last executing test programs: 25m25.642122464s ago: executing program 1 (id=204): bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001bc0)={0x15, 0xe, &(0x7f00000029c0)=ANY=[@ANYBLOB="b700000064000000bca3000000000000240300001afeffff720af0fff80200ff71a4f0ff000000001f030000000000002e040200000000002604fdffffff000a6114080e000000001d430000000000007a0a00fe003d001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa035f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6d46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16fe8ddf44572a3996e7f653da18ec0ae564162a27afea62d84f3a10076443d601009393bf52d2105bd901128c7e0ec82701c8204a09eeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081dad507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39b21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6e78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b2045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98812106dec28eaeb883418f5624e93aca9e560efa826e5d0c4bd26ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ffc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2540d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5bdbfd03aac93df8866fb010ae20e92bed1fe39af169d5ef903a554d651186a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a687b8bd9259bc31b6b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f692192571f983e96635609b0000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09d28c853c28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5cd2baf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a896192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b37463f000000a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12b92d7ae633d44086b3f03b20d54abc46271a30f1240fc52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a44434000000000000000000000000000000000021000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcefaa3e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73943df80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c2f63453c7e228919b7500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b512e34182084a3a3b2beb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a316572e92d44ca450b1457c64baeaf8d23f30097126ef7586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd630780d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddffff070000d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267c451ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf71c37b69325fb05fa8a9869de01fdee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d00000000caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3c2788eff614ab6f22af620000232ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe88100000000000003568bbc2f89596ceacbcbd1c76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0044f57d15e37e34fc5915499b88ae780a7bae4df603bd3c72808cf300440b1b63615b454a161d5fc1d1308f39b3aff5c03eef2e63a013f8a5bf4da6aa1b7d5ec55e8c7a0405fe718e42d4d613f992a0cbc16cb251386acae02f665544c9c02adae5839f1e00006e42fc051a0cb8685667c2edf4522f0f2a8eb7c7b56063a959c4b881e3dbff3c911435e84bc57f36afb8ff78168719dc5ed47eb309f8a12db461beffd0d091a132330579c9afac1a4ad2794987927eb61ad82a61a144d33283eaeda4836a684a6e2716d83e60f5e0e1ab6376960224dc96c839a1fef49475cc0e3053eeb4aebd0e1696f20d458f1aac2d2d871221d3a2d0e1790584ba14b9145a3f81298ae7871f0191a740a8e53b0b6f152dc4d8f28eaa2a5acadd2313f55287aa6ea469b90575839cd763b4703e87fbd6bd134c2cb62996c5d28e73df35744f19143c0b57a26d692dd9a5cf3ab615e432e38b0cbbcced5c39a73fc8e50e6590605cc0b7db1dbca3ea6fbcdff0e18fdeeb5360642d77171433e78bd9300fd171fc83700f0e92b116e7846719eecd94331354b35b9aac42b34fac350decfe5c2eac926f0a007cb6e3bda3effb84b4607468aaad19dcf0d54e5f4ed4ade1fca17d39be192a10516fb34eb6cde71136bb2b4ce1306c17744fefc2b884bdfebad173147780d8b0129f194a60ed6935400000000000000000000000000000000000000000000000000000000000004c8653a0befb2c2795c52e0efae157f1bb138dc7f7d566c964ecfaf388bd173e0174bc5a49d0595de6e1cb51ead265b156000000000f396d3e180a71897028714e8730d44895d12589a2e0d8d7e4e6f03633ef0f714edad8a2515ac4886efe8c5e006ef4638a4c52577e7d04c2ca9b714aaabde444490ff17d8baad3e65a716a16492b9a887613426ef82e371f531f18d48a4dee61380595792dc07194a4184a76e1e5d1cb39e58f391af74825f4893f063ac0c722bd6e162b8e7ac7a0f7eb13b5267335fd87e13dda7aa19157a0a1a1c2905358c8fc2cd066ea0680b013109f06c293eb1867fbf919fa12364f5ca680bc96cc326e5d757305595bc124b824897524cdcf000000347d8bfc7fd0abe56bd4891e6fd5444bfb8627c59d7b53de2cdc0bb8c35fa5e30a4e451c15c52b0796f324931a594ecdfba9436552b9d4678289df0a55841a64546a9244ee84724ce4b26ec605a2cd8f3d887d80f876f553b38223dfddad04ebf8588e940a1797297c64d9106f5442a3d514bae32b809f530c6831261176a309c7489f369b38d34230a7b497d83654e2d37938b1ac68c0b07ea610202840a442dbab7930d4255a3630b2cda36aa4109d79dfd152e20895520a3654452bf4e01277a619ed9dc5ab43f2b03404448dcfddb12941acea46ae2643f628a61564b659102906a141d6ede33e006473e95cb4358ce2ca51826628576346e5c139aff8f360cf05c8a2e371b82f1bc4c203f2b998f4171e57b275d21e5fd1fee66074285bceee8dff99201f44ed287c25d2d9f8f3be072f1dc085"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x2c}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, 0x0, 0x4040000) creat(&(0x7f0000000280)='./bus\x00', 0x2) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) socket(0x1, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fchownat(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002f000b12d25a80648c2594f90124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 25m25.014519513s ago: executing program 1 (id=207): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x3d9f, &(0x7f0000000000)={0x0, 0xbd60, 0x8, 0x80007, 0x2bb}, &(0x7f00000003c0)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000}) io_uring_enter(r1, 0x1c39, 0x106a, 0x22, 0x0, 0x0) 25m24.898501242s ago: executing program 1 (id=208): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0x10, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x16}]}, 0x10) sendto$inet6(r2, &(0x7f0000000080)="1c0000001200050f0c1000000049b23e9b200a0008000ac000000001", 0x1c, 0x2000c8c0, 0x0, 0x0) 25m24.871090564s ago: executing program 1 (id=210): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) 25m24.554710329s ago: executing program 1 (id=214): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 25m24.427600268s ago: executing program 1 (id=215): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000400)="aa", 0xfffd, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x3f66400, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000007}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmmsg$inet(r4, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000001080)="2cae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c", 0x2d9}, {&(0x7f0000000b00)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1ba5cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e8801cbfa5ad284ea2180d1c80c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61f48eccfcc29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f8df2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cc5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5db60a4e8835dc47ed2537681827f6129759272574cf58f2f33c0bb3c24fa67c327cde47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826725b821dcbde856ba5a33f12cb1ea51da9ce96881d1aa6d096ed6b2319344d3c2781803a2119d9efd47b1abba3c1e6c563c1ec692da80ef66b19495b8e801d07b133f1b552ee772732a90e765b92d67f7a0cc8f15a4c6143f7cd3bda78fc7c3a743ad05b550d0083b821fb92e836d5d4cd36668d19d4cc80c35509", 0x275}, {&(0x7f00000006c0)="5be08105437c98b91b9455046f57b5fc090014bde2bb01000000000000001a7838d859207067c30aa7352abb", 0x2c}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0) 25m9.335116699s ago: executing program 32 (id=215): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000400)="aa", 0xfffd, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x3f66400, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000007}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmmsg$inet(r4, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000001080)="2cae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c", 0x2d9}, {&(0x7f0000000b00)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1ba5cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e8801cbfa5ad284ea2180d1c80c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61f48eccfcc29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f8df2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cc5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5db60a4e8835dc47ed2537681827f6129759272574cf58f2f33c0bb3c24fa67c327cde47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826725b821dcbde856ba5a33f12cb1ea51da9ce96881d1aa6d096ed6b2319344d3c2781803a2119d9efd47b1abba3c1e6c563c1ec692da80ef66b19495b8e801d07b133f1b552ee772732a90e765b92d67f7a0cc8f15a4c6143f7cd3bda78fc7c3a743ad05b550d0083b821fb92e836d5d4cd36668d19d4cc80c35509", 0x275}, {&(0x7f00000006c0)="5be08105437c98b91b9455046f57b5fc090014bde2bb01000000000000001a7838d859207067c30aa7352abb", 0x2c}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0) 20m25.917968612s ago: executing program 2 (id=3329): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18) move_pages(0x0, 0x0, 0x0, &(0x7f0000001180), &(0x7f0000000000), 0x0) 20m25.716330778s ago: executing program 2 (id=3332): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) write$tun(r2, &(0x7f0000000600)={@val={0xa}, @void, @eth={@multicast, @empty, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x30, 0x11, 0xff, @empty, @mcast2, {[], {0x4e23, 0x4e20, 0x30, 0x0, @opaque="16f242f786a521538ae098b2634af62f0f431ab9234e372b3da5824a693095f86fbfe654ee79ca54"}}}}}}}, 0x6a) 20m25.446164439s ago: executing program 2 (id=3335): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0) write$vga_arbiter(r2, &(0x7f00000000c0)=@other={'unlock', ' ', 'none'}, 0xc) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x204000, &(0x7f0000001600)={[{@debug}, {@min_batch_time={'min_batch_time', 0x3d, 0x4ab}}, {@data_err_ignore}, {@nobarrier}, {@inlinecrypt}, {@orlov}, {@nogrpid}, {@discard}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f0000000c40)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0xce342, 0x0) pwrite64(r3, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 20m24.454290296s ago: executing program 2 (id=3352): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='cq_drain_complete\x00', r0}, 0x18) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040)={0x23, 0x0, 0x0, 0x3}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @private, @private}, &(0x7f0000000080)=0xc) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x6, r3, 0x1a, r2}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000002000000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000008b702000001000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a01090000000000ffa6000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 20m23.686420786s ago: executing program 2 (id=3355): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000400), &(0x7f00000005c0)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, 0x0, 0x2004000) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f0000000000)='./file0\x00', 0x16e) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 20m23.442507145s ago: executing program 2 (id=3358): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r0, 0x7, 0x104, 0x7ff}) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 20m8.365081639s ago: executing program 33 (id=3358): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r0, 0x7, 0x104, 0x7ff}) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 19m42.232666223s ago: executing program 3 (id=3795): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r2}, &(0x7f00000004c0), &(0x7f0000000500)='%-010d \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x2}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000002000090002000000ffdbdf250200000008000800", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 19m42.054501196s ago: executing program 3 (id=3797): prctl$PR_SET_NAME(0xf, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x20}}], 0x1, 0x9880) r0 = socket$kcm(0x11, 0xa, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, 0x0, 0x0, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000100001400020002000000ffffffff00000000000000000d0001007564703a73797a32"], 0x54}}, 0x0) 19m41.874378061s ago: executing program 3 (id=3801): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48141, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 19m41.533292547s ago: executing program 3 (id=3808): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000054c900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) 19m41.330542913s ago: executing program 3 (id=3810): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x10) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) 19m41.202229633s ago: executing program 3 (id=3814): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) unshare(0x2c020400) pselect6(0x40, &(0x7f0000000000)={0xa, 0x800000006, 0x2, 0x9, 0x16, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0) unshare(0x6a040000) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$inet6_tcp(0xa, 0x1, 0x0) dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @local}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x9, 0xb, &(0x7f00000008c0)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r3 = socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x80c0}, 0x0) 19m26.185973972s ago: executing program 34 (id=3814): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) unshare(0x2c020400) pselect6(0x40, &(0x7f0000000000)={0xa, 0x800000006, 0x2, 0x9, 0x16, 0x8, 0x80000000, 0x8}, 0x0, 0x0, 0x0, 0x0) unshare(0x6a040000) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$inet6_tcp(0xa, 0x1, 0x0) dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @local}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x9, 0xb, &(0x7f00000008c0)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r3 = socket$rds(0x15, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x80c0}, 0x0) 3m15.421602428s ago: executing program 5 (id=6901): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, 0x0) r1 = msgget$private(0x0, 0x0) msgrcv(r1, 0x0, 0x0, 0x2, 0x3000) msgctl$IPC_SET(r1, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xb, 0x6f76, 0x7, 0x0, 0x1, 0x8, 0x7f, 0x3}) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) 3m14.50810666s ago: executing program 5 (id=6908): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20008000) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 3m13.670324955s ago: executing program 5 (id=6909): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c00000700000060"], 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003d0000003d000000050000000a0000000400000f74feffff05000000250b00000e00000002000000ae0000000100000004000000ffffffff00000000"], 0x0, 0x5d, 0x0, 0x6}, 0x28) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r2, r1, 0x0) 3m13.427827424s ago: executing program 5 (id=6912): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000003c0)={0x5, @vbi={0x7, 0x8, 0x9, 0x20363059, [0x100006, 0x3], [0x0, 0xff], 0x1}}) 3m12.015865864s ago: executing program 5 (id=6914): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) io_setup(0x4, &(0x7f00000014c0)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, r1, 0x0}]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 3m10.638477911s ago: executing program 5 (id=6920): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0a"], 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003d0000003d000000050000000a0000000400000f74feffff05000000250b00000e00000002000000ae0000000100000004000000ffffffff00000000"], 0x0, 0x5d, 0x0, 0x6}, 0x28) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r2, r1, 0x0) 2m55.647318368s ago: executing program 35 (id=6920): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0a"], 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003d0000003d000000050000000a0000000400000f74feffff05000000250b00000e00000002000000ae0000000100000004000000ffffffff00000000"], 0x0, 0x5d, 0x0, 0x6}, 0x28) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8) dup3(r2, r1, 0x0) 10.633445513s ago: executing program 0 (id=7284): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x400001, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xfffffffd}, 0x2001}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 9.069555605s ago: executing program 4 (id=7286): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) ioctl$TIOCSPGRP(r4, 0x5410, 0x0) 8.826141224s ago: executing program 0 (id=7287): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x800000100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'dummy0\x00', &(0x7f0000000280)=@ethtool_link_settings={0x4c, 0x9f2, 0xe7, 0x3, 0x0, 0xb1, 0x8, 0x5, 0x4, 0xe, [0xfffffffe, 0x8, 0x6, 0x7, 0x6, 0x800006, 0x200, 0xb]}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000000c0)={0x20, r6, 0x239, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}]}]}, 0x20}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x8, 0x8, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000005}, 0x50) syz_emit_vhci(&(0x7f000001d540)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xb, 0x0, 0x419}}}, 0x7) 7.772216305s ago: executing program 0 (id=7289): r0 = getpgrp(0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003fc0), 0x0, 0x1) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x24, 0x7, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2595}]}, 0x24}, 0x1, 0x0, 0x0, 0xc001}, 0x800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x8844, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 6.000037664s ago: executing program 0 (id=7291): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x18) symlinkat(&(0x7f00000004c0)='./file0\x00', r1, &(0x7f00000001c0)='./file0\x00') readlinkat(r1, &(0x7f0000000140)='./file0\x00', &(0x7f0000000580)=""/205, 0xcd) 5.606413304s ago: executing program 6 (id=7295): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004000}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 4.542575667s ago: executing program 6 (id=7296): r0 = syz_io_uring_setup(0x495, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x1000007, 0x428b}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index, 0x2, &(0x7f0000001480)="2b010ed9a2708e87eed9561f", 0xc}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 4.527465958s ago: executing program 4 (id=7297): r0 = socket(0xa, 0x5, 0x0) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f0000001280)={&(0x7f0000000240)=@in6={0xa, 0x4e24, 0x7fffffff, @loopback}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000000c0)="db", 0x1}], 0x1, &(0x7f00000003c0)=[@init={0x18, 0x84, 0x0, {0x2, 0x1, 0x6, 0x7}}, @sndrcv={0x30, 0x84, 0x1, {0x6, 0x9, 0x9, 0x28, 0x5, 0x7fffffff, 0x0, 0x4}}], 0x48, 0x4990}, 0x2400c8c5) 4.446464325s ago: executing program 7 (id=7298): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x5, &(0x7f0000000040)=0x29) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key(&(0x7f00000001c0)='asymmetric\x00', 0x0, &(0x7f0000000240)="ff", 0x1, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 4.433678435s ago: executing program 4 (id=7299): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) creat(&(0x7f00000002c0)='./file0\x00', 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4084) syz_usb_connect(0x0, 0x5a, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1) close(0x3) 3.663049096s ago: executing program 7 (id=7300): r0 = getpgrp(0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003fc0), 0x0, 0x1) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x24, 0x7, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2595}]}, 0x24}, 0x1, 0x0, 0x0, 0xc001}, 0x800) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x8844, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 1.948770659s ago: executing program 7 (id=7301): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbac1414bb000000000000000000000000000004001000000002000020"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) 1.850466126s ago: executing program 6 (id=7302): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x5) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0xfffffffffffffffc) 1.717509347s ago: executing program 6 (id=7303): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$video4linux(0x0, 0x3, 0x3cf281) close(0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000300)={0xffffffffffffff5e, 0x0, 0x0}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 1.608192835s ago: executing program 0 (id=7304): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2800003, 0x31, 0xffffffffffffffff, 0x231cd000) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) setxattr$incfs_metadata(0x0, &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c8", 0x11, 0x1) sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0af33709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf495efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c57684224fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f6d7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f28a930f8fb5afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866414acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21510000009822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0be47c5aeb06ec1c054377d5532c370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bddd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a92", 0x2f8, 0x4000, &(0x7f0000000180)=@caif=@rfm={0x25, 0x107ff, "6798c48f000000ec00"}, 0x80) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r0, &(0x7f0000003680)={0x2020}, 0x2020) 1.462389557s ago: executing program 4 (id=7305): openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) writev(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) 1.42525777s ago: executing program 0 (id=7306): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x24, 0x0, 0x0) 818.369327ms ago: executing program 7 (id=7307): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001600)}, 0x0) 686.385327ms ago: executing program 6 (id=7308): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x5, &(0x7f0000000040)=0x29) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key(&(0x7f00000001c0)='asymmetric\x00', 0x0, &(0x7f0000000240)="ff", 0x1, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 331.258965ms ago: executing program 6 (id=7309): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x24008084) 324.618246ms ago: executing program 7 (id=7310): timer_create(0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x84) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) semop(0x0, 0x0, 0x0) semctl$GETZCNT(0x0, 0x0, 0xf, 0x0) 210.520794ms ago: executing program 4 (id=7311): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x5) ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0xfffffffffffffffc) 116.279042ms ago: executing program 7 (id=7312): syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000580)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000140)=0x10) 0s ago: executing program 4 (id=7313): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0xc0403d15, 0x0) kernel console output (not intermixed with test programs): dget.1 gadget.0: fail, usb_ep_enable returned -22 [ 681.729614][ T9407] snd-usb-audio: probe of 1-1:0.0 failed with error -22 [ 681.934049][ T9407] usb 1-1: USB disconnect, device number 4 [ 682.114741][T18555] binder: 18552:18555 unknown command 1074553619 [ 682.142118][T18555] binder: 18552:18555 ioctl c0306201 200000000640 returned -22 [ 682.262913][T18560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4730'. [ 682.435591][T18562] netlink: 'syz.6.4731': attribute type 1 has an invalid length. [ 684.108129][ T9407] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 684.173352][T10170] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 684.313396][ T9407] usb 1-1: Using ep0 maxpacket: 16 [ 684.331538][ T9407] usb 1-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 684.361167][ T9407] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.373193][T10170] usb 7-1: Using ep0 maxpacket: 32 [ 684.380033][ T9407] usb 1-1: Product: syz [ 684.385433][T10170] usb 7-1: config 0 has an invalid interface number: 150 but max is 0 [ 684.390173][ T9407] usb 1-1: Manufacturer: syz [ 684.400740][ T9407] usb 1-1: SerialNumber: syz [ 684.403003][T10170] usb 7-1: config 0 has no interface number 0 [ 684.408230][ T9407] usb 1-1: config 0 descriptor?? [ 684.413104][T10170] usb 7-1: config 0 interface 150 has no altsetting 0 [ 684.419361][ T9407] ums-onetouch 1-1:0.0: USB Mass Storage device detected [ 684.438483][T10170] usb 7-1: New USB device found, idVendor=093a, idProduct=2603, bcdDevice=53.01 [ 684.450186][T10170] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.458553][T10170] usb 7-1: Product: syz [ 684.462753][T10170] usb 7-1: Manufacturer: syz [ 684.467524][T10170] usb 7-1: SerialNumber: syz [ 684.476372][T10170] usb 7-1: config 0 descriptor?? [ 684.495507][T10170] gspca_main: pac7311-2.14.0 probing 093a:2603 [ 684.637344][T10171] usb 1-1: USB disconnect, device number 5 [ 685.016917][T10170] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -110 [ 685.027329][T10170] pac7311: probe of 7-1:0.150 failed with error -110 [ 685.523137][ T787] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 685.683213][ T787] usb 1-1: device descriptor read/64, error -71 [ 685.767154][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.935573][T18613] 9pnet_fd: Insufficient options for proto=fd [ 685.973104][ T787] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 686.094063][T10170] usb 7-1: USB disconnect, device number 12 [ 686.680938][ T787] usb 1-1: device descriptor read/64, error -71 [ 686.829908][ T787] usb usb1-port1: attempt power cycle [ 687.944440][ T787] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 688.143915][ T787] usb 1-1: device descriptor read/8, error -71 [ 689.843116][ T9407] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 690.053033][ T9407] usb 7-1: Using ep0 maxpacket: 32 [ 690.069447][ T9407] usb 7-1: config 0 has an invalid interface number: 2 but max is 0 [ 690.092988][ T9407] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 690.134736][ T9407] usb 7-1: config 0 has no interface number 0 [ 690.140912][ T9407] usb 7-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 690.205505][ T9407] usb 7-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=c2.57 [ 690.224153][ T9407] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.233321][ T9407] usb 7-1: Product: syz [ 690.243106][ T9407] usb 7-1: Manufacturer: syz [ 690.247837][ T9407] usb 7-1: SerialNumber: syz [ 690.271624][ T9407] usb 7-1: config 0 descriptor?? [ 692.764003][ T9407] smsc95xx v2.0.0 [ 692.767764][ T9407] smsc95xx 7-1:0.2 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 694.344670][ T9407] smsc95xx: probe of 7-1:0.2 failed with error -22 [ 694.380581][ T9407] usb 7-1: USB disconnect, device number 13 [ 700.742864][T18766] tty tty33: ldisc open failed (-12), clearing slot 32 [ 701.544146][T18772] block device autoloading is deprecated and will be removed. [ 703.702070][T18782] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4793'. [ 704.463686][ T28] audit: type=1326 audit(960.424:6199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18785 comm="syz.5.4803" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf2758f749 code=0x0 [ 708.693836][T18810] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4811'. [ 715.043152][ T5856] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 715.253025][ T5856] usb 7-1: Using ep0 maxpacket: 16 [ 715.262695][ T5856] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 715.292404][ T5856] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 715.312659][ T5856] usb 7-1: Product: syz [ 715.319134][ T5856] usb 7-1: Manufacturer: syz [ 715.333351][ T5856] usb 7-1: SerialNumber: syz [ 715.340537][ T5856] usb 7-1: config 0 descriptor?? [ 715.614438][T18828] KVM: debugfs: duplicate directory 18828-10 [ 717.104617][T10187] usb 7-1: USB disconnect, device number 14 [ 717.597201][T18870] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4823'. [ 721.748487][T18903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4836'. [ 734.105471][T18970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4846'. [ 734.444974][ T28] audit: type=1804 audit(990.394:6200): pid=18977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4860" name="/newroot/229/bus/bus" dev="overlay" ino=1225 res=1 errno=0 [ 738.912021][T19026] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4869'. [ 742.193908][ T28] audit: type=1326 audit(998.154:6201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.265110][ T28] audit: type=1326 audit(998.174:6202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.345413][ T28] audit: type=1326 audit(998.184:6203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.459646][ T28] audit: type=1326 audit(998.184:6204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.531863][ T28] audit: type=1326 audit(998.184:6205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.609775][ T28] audit: type=1326 audit(998.184:6206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.631618][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.643021][ T28] audit: type=1326 audit(998.184:6207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.664853][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.687195][ T28] audit: type=1326 audit(998.184:6208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.713987][ T28] audit: type=1326 audit(998.184:6209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 742.748545][ T28] audit: type=1326 audit(998.184:6210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.0.4885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 747.349467][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.444178][T19098] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4900'. [ 757.967714][T19153] netlink: 'syz.0.4915': attribute type 7 has an invalid length. [ 757.975532][T19153] netlink: 'syz.0.4915': attribute type 5 has an invalid length. [ 757.983284][T19153] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4915'. [ 758.482446][T19171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4916'. [ 764.615251][T19217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4934'. [ 766.011980][T19229] overlayfs: failed to clone upperpath [ 767.529286][T19248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4944'. [ 768.335426][ T787] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 768.533280][ T787] usb 7-1: Using ep0 maxpacket: 16 [ 768.549846][ T787] usb 7-1: config 0 has an invalid interface number: 156 but max is 0 [ 768.560038][ T787] usb 7-1: config 0 has no interface number 0 [ 768.566614][ T787] usb 7-1: config 0 interface 156 altsetting 2 has an invalid endpoint with address 0xAC, skipping [ 768.577815][ T787] usb 7-1: config 0 interface 156 has no altsetting 0 [ 768.639461][ T787] usb 7-1: New USB device found, idVendor=1234, idProduct=0002, bcdDevice=c8.36 [ 768.675666][ T787] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 768.693067][ T787] usb 7-1: Product: syz [ 768.697400][ T787] usb 7-1: Manufacturer: syz [ 768.702131][ T787] usb 7-1: SerialNumber: syz [ 768.725777][ T787] usb 7-1: config 0 descriptor?? [ 768.985795][ T787] usb 7-1: USB disconnect, device number 15 [ 769.855092][T19277] smc: net device bond0 applied user defined pnetid SYZ0 [ 769.986374][T19280] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4955'. [ 770.524283][T19282] smc: net device bond0 erased user defined pnetid SYZ0 [ 774.111211][T19315] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4964'. [ 774.121320][ T5828] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 775.863963][ T5828] usb 7-1: Using ep0 maxpacket: 8 [ 775.873726][ T5828] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 775.882830][ T5828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.891696][ T5778] Bluetooth: hci1: command 0x0406 tx timeout [ 775.942288][ T5828] pvrusb2: Hardware description: Terratec Grabster AV400 [ 775.973179][ T5828] pvrusb2: ********** [ 775.977219][ T5828] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 776.017767][ T5828] pvrusb2: Important functionality might not be entirely working. [ 776.046773][ T5828] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 776.073989][ T5828] pvrusb2: ********** [ 776.173837][ T2319] pvrusb2: Invalid write control endpoint [ 776.320561][ T2319] pvrusb2: Invalid write control endpoint [ 776.420202][ T2319] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 776.463199][ T2319] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 776.533263][ T2319] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 776.554965][ T2319] pvrusb2: Device being rendered inoperable [ 776.578925][T19307] pvrusb2: Attempted to execute control transfer when device not ok [ 776.621294][ T2319] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 776.639247][ T2319] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 776.657074][ T2319] pvrusb2: Attached sub-driver cx25840 [ 776.673236][ T2319] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 776.694210][T19050] usb 7-1: USB disconnect, device number 16 [ 776.710325][ T2319] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 785.948025][T19380] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4976'. [ 791.074501][T19419] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4996'. [ 793.223057][ T9405] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 793.425381][ T9405] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 793.454534][ T9405] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 793.482665][ T9405] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 793.502082][ T9405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 793.514466][ T9405] usb 1-1: SerialNumber: syz [ 794.801247][ T9405] usb 1-1: 0:2 : does not exist [ 794.914961][ T9405] usb 1-1: USB disconnect, device number 10 [ 803.941045][T19510] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5008'. [ 808.833547][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.540116][T19550] 9pnet_virtio: no channels available for device ./file0/../file0/../file0 [ 809.985136][ T5778] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 809.997686][ T5778] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 810.021217][ T5778] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 810.030849][ T5778] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 