last executing test programs: 2m34.265664237s ago: executing program 3 (id=4139): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x6fb2, &(0x7f0000000300)={0x0, 0xf36e, 0x10100, 0x0, 0x34b}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000480)=[{&(0x7f00000004c0)=""/45, 0x2d}], 0x1) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x2936, 0x0, 0x0, 0x0) 2m34.091042667s ago: executing program 3 (id=4143): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0xc, 0xa13ca8e5839881ae, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2m33.887406421s ago: executing program 3 (id=4147): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r1}}, 0x0}, 0x40}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 2m33.741202867s ago: executing program 3 (id=4149): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, 0x0, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000880)={0x1}) 2m33.574782971s ago: executing program 3 (id=4152): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000200)={r3, 0x1, 0x6, @multicast}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000002c0)={r4, 0x11, 0x6, @random="08d32bfb45c9"}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x3, 0xfff1}, {0x4, 0xa}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x4048080}, 0x0) 2m32.520375262s ago: executing program 3 (id=4172): r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0xe0000000, 0x564b143a, 0x83, 0xfffb, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000004}}, 0x50) syz_fuse_handle_req(r1, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1c, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)=[r2, r2, r2, r2, r2, r2, r0], 0x0, 0x10, 0xd}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) ioctl$UDMABUF_CREATE_LIST(r4, 0x40806685, &(0x7f0000000440)=ANY=[]) 2m17.34830696s ago: executing program 32 (id=4172): r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0xe0000000, 0x564b143a, 0x83, 0xfffb, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000004}}, 0x50) syz_fuse_handle_req(r1, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1c, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)=[r2, r2, r2, r2, r2, r2, r0], 0x0, 0x10, 0xd}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) ioctl$UDMABUF_CREATE_LIST(r4, 0x40806685, &(0x7f0000000440)=ANY=[]) 15.510993979s ago: executing program 2 (id=4912): socket(0x40000000015, 0x5, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_xfrm(0x10, 0x3, 0x6) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x8004, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f0ff000000002d040300000000003d030000000000006504000001ed000079101800000000006c440000000000007b0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae563f721c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 12.169854196s ago: executing program 0 (id=4920): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0x5, 0xffffffff, 0x0, 0x0, 0x1) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) 8.988841322s ago: executing program 2 (id=4925): dup(0xffffffffffffffff) pipe2$9p(0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000100)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) 8.987341336s ago: executing program 5 (id=4926): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012", @ANYRES32=0x0, @ANYBLOB], 0x48) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r4, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20) sendmsg$inet(r1, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r7}, 0x18) 8.913454503s ago: executing program 1 (id=4927): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) process_vm_readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}, {&(0x7f0000001980)=""/4089, 0x1000}], 0x3, &(0x7f0000008640)=[{&(0x7f00000003c0)=""/95, 0xffffff1a}], 0x1, 0x0) 8.595270287s ago: executing program 0 (id=4928): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xe) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0xf7) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xf) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x4, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) accept4(r2, 0x0, 0x0, 0x800) io_setup(0x4, 0x0) syslog(0x3, &(0x7f00000004c0)=""/164, 0xa4) 6.973565343s ago: executing program 2 (id=4930): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'gre0\x00'}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x11) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0xac}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 6.916899743s ago: executing program 5 (id=4931): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ptrace(0x10, r3) ptrace(0x8, r3) wait4(0x0, 0x0, 0x0, 0x0) 6.82374308s ago: executing program 1 (id=4932): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x1) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) socket$inet6_tcp(0xa, 0x1, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 5.686914879s ago: executing program 5 (id=4933): syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000003d80), 0xffffffffffffffff) io_uring_setup(0x7d95, &(0x7f0000000940)={0x0, 0xdf07, 0x40, 0x1, 0x91}) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) socket(0x2b, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) 5.240900908s ago: executing program 1 (id=4935): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10) r6 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r6, r0, 0x0, 0x3a) 3.946608955s ago: executing program 1 (id=4938): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r0, 0x200204) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x98}, 0x1c) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r1, 0x200204) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82) prlimit64(0x0, 0x7, &(0x7f00000003c0)={0x7, 0x10003}, 0x0) accept4(r0, &(0x7f00000002c0)=@generic, &(0x7f0000000340)=0x80, 0x800) syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') close(0x3) 3.778776005s ago: executing program 2 (id=4939): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x26, '\x00', 0x0, 0x2}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x6, 0x7ffc0001}]}) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) shutdown(r1, 0x0) connect$unix(r0, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendto$inet6(0xffffffffffffffff, &(0x7f0000000280)='\x00', 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0x3}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) sendmmsg(r3, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {0x0}], 0x2}}], 0x2, 0x11) r4 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3}) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r4, &(0x7f0000000880)=""/202, 0xca, 0x200000200009, 0x0) 3.66161378s ago: executing program 5 (id=4940): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x85}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x20042, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x8010, 0xffffffffffffffff, 0xfffff000) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') preadv(r1, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4112, 0x1010}], 0x1, 0x800, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) 3.661344304s ago: executing program 4 (id=4941): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r5, 0x104, 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) 3.660925178s ago: executing program 1 (id=4942): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) 1.927772367s ago: executing program 1 (id=4943): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00'}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') sched_setattr(0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) accept(r3, 0x0, 0x0) r4 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000140)={@mcast1, 0x8000000, 0x0, 0xff, 0x500, 0x4}, 0x20) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 1.926379718s ago: executing program 4 (id=4944): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x7) fcntl$setownex(r1, 0xf, &(0x7f0000000040)) socket$igmp6(0xa, 0x3, 0x2) io_uring_setup(0x7, 0x0) ioctl$PPPIOCSMRRU(0xffffffffffffffff, 0x4004743b, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz1\x00', {0x8000, 0x1ff, 0x1, 0x1}, 0xc, [0x97a, 0x3, 0x2000001, 0xb31b, 0x1, 0x0, 0x7, 0x3, 0x8000, 0xfffffffc, 0x5, 0x8, 0x4, 0x6, 0x2, 0xffff, 0x1, 0x6, 0x8, 0xfffffffd, 0x8, 0x7ff, 0x6, 0xce68, 0x2, 0xffffffff, 0x8001, 0xfffffff7, 0x9a, 0x7db8, 0x9, 0x6, 0x5, 0x478, 0x1, 0xfffffffe, 0x2, 0xfd, 0x1, 0x3, 0x0, 0x6b67, 0x3, 0x8, 0x0, 0x2, 0x7, 0x3, 0x6, 0x7, 0x100, 0x4, 0x1875c0, 0x9, 0x0, 0x5, 0x9, 0x4d1, 0x7, 0x4, 0x907, 0xd, 0xfff, 0x8], [0x7fff, 0xfffffffb, 0x4, 0x8, 0x7ff, 0x40, 0x4, 0x0, 0x9, 0x1000, 0x3, 0x577, 0x6, 0x180, 0x1, 0x8, 0x80, 0x7, 0x800, 0x4, 0xffffffff, 0x4, 0x6, 0x2, 0xef7a, 0x6, 0x0, 0xd8a, 0x6df, 0x7ff, 0x6, 0x7, 0x4, 0x2, 0x7ffc, 0x24000000, 0x7, 0x8001, 0x7, 0x77, 0x0, 0x0, 0x3, 0x4, 0xffffffff, 0x0, 0x4, 0xa, 0x0, 0x16, 0x1, 0xb86, 0xb, 0x0, 0x5, 0x0, 0x1, 0x1, 0x400, 0xa5c, 0x800, 0xf, 0x5, 0x6f4b3e06], [0x4, 0xffffffff, 0x2, 0x2, 0x80d, 0x9f67, 0x0, 0x5e00, 0x9, 0x6, 0xa1cd, 0x5, 0x70f, 0xd40, 0x2, 0x200, 0x6, 0x100, 0x6e8, 0x8, 0x80000001, 0x6, 0x0, 0x2, 0xffffff01, 0xb, 0xa, 0x4, 0x0, 0xffff, 0xc, 0x10081, 0x9ae, 0x80000000, 0x8d, 0x6, 0x9, 0x4, 0x7, 0x100, 0x10, 0x3, 0x4, 0x1, 0x9, 0x1, 0x2, 0x0, 0x35e55dd3, 0xe4, 0x3, 0x9, 0x2, 0xfffffeff, 0x28c50000, 0x1, 0x6, 0x8, 0x7ff, 0x0, 0x1, 0x6, 0x8, 0x6da], [0x5, 0x6, 0x4, 0x3, 0x0, 0x6, 0x3, 0x3ff, 0x707, 0xc149, 0xda8, 0x2, 0xb, 0x8, 0x1, 0x8000000, 0xfffffffe, 0x9, 0x0, 0xfffffffe, 0x1, 0x3, 0x5, 0x9, 0x9, 0x401, 0xce7, 0xfc000000, 0x5, 0xcab, 0x5, 0x1, 0x6, 0x4, 0x8, 0x70b552d5, 0xffffff37, 0x5, 0x2, 0x0, 0x7fff, 0xa0, 0x2, 0x5, 0x3f4, 0x2, 0x0, 0xffffffff, 0x200, 0x58, 0x3, 0x8, 0x5, 0x3, 0x7, 0x5, 0xe97b, 0x1, 0xe, 0x4, 0x8, 0x9, 0xe, 0xffffff31]}, 0x45c) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) iopl(0x3) unshare(0x20000400) 1.8051812s ago: executing program 5 (id=4945): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.760047494s ago: executing program 2 (id=4946): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x48c00, 0xab) syz_io_uring_setup(0x963, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000180)=0x1c) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r4, 0x2284, &(0x7f0000000080)) 1.684859601s ago: executing program 0 (id=4947): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) socket$inet(0x2, 0x3, 0x3) socket$inet(0x2, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2}) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 1.632370773s ago: executing program 4 (id=4948): syz_open_dev$tty1(0xc, 0x4, 0x2) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket(0x10, 0x803, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 648.351762ms ago: executing program 0 (id=4949): socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$kcm(0x10, 0x2, 0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) sched_setparam(0x0, &(0x7f0000000240)=0x4) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40000c0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0x1002, 0x5) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 630.523143ms ago: executing program 2 (id=4950): memfd_create(&(0x7f0000000a00)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\xae\x00\x00\x00\x00\x00\xff\xff\x10\x04\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#RD\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\x91\x15\xc2\xf1f\xdfK\xf46\xed\xe4\xfb\xdf\a3F\xccB\x9d\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262-\x00\x00\x00\x00\xc8X\xdaNz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x00\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[R\xc36b\xa2]\xed\xe8\xb0\xfa\"\xa2\xd27)\xd5yQ\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3c(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x00P\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8fC\x91W\xadi\x00\xf2k\xd5v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x923\xd7\xde\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x1a\\P:\xcd\x0f\x00\x00\x00\x00\x00\x00\xa1\xf9\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\xf0V\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\xf6]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1n 1\x8d \xc1\xaf\x19\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xad\'\xe5\xbc7\x00\xfax\x8dL\x82\xed\xa0s\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]lbA\xd9\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\x9dj\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xf2\xb5K\x03\x85\x92k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb3\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180\xf1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00KT2\x1b\x16=\x10\xd3\x9a\xf0\xb7\x00\x00\x00\xb5\xe7\xf3\xf1\x96RPeW\xb9\xe3\x99fq\xb1\b\xc11\\(Ljw\xb8\xe1\xec\xceY\x88\x82>\xb1\xd3\x97\x02\xb8\xc9\xf8\x98F1t\x8e\xbc\x88\x0f\xa5;#\xea\xee*\x03\xf2\b\xfd%\xc9\x14\xc1\xc5\x93\f\xdc]\xd2#mW\xe4\xf7\xc1\x7f\x85s@\xc9\xefdP\xef\x89\xa4\x13R\xb5c\xe3\xac\x88\xcc\xd5Mv\x03\xd4x<\n3\x87\x89\x9e1\xa0\xe2#\x11\xacZt\xf7K\xd0\x90\xd6ZQ\xcec\fZ\xafYg+\xba\x83\xbc\xb8l\xdc\x03\x80P\xacLv\xc06\x8ejm\xe0V\x81\x9f\x90\xecD\xe7\x1b\xe0\aL\xcc\xf2C\x80\xdeVe\x84\x81IT\xf2\x1ddM)\x90\x7f\xae\x80', 0x2) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x19, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020300008500000082000000850000002a000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x7277, 0x0, 0x0, 0x0, 0x0) 497.567458ms ago: executing program 4 (id=4951): sendmsg$key(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000740)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 491.336709ms ago: executing program 0 (id=4952): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', 0x0}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000040)={@private2, r1}, 0x14) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r5, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) close(r4) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b18, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) 370.12982ms ago: executing program 4 (id=4953): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x1d1f, &(0x7f0000000200)={0x0, 0xcd1d, 0x10100, 0x0, 0xaa}, &(0x7f0000000000), 0x0) r0 = socket$igmp6(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mkdir(0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0xfffc, 0x103, @loopback, 0xa3c}, {0xa, 0xfffe, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x16}, 0x4}, 0x1000, {[0x9, 0xdaa, 0x7fff, 0x31, 0x5, 0x1, 0x6d2e, 0xc33]}}, 0x5c) 221.65694ms ago: executing program 5 (id=4954): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xe4776000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0xf, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000070000000000000004"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x15, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) socket$inet_tcp(0x2, 0x1, 0x0) io_setup(0x5, &(0x7f0000000e80)=0x0) syz_io_uring_setup(0x4, &(0x7f0000000580), &(0x7f0000000080), 0x0) r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) io_submit(r2, 0x1, &(0x7f0000001580)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x0, r3, &(0x7f0000000080)="8c", 0x1}]) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$nci(r4, 0x0, 0x0) 200.355787ms ago: executing program 4 (id=4955): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000580)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, 0x0, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) socket(0x1, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 0s ago: executing program 0 (id=4956): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x80047437, &(0x7f0000000140)=0xffff) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_setup(0x4, &(0x7f00000003c0)=0x0) io_submit(r3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) kernel console output (not intermixed with test programs): ing usage max [ 448.859489][ T10] microsoft 0003:045E:07DA.0017: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 448.859522][ T10] microsoft 0003:045E:07DA.0017: no inputs found [ 448.859537][ T10] microsoft 0003:045E:07DA.0017: could not initialize ff, continuing anyway [ 449.019646][ T9] usb 4-1: USB disconnect, device number 20 [ 450.830073][T10909] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2006'. [ 451.422056][T10920] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 452.953988][ T37] audit: type=1326 audit(1762270157.287:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 452.954042][ T37] audit: type=1326 audit(1762270157.287:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 452.958707][ T37] audit: type=1326 audit(1762270157.287:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 452.959057][ T37] audit: type=1326 audit(1762270157.287:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 453.121227][ T37] audit: type=1326 audit(1762270157.457:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 453.121281][ T37] audit: type=1326 audit(1762270157.457:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 453.121326][ T37] audit: type=1326 audit(1762270157.457:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 453.121368][ T37] audit: type=1326 audit(1762270157.457:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10941 comm="syz.3.