772][ T5847] kthread+0x70e/0x8a0 [ 706.851845][ T5847] ret_from_fork+0x3f9/0x770 [ 706.856443][ T5847] ret_from_fork_asm+0x1a/0x30 [ 706.861217][ T5847] [ 706.863540][ T5847] The buggy address belongs to the object at ffff88807b7ec000 [ 706.863540][ T5847] which belongs to the cache kmalloc-cg-4k of size 4096 [ 706.877863][ T5847] The buggy address is located 744 bytes inside of [ 706.877863][ T5847] freed 4096-byte region [ffff88807b7ec000, ffff88807b7ed000) [ 706.891767][ T5847] [ 706.894110][ T5847] The buggy address belongs to the physical page: [ 706.900532][ T5847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b7e8 [ 706.909322][ T5847] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 706.917821][ T5847] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 706.925364][ T5847] page_type: f5(slab) [ 706.929354][ T5847] raw: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000 [ 706.938033][ T5847] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 706.946615][ T5847] head: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000 [ 706.955288][ T5847] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 706.963958][ T5847] head: 00fff00000000003 ffffea0001edfa01 00000000ffffffff 00000000ffffffff [ 706.972721][ T5847] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 706.981396][ T5847] page dumped because: kasan: bad access detected [ 706.987820][ T5847] page_owner tracks the page as allocated [ 706.993534][ T5847] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5853, tgid 5853 (syz-executor), ts 89330181925, free_ts 89202577116 [ 707.014898][ T5847] post_alloc_hook+0x240/0x2a0 [ 707.019678][ T5847] get_page_from_freelist+0x21e4/0x22c0 [ 707.025264][ T5847] __alloc_frozen_pages_noprof+0x181/0x370 [ 707.031075][ T5847] alloc_pages_mpol+0x232/0x4a0 [ 707.035937][ T5847] allocate_slab+0x8a/0x370 [ 707.040441][ T5847] ___slab_alloc+0xbeb/0x1410 [ 707.045120][ T5847] __kmalloc_node_track_caller_noprof+0x2f8/0x4e0 [ 707.051551][ T5847] kmemdup_noprof+0x2b/0x70 [ 707.056059][ T5847] __addrconf_sysctl_register+0x9c/0x530 [ 707.061693][ T5847] addrconf_sysctl_register+0x168/0x1c0 [ 707.067243][ T5847] ipv6_add_dev+0xd46/0x1370 [ 707.071864][ T5847] addrconf_notify+0x794/0x1010 [ 707.076738][ T5847] notifier_call_chain+0x1b6/0x3e0 [ 707.081850][ T5847] register_netdevice+0x1608/0x1ae0 [ 707.087061][ T5847] virt_wifi_newlink+0x428/0x860 [ 707.092008][ T5847] rtnl_newlink_create+0x30d/0xb00 [ 707.097139][ T5847] page last free pid 5841 tgid 5841 stack trace: [ 707.103550][ T5847] __free_frozen_pages+0xbc4/0xd30 [ 707.108671][ T5847] __put_partials+0x156/0x1a0 [ 707.113351][ T5847] put_cpu_partial+0x17c/0x250 [ 707.118138][ T5847] __slab_free+0x2d5/0x3c0 [ 707.122560][ T5847] qlist_free_all+0x97/0x140 [ 707.127154][ T5847] kasan_quarantine_reduce+0x148/0x160 [ 707.132711][ T5847] __kasan_slab_alloc+0x22/0x80 [ 707.137674][ T5847] __kmalloc_cache_noprof+0x1be/0x3d0 [ 707.143061][ T5847] netdevice_event+0x3a1/0x8a0 [ 707.147830][ T5847] notifier_call_chain+0x1b6/0x3e0 [ 707.152954][ T5847] __netdev_upper_dev_link+0x3c3/0x590 [ 707.158426][ T5847] netdev_master_upper_dev_link+0xb0/0x100 [ 707.164250][ T5847] batadv_hardif_enable_interface+0x24d/0xa10 [ 707.170348][ T5847] batadv_meshif_slave_add+0x79/0x100 [ 707.175741][ T5847] do_set_master+0x530/0x6d0 [ 707.180347][ T5847] do_setlink+0xcf0/0x41c0 [ 707.184782][ T5847] [ 707.187113][ T5847] Memory state around the buggy address: [ 707.192753][ T5847] ffff88807b7ec180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 707.200817][ T5847] ffff88807b7ec200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 707.208880][ T5847] >ffff88807b7ec280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 707.216938][ T5847] ^ [ 707.224401][ T5847] ffff88807b7ec300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 707.232466][ T5847] ffff88807b7ec380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 707.240532][ T5847] ================================================================== [ 707.427429][ T5903] usb 4-1: USB disconnect, device number 31 [ 707.494186][ T5847] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 707.501468][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: kworker/1:3 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) [ 707.513040][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 707.523128][ T5847] Workqueue: events smc_ib_port_event_work [ 707.529001][ T5847] Call Trace: [ 707.532306][ T5847] [ 707.535270][ T5847] dump_stack_lvl+0x99/0x250 [ 707.540252][ T5847] ? __asan_memcpy+0x40/0x70 [ 707.544894][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 707.550128][ T5847] ? __pfx__printk+0x10/0x10 [ 707.554772][ T5847] vpanic+0x281/0x750 [ 707.558781][ T5847] ? preempt_schedule+0xae/0xc0 [ 707.563665][ T5847] ? __pfx_vpanic+0x10/0x10 [ 707.568183][ T5847] ? preempt_schedule_common+0x83/0xd0 [ 707.573662][ T5847] ? preempt_schedule+0xae/0xc0 [ 707.578555][ T5847] ? __pfx_preempt_schedule+0x10/0x10 [ 707.583945][ T5847] panic+0xb9/0xc0 [ 707.587682][ T5847] ? __pfx_panic+0x10/0x10 [ 707.592123][ T5847] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 707.598037][ T5847] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 707.604026][ T5847] check_panic_on_warn+0x89/0xb0 [ 707.608974][ T5847] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 707.614960][ T5847] end_report+0x78/0x160 [ 707.619217][ T5847] kasan_report+0x129/0x150 [ 707.623734][ T5847] ? __ethtool_get_link_ksettings+0x6e/0x190 [ 707.629729][ T5847] __ethtool_get_link_ksettings+0x6e/0x190 [ 707.635545][ T5847] ib_get_eth_speed+0x15e/0x7b0 [ 707.640483][ T5847] ? __pfx_ib_get_eth_speed+0x10/0x10 [ 707.645914][ T5847] ? do_raw_spin_unlock+0x122/0x240 [ 707.651141][ T5847] rxe_query_port+0x93/0x3b0 [ 707.655797][ T5847] ib_query_port+0x16d/0x830 [ 707.660410][ T5847] smc_ib_port_event_work+0x15a/0x940 [ 707.665888][ T5847] ? _raw_spin_unlock_irq+0x23/0x50 [ 707.671104][ T5847] ? process_scheduled_works+0x9ef/0x17b0 [ 707.676845][ T5847] ? process_scheduled_works+0x9ef/0x17b0 [ 707.682665][ T5847] process_scheduled_works+0xade/0x17b0 [ 707.688233][ T5847] ? __pfx_process_scheduled_works+0x10/0x10 [ 707.694235][ T5847] worker_thread+0x8a0/0xda0 [ 707.698840][ T5847] kthread+0x70e/0x8a0 [ 707.702918][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 707.708035][ T5847] ? __pfx_kthread+0x10/0x10 [ 707.712643][ T5847] ? _raw_spin_unlock_irq+0x23/0x50 [ 707.717852][ T5847] ? lockdep_hardirqs_on+0x9c/0x150 [ 707.723060][ T5847] ? __pfx_kthread+0x10/0x10 [ 707.727656][ T5847] ret_from_fork+0x3f9/0x770 [ 707.732254][ T5847] ? __pfx_ret_from_fork+0x10/0x10 [ 707.737380][ T5847] ? __switch_to_asm+0x39/0x70 [ 707.742167][ T5847] ? __switch_to_asm+0x33/0x70 [ 707.746939][ T5847] ? __pfx_kthread+0x10/0x10 [ 707.751539][ T5847] ret_from_fork_asm+0x1a/0x30 [ 707.756335][ T5847] [ 707.759737][ T5847] Kernel Offset: disabled [ 707.764064][ T5847] Rebooting in 86400 seconds..