810.061781][ T5778] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 810.075334][ T5778] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 811.147461][ T2953] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.291223][ T2953] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.570248][ T2953] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.563032][T18135] Bluetooth: hci4: command tx timeout [ 812.681215][ T2953] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.910286][T19553] chnl_net:caif_netlink_parms(): no params data found [ 814.644495][T18135] Bluetooth: hci4: command tx timeout [ 815.055235][T19553] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.094608][T19553] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.104240][T19553] bridge_slave_0: entered allmulticast mode [ 815.119585][T19553] bridge_slave_0: entered promiscuous mode [ 815.595872][T19553] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.763565][T19553] bridge0: port 2(bridge_slave_1) entered disabled state [ 815.817471][T19553] bridge_slave_1: entered allmulticast mode [ 815.853333][T19553] bridge_slave_1: entered promiscuous mode [ 816.131131][T19553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 816.154374][T19553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 816.187299][ T5828] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 816.300989][T19553] team0: Port device team_slave_0 added [ 816.330545][T19553] team0: Port device team_slave_1 added [ 816.396033][ T5828] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 816.409947][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.905412][ T5828] usb 1-1: Product: syz [ 816.916126][ T5828] usb 1-1: Manufacturer: syz [ 816.916553][T18135] Bluetooth: hci4: command tx timeout [ 816.928313][ T5828] usb 1-1: SerialNumber: syz [ 817.076650][T19553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 817.089462][T19553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.129395][T19553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 817.188793][T19553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 817.197823][T19553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.225023][T19553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 817.359570][T19553] hsr_slave_0: entered promiscuous mode [ 817.384122][T19553] hsr_slave_1: entered promiscuous mode [ 817.404839][T19553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 817.412459][T19553] Cannot create hsr debugfs directory [ 817.803272][ T5828] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 817.815351][ T5828] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 817.844452][ T5828] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 818.618386][ T5828] lan78xx: probe of 1-1:1.0 failed with error -71 [ 818.704656][ T5828] usb 1-1: USB disconnect, device number 11 [ 818.973128][T18135] Bluetooth: hci4: command tx timeout [ 821.393101][ T787] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 821.603020][ T787] usb 7-1: Using ep0 maxpacket: 16 [ 821.701214][ T787] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 821.789248][ T787] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 821.928381][ T787] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 822.186411][ T787] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 822.199009][ T787] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.208092][ T787] usb 7-1: Product: syz [ 822.212368][ T787] usb 7-1: Manufacturer: syz [ 822.217182][ T787] usb 7-1: SerialNumber: syz [ 822.289752][ T2953] hsr_slave_0: left promiscuous mode [ 822.296606][ T2953] hsr_slave_1: left promiscuous mode [ 822.302741][ T2953] bridge_slave_1: left allmulticast mode [ 822.308762][ T2953] bridge_slave_1: left promiscuous mode [ 822.315122][ T2953] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.326190][ T2953] bridge_slave_0: left allmulticast mode [ 822.331931][ T2953] bridge_slave_0: left promiscuous mode [ 822.338811][ T2953] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.387904][ T2953] veth1_macvtap: left promiscuous mode [ 822.393637][ T2953] veth0_macvtap: left promiscuous mode [ 822.399281][ T2953] veth1_vlan: left promiscuous mode [ 822.404700][ T2953] veth0_vlan: left promiscuous mode [ 822.554909][T19669] program syz.0.5076 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 822.684125][ T787] usb 7-1: 0:2 : does not exist [ 823.614360][T19680] binder: 19679:19680 unknown command 1074553620 [ 823.620816][T19680] binder: 19679:19680 ioctl c0306201 200000000640 returned -22 [ 823.870512][ T5856] usb 7-1: USB disconnect, device number 17 [ 824.255593][T19694] binder: 19690:19694 ioctl 4018620d 0 returned -22 [ 824.264462][T19694] binder: 19690:19694 ioctl 4018620d 0 returned -22 [ 826.001660][T19704] gfs2: path_lookup on  returned error -2 [ 827.729980][T19696] syz.0.5084 (19696): drop_caches: 2 [ 828.046064][ T2953] team0 (unregistering): Port device team_slave_1 removed [ 828.233017][ T2953] team0 (unregistering): Port device team_slave_0 removed [ 828.571911][ T2953] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 829.407089][ T2953] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 829.858178][T19725] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 832.137755][T19741] loop9: detected capacity change from 0 to 7 [ 832.169140][T19741] Dev loop9: unable to read RDB block 7 [ 832.174959][T19741] loop9: unable to read partition table [ 832.894630][T19741] loop9: partition table beyond EOD, truncated [ 832.945846][T19741] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 833.284571][T10187] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 833.511278][T10187] usb 7-1: Using ep0 maxpacket: 32 [ 833.532131][T10187] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 833.542436][T10187] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 833.557619][T10187] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 833.593969][T10187] usb 7-1: config 0 descriptor?? [ 834.144606][ T2953] .` (unregistering): Released all slaves [ 834.212600][T19752] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5103'. [ 834.221835][T19752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5103'. [ 835.469813][ T2953] IPVS: stop unused estimator thread 0... [ 835.550686][T19553] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 835.562833][T19553] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 835.570330][ T9407] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 835.582328][T19553] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 835.596010][T19553] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 835.700756][T19553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.725312][T19553] 8021q: adding VLAN 0 to HW filter on device team0 [ 835.740359][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.747641][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 835.766532][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.767341][ T9407] usb 1-1: unable to get BOS descriptor or descriptor too short [ 835.773788][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 835.783698][ T9407] usb 1-1: config 3 has an invalid interface number: 8 but max is 3 [ 835.802706][ T9407] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 835.813275][ T9407] usb 1-1: config 3 has 1 interface, different from the descriptor's value: 4 [ 835.822253][ T9407] usb 1-1: config 3 has no interface number 0 [ 835.829682][ T9407] usb 1-1: config 3 interface 8 altsetting 6 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 835.840906][ T9407] usb 1-1: config 3 interface 8 altsetting 6 endpoint 0x82 has invalid wMaxPacketSize 0 [ 835.851756][ T9407] usb 1-1: config 3 interface 8 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 835.865156][ T9407] usb 1-1: config 3 interface 8 has no altsetting 0 [ 835.875241][ T9407] usb 1-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=c2.be [ 835.885543][ T9407] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 835.899730][ T9407] usb 1-1: Product: syz [ 835.906469][ T9407] usb 1-1: Manufacturer: syz [ 835.911353][ T9407] usb 1-1: SerialNumber: syz [ 836.112434][T19553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 836.147410][ T9407] appledisplay 1-1:3.8: Submitting URB failed [ 836.156264][ T9407] appledisplay: probe of 1-1:3.8 failed with error -5 [ 836.173881][ T9407] usb 1-1: USB disconnect, device number 12 [ 836.283583][T10187] usb 7-1: USB disconnect, device number 18 [ 838.211766][T19553] veth0_vlan: entered promiscuous mode [ 838.235632][T19553] veth1_vlan: entered promiscuous mode [ 838.316652][T19553] veth0_macvtap: entered promiscuous mode [ 838.532654][T19553] veth1_macvtap: entered promiscuous mode [ 840.089740][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.125025][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.153201][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.179820][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.210401][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 840.241526][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.274623][T19553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 840.312240][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.359074][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.403280][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.428652][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.441538][T19553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 840.471682][T19553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.485030][T19553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.508013][T19553] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.520660][T19553] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.529536][T19553] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.539085][T19553] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.855787][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 840.870090][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 840.878968][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 840.889497][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 844.015744][T19835] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5035'. [ 851.214443][T18135] Bluetooth: hci0: adv larger than maximum supported [ 854.780340][T19886] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.5140'. [ 857.831967][T19901] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5142'. [ 863.880753][T10170] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 864.149681][T10170] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 864.184761][T10170] usb 7-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 864.227975][T10170] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.274116][T10170] usb 7-1: config 0 descriptor?? [ 864.591836][T19951] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5155'. [ 864.834735][T10170] logitech-djreceiver 0003:046D:C71F.000E: unknown main item tag 0x2 [ 865.142663][T10170] usb 7-1: USB disconnect, device number 19 [ 865.154205][ T11] tipc: Disabling bearer [ 865.172731][ T11] tipc: Left network mode [ 868.983224][T19972] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5163'. [ 870.089428][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.467370][ T11] veth1_macvtap: left promiscuous mode [ 875.494857][ T11] veth0_macvtap: left promiscuous mode [ 875.500624][ T11] veth1_vlan: left promiscuous mode [ 875.522426][ T11] veth0_vlan: left promiscuous mode [ 883.785183][ T11] .` (unregistering): Released all slaves [ 883.897807][T20015] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5174'. [ 883.922974][T20013] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5171'. [ 883.981825][T20054] bridge2: entered promiscuous mode [ 890.783543][T20121] binder: 20118:20121 ioctl 50009401 200000001700 returned -22 [ 891.039184][T20127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5200'. [ 893.293575][T20146] fuse: Bad value for 'fd' [ 894.991145][T20154] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 900.733151][T20202] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5228'. [ 901.543865][T19842] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 901.863272][T19842] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 901.968211][T19842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.053231][T19842] usb 1-1: Product: syz [ 902.058235][T19842] usb 1-1: Manufacturer: syz [ 902.104212][T19842] usb 1-1: SerialNumber: syz [ 902.691185][T19842] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 902.724348][T19842] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 902.749770][T19842] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 902.773795][T19842] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 902.804419][T19842] lan78xx: probe of 1-1:1.0 failed with error -71 [ 902.833671][T19842] usb 1-1: USB disconnect, device number 13 [ 909.557728][T20257] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 914.749898][T20304] 9pnet_fd: Insufficient options for proto=fd [ 915.973878][T20307] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5262'. [ 922.576722][T20373] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5290'. [ 922.808142][T20376] tipc: Started in network mode [ 922.959104][T20376] tipc: Node identity 10001, cluster identity 3153 [ 922.966509][T20376] tipc: Node number set to 65537 [ 923.538106][T20391] netlink: 'syz.5.5305': attribute type 83 has an invalid length. [ 926.283993][T20421] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5309'. [ 931.553630][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.875295][T20487] program syz.4.5338 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 933.024537][T20490] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5330'. [ 934.075754][ T5778] Bluetooth: hci4: command 0x0406 tx timeout [ 934.854298][T20507] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5343'. [ 936.041467][T20509] loop5: detected capacity change from 0 to 7 [ 936.067348][T20509] Dev loop5: unable to read RDB block 7 [ 936.087370][T20509] loop5: unable to read partition table [ 936.107777][T20509] loop5: partition table beyond EOD, truncated [ 936.130878][T20509] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 937.963072][ T787] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 938.667814][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 938.791121][ T787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 938.801437][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 938.824957][ T787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 939.015036][ T787] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 939.024965][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 939.046285][ T787] usb 1-1: config 0 descriptor?? [ 939.201194][T20545] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5356'. [ 939.801423][ T787] hdpvr 1-1:0.0: firmware version 0xce dated [ 939.801423][ T787] ujOm{}Xn~mj.X˺63k_ [ 939.821577][ T787] hdpvr 1-1:0.0: untested firmware, the driver might not work. [ 940.112614][ T787] hdpvr 1-1:0.0: device init failed [ 940.118475][ T787] hdpvr: probe of 1-1:0.0 failed with error -12 [ 940.133241][ T787] usb 1-1: USB disconnect, device number 14 [ 943.219788][T20577] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5366'. [ 943.282366][T20582] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5364'. [ 944.247563][T20605] netlink: 'syz.5.5373': attribute type 83 has an invalid length. [ 945.992663][T20620] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5376'. [ 947.332367][T20632] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5378'. [ 950.417880][T20669] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 950.424433][T20669] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 950.874083][T20669] vhci_hcd vhci_hcd.0: Device attached [ 950.908762][T20670] vhci_hcd: connection closed [ 950.923465][ T49] vhci_hcd: stop threads [ 950.935268][ T49] vhci_hcd: release socket [ 950.939872][ T49] vhci_hcd: disconnect device [ 950.986924][T20671] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5390'. [ 951.806379][T20691] netlink: 'syz.6.5399': attribute type 4 has an invalid length. [ 953.725953][T20712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5406'. [ 953.737660][T20715] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5408'. [ 954.753777][ T787] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 955.168405][T20742] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5418'. [ 955.231136][T20746] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5417'. [ 955.440656][ T787] usb 1-1: Using ep0 maxpacket: 16 [ 955.497749][ T787] usb 1-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 955.513154][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.529808][ T787] usb 1-1: Product: syz [ 955.538089][ T787] usb 1-1: Manufacturer: syz [ 955.542739][ T787] usb 1-1: SerialNumber: syz [ 955.553404][ T787] usb 1-1: config 0 descriptor?? [ 955.563841][ T787] as10x_usb: device has been detected [ 955.569921][ T787] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 955.743488][ T787] usb 1-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 955.804993][ T787] as10x_usb: error during firmware upload part1 [ 