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f036a42f6c9 code=0x7ffc0000 [ 454.310621][T10967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2036'. [ 454.409413][ T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 454.559423][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 454.567428][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3 [ 454.567461][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 454.567483][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 454.567508][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 454.567638][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 454.567662][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.658576][ T9] usb 3-1: config 0 descriptor?? [ 454.659921][T10961] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 454.905804][ T9] usb 3-1: USB disconnect, device number 18 [ 454.948795][T10982] netlink: 'syz.0.2042': attribute type 1 has an invalid length. [ 454.948817][T10982] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2042'. [ 456.123071][ T5943] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.132931][ T5943] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.132984][ T5943] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.133022][ T5943] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.339733][ T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 456.422253][T10546] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 456.482576][T10999] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 456.500414][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 456.503014][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 456.503046][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 456.518127][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 456.518158][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.518179][ T9] usb 2-1: Product: syz [ 456.518195][ T9] usb 2-1: Manufacturer: syz [ 456.518209][ T9] usb 2-1: SerialNumber: syz [ 456.590468][ T9] usb 2-1: config 0 descriptor?? [ 456.595153][T10546] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 456.614639][ T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 456.614674][ T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 456.836709][T10546] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 457.011144][T11003] team0: No ports can be present during mode change [ 457.013472][T10546] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 457.202634][ T9] em28xx 2-1:0.0: unknown em28xx chip ID (254) [ 457.403744][ T9] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 457.405716][ T9] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 457.405735][ T9] em28xx 2-1:0.0: No AC97 audio processor [ 457.433783][ T9] usb 2-1: USB disconnect, device number 24 [ 457.436168][ T9] em28xx 2-1:0.0: Disconnecting em28xx [ 457.463113][ T9] em28xx 2-1:0.0: Freeing device [ 457.783474][T10546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.845208][T10546] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.887193][ T2921] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.888924][ T2921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.915004][ T2921] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.915153][ T2921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.516496][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.519185][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.543958][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.544420][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.544760][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.544952][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.545135][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.545317][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.545499][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 458.545682][T11023] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 459.084195][T11030] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2061'. [ 459.085006][T11030] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2061'. [ 459.374047][T11034] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 460.336106][T10546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.473240][T11053] program syz.3.2067 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 460.689555][ T5965] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 460.842405][ T5965] usb 3-1: Using ep0 maxpacket: 8 [ 460.845550][ T5965] usb 3-1: unable to get BOS descriptor or descriptor too short [ 460.847118][ T5965] usb 3-1: config 4 interface 0 has no altsetting 0 [ 460.874952][ T5965] usb 3-1: string descriptor 0 read error: -22 [ 460.875044][ T5965] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 460.875058][ T5965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.915248][ T5965] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 460.941090][ T5965] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 460.941718][ T5965] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 460.941771][ T5965] usb 3-1: media controller created [ 461.030766][ T5965] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 462.103706][T10546] veth0_vlan: entered promiscuous mode [ 462.284605][T10546] veth1_vlan: entered promiscuous mode [ 462.419752][ T9] usb 3-1: USB disconnect, device number 19 [ 462.572607][T10546] veth0_macvtap: entered promiscuous mode [ 462.606110][T10546] veth1_macvtap: entered promiscuous mode [ 462.726188][T10546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 462.785740][T10546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.860167][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.861245][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.862291][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.862538][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.212097][ T9] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 463.360188][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 463.362539][ T9] usb 2-1: config 0 has an invalid interface number: 182 but max is 0 [ 463.362566][ T9] usb 2-1: config 0 has no interface number 0 [ 463.362599][ T9] usb 2-1: config 0 interface 182 has no altsetting 0 [ 463.416102][ T9] usb 2-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db [ 463.416135][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.416162][ T9] usb 2-1: Product: syz [ 463.416177][ T9] usb 2-1: Manufacturer: syz [ 463.416192][ T9] usb 2-1: SerialNumber: syz [ 463.466541][ T9] usb 2-1: config 0 descriptor?? [ 463.486220][ T2921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.486241][ T2921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.490838][ T9] hub 2-1:0.182: bad descriptor, ignoring hub [ 463.490876][ T9] hub 2-1:0.182: probe with driver hub failed with error -5 [ 463.536562][T11095] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 463.536562][T11095] The task syz.2.2082 (11095) triggered the difference, watch for misbehavior. [ 463.639412][ T5871] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 463.703713][ T9] kaweth 2-1:0.182: Firmware present in device. [ 463.872356][ T5871] usb 1-1: Using ep0 maxpacket: 8 [ 463.892806][ T5871] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 463.911325][ T5871] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 463.911357][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.911378][ T5871] usb 1-1: Product: syz [ 463.911392][ T5871] usb 1-1: Manufacturer: syz [ 463.911407][ T5871] usb 1-1: SerialNumber: syz [ 463.913747][ T9] kaweth 2-1:0.182: Statistics collection: 0 [ 463.913768][ T9] kaweth 2-1:0.182: Multicast filter limit: 0 [ 463.913783][ T9] kaweth 2-1:0.182: MTU: 0 [ 463.913797][ T9] kaweth 2-1:0.182: Read MAC address 00:00:00:00:00:00 [ 464.077726][ T5871] usb 1-1: config 0 descriptor?? [ 464.086180][ T5871] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 464.086235][ T5871] usb 1-1: setting power ON [ 464.086255][ T5871] dvb-usb: bulk message failed: -22 (2/0) [ 464.097882][ T9] kaweth 2-1:0.182: probe with driver kaweth failed with error -5 [ 464.150282][ T9] usb 2-1: USB disconnect, device number 25 [ 464.277680][ T2921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.277701][ T2921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.434436][ T5871] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 464.435296][ T5871] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 464.435352][ T5871] usb 1-1: media controller created [ 464.529599][ T5117] Bluetooth: hci4: command 0x0406 tx timeout [ 464.579850][ T5871] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 464.598086][ T5871] usb 1-1: selecting invalid altsetting 6 [ 464.598101][ T5871] usb 1-1: digital interface selection failed (-22) [ 464.598110][ T5871] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 464.598691][ T5871] usb 1-1: setting power OFF [ 464.598702][ T5871] dvb-usb: bulk message failed: -22 (2/0) [ 464.598712][ T5871] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 464.598719][ T5871] (NULL device *): no alternate interface [ 464.809488][ T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 464.975243][ T9] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 464.975274][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.975294][ T9] usb 4-1: Product: syz [ 464.975309][ T9] usb 4-1: Manufacturer: syz [ 464.975324][ T9] usb 4-1: SerialNumber: syz [ 465.031647][ T9] usb 4-1: config 0 descriptor?? [ 465.181300][ T5871] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 465.399655][ T5871] usb 1-1: USB disconnect, device number 23 [ 465.490939][ T9] usb 4-1: Firmware: major: 220, minor: 10, hardware type: ATUSB (2) [ 465.670058][ T10] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 465.698661][ T9] usb 4-1: failed to fetch extended address, random address set [ 465.842335][ T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 465.842368][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 465.842395][ T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 465.845427][ T10] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 465.845455][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.845475][ T10] usb 2-1: Product: syz [ 465.845489][ T10] usb 2-1: Manufacturer: syz [ 465.845504][ T10] usb 2-1: SerialNumber: syz [ 465.927963][ T10] usb 2-1: config 0 descriptor?? [ 465.946583][T11114] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 465.946782][T11114] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 465.964833][ T10] usb 2-1: ucan: probing device on interface #0 [ 467.016818][ T10] usb 2-1: ucan: could not read protocol version, ret=-110 [ 467.016843][ T10] usb 2-1: ucan: probe failed; try to update the device firmware [ 467.071888][T11124] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 467.071906][T11124] IPv6: NLM_F_CREATE should be set when creating new route [ 467.071988][T11124] IPv6: NLM_F_CREATE should be set when creating new route [ 467.072019][T11124] IPv6: NLM_F_CREATE should be set when creating new route [ 467.573684][ T9] usb 4-1: USB disconnect, device number 21 [ 467.687789][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687838][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687864][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687889][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687914][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687939][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687963][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.687988][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.688013][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.688038][ T1214] hid-generic 0003:0004:0000.0018: unknown main item tag 0x0 [ 467.794836][ T1214] hid-generic 0003:0004:0000.0018: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 468.379925][T11143] program syz.0.2099 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 468.595400][ T5871] usb 2-1: USB disconnect, device number 26 [ 468.679355][T11149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2104'. [ 469.152995][ T5117] Bluetooth: hci4: unexpected event for opcode 0x0419 [ 469.485135][T11171] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2113'. [ 469.746808][T11177] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 469.747039][T11177] syzkaller1: linktype set to 776 [ 470.347310][T11190] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2122'. [ 470.617244][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2128'. [ 470.803971][ T1214] hid-generic 0000:0000:0000.0019: hidraw0: HID v0.00 Device [syz0] on syz0 [ 471.430720][T11222] trusted_key: encrypted_key: keyword 'uew' not recognized [ 472.057037][T11238] tmpfs: Bad value for 'mpol' [ 472.109446][ T992] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 472.443598][ T992] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 472.443943][ T992] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 472.444150][ T992] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 472.457974][ T992] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 472.458333][ T992] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 472.728478][ T992] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 472.728618][ T992] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 472.728706][ T992] usb 5-1: Product: syz [ 472.728949][ T992] usb 5-1: Manufacturer: syz [ 472.988719][ T992] cdc_wdm 5-1:1.0: skipping garbage [ 472.988739][ T992] cdc_wdm 5-1:1.0: skipping garbage [ 473.031129][ T992] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 473.031152][ T992] cdc_wdm 5-1:1.0: Unknown control protocol [ 473.179441][ T5117] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 473.179765][ T5117] Bluetooth: hci4: Injecting HCI hardware error event [ 473.184315][ T61] Bluetooth: hci4: hardware error 0x00 [ 473.324470][T11252] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2149'. [ 473.324497][T11252] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2149'. [ 473.479489][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 473.629364][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 473.645605][ T9] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 473.645634][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.645654][ T9] usb 1-1: Product: syz [ 473.645668][ T9] usb 1-1: Manufacturer: syz [ 473.645683][ T9] usb 1-1: SerialNumber: syz [ 473.683734][ T9] usb 1-1: config 0 descriptor?? [ 474.301542][ T9] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 474.469888][ T9] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 474.490617][ T9] usb 1-1: USB disconnect, device number 24 [ 474.798435][T11277] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2160'. [ 474.959910][ T5871] usb 5-1: USB disconnect, device number 21 [ 475.137760][T11287] loop4: detected capacity change from 0 to 7 [ 475.158489][T11287] Dev loop4: unable to read RDB block 7 [ 475.158525][T11287] loop4: AHDI p1 p2 [ 475.158557][T11287] loop4: partition table partially beyond EOD, truncated [ 475.158844][T11287] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 475.329478][ T61] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 476.087895][ T37] audit: type=1400 audit(1762270180.417:72): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=11312 comm="syz.0.2176" opid=11312 ocomm="syz.0.2176" [ 476.252720][T11318] syz_tun: entered allmulticast mode [ 476.298941][T11318] dvmrp6: entered allmulticast mode [ 476.303133][ T37] audit: type=1800 audit(1762270180.617:73): pid=11321 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2180" name="bus" dev="tmpfs" ino=2279 res=0 errno=0 [ 476.319519][T11316] syz_tun: left allmulticast mode [ 476.420147][ T37] audit: type=1326 audit(1762270180.747:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45d5bb6567 code=0x7ffc0000 [ 476.420199][ T37] audit: type=1326 audit(1762270180.747:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45d5b5b779 code=0x7ffc0000 [ 476.420241][ T37] audit: type=1326 audit(1762270180.747:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d5bbf6c9 code=0x7ffc0000 [ 476.420283][ T37] audit: type=1326 audit(1762270180.747:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45d5bb6567 code=0x7ffc0000 [ 476.431088][ T37] audit: type=1326 audit(1762270180.747:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45d5b5b779 code=0x7ffc0000 [ 476.431141][ T37] audit: type=1326 audit(1762270180.747:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f45d5bbf6c9 code=0x7ffc0000 [ 476.431181][ T37] audit: type=1326 audit(1762270180.747:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45d5bb6567 code=0x7ffc0000 [ 476.431220][ T37] audit: type=1326 audit(1762270180.747:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11325 comm="syz.4.2182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45d5b5b779 code=0x7ffc0000 [ 477.209646][ T1214] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 477.362330][ T1214] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 477.362361][ T1214] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 477.362381][ T1214] usb 3-1: config 220 contains an unexpected descriptor of type 0x1, skipping [ 477.362400][ T1214] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 477.362420][ T1214] usb 3-1: config 220 has no interface number 2 [ 477.362507][ T1214] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 477.362537][ T1214] usb 3-1: config 220 interface 0 has no altsetting 0 [ 477.362556][ T1214] usb 3-1: config 220 interface 76 has no altsetting 0 [ 477.362575][ T1214] usb 3-1: config 220 interface 1 has no altsetting 0 [ 477.366224][ T1214] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 477.366255][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.366276][ T1214] usb 3-1: Product: syz [ 477.366291][ T1214] usb 3-1: Manufacturer: syz [ 477.366306][ T1214] usb 3-1: SerialNumber: syz [ 477.589451][ T5905] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 477.627656][ T1214] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 477.627692][ T1214] uvcvideo 3-1:220.0: No valid video chain found. [ 477.627767][ T1214] usb 3-1: selecting invalid altsetting 0 [ 477.708832][ T1214] usb 3-1: selecting invalid altsetting 0 [ 477.708875][ T1214] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 477.723971][ T1214] usb 3-1: USB disconnect, device number 20 [ 478.082127][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 478.358500][T11364] 9pnet_fd: Insufficient options for proto=fd [ 478.362290][ T5905] usb 5-1: config 0 has an invalid interface number: 115 but max is 0 [ 478.362318][ T5905] usb 5-1: config 0 has no interface number 0 [ 478.362375][ T5905] usb 5-1: config 0 interface 115 altsetting 0 endpoint 0xE has an invalid bInterval 146, changing to 11 [ 478.362428][ T5905] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=b2.70 [ 478.362451][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.374945][ T5905] usb 5-1: config 0 descriptor?? [ 478.394222][ T5905] adutux 5-1:0.115: interrupt endpoints not found [ 478.422495][T11362] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 478.591673][ T992] usb 5-1: USB disconnect, device number 22 [ 478.749901][ T5871] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 478.869418][ T1214] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 478.915858][ T5871] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 478.915890][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.919212][ T5871] usb 4-1: config 0 descriptor?? [ 478.951034][ T5871] cp210x 4-1:0.0: cp210x converter detected [ 479.022126][ T1214] usb 2-1: Using ep0 maxpacket: 32 [ 479.024631][ T1214] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.024662][ T1214] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.024702][ T1214] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 479.024725][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.029178][ T1214] usb 2-1: config 0 descriptor?? [ 479.055594][T11391] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2211'. [ 479.086851][ T5977] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 479.259352][ T5977] usb 1-1: Using ep0 maxpacket: 8 [ 479.262156][ T5977] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 479.262185][ T5977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.319430][ T5977] pvrusb2: Hardware description: Terratec Grabster AV400 [ 479.319454][ T5977] pvrusb2: ********** [ 479.319460][ T5977] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 479.319473][ T5977] pvrusb2: Important functionality might not be entirely working. [ 479.319482][ T5977] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 479.319712][ T5977] pvrusb2: ********** [ 479.379559][ T5871] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 479.482028][ T1214] savu 0003:1E7D:2D5A.001A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 479.520750][ T2363] pvrusb2: Invalid write control endpoint [ 479.596131][ T2363] pvrusb2: Invalid write control endpoint [ 479.596148][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 479.596158][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 479.596166][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 479.596175][ T2363] pvrusb2: Device being rendered inoperable [ 479.611602][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 479.612171][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 479.626282][ T2363] pvrusb2: Attached sub-driver cx25840 [ 479.626309][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 479.626320][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 479.629464][ T5905] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 479.690245][ T5871] usb 4-1: cp210x converter now attached to ttyUSB0 [ 479.716349][T11385] pvrusb2: Attempted to execute control transfer when device not ok [ 479.717842][ T5871] usb 1-1: USB disconnect, device number 25 [ 479.748931][ T1214] usb 2-1: USB disconnect, device number 27 [ 479.780393][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 479.786224][ T5905] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 479.786259][ T5905] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 479.786285][ T5905] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 479.786310][ T5905] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 479.786349][ T5905] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 479.786378][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.870552][ T44] usb 4-1: USB disconnect, device number 22 [ 479.877622][ T44] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 480.010877][ T44] cp210x 4-1:0.0: device disconnected [ 480.043063][ T5905] usb 5-1: GET_CAPABILITIES returned 0 [ 480.043114][ T5905] usbtmc 5-1:16.0: can't read capabilities [ 480.252214][ T1214] usb 5-1: USB disconnect, device number 23 [ 480.550949][ T44] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 480.713348][ T44] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 480.713382][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 480.713410][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 480.713433][ T44] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 480.713478][ T44] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 480.713503][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.801197][ T44] usb 1-1: config 0 descriptor?? [ 481.235221][ T44] hid_parser_main: 9 callbacks suppressed [ 481.235248][ T44] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 481.259630][ T1214] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 481.265087][ T44] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 481.412247][ T1214] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 481.412275][ T1214] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 481.418402][ T1214] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 481.418432][ T1214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.418442][ T1214] usb 2-1: Product: syz [ 481.418450][ T1214] usb 2-1: Manufacturer: syz [ 481.418458][ T1214] usb 2-1: SerialNumber: syz [ 481.478322][ T7253] tipc: Subscription rejected, illegal request [ 481.540667][ T9] usb 1-1: USB disconnect, device number 26 [ 481.681272][ T1214] usb 2-1: 0:2 : does not exist [ 481.692804][ T1214] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 481.744721][ T1214] usb 2-1: USB disconnect, device number 28 [ 481.958025][T11457] netlink: 'syz.4.2241': attribute type 21 has an invalid length. [ 481.958050][T11457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2241'. [ 482.535601][T11475] net_ratelimit: 44 callbacks suppressed [ 482.535627][T11475] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 482.545742][ T5871] IPVS: starting estimator thread 0... [ 482.635501][T11483] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2252'. [ 482.635539][T11483] netlink: 'syz.4.2252': attribute type 29 has an invalid length. [ 482.635554][T11483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2252'. [ 482.659694][T11479] IPVS: using max 8 ests per chain, 19200 per kthread [ 483.454255][T11530] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 483.479413][ T992] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 483.631009][ T992] usb 1-1: Using ep0 maxpacket: 16 [ 483.633051][ T992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.633085][ T992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.633109][ T992] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 483.633153][ T992] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 483.633177][ T992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.698753][ T992] usb 1-1: config 0 descriptor?? [ 483.849475][ T44] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 483.983621][T11542] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 484.014291][ T44] usb 3-1: config 9 has an invalid interface number: 81 but max is 0 [ 484.014320][ T44] usb 3-1: config 9 has no interface number 0 [ 484.014469][ T44] usb 3-1: config 9 interface 81 altsetting 7 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 484.014498][ T44] usb 3-1: config 9 interface 81 has no altsetting 0 [ 484.057076][ T44] usb 3-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=f0.f4 [ 484.057170][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.057192][ T44] usb 3-1: Product: syz [ 484.057208][ T44] usb 3-1: Manufacturer: syz [ 484.057223][ T44] usb 3-1: SerialNumber: syz [ 484.100016][T11536] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 484.135621][ T992] HID 045e:07da: Invalid code 65791 type 1 [ 484.155992][ T992] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.001C/input/input23 [ 484.203185][ T992] microsoft 0003:045E:07DA.001C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 484.311828][ T44] usbserial_generic 3-1:9.81: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 484.311853][ T44] usbserial_generic 3-1:9.81: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 484.311897][ T44] usbserial_generic 3-1:9.81: generic converter detected [ 484.353803][ T44] usb 3-1: generic converter now attached to ttyUSB0 [ 484.359035][ T44] usb 3-1: generic converter now attached to ttyUSB1 [ 484.378727][ T44] usb 3-1: USB disconnect, device number 21 [ 484.393983][ T44] generic ttyUSB0: generic converter now disconnected from ttyUSB0 [ 484.399209][ T44] generic ttyUSB1: generic converter now disconnected from ttyUSB1 [ 484.416454][ T44] usbserial_generic 3-1:9.81: device disconnected [ 484.572420][ T9] usb 1-1: USB disconnect, device number 27 [ 485.420237][T11565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 485.439666][T11564] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 486.582050][T11580] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 486.869424][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 487.029380][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 487.031716][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 487.031745][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.038252][ T9] usb 4-1: config 0 descriptor?? [ 487.065803][ T9] gspca_main: sq930x-2.14.0 probing 041e:403c [ 488.060652][ T9] gspca_sq930x: ucbus_write failed -71 [ 488.060753][ T9] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 488.072083][ T9] usb 4-1: USB disconnect, device number 23 [ 488.079743][ T5885] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 488.645110][T11611] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2307'. [ 488.654994][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 488.655029][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.655051][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 488.655094][ T5885] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 488.655118][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.666894][ T5885] usb 5-1: config 0 descriptor?? [ 489.135627][ T5885] plantronics 0003:047F:FFFF.001D: reserved main item tag 0xe [ 489.135678][ T5885] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 