955.811952][ T787] Registered device Sky IT Digital Key (green led) [ 955.815196][ T787] usb 1-1: USB disconnect, device number 15 [ 955.850580][ T787] Unregistered device Sky IT Digital Key (green led) [ 955.854470][ T787] as10x_usb: device has been disconnected [ 958.616511][T20775] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5427'. [ 959.649028][T20793] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5429'. [ 961.936460][T20819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5439'. [ 961.950155][T20819] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5439'. [ 962.036781][T20821] netlink: 592 bytes leftover after parsing attributes in process `syz.0.5440'. [ 962.605040][T20833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5441'. [ 965.133962][ T5856] kernel write not supported for file /vcs (pid: 5856 comm: kworker/0:5) [ 965.711060][T20858] 9pnet_virtio: no channels available for device syz [ 965.900025][T20860] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5452'. [ 967.132794][T20871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5453'. [ 968.612938][ T9405] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 968.671092][T20880] comedi comedi3: multiq3: a I/O base address must be specified [ 968.816515][ T9405] usb 5-1: Using ep0 maxpacket: 32 [ 968.827710][ T9405] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 968.848374][ T9405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.863023][ T9405] usb 5-1: Product: syz [ 968.867270][ T9405] usb 5-1: Manufacturer: syz [ 968.882163][ T9405] usb 5-1: SerialNumber: syz [ 968.899185][ T9405] usb 5-1: config 0 descriptor?? [ 969.168399][ T9405] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 007 [ 969.382435][T20901] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5461'. [ 969.751093][ T9405] usb 5-1: USB disconnect, device number 7 [ 970.403149][T20915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5463'. [ 971.183240][T20924] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (240) [ 972.020163][T20939] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5472'. [ 972.083194][T20943] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5474'. [ 972.712359][T20956] netlink: set zone limit has 8 unknown bytes [ 974.467657][T20972] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5483'. [ 974.870454][T20979] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5484'. [ 976.303321][T20987] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 978.340954][T21011] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5493'. [ 979.689514][T21021] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5495'. [ 980.032931][T19050] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 981.262554][T10186] kernel write not supported for file bpf-prog (pid: 10186 comm: kworker/0:13) [ 981.273943][T19050] usb 5-1: Using ep0 maxpacket: 32 [ 981.287892][T19050] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 981.313716][T19050] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 981.328721][T19050] usb 5-1: config 0 interface 0 has no altsetting 0 [ 981.347080][T19050] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 981.363351][T19050] usb 5-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 981.371660][T19050] usb 5-1: Product: syz [ 981.382886][T19050] usb 5-1: Manufacturer: syz [ 981.391335][T19050] usb 5-1: SerialNumber: syz [ 981.406794][T19050] usb 5-1: config 0 descriptor?? [ 981.827308][T19050] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 981.975969][T21050] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5504'. [ 982.686210][T19050] gs_usb 5-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO) [ 982.728797][T19050] gs_usb: probe of 5-1:0.0 failed with error -71 [ 983.844733][T19050] usb 5-1: USB disconnect, device number 8 [ 987.781864][T21081] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5514'. [ 990.151909][T21118] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5507'. [ 991.080042][T21128] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5525'. [ 992.983642][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.784508][T21142] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5527'. [ 993.812978][T21142] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5527'. [ 994.281133][T21135] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5527'. [ 995.152765][T21159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5534'. [ 996.354081][T21166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5535'. [ 1000.521675][T21197] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5543'. [ 1001.067902][T21204] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5545'. [ 1001.797549][T21212] kAFS: No cell specified [ 1003.974088][T19050] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1004.343679][T19050] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1004.782054][T21231] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5554'. [ 1004.803693][T19050] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1004.845259][T21235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5555'. [ 1004.856436][T19050] usb 5-1: Product: syz [ 1004.876721][T19050] usb 5-1: Manufacturer: syz [ 1005.093955][T19050] usb 5-1: SerialNumber: syz [ 1005.324504][T19050] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1005.382067][T19050] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1005.414449][T19050] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1005.433073][T19050] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1005.450299][T19050] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1005.482375][T19050] lan78xx: probe of 5-1:1.0 failed with error -71 [ 1005.510778][T19050] usb 5-1: USB disconnect, device number 9 [ 1007.114565][T21260] netlink: 'syz.6.5562': attribute type 4 has an invalid length. [ 1007.741051][T21278] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5565'. [ 1008.486934][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1008.509695][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1011.370124][T21309] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5577'. [ 1016.487268][T21347] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5589'. [ 1016.497109][T21346] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5587'. [ 1017.228719][T21366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5595'. [ 1017.258637][T21366] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.266306][T21366] bridge0: port 1(bridge_slave_0) entered disabled state [ 1018.084501][T21380] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5598'. [ 1018.840223][T21392] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5600'. [ 1019.889864][T21410] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1021.649391][T21425] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5609'. [ 1022.557329][T21436] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5613'. [ 1023.712922][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 1023.712937][ T28] audit: type=1326 audit(1279.664:6213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1023.776906][ T28] audit: type=1326 audit(1279.664:6214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1023.799679][ T28] audit: type=1326 audit(1279.664:6215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1023.853334][ T28] audit: type=1326 audit(1279.664:6216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1023.939738][ T28] audit: type=1326 audit(1279.664:6217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1023.961748][ C0] vkms_vblank_simulate: vblank timer overrun [ 1024.061698][ T28] audit: type=1326 audit(1279.664:6218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1024.717966][ T28] audit: type=1326 audit(1279.664:6219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1024.802883][ T28] audit: type=1326 audit(1279.664:6220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1024.859891][ T28] audit: type=1326 audit(1279.664:6221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1024.882420][ T28] audit: type=1326 audit(1279.664:6222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.6.5616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43678f749 code=0x7ffc0000 [ 1026.475274][T21467] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5622'. [ 1028.059071][T21475] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5624'. [ 1031.161603][T21495] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5630'. [ 1033.833897][T21503] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5632'. [ 1037.892900][T21541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5633'. [ 1038.959449][T21548] input: syz1 as /devices/virtual/input/input8 [ 1041.450097][T21575] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5655'. [ 1047.343722][T21620] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5668'. [ 1052.087579][T21660] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5680'. [ 1054.423467][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.389309][T21706] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5691'. [ 1058.726901][T21754] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5706'. [ 1059.682915][T10170] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1060.034444][T10170] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1060.091829][T10170] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1060.123321][T10170] usb 1-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1060.188600][T10170] usb 1-1: config 1 interface 0 has no altsetting 1 [ 1060.259340][T10170] usb 1-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 1060.426450][T10170] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.440732][T10170] usb 1-1: Product: syz [ 1060.445027][T10170] usb 1-1: Manufacturer: syz [ 1060.449651][T10170] usb 1-1: SerialNumber: syz [ 1060.478289][T10170] smsusb:smsusb_probe: board id=8, interface number 0 [ 1060.501420][T21765] kvm: kvm [21764]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x8000000083 [ 1060.524670][T21765] kvm: kvm [21764]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x8000000003 [ 1060.559092][T21765] kvm: kvm [21764]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0x8000000083 [ 1060.603101][T21765] kvm: kvm [21764]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0x8000000003 [ 1060.630998][T21765] kvm_intel: kvm [21764]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x1d9) = 0x8000000083 [ 1060.802479][T10170] smsusb:smsusb_probe: usb_set_interface failed, rc -71 [ 1060.816848][T10170] smsusb: probe of 1-1:1.0 failed with error -71 [ 1060.845088][T10170] usb 1-1: USB disconnect, device number 16 [ 1061.623483][T21789] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5718'. [ 1063.551031][T21822] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5732'. [ 1065.705168][T21842] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5738'. [ 1065.730266][T21842] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5738'. [ 1065.751148][T21842] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5738'. [ 1069.519196][T21857] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5743'. [ 1076.071044][T21947] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5772'. [ 1076.541945][T21955] netlink: 'syz.6.5774': attribute type 12 has an invalid length. [ 1078.619407][T21993] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5786'. [ 1080.477963][T22011] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5791'. [ 1081.036131][T22014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1081.073087][T22014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1081.114699][T22014] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1081.120786][T22014] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1081.357159][T22025] loop5: detected capacity change from 0 to 7 [ 1081.374099][T22025] Dev loop5: unable to read RDB block 7 [ 1081.380419][T22025] loop5: unable to read partition table [ 1081.393245][T22025] loop5: partition table beyond EOD, truncated [ 1081.399491][T22025] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 1083.427221][T18135] Bluetooth: hci1: command 0x0406 tx timeout [ 1083.433566][T18135] Bluetooth: hci4: command 0x0406 tx timeout [ 1084.462618][T22024] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.470493][T22024] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.297367][T22024] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1085.363476][T22024] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1085.443088][ T5778] Bluetooth: hci1: command 0x0406 tx timeout [ 1085.449234][T22031] Bluetooth: hci4: command 0x0406 tx timeout [ 1086.141384][T22024] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.153849][T22024] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.163338][T22024] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.172392][T22024] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.278191][T22056] binder: 22055:22056 ioctl c0306201 200000000080 returned -14 [ 1086.363383][T22038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5801'. [ 1088.654028][T22074] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5809'. [ 1093.610834][T22093] block device autoloading is deprecated and will be removed. [ 1093.625654][T22093] bio_check_eod: 2 callbacks suppressed [ 1093.625712][T22093] syz.5.5818: attempt to access beyond end of device [ 1093.625712][T22093] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1095.095354][T22097] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5815'. [ 1096.805883][T22116] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5816'. [ 1100.051220][T22130] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5832'. [ 1101.409598][T22031] Bluetooth: hci1: unexpected cc 0x0c05 length: 5 > 1 [ 1101.416537][T22031] Bluetooth: hci1: unexpected event for opcode 0x0c05 [ 1104.873023][T22171] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5839'. [ 1107.080679][T22202] overlayfs: failed to clone upperpath [ 1107.696288][ T5771] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1107.903502][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 1107.903519][ T28] audit: type=1326 audit(1363.854:6232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22214 comm="syz.4.5855" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83fa18f749 code=0x0 [ 1108.682914][ T5771] usb 1-1: Using ep0 maxpacket: 16 [ 1108.691656][ T5771] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1108.714416][ T5771] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1108.746749][ T5771] usb 1-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 1108.763027][ T5771] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.779946][ T5771] usb 1-1: config 0 descriptor?? [ 1108.785714][ T28] audit: type=1326 audit(1364.734:6233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22223 comm="syz.5.5857" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf2758f749 code=0x0 [ 1110.744516][ T5771] usb 1-1: can't set config #0, error -71 [ 1110.765190][ T5771] usb 1-1: USB disconnect, device number 17 [ 1115.875774][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1117.492896][ T5771] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1119.415534][ T5771] usb 1-1: Using ep0 maxpacket: 8 [ 1119.426059][ T5771] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1119.452862][ T5771] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1119.462847][ T5771] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1119.474388][ T5771] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1119.484495][ T5771] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1120.216972][ T5771] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1120.227032][ T5771] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.242982][ T5771] usb 1-1: can't set config #16, error -71 [ 1120.250329][ T5771] usb 1-1: USB disconnect, device number 18 [ 1129.143032][T22399] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5920'. [ 1129.173599][T22399] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5920'. [ 1129.236851][T22399] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.251504][T22399] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.271672][T22399] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.296761][T22399] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1129.323577][T22399] geneve2: entered promiscuous mode [ 1129.342978][T22399] geneve2: entered allmulticast mode [ 1132.577794][T22425] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 1133.471256][T22419] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 1134.030596][T22451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5937'. [ 1137.419000][T22488] tmpfs: Bad value for 'mpol' [ 1138.341294][T22497] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5952'. [ 1138.362841][T22497] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5952'. [ 1138.382161][T22497] netlink: 44 bytes leftover after parsing attributes in process `syz.6.5952'. [ 1141.673616][T22510] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5947'. [ 1142.904442][T22525] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5959'. [ 1144.830744][T22563] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5969'. [ 