489.163598][ T5885] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 489.215119][T11619] loop6: detected capacity change from 0 to 7 [ 489.237441][T11619] Dev loop6: unable to read RDB block 7 [ 489.237490][T11619] loop6: unable to read partition table [ 489.237747][T11619] loop6: partition table beyond EOD, truncated [ 489.237766][T11619] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 489.409480][ T44] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 489.436462][ T5885] usb 5-1: USB disconnect, device number 24 [ 489.522436][T11625] loop6: detected capacity change from 0 to 7 [ 489.523422][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.523569][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.523684][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.523792][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.524025][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.524148][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.537146][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.537239][T11625] ldm_validate_partition_table(): Disk read failed. [ 489.537302][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.537406][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.537509][T11625] Buffer I/O error on dev loop6, logical block 0, async page read [ 489.537676][T11625] Dev loop6: unable to read RDB block 0 [ 489.537961][T11625] loop6: unable to read partition table [ 489.538188][T11625] loop6: partition table beyond EOD, truncated [ 489.538206][T11625] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 489.582260][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.582302][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.582343][ T44] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 489.582366][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.686122][ T44] usb 4-1: config 0 descriptor?? [ 490.126515][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126553][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126580][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126607][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126634][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126660][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.126687][ T44] cp2112 0003:10C4:EA90.001E: unknown main item tag 0x0 [ 490.191903][ T44] cp2112 0003:10C4:EA90.001E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 490.319904][ T44] cp2112 0003:10C4:EA90.001E: Part Number: 0x4E Device Version: 0x8F [ 490.533315][ T44] cp2112 0003:10C4:EA90.001E: error requesting SMBus config [ 490.570599][ T44] cp2112 0003:10C4:EA90.001E: probe with driver cp2112 failed with error -71 [ 490.592516][ T44] usb 4-1: USB disconnect, device number 24 [ 491.111538][T11650] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 492.779381][T11681] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 492.945444][T11682] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2338'. [ 493.849465][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 493.849485][ T37] audit: type=1326 audit(1762270198.177:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11716 comm="syz.1.2354" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3a2817f6c9 code=0x0 [ 494.949614][ T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 495.106006][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 495.106126][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 495.108502][ T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 495.108532][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 495.108552][ T9] usb 3-1: SerialNumber: syz [ 495.209480][ T5885] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 495.289468][ T44] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 495.346849][ T9] usb 3-1: 0:2 : does not exist [ 495.353927][ T9] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 495.373962][ T5885] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 495.373981][ T5885] usb 1-1: config 0 has no interface number 0 [ 495.374010][ T5885] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 110, changing to 10 [ 495.374025][ T5885] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 25964, setting to 1024 [ 495.374050][ T5885] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 495.374063][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.377901][ T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 495.378955][ T5885] usb 1-1: config 0 descriptor?? [ 495.380006][T11773] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 495.403373][ T9] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5) [ 495.408323][ T5885] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input24 [ 495.459366][ T44] usb 2-1: Using ep0 maxpacket: 8 [ 495.492064][ T44] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 495.492093][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.492113][ T44] usb 2-1: config 0 has no interface number 0 [ 495.495623][ T44] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 495.495652][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.495672][ T44] usb 2-1: Product: syz [ 495.495686][ T44] usb 2-1: Manufacturer: syz [ 495.495701][ T44] usb 2-1: SerialNumber: syz [ 495.563471][ T44] usb 2-1: config 0 descriptor?? [ 495.576608][ T44] uvcvideo 2-1:0.31: Found Unit with invalid ID 0 [ 495.576691][ T44] uvcvideo 2-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 495.576720][ T44] uvcvideo 2-1:0.31: No valid video chain found. [ 495.586562][ C0] usbtouchscreen 1-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 495.609392][ T5871] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 495.612469][ T9] usb 3-1: USB disconnect, device number 22 [ 495.638942][ T10] usb 1-1: USB disconnect, device number 28 [ 495.762039][ T5871] usb 4-1: config 0 has no interfaces? [ 495.764293][ T5871] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 495.764376][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.764396][ T5871] usb 4-1: Product: syz [ 495.764409][ T5871] usb 4-1: Manufacturer: syz [ 495.764424][ T5871] usb 4-1: SerialNumber: syz [ 495.778445][ T1214] usb 2-1: USB disconnect, device number 29 [ 495.814038][ T5871] usb 4-1: config 0 descriptor?? [ 495.939371][ T44] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 496.024461][ T1214] usb 4-1: USB disconnect, device number 25 [ 496.099409][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 496.103709][ T44] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.103742][ T44] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.103765][ T44] usb 5-1: config 0 interface 0 has no altsetting 0 [ 496.103797][ T44] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 496.103820][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.108652][ T44] usb 5-1: config 0 descriptor?? [ 496.325680][T11789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 496.326530][T11789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 496.539065][ T44] hid (null): unknown global tag 0xc [ 496.539090][ T44] hid (null): unknown global tag 0xd [ 496.669728][ T9] usb 2-1: new low-speed USB device number 30 using dummy_hcd [ 496.740294][ T992] usb 5-1: USB disconnect, device number 25 [ 496.827281][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 496.827346][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 496.827375][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 496.827401][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 496.827429][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 496.829119][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 496.829168][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 496.829194][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 496.829380][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 496.829407][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 496.830926][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 496.830981][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 496.831008][ T9] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 496.831034][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 496.831061][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 496.870530][ T9] usb 2-1: string descriptor 0 read error: -22 [ 496.870687][ T9] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 496.870711][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.909656][ T9] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 497.109740][ T9] usb 2-1: USB disconnect, device number 30 [ 497.914789][T11849] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2410'. [ 497.914824][T11849] netlink: 'syz.1.2410': attribute type 7 has an invalid length. [ 497.914838][T11849] netlink: 'syz.1.2410': attribute type 8 has an invalid length. [ 497.914850][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2410'. [ 498.045478][T11853] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2412'. [ 498.061091][ T44] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 498.112552][ T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0) [ 498.229441][ T44] usb 3-1: Using ep0 maxpacket: 32 [ 498.232515][ T44] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 498.232543][ T44] usb 3-1: config 0 has no interface number 0 [ 498.232591][ T44] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 498.232620][ T44] usb 3-1: config 0 interface 85 has no altsetting 0 [ 498.282492][ T44] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 498.282525][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.282546][ T44] usb 3-1: Product: syz [ 498.282561][ T44] usb 3-1: Manufacturer: syz [ 498.282576][ T44] usb 3-1: SerialNumber: syz [ 498.328426][ T44] usb 3-1: config 0 descriptor?? [ 498.629573][ T5871] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 498.669728][ T992] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 498.798825][ T5871] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 498.798986][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.821592][ T37] audit: type=1326 audit(1762270203.147:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11850 comm="syz.1.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7fc00000 [ 498.856046][ T5871] usb 5-1: config 0 descriptor?? [ 498.858323][ T992] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 498.858354][ T992] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 498.900518][ T5871] cp210x 5-1:0.0: cp210x converter detected [ 498.902469][ T992] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 498.902622][ T992] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.902643][ T992] usb 4-1: Product: syz [ 498.902941][ T992] usb 4-1: Manufacturer: syz [ 498.902959][ T992] usb 4-1: SerialNumber: syz [ 498.953441][ T992] usb 4-1: config 0 descriptor?? [ 498.954493][T11869] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 498.954637][T11869] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 498.957084][ T44] appletouch 3-1:0.85: Geyser mode initialized. [ 498.993052][ T44] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input25 [ 499.171573][T11869] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 499.171740][T11869] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 499.195204][ T10] usb 3-1: USB disconnect, device number 23 [ 499.302700][ T5871] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 499.307644][ T10] appletouch 3-1:0.85: input: appletouch disconnected [ 499.522654][ C0] vkms_vblank_simulate: vblank timer overrun [ 499.540954][ T5871] usb 5-1: cp210x converter now attached to ttyUSB0 [ 499.582277][ T992] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 499.611994][T11893] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 499.742800][ T5871] usb 5-1: USB disconnect, device number 26 [ 499.768814][ T5871] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 499.892534][ T5871] cp210x 5-1:0.0: device disconnected [ 499.985480][ T992] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 500.034265][ T992] usb 4-1: USB disconnect, device number 26 [ 501.496649][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.365138][T11952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 503.519363][ T5871] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 503.693006][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.693041][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.693064][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 503.693105][ T5871] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 503.693129][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.709501][ T5871] usb 1-1: config 0 descriptor?? [ 504.172090][ T5871] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 504.419480][ T44] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 504.439506][ T1214] usb 1-1: USB disconnect, device number 29 [ 504.575038][ T44] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.575091][ T44] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 504.575117][ T44] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 504.582095][ T44] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 504.582125][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.582145][ T44] usb 2-1: Product: syz [ 504.582159][ T44] usb 2-1: Manufacturer: syz [ 504.582173][ T44] usb 2-1: SerialNumber: syz [ 504.867690][T11999] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 505.155349][T12018] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 505.349634][ T1214] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 505.492349][T11999] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 505.511931][ T1214] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 505.511959][ T1214] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 505.513485][ T1214] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 505.513512][ T1214] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 505.513533][ T1214] usb 1-1: SerialNumber: syz [ 505.700958][ T44] cdc_ncm 2-1:1.0: bind() failure [ 505.752626][ T44] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 505.759465][ T44] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 505.769783][ T44] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 505.797008][ T44] usb 2-1: USB disconnect, device number 31 [ 505.847633][ T1214] usb 1-1: 0:2 : does not exist [ 505.885450][ T1214] usb 1-1: USB disconnect, device number 30 [ 506.839077][T12046] lo speed is unknown, defaulting to 1000 [ 507.399158][T12074] input: syz1 as /devices/virtual/input/input26 [ 508.492926][T12117] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 508.615414][ C0] vkms_vblank_simulate: vblank timer overrun [ 508.786050][T12132] netlink: 14560 bytes leftover after parsing attributes in process `syz.3.2526'. [ 509.093524][T12150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 509.407010][T12162] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2542'. [ 510.011550][T12187] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2555'. [ 510.126441][T12193] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2556'. [ 510.801500][T12209] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 510.844278][T12217] input: syz0 as /devices/virtual/input/input27 [ 511.219061][T12231] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 512.139811][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.320240][T12253] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 512.666213][T12226] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.864818][T12226] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 513.948735][T12226] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.476834][ T2852] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 515.476870][ T2852] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.798099][T12392] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2650'. [ 516.522313][ T2852] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 516.522347][ T2852] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.538135][ T2852] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 516.538171][ T2852] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.538208][ T2852] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 516.538232][ T2852] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.562720][ T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 517.709640][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 517.711916][ T9] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 517.711948][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 517.711976][ T9] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 517.711995][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.716677][ T9] usb 2-1: config 0 descriptor?? [ 518.753496][ T9] nzxt-smart2 0003:1E71:2009.0021: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 518.962188][ T10] usb 2-1: USB disconnect, device number 32 [ 520.053188][T12514] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 520.619898][T12543] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2717'. [ 520.619928][T12543] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2717'. [ 521.815074][T12575] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.239946][T12592] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.392476][T12607] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2742'. [ 523.392530][T12607] bond0: ARP target 170.170.170.170 is already present [ 523.392551][T12607] bond0: option arp_ip_target: invalid value (2863311530) [ 523.579661][T12612] syzkaller1: entered promiscuous mode [ 523.579690][T12612] syzkaller1: entered allmulticast mode [ 526.326514][T12701] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 526.336432][T12701] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 526.340921][T12701] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 526.911630][ T37] audit: type=1326 audit(1762270231.247:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 526.914301][ T37] audit: type=1326 audit(1762270231.247:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 526.914596][ T37] audit: type=1326 audit(1762270231.247:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 526.915300][ T37] audit: type=1326 audit(1762270231.247:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 526.917598][ T37] audit: type=1326 audit(1762270231.247:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 526.917889][ T37] audit: type=1326 audit(1762270231.247:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 527.057975][ T37] audit: type=1326 audit(1762270231.247:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 527.058029][ T37] audit: type=1326 audit(1762270231.297:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12704 comm="syz.1.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x7ffc0000 [ 527.260376][T12712] "syz.0.2788" (12712) uses obsolete ecb(arc4) skcipher [ 527.700980][T12747] netlink: 'syz.2.2799': attribute type 6 has an invalid length. [ 531.812668][T12860] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2849'. [ 533.089763][ T10] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 533.239851][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 533.250945][ T10] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 533.250973][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.250993][ T10] usb 1-1: Product: syz [ 533.251015][ T10] usb 1-1: Manufacturer: syz [ 533.251029][ T10] usb 1-1: SerialNumber: syz [ 533.262913][ T10] usb 1-1: config 0 descriptor?? [ 533.274472][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 533.306922][T12901] program syz.2.2868 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 533.307699][T12901] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 534.134209][ T10] gspca_se401: Frame size: 0x2 bayer [ 534.134239][ T10] gspca_se401: Frame size: 0x127 bayer [ 534.134250][ T10] gspca_se401: Frame size: 256x0 bayer [ 534.314970][ T10] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input28 [ 534.350374][ T10] usb 1-1: USB disconnect, device number 31 [ 534.788292][T12938] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 535.448383][T12976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2900'. [ 535.456184][T12976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2900'. [ 535.873330][T12999] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 536.487255][ T37] audit: type=1326 audit(1762270240.817:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13021 comm="syz.1.2922" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a2817f6c9 code=0x0 [ 536.550517][T13022] lo speed is unknown, defaulting to 1000 [ 538.856581][ T37] audit: type=1326 audit(1762270243.187:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.856861][ T37] audit: type=1326 audit(1762270243.187:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.859892][T13090] loop2: detected capacity change from 0 to 7 [ 538.871735][T13090] Dev loop2: unable to read RDB block 7 [ 538.871784][T13090] loop2: unable to read partition table [ 538.872008][T13090] loop2: partition table beyond EOD, truncated [ 538.872026][T13090] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 538.965204][ T37] audit: type=1326 audit(1762270243.297:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.965487][ T37] audit: type=1326 audit(1762270243.297:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.965792][ T37] audit: type=1326 audit(1762270243.297:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.966273][ T37] audit: type=1326 audit(1762270243.297:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.966888][ T37] audit: type=1326 audit(1762270243.297:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.967151][ T37] audit: type=1326 audit(1762270243.297:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 538.967995][ T37] audit: type=1326 audit(1762270243.297:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13095 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 541.369458][ T44] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 541.523886][ T44] usb 2-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 541.523939][ T44] usb 2-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 541.523970][ T44] usb 2-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 541.527269][ T44] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 541.527300][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 541.527321][ T44] usb 2-1: SerialNumber: syz [ 541.846710][ T44] rndis_host 2-1:253.0: RNDIS init failed, -71 [ 541.847012][ T44] rndis_host 2-1:253.0: probe with driver rndis_host failed with error -71 [ 541.893021][ T44] usb 2-1: USB disconnect, device number 33 [ 542.206958][T13203] overlayfs: failed to clone lowerpath [ 542.241863][T13203] overlayfs: failed to clone lowerpath [ 542.309399][ T44] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 542.468311][ T44] usb 2-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 542.468373][ T44] usb 2-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 542.468404][ T44] usb 2-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 542.508177][ T44] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 542.508209][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 542.508230][ T44] usb 2-1: SerialNumber: syz [ 543.839954][ T44] rndis_host 2-1:253.0: RNDIS init failed, -110 [ 543.867028][ T44] rndis_host 2-1:253.0: probe with driver rndis_host failed with error -110 [ 544.191878][ T44] usb 2-1: USB disconnect, device number 34 [ 544.591992][T13263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3028'. [ 545.279386][ T44] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 545.450274][ T44] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 545.450305][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.450326][ T44] usb 4-1: Product: syz [ 545.450340][ T44] usb 4-1: Manufacturer: syz [ 545.450355][ T44] usb 4-1: SerialNumber: syz [ 545.574618][ T44] usb 4-1: config 0 descriptor?? [ 545.982471][ T44] usb 4-1: USB disconnect, device number 27 [ 546.505584][T13298] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 547.380146][ T1214] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 547.545809][ T1214] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 547.545842][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.545864][ T1214] usb 3-1: Product: syz [ 547.545879][ T1214] usb 3-1: Manufacturer: syz [ 547.545895][ T1214] usb 3-1: SerialNumber: syz [ 548.080867][T13338] fuse: Bad value for 'fd' [ 548.096931][ T1214] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 548.096996][ T1214] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 548.731721][ T1214] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO [ 548.731784][ T1214] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 548.733532][ T1214] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 548.781715][ T1214] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 548.801093][ T1214] usb 3-1: USB disconnect, device number 24 [ 551.719657][ T1214] IPVS: starting estimator thread 0... [ 551.809743][T13433] IPVS: using max 8 ests per chain, 19200 per kthread [ 552.345755][T13459] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3118'. [ 552.589506][ T44] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 552.742009][ T44] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 552.742041][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.750045][ T44] usb 3-1: config 0 descriptor?? [ 552.775325][ T44] cp210x 3-1:0.0: cp210x converter detected [ 553.046763][T13493] nullb0: [POWERTEC] p1 [ 553.046940][T13493] nullb0: p1 size 809004142 extends beyond EOD, truncated [ 553.188060][ T44] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 553.216184][ T44] usb 3-1: cp210x converter now attached to ttyUSB0 [ 553.405402][ T10] usb 3-1: USB disconnect, device number 25 [ 553.412180][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 553.550010][ T10] cp210x 3-1:0.0: device disconnected [ 553.909613][ T1214] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 554.062482][ T1214] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 554.062532][ T1214] usb 4-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 554.062554][ T1214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.113621][ T1214] usb 4-1: config 0 descriptor?? [ 554.360941][T13554] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3160'. [ 554.543006][ T1214] logitech 0003:046D:CA03.0022: unknown main item tag 0x0 [ 554.544330][ T1214] logitech 0003:046D:CA03.0022: unknown main item tag 0x0 [ 554.544361][ T1214] logitech 0003:046D:CA03.0022: unknown main item tag 0x0 [ 554.544388][ T1214] logitech 0003:046D:CA03.0022: unknown main item tag 0x0 [ 554.544415][ T1214] logitech 0003:046D:CA03.0022: unknown main item tag 0x0 [ 554.603805][ T1214] logitech 0003:046D:CA03.0022: hidraw0: USB HID v12.00 Device [HID 046d:ca03] on usb-dummy_hcd.3-1/input0 [ 554.603842][ T1214] logitech 0003:046D:CA03.0022: no inputs found [ 554.737240][ T1214] usb 4-1: USB disconnect, device number 28 [ 555.041149][T13574] netlink: 'syz.0.3171': attribute type 298 has an invalid length. [ 555.900742][T13606] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3186'. [ 558.442960][T13662] syz.0.3209 (13662) used greatest stack depth: 17296 bytes left [ 559.084894][ T5878] libceph: connect (1)[b::]:6789 error -101 [ 559.085715][ T5878] libceph: mon0 (1)[b::]:6789 connect error [ 559.088972][ T5871] libceph: connect (1)[c::]:6789 error -101 [ 559.089173][ T5871] libceph: mon0 (1)[c::]:6789 connect error [ 559.095789][ T5871] libceph: connect (1)[c::]:6789 error -101 [ 559.095988][ T5871] libceph: mon0 (1)[c::]:6789 connect error [ 559.097649][ T5878] libceph: connect (1)[b::]:6789 error -101 [ 559.097847][ T5878] libceph: mon0 (1)[b::]:6789 connect error [ 559.365766][ T5878] libceph: connect (1)[b::]:6789 error -101 [ 559.365976][ T5878] libceph: mon0 (1)[b::]:6789 connect error [ 559.366226][ T5878] libceph: connect (1)[c::]:6789 error -101 [ 559.366401][ T5878] libceph: mon0 (1)[c::]:6789 connect error [ 559.727961][T13718] ceph: No mds server is up or the cluster is laggy [ 559.744644][T13714] ceph: No mds server is up or the cluster is laggy [ 559.909684][ T5871] libceph: connect (1)[b::]:6789 error -101 [ 559.909883][ T5871] libceph: mon0 (1)[b::]:6789 connect error [ 560.454256][T13756] 9pnet_fd: Insufficient options for proto=fd [ 561.429374][ T5878] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 561.581980][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 561.582014][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 561.583513][ T5878] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 561.583540][ T5878] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 561.583560][ T5878] usb 4-1: Manufacturer: syz [ 561.592977][ T5878] usb 4-1: config 0 descriptor?? [ 562.676120][ T5878] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0023/input/input29 [ 562.801447][ T5878] uclogic 0003:256C:006D.0023: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 562.868445][ T1214] usb 4-1: USB disconnect, device number 29 [ 562.938373][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.903042][T13830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3281'. [ 565.051542][T13883] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3302'. [ 565.181166][ T5878] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 565.340537][ T5878] usb 4-1: Using ep0 maxpacket: 32 [ 565.344803][ T5878] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 565.344846][ T5878] usb 4-1: config 0 has no interface number 0 [ 565.348008][ T5878] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 565.348038][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.348056][ T5878] usb 4-1: Product: syz [ 565.348070][ T5878] usb 4-1: Manufacturer: syz [ 565.348091][ T5878] usb 4-1: SerialNumber: syz [ 565.359158][ T5878] usb 4-1: config 0 descriptor?? [ 565.378054][ T5878] smsc95xx v2.0.0 [ 565.792550][ T5878] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 565.792582][ T5878] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 566.596389][ T5878] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 566.596706][ T5878] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 566.632189][ T5878] usb 4-1: USB disconnect, device number 30 [ 566.693264][T13939] syz.1.3327 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 567.299759][T13961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3337'. [ 567.308477][T13961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3337'. [ 567.672814][ T1214] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 567.753262][T13993] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3352'. [ 567.819421][ T1214] usb 4-1: Using ep0 maxpacket: 32 [ 567.821969][ T1214] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 567.821997][ T1214] usb 4-1: config 0 has no interface number 0 [ 567.822047][ T1214] usb 4-1: config 0 interface 12 has no altsetting 0 [ 567.825226][ T1214] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 567.825257][ T1214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.825278][ T1214] usb 4-1: Product: syz [ 567.825293][ T1214] usb 4-1: Manufacturer: syz [ 567.825308][ T1214] usb 4-1: SerialNumber: syz [ 567.859129][T13999] netlink: 'syz.1.3354': attribute type 10 has an invalid length. [ 567.895569][T13999] team0: Port device dummy0 added [ 567.897525][ T1214] usb 4-1: config 0 descriptor?? [ 567.909417][T13999] netlink: 'syz.1.3354': attribute type 10 has an invalid length. [ 567.911000][T13999] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 568.025750][T13999] team0: Failed to send options change via netlink (err -105) [ 568.025960][T13999] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 568.028931][T13999] team0: Port device dummy0 removed [ 568.105239][T13999] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 569.538913][ T1214] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71 [ 569.538976][ T1214] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 569.538994][ T1214] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 569.539091][ T1214] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 569.605082][ T1214] usb 4-1: USB disconnect, device number 31 [ 570.429332][ T1214] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 570.591789][ T1214] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 570.591822][ T1214] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 570.591845][ T1214] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 570.591890][ T1214] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 570.591913][ T1214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.656551][ T1214] usbtmc 4-1:16.0: bulk endpoints not found [ 571.562214][T14129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3410'. [ 571.807621][T14141] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3416'. [ 572.862031][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 572.862050][ T37] audit: type=1326 audit(1762270277.197:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14164 comm="syz.0.