1145.760943][T22575] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5972'. [ 1148.643805][T22604] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5981'. [ 1148.941520][ T5778] Bluetooth: hci4: command 0x0406 tx timeout [ 1149.073148][T22615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5986'. [ 1151.376941][T22649] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5998'. [ 1154.516395][T22688] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6010'. [ 1157.436488][T22725] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6023'. [ 1160.773120][T22761] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6034'. [ 1161.422160][ T5778] Bluetooth: hci1: unexpected event for opcode 0x202d [ 1162.996456][T22769] overlayfs: upper fs does not support file handles, falling back to index=off. [ 1163.360812][T22781] 9pnet_virtio: no channels available for device syz [ 1166.406159][T22803] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6047'. [ 1167.963044][ T5771] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1168.402901][ T5771] usb 1-1: Using ep0 maxpacket: 16 [ 1168.487248][T22833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6059'. [ 1168.534881][ T5771] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1168.549404][ T5771] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.558975][ T5771] usb 1-1: Product: syz [ 1168.580091][ T5771] usb 1-1: Manufacturer: syz [ 1168.640870][ T5771] usb 1-1: SerialNumber: syz [ 1168.861814][ T5771] r8152-cfgselector 1-1: config 0 descriptor?? [ 1169.462966][ T5771] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1170.219534][ T5771] r8152-cfgselector 1-1: USB disconnect, device number 19 [ 1174.583625][T22879] overlayfs: missing 'lowerdir' [ 1176.902989][ T5856] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 1177.287809][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.003072][ T5856] usb 5-1: config 7 has an invalid interface number: 101 but max is 0 [ 1178.032863][ T5856] usb 5-1: config 7 has no interface number 0 [ 1178.204531][ T5856] usb 5-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 1178.213961][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.221968][ T5856] usb 5-1: Product: syz [ 1178.233300][ T5856] usb 5-1: Manufacturer: syz [ 1178.237932][ T5856] usb 5-1: SerialNumber: syz [ 1178.893413][ T5856] as10x_usb: device has been detected [ 1178.899678][ T5856] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 1178.953612][ T5856] usb 5-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 1178.993065][ T5856] as10x_usb: error during firmware upload part1 [ 1179.000288][ T5856] Registered device Elgato EyeTV DTT Deluxe [ 1179.013308][ T5856] usb 5-1: USB disconnect, device number 10 [ 1179.127304][ T5856] Unregistered device Elgato EyeTV DTT Deluxe [ 1179.140522][ T5856] as10x_usb: device has been disconnected [ 1183.795797][T22939] overlayfs: missing 'lowerdir' [ 1186.991867][T22951] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6090'. [ 1190.264027][T22031] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1190.288848][T22031] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1190.298133][T22031] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1190.308482][T22031] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1190.317291][T22031] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1190.340224][T22031] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1190.458551][T22185] syz_tun (unregistering): left allmulticast mode [ 1192.370202][ T2104] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1192.397516][ T2104] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.417134][ T5778] Bluetooth: hci2: command tx timeout [ 1193.452483][T22987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6111'. [ 1193.706228][ T2104] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1193.743099][ T2104] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.951251][ T2104] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1194.002183][ T2104] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1194.179664][ T2104] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1194.204403][ T2104] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1195.919613][ T5778] Bluetooth: hci2: command tx timeout [ 1196.228961][T22969] chnl_net:caif_netlink_parms(): no params data found [ 1196.410100][ T2104] tipc: Left network mode [ 1197.826095][T23024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6120'. [ 1197.873029][T22969] bridge0: port 1(bridge_slave_0) entered blocking state [ 1197.883068][T22969] bridge0: port 1(bridge_slave_0) entered disabled state [ 1197.904979][T22969] bridge_slave_0: entered allmulticast mode [ 1197.933388][T22969] bridge_slave_0: entered promiscuous mode [ 1198.004150][ T5778] Bluetooth: hci2: command tx timeout [ 1198.043426][T22969] bridge0: port 2(bridge_slave_1) entered blocking state [ 1198.050657][T22969] bridge0: port 2(bridge_slave_1) entered disabled state [ 1198.073676][T23027] netlink: 'syz.4.6116': attribute type 11 has an invalid length. [ 1198.101682][T22969] bridge_slave_1: entered allmulticast mode [ 1198.125908][T22969] bridge_slave_1: entered promiscuous mode [ 1200.062641][T22969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1200.083397][ T5778] Bluetooth: hci2: command tx timeout [ 1200.110791][T22969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1200.639244][T23052] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6128'. [ 1201.408673][T22969] team0: Port device team_slave_0 added [ 1201.566482][T22969] team0: Port device team_slave_1 added [ 1203.391426][T22969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1203.422995][T22969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1203.448933][ C0] vkms_vblank_simulate: vblank timer overrun [ 1203.498555][T22969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1203.526067][T22969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1203.544240][T22969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1203.570161][ C0] vkms_vblank_simulate: vblank timer overrun [ 1203.596745][T22969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1203.852028][T22969] hsr_slave_0: entered promiscuous mode [ 1203.888896][T22969] hsr_slave_1: entered promiscuous mode [ 1203.895505][T22969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1203.917124][T22969] Cannot create hsr debugfs directory [ 1204.185910][ T2104] hsr_slave_0: left promiscuous mode [ 1204.192674][ T2104] hsr_slave_1: left promiscuous mode [ 1204.211536][ T2104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1204.230190][ T2104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1204.252635][ T2104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1204.272834][ T2104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1204.280805][ T2104] bridge_slave_1: left allmulticast mode [ 1204.301192][ T2104] bridge_slave_1: left promiscuous mode [ 1204.316420][ T2104] bridge0: port 2(bridge_slave_1) entered disabled state [ 1204.337346][ T2104] bridge_slave_0: left allmulticast mode [ 1204.343306][ T2104] bridge_slave_0: left promiscuous mode [ 1204.349173][ T2104] bridge0: port 1(bridge_slave_0) entered disabled state [ 1204.504045][ T2104] veth1_macvtap: left promiscuous mode [ 1204.511574][ T2104] veth0_macvtap: left promiscuous mode [ 1204.518120][ T2104] veth1_vlan: left promiscuous mode [ 1204.531553][ T2104] veth0_vlan: left promiscuous mode [ 1207.555177][ T2104] team0 (unregistering): Port device team_slave_1 removed [ 1207.667021][ T2104] team0 (unregistering): Port device team_slave_0 removed [ 1207.883515][ T2104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1207.972220][T23134] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6161'. [ 1208.004724][ T2104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1213.688378][ T2104] bond0 (unregistering): Released all slaves [ 1220.105828][T22969] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1220.126411][T22969] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1220.145824][T22969] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1220.173564][T22969] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1220.774819][T22969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1220.856451][T22969] 8021q: adding VLAN 0 to HW filter on device team0 [ 1221.012321][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.019610][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1221.654492][ T3434] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.661694][ T3434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1222.786019][T22969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1224.954081][T22969] veth0_vlan: entered promiscuous mode [ 1224.984537][T22969] veth1_vlan: entered promiscuous mode [ 1225.068764][T22969] veth0_macvtap: entered promiscuous mode [ 1225.126136][T22969] veth1_macvtap: entered promiscuous mode [ 1225.188366][T22969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1225.292593][T22969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1225.442565][T22969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1225.803066][T22969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1225.840543][T22969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1225.851161][T23266] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6202'. [ 1225.955139][T22969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1225.987468][T22969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1225.997427][T22969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1226.013764][T22969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1226.025529][T22969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1226.055677][T22969] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1226.072849][T22969] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1226.081606][T22969] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1226.107909][T22969] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1227.074616][ T1025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.082534][ T1025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.167082][T19657] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.177306][T19657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.602976][T19249] usb 7-1: new full-speed USB device number 20 using dummy_hcd [ 1227.822358][T19249] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1227.844870][T19249] usb 7-1: not running at top speed; connect to a high speed hub [ 1227.863306][T19249] usb 7-1: config 0 has an invalid interface number: 107 but max is 0 [ 1227.872636][T19249] usb 7-1: config 0 has no interface number 0 [ 1227.879355][T19249] usb 7-1: config 0 interface 107 altsetting 10 endpoint 0xB has invalid maxpacket 1536, setting to 64 [ 1227.891149][T19249] usb 7-1: config 0 interface 107 altsetting 10 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 1227.902812][T19249] usb 7-1: config 0 interface 107 altsetting 10 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 1227.915147][T19249] usb 7-1: config 0 interface 107 has no altsetting 0 [ 1227.937353][T19249] usb 7-1: New USB device found, idVendor=1199, idProduct=6893, bcdDevice=e3.26 [ 1227.947491][T19249] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1227.955933][T19249] usb 7-1: Product: syz [ 1227.961238][T19249] usb 7-1: Manufacturer: syz [ 1228.234955][T19249] usb 7-1: SerialNumber: syz [ 1228.263568][T19249] usb 7-1: config 0 descriptor?? [ 1228.511911][T19249] sierra 7-1:0.107: Sierra USB modem converter detected [ 1228.569696][T19249] usb 7-1: Sierra USB modem converter now attached to ttyUSB0 [ 1228.632468][T19249] usb 7-1: Sierra USB modem converter now attached to ttyUSB1 [ 1228.644490][T22031] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1228.664420][T22031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1228.672671][T22031] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1228.681759][T22031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1228.691751][T22031] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1228.703651][T19249] usb 7-1: USB disconnect, device number 20 [ 1228.712821][T22031] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1228.784510][T19249] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 1228.846387][T19249] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 1228.900677][T19249] sierra 7-1:0.107: device disconnected [ 1229.260601][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1229.321643][T23295] chnl_net:caif_netlink_parms(): no params data found [ 1229.437214][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1229.676489][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1230.352286][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1230.397173][T23295] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.436747][T23295] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.460100][T23295] bridge_slave_0: entered allmulticast mode [ 1230.467790][T23295] bridge_slave_0: entered promiscuous mode [ 1230.478071][T23295] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.485351][T23295] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.492571][T23295] bridge_slave_1: entered allmulticast mode [ 1230.500331][T23295] bridge_slave_1: entered promiscuous mode [ 1230.580392][T23295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1230.604537][T23295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1230.715727][T23295] team0: Port device team_slave_0 added [ 1230.730201][T23295] team0: Port device team_slave_1 added [ 1230.853293][ T5778] Bluetooth: hci0: command tx timeout [ 1231.242343][T23295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1231.250658][T23295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1232.703210][T23339] loop8: detected capacity change from 0 to 8 [ 1233.726952][ T5778] Bluetooth: hci0: command tx timeout [ 1234.372968][T23295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1234.409949][T23295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1234.431548][T23295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1234.499506][T23339] Dev loop8: unable to read RDB block 8 [ 1234.505283][T23339] loop8: unable to read partition table [ 1234.511147][T23339] loop8: partition table beyond EOD, truncated [ 1234.512338][T23295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1234.517471][T23339] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1234.634590][ T11] tipc: Disabling bearer [ 1234.648987][ T11] tipc: Left network mode [ 1234.781431][T23295] hsr_slave_0: entered promiscuous mode [ 1234.792657][T23295] hsr_slave_1: entered promiscuous mode [ 1234.953386][T22046] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1235.159716][T22046] usb 7-1: Using ep0 maxpacket: 16 [ 1235.176866][T22046] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1235.209336][T22046] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1235.233160][T22046] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1235.249990][T22046] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1235.272826][T22046] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.292850][T22046] usb 7-1: Product: syz [ 1235.297128][T22046] usb 7-1: Manufacturer: syz [ 1235.301767][T22046] usb 7-1: SerialNumber: syz [ 1235.605108][T22046] usb 7-1: 0:2 : does not exist [ 1235.641958][T22046] usb 7-1: USB disconnect, device number 21 [ 1235.763004][T22031] Bluetooth: hci0: command tx timeout [ 1237.666054][T23295] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1237.858374][T22031] Bluetooth: hci0: command tx timeout [ 1237.895337][T23295] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1238.322492][T23295] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1238.351787][T23295] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1238.728395][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.925762][T23413] devpts: called with bogus options [ 1239.403787][ T11] hsr_slave_0: left promiscuous mode [ 1239.652584][ T11] hsr_slave_1: left promiscuous mode [ 1239.839669][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1239.883880][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1239.903656][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1239.911129][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1239.951634][ T11] bridge_slave_1: left allmulticast mode [ 1239.973936][ T11] bridge_slave_1: left promiscuous mode [ 1239.979803][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1240.312973][ T11] bridge_slave_0: left allmulticast mode [ 1240.331080][ T11] bridge_slave_0: left promiscuous mode [ 1240.681351][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1241.125423][ T11] veth1_macvtap: left promiscuous mode [ 1241.356897][ T11] veth0_macvtap: left promiscuous mode [ 1242.095931][ T11] veth1_vlan: left promiscuous mode [ 1242.101854][ T11] veth0_vlan: left promiscuous mode [ 1248.289089][T23472] afs: Unknown parameter 'smackfsdefT%' [ 1252.403554][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1253.352587][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1253.658442][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1253.770260][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1257.222923][ T787] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1258.299685][ T787] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1258.311005][ T787] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1258.320773][ T787] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1258.361407][ T787] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice=20.41 [ 1258.379018][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1258.392458][ T787] usb 1-1: Product: syz [ 1258.397005][ T787] usb 1-1: Manufacturer: syz [ 1258.401734][ T787] usb 1-1: SerialNumber: syz [ 1258.774031][ T787] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1259.599533][ T11] bond0 (unregistering): Released all slaves [ 1259.689674][T10170] usb 1-1: USB disconnect, device number 20 [ 1259.699521][T10170] usblp0: removed [ 1259.780619][T23563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6303'. [ 1260.182254][T23295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1260.272401][T23295] 8021q: adding VLAN 0 to HW filter on device team0 [ 1260.392448][T23295] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1260.403138][T23295] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1260.486011][ T2104] bridge0: port 1(bridge_slave_0) entered blocking state [ 1260.493295][ T2104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1262.411774][ T2104] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.419139][ T2104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1263.338531][T23295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1263.373270][ T5828] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 1263.575057][ T5828] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1263.595148][ T5828] usb 5-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=fd.0b [ 1263.642840][ T5828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1263.662378][ T5828] usb 5-1: config 0 descriptor?? [ 1263.774673][ T5828] usb 5-1: unsupported MDLM descriptors [ 1263.801071][T23614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6314'. [ 1264.213517][ T5828] usb 5-1: USB disconnect, device number 11 [ 1266.030668][T23295] veth0_vlan: entered promiscuous mode [ 1266.083972][T23295] veth1_vlan: entered promiscuous mode [ 1266.933779][T23295] veth0_macvtap: entered promiscuous mode [ 1266.977311][T23295] veth1_macvtap: entered promiscuous mode [ 1267.048029][T23295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1267.106918][T23295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1267.136310][T23295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1267.147108][T23295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1267.159526][T23295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1267.186449][T23295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1267.206030][T23295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1267.219531][T23295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1267.230173][T23295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1267.243674][T23295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1267.256032][T23295] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.267189][T23295] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.338118][T23295] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.353955][T23295] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.067003][T23652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6326'. [ 1268.143520][ T2104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1268.272924][ T2104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1268.332592][ T2104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1268.341865][ T2104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1270.794283][T23682] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6339'. [ 1275.845562][T23720] trusted_key: syz.0.6354 sent an empty control message without MSG_MORE. [ 1287.614089][ T9405] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1287.832888][ T9405] usb 1-1: Using ep0 maxpacket: 32 [ 1287.865637][ T9405] usb 1-1: config 2 has an invalid interface number: 194 but max is 0 [ 1287.908209][ T9405] usb 1-1: config 2 has no interface number 0 [ 1287.949532][ T9405] usb 1-1: config 2 interface 194 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1287.996115][ T9405] usb 1-1: config 2 interface 194 altsetting 0 endpoint 0xA has invalid maxpacket 1584, setting to 1024 [ 1288.045110][ T9405] usb 1-1: config 2 interface 194 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 1288.069405][ T9405] usb 1-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6 [ 1289.792805][ T9405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1289.814897][T23790] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1289.822281][T23790] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1292.975292][ T9405] usb 1-1: string descriptor 0 read error: -71 [ 1292.991143][ T9405] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 1293.025236][ T9405] usb 1-1: USB disconnect, device number 21 [ 1295.567895][T23849] sd 0:0:1:0: device reset [ 1301.065616][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1301.093083][T23876] TCP: MD5 Hash mismatch for [fe88::107]:20003->[ff02::1]:20004 L3 index 0 [ 1305.568612][T23918] sd 0:0:1:0: device reset [ 1307.428377][T23950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6432'. [ 1309.535833][T23986] qrtr: Invalid version 0 [ 1313.333858][ T5778] Bluetooth: hci2: command 0x0406 tx timeout [ 1313.586372][T24023] qrtr: Invalid version 0 [ 1314.703153][T24036] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1319.062287][ T9405] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1319.285814][ T9405] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1319.306428][ T9405] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1319.328881][ T9405] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1319.342412][ T9405] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1319.362735][ T9405] usb 7-1: SerialNumber: syz [ 1319.604077][ T9405] usb 7-1: 0:2 : does not exist [ 1319.619370][ T9405] usb 7-1: unit 255 not found! [ 1319.634966][ T9405] usb 7-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1319.662720][ T9405] usb 7-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1319.691886][ T9405] usb 7-1: 5:0: cannot get min/max values for control 5 (id 5) [ 1319.712006][ T9405] usb 7-1: 5:0: cannot get min/max values for control 6 (id 5) [ 1319.735752][ T9405] usb 7-1: 5:0: cannot get min/max values for control 12 (id 5) [ 1319.764709][ T9405] usb 7-1: 5:0: cannot get min/max values for control 15 (id 5) [ 1319.795226][ T9405] usb 7-1: 5:0: cannot get min/max values for control 18 (id 5) [ 1319.881673][ T9405] usb 7-1: USB disconnect, device number 22 [ 1324.422894][T24123] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6504'. [ 1324.554277][T24129] ALSA: seq fatal error: cannot create timer (-22) [ 1330.195421][T24182] syz.0.6522 (24182): drop_caches: 2 [ 1335.249361][T24232] syz.6.6534 (24232): drop_caches: 2 [ 1339.265520][T24263] syz.4.6550 (24263): drop_caches: 2 [ 1343.220389][T24311] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6570'. [ 1347.759153][T24350] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6585'. [ 1347.789420][T24350] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6585'. [ 1354.246758][T22031] Bluetooth: hci0: command 0x0406 tx timeout [ 1361.589419][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.470557][ T9405] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 1362.583839][T24534] sp0: Synchronizing with TNC [ 1362.592871][T24534] [U] [ 1362.661502][ T9405] usb 5-1: Using ep0 maxpacket: 8 [ 1362.671724][ T9405] usb 5-1: config 2 has an invalid interface number: 39 but max is 3 [ 1362.685366][ T9405] usb 5-1: config 2 has an invalid interface number: 171 but max is 3 [ 1362.698328][ T9405] usb 5-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 1362.707353][ T9405] usb 5-1: config 2 has an invalid interface number: 109 but max is 3 [ 1362.720053][ T9405] usb 5-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 1362.728912][ T9405] usb 5-1: config 2 has an invalid interface number: 154 but max is 3 [ 1362.737389][ T9405] usb 5-1: config 2 has an invalid interface number: 94 but max is 3 [ 1362.745626][ T9405] usb 5-1: config 2 has an invalid interface number: 5 but max is 3 [ 1362.755754][ T9405] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1362.766084][ T9405] usb 5-1: config 2 has 6 interfaces, different from the descriptor's value: 4 [ 1362.775200][ T9405] usb 5-1: config 2 has no interface number 0 [ 1362.781527][ T9405] usb 5-1: config 2 has no interface number 1 [ 1362.798398][ T9405] usb 5-1: config 2 has no interface number 2 [ 1362.809222][ T9405] usb 5-1: config 2 has no interface number 3 [ 1362.820894][ T9405] usb 5-1: config 2 has no interface number 4 [ 1362.832826][ T9405] usb 5-1: config 2 interface 39 altsetting 3 bulk endpoint 0x7 has invalid maxpacket 32 [ 1362.845596][ T9405] usb 5-1: config 2 interface 39 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 1362.858143][ T9405] usb 5-1: config 2 interface 39 altsetting 3 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 1362.869338][ T9405] usb 5-1: config 2 interface 39 altsetting 3 endpoint 0xC has invalid wMaxPacketSize 0 [ 1362.879174][ T9405] usb 5-1: config 2 interface 39 altsetting 3 has a duplicate endpoint with address 0xE, skipping [ 1362.890897][ T9405] usb 5-1: config 2 interface 39 altsetting 3 bulk endpoint 0x2 has invalid maxpacket 32 [ 1362.901014][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 1362.911907][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1362.922713][ T9405] usb 5-1: config 2 interface 171 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 64 [ 1362.933302][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1362.945410][ T9405] usb 5-1: config 2 interface 171 altsetting 0 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 1362.957273][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1362.968073][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 1362.978912][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 1362.989737][ T9405] usb 5-1: config 2 interface 171 altsetting 0 endpoint 0xD has invalid maxpacket 62026, setting to 64 [ 1363.004847][ T9405] usb 5-1: config 2 interface 171 altsetting 0 has a duplicate endpoint with address 0xE, skipping [ 1363.015753][ T9405] usb 5-1: config 2 interface 109 altsetting 3 has a duplicate endpoint with address 0x7, skipping [ 1363.027305][ T9405] usb 5-1: config 2 interface 109 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 1363.038097][ T9405] usb 5-1: config 2 interface 109 altsetting 3 has a duplicate endpoint with address 0x1, skipping [ 1363.048810][ T9405] usb 5-1: config 2 interface 109 altsetting 3 has a duplicate endpoint with address 0x2, skipping [ 1363.060024][ T9405] usb 5-1: config 2 interface 109 altsetting 3 has 4 endpoint descriptors, different from the interface descriptor's value: 12 [ 1363.073364][ T9405] usb 5-1: too many endpoints for config 2 interface 154 altsetting 120: 124, using maximum allowed: 30 [ 1363.085540][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has an invalid endpoint with address 0x0, skipping [ 1363.096520][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has a duplicate endpoint with address 0xC, skipping [ 1363.107961][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has a duplicate endpoint with address 0xC, skipping [ 1363.118992][ T9405] usb 5-1: config 2 interface 154 altsetting 120 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 1363.130200][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has an invalid endpoint with address 0x0, skipping [ 1363.141432][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has a duplicate endpoint with address 0xC, skipping [ 1364.155848][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has an invalid endpoint with address 0x80, skipping [ 1364.166804][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has a duplicate endpoint with address 0xB, skipping [ 1364.177740][ T9405] usb 5-1: config 2 interface 154 altsetting 120 has 8 endpoint descriptors, different from the interface descriptor's value: 124 [ 1364.209784][ T9405] usb 5-1: config 2 interface 94 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 1364.223378][ T9405] usb 5-1: config 2 interface 5 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1364.242692][ T9405] usb 5-1: config 2 interface 39 has no altsetting 0 [ 1364.254121][ T9405] usb 5-1: config 2 interface 109 has no altsetting 0 [ 1364.475475][ T9405] usb 5-1: config 2 interface 154 has no altsetting 0 [ 1364.483180][ T9405] usb 5-1: config 2 interface 94 has no altsetting 0 [ 1364.490545][ T9405] usb 5-1: config 2 interface 5 has no altsetting 0 [ 1364.501259][ T9405] usb 5-1: New USB device found, idVendor=eb1a, idProduct=e303, bcdDevice=44.45 [ 1364.510523][ T9405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1364.518529][ T9405] usb 5-1: Product: syz [ 1364.539462][ T9405] usb 5-1: Manufacturer: syz [ 1364.544210][ T9405] usb 5-1: SerialNumber: syz [ 1365.323418][ T9405] usb 5-1: can't set config #2, error -71 [ 1365.575446][ T9405] usb 5-1: USB disconnect, device number 12 [ 1368.465729][ T9405] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1369.527084][ C0] hrtimer: interrupt took 62967 ns [ 1370.138609][ T9405] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1370.167040][ T9405] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB8, skipping [ 1370.210125][ T9405] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1370.239559][ T9405] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1370.266811][ T9405] usb 1-1: Product: syz [ 1370.273328][ T9405] usb 1-1: Manufacturer: syz [ 1370.283519][ T9405] usb 1-1: SerialNumber: syz [ 1370.302697][ T9405] usb 1-1: config 0 descriptor?? [ 1371.046776][ T9405] usb 1-1: USB disconnect, device number 22 [ 1373.753301][T24653] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5) [ 1373.759904][T24653] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1373.794602][T24653] vhci_hcd vhci_hcd.0: Device attached [ 1373.815899][T24655] vhci_hcd: connection closed [ 1373.819457][ T60] vhci_hcd: stop threads [ 1373.844063][ T60] vhci_hcd: release socket [ 1373.850046][ T60] vhci_hcd: disconnect device [ 1374.153787][T24672] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6700'. [ 1374.514794][ T9405] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1374.715648][ T9405] usb 5-1: Using ep0 maxpacket: 16 [ 1374.745647][ T9405] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1374.756598][ T9405] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1374.779436][ T9405] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1374.789171][ T9405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1374.802362][ T9405] usb 5-1: Product: syz [ 1374.825123][ T9405] usb 5-1: Manufacturer: syz [ 1374.854848][ T9405] usb 5-1: SerialNumber: syz [ 1375.241466][ T9405] usb 5-1: 0:2 : does not exist [ 1375.251708][ T9405] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 1375.287497][ T9405] usb 5-1: USB disconnect, device number 13 [ 1375.793933][T10170] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1375.973772][T10170] usb 7-1: Using ep0 maxpacket: 16 [ 1375.984429][T10170] usb 7-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 1375.994826][T10170] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1376.024306][T10170] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1376.033820][T10170] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1376.045973][T10170] usb 7-1: Product: syz [ 1376.050248][T10170] usb 7-1: Manufacturer: syz [ 1376.056502][T10170] usb 7-1: SerialNumber: syz [ 1376.277693][T10170] usb 7-1: 0:2 : does not exist [ 1376.296655][T10170] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 1376.354903][T10170] usb 7-1: USB disconnect, device number 23 [ 1376.461152][T24707] Bluetooth: MGMT ver 1.22 [ 1378.899266][ T28] audit: type=1326 audit(4291403933.886:6234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24734 comm="syz.5.6725" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb5d0d8f749 code=0x0 [ 1380.301638][ T9405] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 1380.501507][ T9405] usb 7-1: Using ep0 maxpacket: 16 [ 1380.513907][ T9405] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 1380.531554][ T9405] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1380.551503][ T9405] usb 7-1: config 0 has no interface number 0 [ 1380.561042][ T9405] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1380.580414][ T9405] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1380.588523][ T9405] usb 7-1: Product: syz [ 1380.592828][ T9405] usb 7-1: Manufacturer: syz [ 1380.597460][ T9405] usb 7-1: SerialNumber: syz [ 1380.653686][ T9405] usb 7-1: config 0 descriptor?? [ 1380.674216][ T9405] usb 7-1: Found UVC 0.00 device syz (046d:08f3) [ 1380.680636][ T9405] usb 7-1: No valid video chain found. [ 1381.661382][ T5771] usb 7-1: USB disconnect, device number 24 [ 1382.171066][T22048] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1382.360658][T22048] usb 1-1: Using ep0 maxpacket: 8 [ 