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 572.863103][ T37] audit: type=1326 audit(1762270277.197:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14164 comm="syz.0.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 573.250393][ T1214] usb 4-1: USB disconnect, device number 32 [ 574.736836][T14245] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3459'. [ 576.029575][ T5871] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 576.199403][ T5871] usb 2-1: Using ep0 maxpacket: 8 [ 576.204340][ T5871] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 576.204372][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.204392][ T5871] usb 2-1: Product: syz [ 576.204407][ T5871] usb 2-1: Manufacturer: syz [ 576.204416][ T5871] usb 2-1: SerialNumber: syz [ 576.211458][ T5871] usb 2-1: config 0 descriptor?? [ 576.484301][ T5871] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 578.009813][ T5871] gspca_sunplus: reg_w_riv err -110 [ 578.009939][ T5871] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 578.110195][ T5871] usb 2-1: USB disconnect, device number 35 [ 579.924585][ T37] audit: type=1804 audit(1762270284.247:113): pid=14380 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.3520" name="/newroot/687/file0" dev="tmpfs" ino=3521 res=1 errno=0 [ 579.982766][T14379] uprobe: syz.3.3520:14379 failed to unregister, leaking uprobe [ 580.708077][T14425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3538'. [ 581.337004][ T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 581.488279][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 581.488338][ T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 581.488363][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.508976][ T9] usb 4-1: config 0 descriptor?? [ 581.525958][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 581.919779][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 581.937411][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 581.940357][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 581.941077][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 581.942770][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 582.149706][ T9] pwc: recv_control_msg error -71 req 02 val 2000 [ 582.150328][ T9] pwc: recv_control_msg error -71 req 02 val 2100 [ 582.150788][ T9] pwc: recv_control_msg error -71 req 04 val 1500 [ 582.151263][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 582.151736][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 582.152244][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 582.152755][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 582.153240][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 582.154040][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 582.154539][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 582.156974][ T9] pwc: Registered as video103. [ 582.169019][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input30 [ 582.178847][ T9] usb 4-1: USB disconnect, device number 33 [ 583.193495][T14499] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 583.217315][T14501] IPv4: Oversized IP packet from 127.202.26.0 [ 584.084750][T14528] Bluetooth: MGMT ver 1.23 [ 584.755140][T14560] program syz.1.3598 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 587.342388][ C1] vkms_vblank_simulate: vblank timer overrun [ 588.980321][T14690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3653'. [ 589.040619][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.241188][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.308218][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.442624][T14690] hsr_slave_0 (unregistering): left promiscuous mode [ 590.354166][T14722] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.3667'. [ 591.711186][T14781] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 591.738067][T14790] tipc: Started in network mode [ 591.738099][T14790] tipc: Node identity ac14142f, cluster identity 4711 [ 591.760724][T14790] tipc: New replicast peer: 0.0.0.0 [ 591.782913][T14790] tipc: Enabled bearer , priority 10 [ 591.784217][T14790] tipc: New replicast peer: fc00:0000:0000:0000:0000:0000:0000:0000 [ 592.705377][T14811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3708'. [ 592.883799][ T5871] tipc: Node number set to 2886997039 [ 593.780193][T14839] overlayfs: failed to clone upperpath [ 593.890150][T14846] loop2: detected capacity change from 0 to 7 [ 593.892834][T14846] Dev loop2: unable to read RDB block 7 [ 593.892880][T14846] loop2: unable to read partition table [ 593.893101][T14846] loop2: partition table beyond EOD, truncated [ 593.893119][T14846] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 595.602319][T14903] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3748'. [ 596.600006][T14922] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns [ 596.718636][T14930] netlink: 'syz.2.3761': attribute type 4 has an invalid length. [ 598.103223][T14999] lo speed is unknown, defaulting to 1000 [ 599.678089][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3827'. [ 599.743668][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3827'. [ 599.744302][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3827'. [ 599.744601][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3827'. [ 599.744871][T15072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3827'. [ 600.279392][ T992] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 600.429334][ T992] usb 4-1: Using ep0 maxpacket: 8 [ 600.431969][ T992] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.432005][ T992] usb 4-1: config 0 interface 0 has no altsetting 0 [ 600.432040][ T992] usb 4-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00 [ 600.432063][ T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.481377][ T992] usb 4-1: config 0 descriptor?? [ 600.903420][ T992] uclogic 0003:5543:0004.0024: unknown main item tag 0x0 [ 600.903460][ T992] uclogic 0003:5543:0004.0024: item fetching failed at offset 4/7 [ 600.904341][ T992] uclogic 0003:5543:0004.0024: parse failed [ 600.904543][ T992] uclogic 0003:5543:0004.0024: probe with driver uclogic failed with error -22 [ 601.103949][ T1214] usb 4-1: USB disconnect, device number 34 [ 603.851261][T15239] overlayfs: failed to clone upperpath [ 604.475853][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 604.643488][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 604.643515][ T9] usb 3-1: config 0 has no interfaces? [ 604.643546][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 604.643568][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.648763][ T9] usb 3-1: config 0 descriptor?? [ 605.122084][ T37] audit: type=1326 audit(1762270309.457:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.126153][ T37] audit: type=1326 audit(1762270309.457:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.126422][ T37] audit: type=1326 audit(1762270309.457:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.126663][ T37] audit: type=1326 audit(1762270309.457:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.126930][ T37] audit: type=1326 audit(1762270309.457:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.127409][ T37] audit: type=1326 audit(1762270309.457:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.137566][ T37] audit: type=1326 audit(1762270309.467:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.138198][ T37] audit: type=1326 audit(1762270309.467:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.138478][ T37] audit: type=1326 audit(1762270309.467:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 605.138941][ T37] audit: type=1326 audit(1762270309.467:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15296 comm="syz.0.3929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 606.100979][T15287] syz.3.3924 (15287) used greatest stack depth: 16696 bytes left [ 606.559423][ T992] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 606.709820][ T992] usb 2-1: Using ep0 maxpacket: 16 [ 606.715035][ T992] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 606.715062][ T992] usb 2-1: config 0 has no interface number 0 [ 606.717719][ T992] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 606.717748][ T992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.717769][ T992] usb 2-1: Product: syz [ 606.717784][ T992] usb 2-1: Manufacturer: syz [ 606.717799][ T992] usb 2-1: SerialNumber: syz [ 606.774291][ T992] usb 2-1: config 0 descriptor?? [ 606.786720][ T992] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 607.266991][ T9] usb 3-1: USB disconnect, device number 26 [ 607.461998][T15376] ip6tnl1: left promiscuous mode [ 607.463573][T15376] macsec1: left promiscuous mode [ 607.463595][T15376] macsec1: left allmulticast mode [ 607.463720][T15376] vlan2: left allmulticast mode [ 608.423828][ T992] gspca_spca1528: reg_r err -71 [ 608.424022][ T992] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 608.427847][ T992] usb 2-1: USB disconnect, device number 36 [ 609.184733][T15454] tipc: Enabled bearer , priority 0 [ 609.211640][T15454] syzkaller0: MTU too low for tipc bearer [ 609.211666][T15454] tipc: Disabling bearer [ 609.352163][T15460] netlink: 'syz.0.4003': attribute type 4 has an invalid length. [ 609.565320][ T9] lo speed is unknown, defaulting to 1000 [ 609.565573][ T9] syz0: Port: 1 Link DOWN [ 611.623540][T15549] tipc: Failed to remove unknown binding: 66,1,1/0:370736336/370736338 [ 611.647387][T15549] tipc: Failed to remove unknown binding: 66,1,1/0:370736336/370736338 [ 611.647430][T15549] tipc: Failed to remove unknown binding: 66,1,1/0:370736336/370736338 [ 611.661094][T15550] ref_ctr increment failed for inode: 0xf38 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88803c49b980 [ 612.555828][T15550] uprobe: syz.3.4040:15550 failed to unregister, leaking uprobe [ 612.564621][T15588] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 616.249377][ T992] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 616.399932][ T992] usb 4-1: Using ep0 maxpacket: 8 [ 616.405728][ T992] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 616.405760][ T992] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.405781][ T992] usb 4-1: Product: syz [ 616.405796][ T992] usb 4-1: Manufacturer: syz [ 616.405819][ T992] usb 4-1: SerialNumber: syz [ 616.447455][ T992] usb 4-1: config 0 descriptor?? [ 616.673647][ T992] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 618.399420][ T5871] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 618.553728][ T5871] usb 3-1: Using ep0 maxpacket: 16 [ 618.556934][ T5871] usb 3-1: config 1 has an invalid descriptor of length 29, skipping remainder of the config [ 618.556964][ T5871] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 618.596285][ T992] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 618.597894][ T992] dvbdev: DVB: registering new adapter (Terratec H7) [ 618.598017][ T992] usb 4-1: media controller created [ 618.631193][ T5871] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 618.631323][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.631345][ T5871] usb 3-1: Product: syz [ 618.631359][ T5871] usb 3-1: Manufacturer: syz [ 618.631375][ T5871] usb 3-1: SerialNumber: syz [ 618.781009][ T992] usb read operation failed. (-71) [ 618.808234][ T992] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 618.823640][ T992] usb 4-1: USB disconnect, device number 35 [ 619.169431][T15705] netlink: 'syz.0.4104': attribute type 4 has an invalid length. [ 619.966399][ T5871] usb 3-1: 0:2 : does not exist [ 619.986387][ T5871] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 620.036380][T15721] evm: overlay not supported [ 620.051166][ T5871] usb 3-1: USB disconnect, device number 27 [ 621.330279][T15742] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 621.676325][T15750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4122'. [ 621.743588][T15750] team1: entered promiscuous mode [ 621.743622][T15750] team1: entered allmulticast mode [ 621.880945][T15763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4127'. [ 623.622743][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4152'. [ 623.720842][T15819] batadv_slave_1: entered promiscuous mode [ 623.724492][T15829] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 623.964199][T15829] batadv_slave_1 (unregistering): left promiscuous mode [ 623.964325][T15829] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 624.203211][T15848] kvm: emulating exchange as write [ 624.380011][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.040256][T15896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4185'. [ 625.040282][T15896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4185'. [ 625.126425][T15901] overlayfs: failed to clone upperpath [ 626.404395][T15928] binder: 15926:15928 ioctl c0306201 200000000080 returned -14 [ 626.408098][T15928] binder: 15926:15928 ioctl c0306201 200000000180 returned -14 [ 631.088207][T15983] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4217'. [ 631.331504][T15988] kvm: pic: single mode not supported [ 631.332143][ T37] kauditd_printk_skb: 33 callbacks suppressed [ 