1383.980071][T22048] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1383.995742][T22048] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1384.016049][T22048] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1384.039710][T22048] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1384.049506][T22048] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1384.064355][T22048] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1384.079727][T22048] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1384.105523][T22048] usb 1-1: config 0 descriptor?? [ 1384.848976][ T9405] usb 1-1: USB disconnect, device number 23 [ 1385.893441][T24814] IPv6: addrconf: prefix option has invalid lifetime [ 1385.900701][ T28] audit: type=1326 audit(4291403940.879:6235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1385.923137][ C0] vkms_vblank_simulate: vblank timer overrun [ 1385.987998][ T28] audit: type=1326 audit(4291403940.879:6236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.157703][ T28] audit: type=1326 audit(4291403940.879:6237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.260778][ T28] audit: type=1326 audit(4291403940.879:6238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f10f4b8f783 code=0x7ffc0000 [ 1386.283648][ T28] audit: type=1326 audit(4291403940.879:6239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f10f4b8f783 code=0x7ffc0000 [ 1386.305926][ C0] vkms_vblank_simulate: vblank timer overrun [ 1386.313149][ T28] audit: type=1326 audit(4291403940.879:6240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.335722][ C0] vkms_vblank_simulate: vblank timer overrun [ 1386.342550][ T28] audit: type=1326 audit(4291403940.879:6241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.402015][ T28] audit: type=1326 audit(4291403940.879:6242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.555685][ T28] audit: type=1326 audit(4291403940.879:6243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1386.578651][ T28] audit: type=1326 audit(4291403940.879:6244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24815 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f4b8f749 code=0x7ffc0000 [ 1387.415191][T24832] tmpfs: Bad value for 'mpol' [ 1390.806491][T24871] 9pnet_virtio: no channels available for device syz [ 1391.666710][T24872] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1394.475432][T24895] loop6: detected capacity change from 0 to 7 [ 1394.503881][T24895] Dev loop6: unable to read RDB block 7 [ 1394.513358][T24895] loop6: unable to read partition table [ 1394.533834][T24895] loop6: partition table beyond EOD, truncated [ 1394.543744][T24895] loop_reread_partitions: partition scan of loop6 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1399.298344][T24949] netlink: 'syz.0.6792': attribute type 10 has an invalid length. [ 1405.938271][T25032] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6811'. [ 1407.053298][T25060] sd 0:0:1:0: device reset [ 1407.983444][T25068] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6823'. [ 1411.085837][T25111] netlink: 'syz.5.6841': attribute type 1 has an invalid length. [ 1411.312937][T25111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6841'. [ 1412.730343][ T5778] Bluetooth: hci1: unexpected event for opcode 0x1405 [ 1412.745369][T25099] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 1412.950376][T25099] usb 7-1: Using ep0 maxpacket: 8 [ 1413.000111][T25099] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1413.038672][T25099] usb 7-1: config 16 has an invalid interface number: 203 but max is 0 [ 1413.050195][T25099] usb 7-1: config 16 has no interface number 0 [ 1413.059087][T25099] usb 7-1: New USB device found, idVendor=2c7c, idProduct=0122, bcdDevice=89.dc [ 1413.072242][T25099] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1413.084262][T25099] usb 7-1: Product: syz [ 1413.091659][T25099] usb 7-1: Manufacturer: syz [ 1413.096774][T25099] usb 7-1: SerialNumber: syz [ 1413.284041][T25164] tmpfs: Bad value for 'mpol' [ 1414.078779][T25099] qmi_wwan: probe of 7-1:16.203 failed with error -22 [ 1414.100015][T25099] usb 7-1: USB disconnect, device number 25 [ 1417.213495][T10170] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 1417.523058][T10170] usb 7-1: Using ep0 maxpacket: 16 [ 1417.530071][T10170] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 1417.539245][T10170] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.318491][T10170] usb 7-1: config 0 descriptor?? [ 1418.327093][T10170] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 1420.060353][T10170] usb 7-1: Detected FT232A [ 1420.078244][T10170] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1420.108111][T10170] usb 7-1: USB disconnect, device number 26 [ 1420.132458][T10170] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1420.351112][T10170] ftdi_sio 7-1:0.0: device disconnected [ 1435.634374][T25358] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6925'. [ 1437.864821][T25372] loop9: detected capacity change from 0 to 7 [ 1437.952174][T25372] loop9: [POWERTEC] [ 1439.076733][T25099] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 1439.330865][T25099] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1439.755604][T25099] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1439.872921][T25099] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1439.934352][T25099] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1440.232762][ T9405] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1440.431621][ T9405] usb 5-1: Using ep0 maxpacket: 32 [ 1440.468668][ T9405] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1440.684214][ T9405] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1440.704733][ T9405] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1440.715437][ T9405] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1440.727133][ T9405] usb 5-1: config 0 descriptor?? [ 1442.412478][T25099] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71 [ 1442.450529][T25099] stv0680 7-1:4.0: STV(e): camera ping failed!! [ 1442.470671][T25099] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 1442.478924][T25099] stv0680 7-1:4.0: last error: 0, command = 0x0 [ 1442.503789][ T9405] savu 0003:1E7D:2D5A.000F: unknown main item tag 0x0 [ 1442.527025][ T9405] savu 0003:1E7D:2D5A.000F: unknown main item tag 0x0 [ 1442.550484][T25099] usb 7-1: USB disconnect, device number 27 [ 1442.563551][ T9405] savu 0003:1E7D:2D5A.000F: unknown main item tag 0x0 [ 1442.744070][ T9405] savu 0003:1E7D:2D5A.000F: unknown main item tag 0x0 [ 1442.779495][ T9405] savu 0003:1E7D:2D5A.000F: unknown main item tag 0x0 [ 1442.864145][ T9405] savu 0003:1E7D:2D5A.000F: unbalanced collection at end of report description [ 1442.967463][ T9405] savu 0003:1E7D:2D5A.000F: parse failed [ 1443.029315][ T9405] savu: probe of 0003:1E7D:2D5A.000F failed with error -22 [ 1443.257261][ T9405] usb 5-1: USB disconnect, device number 14 [ 1447.596949][T22031] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1447.613014][T22031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1447.621933][T22031] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1447.630652][T22031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1447.639888][T22031] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1447.647261][T22031] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1449.213588][T25174] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1449.808820][T22031] Bluetooth: hci0: command tx timeout [ 1450.434010][T25174] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1450.693479][T25174] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1451.860701][T22031] Bluetooth: hci0: command tx timeout [ 1451.916028][T25174] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1453.945151][T22031] Bluetooth: hci0: command tx timeout [ 1454.050468][T25430] chnl_net:caif_netlink_parms(): no params data found [ 1456.515038][ T5778] Bluetooth: hci0: command tx timeout [ 1457.093612][T25430] bridge0: port 1(bridge_slave_0) entered blocking state [ 1457.101983][T25430] bridge0: port 1(bridge_slave_0) entered disabled state [ 1457.114344][T25430] bridge_slave_0: entered allmulticast mode [ 1457.144379][T25430] bridge_slave_0: entered promiscuous mode [ 1457.165085][T25430] bridge0: port 2(bridge_slave_1) entered blocking state [ 1457.172255][T25430] bridge0: port 2(bridge_slave_1) entered disabled state [ 1457.212649][T25430] bridge_slave_1: entered allmulticast mode [ 1457.220960][T25430] bridge_slave_1: entered promiscuous mode [ 1457.339602][T25430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1457.507606][T25430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1457.832052][T25430] team0: Port device team_slave_0 added [ 1457.958532][T25430] team0: Port device team_slave_1 added [ 1459.808347][T25430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1459.815665][T25430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1459.872154][T25430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1460.881718][T25430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1460.888731][T25430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1460.914664][ C0] vkms_vblank_simulate: vblank timer overrun [ 1461.377484][T25430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1464.068369][T25517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6966'. [ 1464.094107][T25430] hsr_slave_0: entered promiscuous mode [ 1464.120328][T25430] hsr_slave_1: entered promiscuous mode [ 1464.137662][T25430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1464.156684][T25430] Cannot create hsr debugfs directory [ 1466.474659][T25532] kvm: MONITOR instruction emulated as NOP! [ 1466.853677][T25174] hsr_slave_0: left promiscuous mode [ 1466.875317][T25174] hsr_slave_1: left promiscuous mode [ 1466.892110][T25174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1466.908347][T25174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1466.916449][T25174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1466.934279][T25174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1466.983686][T25174] bridge_slave_1: left allmulticast mode [ 1467.033326][T25174] bridge_slave_1: left promiscuous mode [ 1467.048693][T25174] bridge0: port 2(bridge_slave_1) entered disabled state [ 1467.083852][T25174] bridge_slave_0: left allmulticast mode [ 1467.098200][T25174] bridge_slave_0: left promiscuous mode [ 1467.103984][T25174] bridge0: port 1(bridge_slave_0) entered disabled state [ 1468.267992][T25174] veth1_macvtap: left promiscuous mode [ 1468.274022][T25174] veth0_macvtap: left promiscuous mode [ 1468.287907][T25174] veth1_vlan: left promiscuous mode [ 1468.293420][T25174] veth0_vlan: left promiscuous mode [ 1468.428220][ T787] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 1468.658357][ T787] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 1468.707417][ T787] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1468.717325][ T787] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1468.757470][ T787] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1468.775428][ T787] usb 5-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 1468.824174][ T787] usb 5-1: Product: syz [ 1468.835593][ T787] usb 5-1: Manufacturer: syz [ 1468.848353][T22031] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1468.859558][T22031] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1468.869600][T22031] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1468.878119][T22031] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1468.885562][ T787] usb 5-1: SerialNumber: syz [ 1468.890720][T22031] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1468.899589][T22031] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1468.909454][ T787] usb 5-1: config 0 descriptor?? [ 1468.915087][T25542] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1469.395497][ T787] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 1470.966562][ T5778] Bluetooth: hci1: command tx timeout [ 1471.881511][T25174] team0 (unregistering): Port device team_slave_1 removed [ 1474.115814][ T5778] Bluetooth: hci1: command tx timeout [ 1474.150524][T25174] team0 (unregistering): Port device team_slave_0 removed [ 1474.261802][T25174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1474.426598][T25174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1476.833381][T22031] Bluetooth: hci1: command tx timeout [ 1477.473949][T25174] bond0 (unregistering): Released all slaves [ 1477.641856][T25430] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1477.673131][T25430] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1477.673291][ T787] usb 5-1: USB disconnect, device number 15 [ 1477.700203][T25430] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1477.716556][T25430] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1477.972215][T25594] netlink: 40 bytes leftover after parsing attributes in process `syz.6.6991'. [ 1478.116817][T25430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1478.247610][T25430] 8021q: adding VLAN 0 to HW filter on device team0 [ 1478.869097][T25182] bridge0: port 1(bridge_slave_0) entered blocking state [ 1478.876366][T25182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1478.902458][T22031] Bluetooth: hci1: command tx timeout [ 1478.935805][T16633] bridge0: port 2(bridge_slave_1) entered blocking state [ 1478.943014][T16633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1479.013160][T25604] Device name cannot be null; rc = [-22] [ 1479.271298][T25545] chnl_net:caif_netlink_parms(): no params data found [ 1479.971482][T25174] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.825478][T25174] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.041437][T25174] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.437776][T25174] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.596949][T25545] bridge0: port 1(bridge_slave_0) entered blocking state [ 1482.847811][T25545] bridge0: port 1(bridge_slave_0) entered disabled state [ 1482.900451][T25545] bridge_slave_0: entered allmulticast mode [ 1482.922389][T25545] bridge_slave_0: entered promiscuous mode [ 1482.953655][T25545] bridge0: port 2(bridge_slave_1) entered blocking state [ 1482.970390][T25545] bridge0: port 2(bridge_slave_1) entered disabled state [ 1482.987898][T25545] bridge_slave_1: entered allmulticast mode [ 1482.999829][T25545] bridge_slave_1: entered promiscuous mode [ 1483.049630][T25430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1483.186372][T25545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1483.204982][T25545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1483.306403][T25545] team0: Port device team_slave_0 added [ 1483.438931][T25174] tipc: Left network mode [ 1483.479702][T25545] team0: Port device team_slave_1 added [ 1484.218390][T25545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1484.246200][T25545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1484.272135][ C0] vkms_vblank_simulate: vblank timer overrun [ 1484.297008][T25545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1484.409696][ T787] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 1484.421037][T25545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1484.428168][T25545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1484.454137][ C0] vkms_vblank_simulate: vblank timer overrun [ 1484.467134][T25545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1484.626173][T25545] hsr_slave_0: entered promiscuous mode [ 1484.636054][T25545] hsr_slave_1: entered promiscuous mode [ 1485.326845][T25430] veth0_vlan: entered promiscuous mode [ 1485.448273][T25430] veth1_vlan: entered promiscuous mode [ 1485.475401][ T787] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1485.510220][ T787] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1485.527107][ T787] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1485.536606][ T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1485.555918][ T787] usb 5-1: config 0 descriptor?? [ 1485.582824][ T787] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1485.597975][ T787] dvb-usb: bulk message failed: -22 (3/0) [ 1485.627176][ T787] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1485.674452][ T787] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1485.682825][ T787] usb 5-1: media controller created [ 1485.692344][ T787] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1485.715568][ T787] dvb-usb: bulk message failed: -22 (6/0) [ 1485.729456][ T787] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1485.766114][ T787] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 1485.811985][ T787] dvb-usb: schedule remote query interval to 150 msecs. [ 1485.824198][ T787] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1485.834361][ T787] usb 5-1: USB disconnect, device number 16 [ 1485.929614][ T787] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1486.051143][T25174] IPVS: stopping backup sync thread 20987 ... [ 1486.054829][T25430] veth0_macvtap: entered promiscuous mode [ 1486.106054][T25430] veth1_macvtap: entered promiscuous mode [ 