631.332161][ T37] audit: type=1326 audit(1762270335.667:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.332213][ T37] audit: type=1326 audit(1762270335.667:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.332600][T15988] kvm: pic: non byte write [ 631.332677][T15988] kvm: pic: non byte write [ 631.337165][ T37] audit: type=1326 audit(1762270335.667:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.337215][ T37] audit: type=1326 audit(1762270335.667:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.337808][ T37] audit: type=1326 audit(1762270335.667:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.338084][ T37] audit: type=1326 audit(1762270335.667:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.338621][ T37] audit: type=1326 audit(1762270335.667:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.338665][ T37] audit: type=1326 audit(1762270335.667:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.357407][ T37] audit: type=1326 audit(1762270335.677:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.359322][ T37] audit: type=1326 audit(1762270335.687:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15997 comm="syz.0.4222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 631.729879][T15946] Bluetooth: hci3: command 0x0406 tx timeout [ 632.449446][ T1214] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 632.599665][ T1214] usb 2-1: Using ep0 maxpacket: 32 [ 632.602027][ T1214] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.602061][ T1214] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.602101][ T1214] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 632.602124][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.612642][ T1214] usb 2-1: config 0 descriptor?? [ 632.622206][ T1214] hub 2-1:0.0: USB hub found [ 632.818819][ T1214] hub 2-1:0.0: 1 port detected [ 633.424111][ T1214] hub 2-1:0.0: activate --> -90 [ 633.845516][ T5871] usb 2-1: USB disconnect, device number 37 [ 633.853204][ T1214] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 634.723491][T16124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4281'. [ 635.394730][T16131] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 637.830557][ T37] kauditd_printk_skb: 41 callbacks suppressed [ 637.830576][ T37] audit: type=1326 audit(1762270342.147:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.830622][ T37] audit: type=1326 audit(1762270342.157:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.830665][ T37] audit: type=1326 audit(1762270342.157:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.832656][ T37] audit: type=1326 audit(1762270342.167:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.832706][ T37] audit: type=1326 audit(1762270342.167:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.832748][ T37] audit: type=1326 audit(1762270342.167:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.832795][ T37] audit: type=1326 audit(1762270342.167:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 637.832834][ T37] audit: type=1326 audit(1762270342.167:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=40000003 syscall=75 compat=1 ip=0x200000000006 code=0x7ffc0000 [ 637.832873][ T37] audit: type=1326 audit(1762270342.167:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16217 comm="syz.0.4327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 640.531100][T16317] lo speed is unknown, defaulting to 1000 [ 640.940029][T16314] syz_tun: entered allmulticast mode [ 640.943296][T16313] syz_tun: left allmulticast mode [ 641.403021][T15946] Bluetooth: hci5: command 0x1003 tx timeout [ 641.403459][ T61] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 641.977464][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 642.730354][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 642.736389][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 642.742866][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 642.743734][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 642.897075][T16330] lo speed is unknown, defaulting to 1000 [ 643.874038][T16330] chnl_net:caif_netlink_parms(): no params data found [ 644.769530][ T61] Bluetooth: hci5: command tx timeout [ 646.475146][T16330] bridge0: port 1(bridge_slave_0) entered blocking state [ 646.475365][T16330] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.475620][T16330] bridge_slave_0: entered allmulticast mode [ 646.507270][T16330] bridge_slave_0: entered promiscuous mode [ 646.530564][T16330] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.557675][T16330] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.559015][T16330] bridge_slave_1: entered allmulticast mode [ 646.585304][T16330] bridge_slave_1: entered promiscuous mode [ 646.849702][ T61] Bluetooth: hci5: command tx timeout [ 646.943318][T16330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.980768][T16330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 648.500178][T16330] team0: Port device team_slave_0 added [ 648.539149][T16330] team0: Port device team_slave_1 added [ 648.852474][T16330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 648.852491][T16330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 648.852513][T16330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 648.905504][T16330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.905521][T16330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 648.905548][T16330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.929715][ T61] Bluetooth: hci5: command tx timeout [ 649.061894][T16456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4421'. [ 649.316111][T16330] hsr_slave_0: entered promiscuous mode [ 649.320621][T16330] hsr_slave_1: entered promiscuous mode [ 649.330807][T16330] debugfs: 'hsr0' already exists in 'hsr' [ 649.330838][T16330] Cannot create hsr debugfs directory [ 651.124503][ T61] Bluetooth: hci5: command tx timeout [ 652.320951][ T5878] IPVS: starting estimator thread 0... [ 652.419637][T16497] IPVS: using max 7 ests per chain, 16800 per kthread [ 652.698278][T16506] overlayfs: failed to clone upperpath [ 652.769516][ T5878] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 653.172535][ T5878] usb 2-1: Using ep0 maxpacket: 16 [ 653.850905][ T5878] usb 2-1: config 0 interface 0 has no altsetting 0 [ 653.850949][ T5878] usb 2-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 653.850974][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.856535][ T5878] usb 2-1: config 0 descriptor?? [ 654.345778][T16500] binder: 16499:16500 ioctl c0306201 2000000001c0 returned -14 [ 655.808239][T16330] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 655.922085][ T5878] usbhid 2-1:0.0: can't add hid device: -71 [ 655.939433][ T5878] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 655.943537][ T5878] usb 2-1: USB disconnect, device number 38 [ 656.003985][T16330] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 656.105974][T16330] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 656.177304][T16330] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 656.435482][ T37] audit: type=1326 audit(1762270360.767:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435538][ T37] audit: type=1326 audit(1762270360.767:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435580][ T37] audit: type=1326 audit(1762270360.767:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435621][ T37] audit: type=1326 audit(1762270360.767:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435662][ T37] audit: type=1326 audit(1762270360.767:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435702][ T37] audit: type=1326 audit(1762270360.767:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435743][ T37] audit: type=1326 audit(1762270360.767:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.435786][ T37] audit: type=1326 audit(1762270360.767:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.437997][ T37] audit: type=1326 audit(1762270360.767:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.438046][ T37] audit: type=1326 audit(1762270360.767:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16555 comm="syz.0.4462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093722f6c9 code=0x7ffc0000 [ 656.981645][T16330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.103542][T16330] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.150352][ T2921] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.150505][ T2921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.217671][ T2921] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.217953][ T2921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.771839][T16330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 660.315745][T16610] netlink: get zone limit has 4 unknown bytes [ 661.663481][T16330] veth0_vlan: entered promiscuous mode [ 661.695094][T16330] veth1_vlan: entered promiscuous mode [ 661.758592][T16330] veth0_macvtap: entered promiscuous mode [ 661.778808][T16330] veth1_macvtap: entered promiscuous mode [ 661.814356][T16330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 661.841900][T16330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.870534][ T1021] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.870846][ T1021] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.871343][ T1021] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.871875][ T1021] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.342004][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.342024][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 664.561720][ T6194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.561741][ T6194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.277213][T16697] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.4509'. [ 665.917538][T16693] block device autoloading is deprecated and will be removed. [ 671.049392][ T5977] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 671.125509][T16780] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4543'. [ 671.677113][ T5977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.677148][ T5977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.677173][ T5977] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 671.677217][ T5977] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 671.677241][ T5977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.940298][ T5977] usb 6-1: config 0 descriptor?? [ 672.165688][T16780] bridge1: port 1(veth3) entered blocking state [ 672.166010][T16780] bridge1: port 1(veth3) entered disabled state [ 672.166509][T16780] veth3: entered allmulticast mode [ 672.194141][T16780] veth3: entered promiscuous mode [ 672.358794][ T5977] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 672.434635][T16783] bridge1: port 2(veth5) entered blocking state [ 672.434890][T16783] bridge1: port 2(veth5) entered disabled state [ 672.435153][T16783] veth5: entered allmulticast mode [ 672.456380][T16783] veth5: entered promiscuous mode [ 672.727944][T16773] usb 6-1: string descriptor 0 read error: -71 [ 672.728135][ T5871] usb 6-1: USB disconnect, device number 2 [ 672.728314][T16808] plantronics 0003:047F:FFFF.0025: usb_submit_urb(ctrl) failed: -19 [ 673.124937][T16824] Bluetooth: hci0: invalid length 0, exp 2 for type 9 [ 674.789425][ T10] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 674.872800][ T37] kauditd_printk_skb: 24 callbacks suppressed [ 674.872817][ T37] audit: type=1326 audit(1762270379.207:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16853 comm="syz.0.4571" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f093722f6c9 code=0x0 [ 674.954032][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 674.961256][ T10] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 674.961285][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.961306][ T10] usb 2-1: Product: syz [ 674.961319][ T10] usb 2-1: Manufacturer: syz [ 674.961333][ T10] usb 2-1: SerialNumber: syz [ 674.976037][ T10] usb 2-1: config 0 descriptor?? [ 674.984148][ T10] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 675.019756][ T5885] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 675.182120][ T5885] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 675.182178][ T5885] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 675.185079][ T5885] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 675.185108][ T5885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 675.185128][ T5885] usb 6-1: SerialNumber: syz [ 675.224314][ T10] usb 2-1: USB disconnect, device number 39 [ 675.412684][ T5885] cdc_acm 6-1:1.0: ttyACM0: USB ACM device [ 675.446581][ T5885] usb 6-1: USB disconnect, device number 3 [ 681.956620][T16909] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 681.956620][T16909] program syz.5.4598 not setting count and/or reply_len properly [ 685.816004][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.489387][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 692.299373][ T10] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 692.299403][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.299422][ T10] usb 6-1: Product: syz [ 692.299436][ T10] usb 6-1: Manufacturer: syz [ 692.299449][ T10] usb 6-1: SerialNumber: syz [ 692.591688][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 692.591747][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 692.591767][ T10] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 692.921770][ T10] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 694.027053][ T10] usb 6-1: USB disconnect, device number 4 [ 698.255276][T17100] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 698.255495][T17100] overlayfs: missing 'lowerdir' [ 699.116986][ T37] audit: type=1326 audit(1762270403.447:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.117042][ T37] audit: type=1326 audit(1762270403.447:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.117943][ T37] audit: type=1326 audit(1762270403.447:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.117990][ T37] audit: type=1326 audit(1762270403.447:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.118034][ T37] audit: type=1326 audit(1762270403.447:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.118526][ T37] audit: type=1326 audit(1762270403.447:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.125929][ T37] audit: type=1326 audit(1762270403.457:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.126051][ T37] audit: type=1326 audit(1762270403.457:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.130068][ T37] audit: type=1326 audit(1762270403.467:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.130116][ T37] audit: type=1326 audit(1762270403.467:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17109 comm="syz.2.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 699.192647][T17115] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4664'. [ 700.204219][ C1] vkms_vblank_simulate: vblank timer overrun [ 700.447144][T17139] netlink: 'syz.5.4673': attribute type 1 has an invalid length. [ 700.480224][ C1] vkms_vblank_simulate: vblank timer overrun [ 700.975574][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.845594][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.930660][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.221687][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.306308][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.417713][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.448560][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.939706][ C1] vkms_vblank_simulate: vblank timer overrun [ 703.140831][ C1] vkms_vblank_simulate: vblank timer overrun [ 704.177888][ C1] vkms_vblank_simulate: vblank timer overrun [ 705.068435][T17195] mkiss: ax0: crc mode is auto. [ 705.084904][ C1] vkms_vblank_simulate: vblank timer overrun [ 707.889357][ T992] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 708.039377][ T992] usb 6-1: Using ep0 maxpacket: 32 [ 708.042069][ T992] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 708.042096][ T992] usb 6-1: config 0 has no interface number 0 [ 708.042144][ T992] usb 6-1: config 0 interface 184 has no altsetting 0 [ 708.085380][T17223] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 708.087312][ T992] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 708.087342][ T992] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.087363][ T992] usb 6-1: Product: syz [ 708.087378][ T992] usb 6-1: Manufacturer: syz [ 708.087393][ T992] usb 6-1: SerialNumber: syz [ 708.140659][ T992] usb 6-1: config 0 descriptor?? [ 708.146221][ T992] smsc75xx v1.0.0 [ 709.261732][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 709.261765][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 712.861391][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000304: -71 [ 712.861424][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write ADDR_FILTX+4: -71 [ 712.861445][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 712.861468][ T992] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 712.861781][ T992] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 712.945842][ T992] usb 6-1: USB disconnect, device number 5 [ 718.254757][T17342] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4750'. [ 718.254798][T17342] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4750'. [ 718.254818][T17342] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4750'. [ 722.463547][T17378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4762'. [ 722.491855][T17378] bridge0: entered promiscuous mode [ 722.492138][T17378] macvtap1: entered promiscuous mode [ 722.492332][T17378] macvtap1: entered allmulticast mode [ 722.492346][T17378] bridge0: entered allmulticast mode [ 722.498201][T17378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4762'. [ 722.592499][T17378] bridge0: left allmulticast mode [ 722.592804][T17378] bridge0: left promiscuous mode [ 727.057407][T17441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4783'. [ 731.312677][ T37] kauditd_printk_skb: 17 callbacks suppressed [ 731.312695][ T37] audit: type=1326 audit(1762270435.627:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.312744][ T37] audit: type=1326 audit(1762270435.637:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.312787][ T37] audit: type=1326 audit(1762270435.647:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.342636][ T37] audit: type=1326 audit(1762270435.677:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.342690][ T37] audit: type=1326 audit(1762270435.677:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.342731][ T37] audit: type=1326 audit(1762270435.677:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.342771][ T37] audit: type=1326 audit(1762270435.677:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.350958][ T37] audit: type=1326 audit(1762270435.687:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.351009][ T37] audit: type=1326 audit(1762270435.687:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.351047][ T37] audit: type=1326 audit(1762270435.687:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17488 comm="syz.2.4801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 731.989474][ T5905] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 734.239400][ T5905] usb 6-1: Using ep0 maxpacket: 32 [ 734.595739][ T5905] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 734.595769][ T5905] usb 6-1: config 0 has no interface number 0 [ 734.595821][ T5905] usb 6-1: config 0 interface 184 has no altsetting 0 [ 734.737793][ T5905] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 734.737826][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 734.759663][ T5905] usb 6-1: config 0 descriptor?? [ 734.760460][ T5905] usb 6-1: can't set config #0, error -71 [ 734.763977][ T5905] usb 6-1: USB disconnect, device number 6 [ 738.804969][T17551] overlayfs: failed to clone upperpath [ 743.139383][T17609] futex_wake_op: syz.0.4843 tries to shift op by -1; fix this program [ 743.212558][T17617] tipc: Started in network mode [ 743.212602][T17617] tipc: Node identity 160b82f0cd3b, cluster identity 4711 [ 743.212812][T17617] tipc: Enabled bearer , priority 0 [ 743.239592][T17617] syzkaller0: entered promiscuous mode [ 743.239619][T17617] syzkaller0: entered allmulticast mode [ 743.335780][T17613] kvm: kvm [17610]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 743.351130][T17613] kvm: kvm [17610]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 743.385668][T17613] kvm: kvm [17610]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 743.385731][T17613] kvm: kvm [17610]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x4000 [ 743.550402][T17621] tipc: Resetting bearer [ 743.625357][T17614] tipc: Resetting bearer [ 743.960417][T17632] netlink: 'syz.1.4852': attribute type 1 has an invalid length. [ 744.899597][ T5905] tipc: Node number set to 3677389552 [ 744.966522][T17614] tipc: Disabling bearer [ 746.245556][T17632] 8021q: adding VLAN 0 to HW filter on device bond1 [ 746.279835][T17634] bond1: (slave veth0_to_bond): making interface the new active one [ 746.317375][T17651] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4858'. [ 746.329428][T17634] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 746.372600][T17637] vlan3: entered allmulticast mode [ 746.372616][T17637] veth1: entered allmulticast mode [ 746.373218][T17637] veth1: entered promiscuous mode [ 746.373860][T17637] veth1: left promiscuous mode [ 746.378452][T17653] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4858'. [ 746.409817][T17637] bond1: (slave vlan3): Enslaving as an active interface with an up link [ 747.657535][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.749422][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 747.921978][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 747.926599][ T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 747.926626][ T10] usb 6-1: config 0 has no interface number 0 [ 747.926675][ T10] usb 6-1: New USB device found, idVendor=9d6c, idProduct=75e1, bcdDevice=d2.34 [ 747.926698][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.369650][ T10] usb 6-1: config 0 descriptor?? [ 748.768318][ T10] usb-storage 6-1:0.1: USB Mass Storage device detected [ 751.004345][ T5905] usb 6-1: USB disconnect, device number 7 [ 773.320272][ T37] kauditd_printk_skb: 61 callbacks suppressed [ 773.320290][ T37] audit: type=1326 audit(1762270477.657:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.323613][ T37] audit: type=1326 audit(1762270477.657:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.324824][ T37] audit: type=1326 audit(1762270477.657:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.324871][ T37] audit: type=1326 audit(1762270477.657:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.324908][ T37] audit: type=1326 audit(1762270477.657:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.325654][ T37] audit: type=1326 audit(1762270477.657:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.325699][ T37] audit: type=1326 audit(1762270477.657:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.325741][ T37] audit: type=1326 audit(1762270477.657:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.327519][ T37] audit: type=1326 audit(1762270477.657:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 773.328019][ T37] audit: type=1326 audit(1762270477.657:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17907 comm="syz.2.4939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa355e6f6c9 code=0x7ffc0000 [ 777.974631][ T38] INFO: task syz.3.4172:15867 blocked for more than 144 seconds. [ 777.974667][ T38] Not tainted syzkaller #0 [ 777.974678][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 777.974687][ T38] task:syz.3.4172 state:D stack:25160 pid:15867 tgid:15867 ppid:5809 task_flags:0x400040 flags:0x00080003 [ 777.974749][ T38] Call Trace: [ 777.974760][ T38] [ 777.974775][ T38] __schedule+0x16f3/0x4c20 [ 777.974914][ T38] ? __pfx___schedule+0x10/0x10 [ 777.974958][ T38] ? schedule+0x91/0x360 [ 777.974984][ T38] schedule+0x165/0x360 [ 777.975010][ T38] __fuse_simple_request+0x11d2/0x1bb0 [ 777.975050][ T38] ? __pfx___fuse_simple_request+0x10/0x10 [ 777.975077][ T38] ? __pfx_autoremove_wake_function+0x10/0x10 [ 777.975115][ T38] ? __pfx_autoremove_wake_function+0x10/0x10 [ 777.975177][ T38] fuse_flush+0x5dd/0x810 [ 777.975210][ T38] ? __pfx_fuse_flush+0x10/0x10 [ 777.975235][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 777.975260][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 777.975307][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 777.975330][ T38] ? rt_spin_unlock+0x150/0x200 [ 777.975352][ T38] ? __pfx_fuse_flush+0x10/0x10 [ 777.975375][ T38] filp_flush+0xc0/0x190 [ 777.975398][ T38] filp_close+0x1d/0x40 [ 777.975417][ T38] __se_sys_close_range+0x35c/0x650 [ 777.975449][ T38] ? __pfx___se_sys_close_range+0x10/0x10 [ 777.975480][ T38] ? do_syscall_64+0xbe/0xfa0 [ 777.975509][ T38] do_syscall_64+0xfa/0xfa0 [ 777.975534][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.991891][ T38] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 777.991925][ T38] ? clear_bhb_loop+0x60/0xb0 [ 777.991951][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.991971][ T38] RIP: 0033:0x7f036a42f6c9 [ 777.992002][ T38] RSP: 002b:00007ffdb5f35268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 777.992024][ T38] RAX: ffffffffffffffda RBX: 00000000000986ee RCX: 00007f036a42f6c9 [ 777.992039][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 777.992051][ T38] RBP: 00007f036a687da0 R08: 0000000000000001 R09: 0000000ab5f3555f [ 777.992064][ T38] R10: 0000001b2e220000 R11: 0000000000000246 R12: 00007f036a685fac [ 777.992077][ T38] R13: 00007f036a685fa0 R14: ffffffffffffffff R15: 00007ffdb5f35380 [ 777.992112][ T38] [ 777.992150][ T38] [ 777.992150][ T38] Showing all locks held in the system: [ 777.992164][ T38] 4 locks held by pr/legacy/17: [ 777.992178][ T38] 1 lock held by khungtaskd/38: [ 777.992189][ T38] #0: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 777.992249][ T38] 5 locks held by kworker/u8:5/1021: [ 777.992277][ T38] 11 locks held by kworker/u8:9/2921: [ 777.992291][ T38] 5 locks held by kworker/u8:11/4546: [ 777.992304][ T38] 2 locks held by getty/5554: [ 777.992315][ T38] #0: ffff88823bf320a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 777.992363][ T38] #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 777.992421][ T38] 2 locks held by kworker/0:5/5905: [ 777.992439][ T38] 2 locks held by syz.1.4943/17929: [ 777.992451][ T38] 5 locks held by syz.4.4955/17955: [ 777.992462][ T38] [ 777.992467][ T38] ============================================= [ 777.992467][ T38] [ 777.992477][ T38] NMI backtrace for cpu 1 [ 777.992499][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 777.992520][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 777.992531][ T38] Call Trace: [ 777.992539][ T38] [ 777.992546][ T38] dump_stack_lvl+0x189/0x250 [ 777.992576][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 777.992602][ T38] ? __pfx__printk+0x10/0x10 [ 777.992637][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 777.992661][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 777.992684][ T38] ? __pfx__printk+0x10/0x10 [ 777.992710][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 777.992734][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 777.992758][ T38] watchdog+0xf60/0xfa0 [ 777.992788][ T38] ? watchdog+0x1e2/0xfa0 [ 777.992817][ T38] kthread+0x711/0x8a0 [ 777.992847][ T38] ? __pfx_watchdog+0x10/0x10 [ 777.992870][ T38] ? __pfx_kthread+0x10/0x10 [ 777.992892][ T38] ? rt_spin_unlock+0x150/0x200 [ 777.992916][ T38] ? rt_spin_unlock+0x161/0x200 [ 777.992933][ T38] ? __pfx_kthread+0x10/0x10 [ 777.992959][ T38] ret_from_fork+0x4bc/0x870 [ 777.992983][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 777.993013][ T38] ? __switch_to_asm+0x39/0x70 [ 777.993030][ T38] ? __switch_to_asm+0x33/0x70 [ 777.993047][ T38] ? __pfx_kthread+0x10/0x10 [ 777.993073][ T38] ret_from_fork_asm+0x1a/0x30 [ 777.993109][ T38] [ 777.993117][ T38] Sending NMI from CPU 1 to CPUs 0: [ 777.993145][ C0] NMI backtrace for cpu 0 [ 777.993158][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 777.993176][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 777.993186][ C0] RIP: 0010:__set_cpus_allowed_ptr_locked+0x895/0x1860 [ 777.993209][ C0] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 bb 3d 90 00 49 8b 36 48 89 df e8 50 a7 33 09 80 7c 24 10 00 <48> 8b 5c 24 08 75 45 48 8d bb e8 0b 00 00 48 89 f8 48 c1 e8 03 48 [ 777.993224][ C0] RSP: 0018:ffffc90000157860 EFLAGS: 00000002 [ 777.993237][ C0] RAX: d0485621733dfe00 RBX: ffff88801b2f6480 RCX: 0000000000000000 [ 777.993249][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff [ 777.993259][ C0] RBP: ffffc90000157a70 R08: ffff88801b2f6483 R09: 1ffff1100365ec90 [ 777.993271][ C0] R10: dffffc0000000000 R11: ffffed100365ec91 R12: ffff8880b883bbf0 [ 777.993283][ C0] R13: 0000000000000000 R14: ffffc90000157a90 R15: 0000000000000000 [ 777.993293][ C0] FS: 0000000000000000(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000 [ 777.993306][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 777.993317][ C0] CR2: 000000110c402f32 CR3: 00000000665cc000 CR4: 00000000003526f0 [ 777.993332][ C0] Call Trace: [ 777.993338][ C0] [ 777.993348][ C0] ? __pfx___set_cpus_allowed_ptr_locked+0x10/0x10 [ 777.993377][ C0] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 777.993408][ C0] ___migrate_enable+0x18f/0x1e0 [ 777.993428][ C0] ? __pfx____migrate_enable+0x10/0x10 [ 777.993445][ C0] ? rt_spin_unlock+0x150/0x200 [ 777.993463][ C0] ? run_ktimerd+0xf1/0x190 [ 777.993485][ C0] __local_bh_enable+0x2f8/0x410 [ 777.993502][ C0] ? reacquire_held_locks+0x127/0x1d0 [ 777.993524][ C0] ? __pfx___local_bh_enable+0x10/0x10 [ 777.993546][ C0] ? run_ktimerd+0xd6/0x190 [ 777.993566][ C0] run_ktimerd+0xf1/0x190 [ 777.993585][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 777.993603][ C0] ? schedule+0x91/0x360 [ 777.993624][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 777.993642][ C0] smpboot_thread_fn+0x542/0xa60 [ 777.993661][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 777.993683][ C0] kthread+0x711/0x8a0 [ 777.993704][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 777.993723][ C0] ? __pfx_kthread+0x10/0x10 [ 777.993741][ C0] ? rt_spin_unlock+0x150/0x200 [ 777.993759][ C0] ? rt_spin_unlock+0x161/0x200 [ 777.993773][ C0] ? __pfx_kthread+0x10/0x10 [ 777.993794][ C0] ret_from_fork+0x4bc/0x870 [ 777.993812][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 777.993833][ C0] ? __switch_to_asm+0x39/0x70 [ 777.993848][ C0] ? __switch_to_asm+0x33/0x70 [ 777.993862][ C0] ? __pfx_kthread+0x10/0x10 [ 777.993882][ C0] ret_from_fork_asm+0x1a/0x30 [ 777.993913][ C0]