1486.160813][T25430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1486.174274][T25430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.205836][T25430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1486.217305][T25430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.243992][T25430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1486.374409][T25430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1486.423064][T25430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.437943][T25430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1486.468635][T25430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.492980][T25430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1486.878215][ C0] vkms_vblank_simulate: vblank timer overrun [ 1488.041032][T25430] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.049945][T25430] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.059926][T25430] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.068872][T25430] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1488.212583][T25174] hsr_slave_0: left promiscuous mode [ 1488.234617][T25174] hsr_slave_1: left promiscuous mode [ 1488.258166][T25174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1488.273397][T25174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1488.283744][T25174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1488.306192][T25174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1488.324785][T25174] bridge_slave_1: left allmulticast mode [ 1488.340842][T25174] bridge_slave_1: left promiscuous mode [ 1488.356980][T25174] bridge0: port 2(bridge_slave_1) entered disabled state [ 1488.381599][T25174] bridge_slave_0: left allmulticast mode [ 1488.397629][T25174] bridge_slave_0: left promiscuous mode [ 1488.403476][T25174] bridge0: port 1(bridge_slave_0) entered disabled state [ 1488.488426][T25174] veth1_macvtap: left promiscuous mode [ 1488.494047][T25174] veth0_macvtap: left promiscuous mode [ 1488.504863][T25174] veth1_vlan: left promiscuous mode [ 1488.510731][T25174] veth0_vlan: left promiscuous mode [ 1491.459162][T25174] team0 (unregistering): Port device team_slave_1 removed [ 1491.562309][T25174] team0 (unregistering): Port device team_slave_0 removed [ 1491.628943][T25174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1491.692873][T25174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1492.377099][T25174] bond0 (unregistering): Released all slaves [ 1492.477024][T25682] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.7011'. [ 1493.015135][ C0] vkms_vblank_simulate: vblank timer overrun [ 1493.143239][ C0] vkms_vblank_simulate: vblank timer overrun [ 1493.205075][ C0] vkms_vblank_simulate: vblank timer overrun [ 1493.245557][ C0] vkms_vblank_simulate: vblank timer overrun [ 1493.295000][ C0] vkms_vblank_simulate: vblank timer overrun [ 1493.347943][ C0] vkms_vblank_simulate: vblank timer overrun [ 1494.439334][T25545] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1494.491206][T25010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1494.513130][T25010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1494.529672][T25545] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1494.587098][T25545] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1494.614108][T25545] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1494.781829][T25175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1494.814665][T25175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1494.994324][T25545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1495.058746][T25545] 8021q: adding VLAN 0 to HW filter on device team0 [ 1495.109176][T25175] bridge0: port 1(bridge_slave_0) entered blocking state [ 1495.116406][T25175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1495.177880][T25174] bridge0: port 2(bridge_slave_1) entered blocking state [ 1495.185175][T25174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1495.564341][T19249] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1495.598255][T25545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1495.679270][T25545] veth0_vlan: entered promiscuous mode [ 1495.711153][T25545] veth1_vlan: entered promiscuous mode [ 1495.762568][T25545] veth0_macvtap: entered promiscuous mode [ 1495.781636][T25545] veth1_macvtap: entered promiscuous mode [ 1495.812195][T25545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.823810][T25545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.833957][T25545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.844462][T25545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.855845][T25545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1495.871329][T25545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.882052][T25545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.901775][T25545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1496.004733][T25545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.117429][T25545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1496.367975][T25545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.458441][T25545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.474470][T25545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.488892][T25545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.773919][T16633] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1496.795412][T16633] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1496.820058][T19249] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1496.846179][T19249] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1496.858890][T19249] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1496.867467][T19249] usb 5-1: Product: syz [ 1496.871686][T19249] usb 5-1: Manufacturer: syz [ 1498.243841][T19249] usb 5-1: SerialNumber: syz [ 1498.390960][T25175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.399945][T25175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.440726][T19249] usb 5-1: can't set config #2, error -71 [ 1498.486698][T19249] usb 5-1: USB disconnect, device number 17 [ 1510.146882][ T5778] Bluetooth: hci4: command 0x0406 tx timeout [ 1512.255618][T22046] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1512.511017][T22046] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1512.610692][T22046] usb 5-1: config 0 has no interface number 0 [ 1512.650242][T22046] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1512.734633][T22046] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.775414][T22046] usb 5-1: Product: syz [ 1512.780547][T22046] usb 5-1: Manufacturer: syz [ 1512.805420][T22046] usb 5-1: SerialNumber: syz [ 1512.824828][T22046] usb 5-1: config 0 descriptor?? [ 1513.055928][T22046] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1513.115955][T22046] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1513.158851][T22046] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1513.215353][T22046] usb 5-1: media controller created [ 1513.507065][T22046] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1514.533763][T22046] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 1515.722839][T22046] usb 5-1: USB disconnect, device number 18 [ 1516.763544][ T9405] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1517.165281][ T9405] usb 1-1: Using ep0 maxpacket: 16 [ 1517.255555][ T9405] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1517.338480][ T9405] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1517.480919][ T9405] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1517.650669][ T9405] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1517.842827][ T9405] usb 1-1: Product: syz [ 1517.853028][ T9405] usb 1-1: Manufacturer: syz [ 1517.857898][ T9405] usb 1-1: SerialNumber: syz [ 1518.108698][ T9405] usb 1-1: 0:2 : does not exist [ 1518.143137][ T9405] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1518.252877][ T9405] usb 1-1: USB disconnect, device number 24 [ 1530.564639][T25961] kvm: kvm [25958]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x64 [ 1530.602175][T25961] kvm: kvm [25958]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2900 [ 1536.046507][T26024] kvm: kvm [26022]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x64 [ 1536.075094][T26024] kvm: kvm [26022]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2900 [ 1547.987845][T25099] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 1548.169688][T25099] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1548.216593][T25099] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1548.298738][T25099] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1548.347523][T25099] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1548.355594][T25099] usb 7-1: SerialNumber: syz [ 1548.898998][T25099] usb 7-1: 0:2 : does not exist [ 1549.333243][T25099] usb 7-1: USB disconnect, device number 28 [ 1570.466506][ T787] usb 7-1: new full-speed USB device number 29 using dummy_hcd [ 1570.892133][ T787] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1570.916466][ T787] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1570.935798][ T787] usb 7-1: config 0 descriptor?? [ 1570.946562][ T787] cp210x 7-1:0.0: cp210x converter detected [ 1572.627122][ T787] usb 7-1: cp210x converter now attached to ttyUSB0 [ 1572.787255][T25099] usb 7-1: USB disconnect, device number 29 [ 1572.808876][T25099] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1572.827753][T25099] cp210x 7-1:0.0: device disconnected [ 1575.227569][ T5778] Bluetooth: hci0: command 0x0406 tx timeout [ 1584.024847][T26361] mkiss: ax0: crc mode is auto. [ 1590.879655][T26421] delete_channel: no stack [ 1592.441663][T26426] mkiss: ax0: crc mode is auto. [ 1594.279981][T22031] Bluetooth: hci1: command 0x0406 tx timeout [ 1598.341109][T26480] comedi: No check for data length of config insn id 3 is implemented [ 1598.367597][T26480] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 1598.386550][T26480] comedi: Assuming n=95 is correct [ 1611.599517][T26553] netlink: 10 bytes leftover after parsing attributes in process `syz.0.7281'. [ 1614.217256][ T5778] Bluetooth: hci1: unexpected event for opcode 0x0419 [ 1618.303067][ T5778] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1618.392457][ T5778] Bluetooth: hci1: Injecting HCI hardware error event [ 1618.415048][T22031] Bluetooth: hci1: hardware error 0x00 [ 1620.574351][T22031] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1621.440126][T26629] netlink: 277 bytes leftover after parsing attributes in process `syz.7.7301'. [ 1622.539885][T26642] ------------[ cut here ]------------ [ 1622.545652][T26642] WARNING: CPU: 1 PID: 26642 at mm/page_alloc.c:4433 __alloc_pages+0x2de/0x460 [ 1622.554783][T26642] Modules linked in: [ 1622.558704][T26642] CPU: 1 PID: 26642 Comm: syz.7.7312 Not tainted syzkaller #0 [ 1622.566459][T26642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1622.579463][T26642] RIP: 0010:__alloc_pages+0x2de/0x460 [ 1622.585770][T26642] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 fe a1 63 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff [ 1622.605655][T26642] RSP: 0018:ffffc9000cf97a00 EFLAGS: 00010246 [ 1622.611943][T26642] RAX: ffffc9000cf97a00 RBX: 1ffff920019f2f44 RCX: 0000000000000000 [ 1622.620127][T26642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000cf97a68 [ 1622.628228][T26642] RBP: ffffc9000cf97b00 R08: ffffc9000cf97a67 R09: 0000000000000000 [ 1622.636262][T26642] R10: ffffc9000cf97a40 R11: fffff520019f2f4d R12: 0000000000000012 [ 1622.644283][T26642] R13: 0000000000000000 R14: 0000000000040cc0 R15: dffffc0000000000 [ 1622.652350][T26642] FS: 00007fb7094716c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1622.661655][T26642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1622.668304][T26642] CR2: 000000110c4553ac CR3: 000000006627d000 CR4: 00000000003506e0 [ 1622.676386][T26642] Call Trace: [ 1622.679694][T26642] [ 1622.682712][T26642] ? zone_statistics+0x170/0x170 [ 1622.687712][T26642] ? __might_fault+0xaa/0x120 [ 1622.692446][T26642] ? __lock_acquire+0x7c80/0x7c80 [ 1622.697541][T26642] __kmalloc_large_node+0x8c/0x1e0 [ 1622.702753][T26642] ? raw_ioctl+0x19b0/0x3b70 [ 1622.707448][T26642] __kmalloc+0x111/0x240 [ 1622.711772][T26642] raw_ioctl+0x19b0/0x3b70 [ 1622.716236][T26642] ? tomoyo_path_number_perm+0x480/0x590 [ 1622.722468][T26642] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1622.727993][T26642] ? make_qualifier+0x250/0x250 [ 1622.732998][T26642] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1622.739026][T26642] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1622.745134][T26642] ? trace_irq_disable+0x37/0xe0 [ 1622.750139][T26642] ? lock_chain_count+0x20/0x20 [ 1622.755154][T26642] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1622.760903][T26642] ? lockdep_hardirqs_on+0x98/0x150 [ 1622.766191][T26642] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1622.771933][T26642] ? make_qualifier+0x250/0x250 [ 1622.776843][T26642] ? __se_sys_ioctl+0xf1/0x170 [ 1622.781768][T26642] ? make_qualifier+0x250/0x250 [ 1622.786656][T26642] __se_sys_ioctl+0xfd/0x170 [ 1622.791345][T26642] do_syscall_64+0x55/0xb0 [ 1622.795794][T26642] ? clear_bhb_loop+0x40/0x90 [ 1622.800553][T26642] ? clear_bhb_loop+0x40/0x90 [ 1622.805262][T26642] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1622.811234][T26642] RIP: 0033:0x7fb70858f749 [ 1622.815677][T26642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1622.835534][T26642] RSP: 002b:00007fb709471038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1622.844102][T26642] RAX: ffffffffffffffda RBX: 00007fb7087e5fa0 RCX: 00007fb70858f749 [ 1622.852142][T26642] RDX: 0000200000000140 RSI: 00000000c0085504 RDI: 0000000000000004 [ 1622.860266][T26642] RBP: 00007fb708613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1622.868268][T26642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1622.876333][T26642] R13: 00007fb7087e6038 R14: 00007fb7087e5fa0 R15: 00007ffe511ae068 [ 1622.884411][T26642] [ 1622.887476][T26642] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1622.894776][T26642] CPU: 1 PID: 26642 Comm: syz.7.7312 Not tainted syzkaller #0 [ 1622.902280][T26642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1622.912346][T26642] Call Trace: [ 1622.915638][T26642] [ 1622.918591][T26642] dump_stack_lvl+0x16c/0x230 [ 1622.923296][T26642] ? show_regs_print_info+0x20/0x20 [ 1622.928505][T26642] ? load_image+0x3b0/0x3b0 [ 1622.933083][T26642] panic+0x2c0/0x710 [ 1622.937048][T26642] ? bpf_jit_dump+0xd0/0xd0 [ 1622.941581][T26642] __warn+0x2e0/0x470 [ 1622.945612][T26642] ? __alloc_pages+0x2de/0x460 [ 1622.950416][T26642] ? __alloc_pages+0x2de/0x460 [ 1622.955200][T26642] report_bug+0x2be/0x4f0 [ 1622.959554][T26642] ? __alloc_pages+0x2de/0x460 [ 1622.964329][T26642] ? __alloc_pages+0x2de/0x460 [ 1622.969103][T26642] ? __alloc_pages+0x2e0/0x460 [ 1622.973873][T26642] handle_bug+0xcf/0x120 [ 1622.978151][T26642] exc_invalid_op+0x1a/0x50 [ 1622.982678][T26642] asm_exc_invalid_op+0x1a/0x20 [ 1622.987546][T26642] RIP: 0010:__alloc_pages+0x2de/0x460 [ 1622.992944][T26642] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 fe a1 63 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff [ 1623.012562][T26642] RSP: 0018:ffffc9000cf97a00 EFLAGS: 00010246 [ 1623.018645][T26642] RAX: ffffc9000cf97a00 RBX: 1ffff920019f2f44 RCX: 0000000000000000 [ 1623.026622][T26642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000cf97a68 [ 1623.034597][T26642] RBP: ffffc9000cf97b00 R08: ffffc9000cf97a67 R09: 0000000000000000 [ 1623.042591][T26642] R10: ffffc9000cf97a40 R11: fffff520019f2f4d R12: 0000000000000012 [ 1623.050577][T26642] R13: 0000000000000000 R14: 0000000000040cc0 R15: dffffc0000000000 [ 1623.058570][T26642] ? zone_statistics+0x170/0x170 [ 1623.063542][T26642] ? __might_fault+0xaa/0x120 [ 1623.068261][T26642] ? __lock_acquire+0x7c80/0x7c80 [ 1623.073299][T26642] __kmalloc_large_node+0x8c/0x1e0 [ 1623.078434][T26642] ? raw_ioctl+0x19b0/0x3b70 [ 1623.083037][T26642] __kmalloc+0x111/0x240 [ 1623.087299][T26642] raw_ioctl+0x19b0/0x3b70 [ 1623.091735][T26642] ? tomoyo_path_number_perm+0x480/0x590 [ 1623.097391][T26642] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1623.102903][T26642] ? make_qualifier+0x250/0x250 [ 1623.107764][T26642] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1623.113765][T26642] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1623.119756][T26642] ? trace_irq_disable+0x37/0xe0 [ 1623.124717][T26642] ? lock_chain_count+0x20/0x20 [ 1623.129580][T26642] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1623.135225][T26642] ? lockdep_hardirqs_on+0x98/0x150 [ 1623.140428][T26642] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1623.146073][T26642] ? make_qualifier+0x250/0x250 [ 1623.150938][T26642] ? __se_sys_ioctl+0xf1/0x170 [ 1623.155714][T26642] ? make_qualifier+0x250/0x250 [ 1623.160574][T26642] __se_sys_ioctl+0xfd/0x170 [ 1623.165183][T26642] do_syscall_64+0x55/0xb0 [ 1623.169668][T26642] ? clear_bhb_loop+0x40/0x90 [ 1623.174357][T26642] ? clear_bhb_loop+0x40/0x90 [ 1623.179053][T26642] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1623.184962][T26642] RIP: 0033:0x7fb70858f749 [ 1623.189391][T26642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1623.209002][T26642] RSP: 002b:00007fb709471038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1623.217431][T26642] RAX: ffffffffffffffda RBX: 00007fb7087e5fa0 RCX: 00007fb70858f749 [ 1623.225452][T26642] RDX: 0000200000000140 RSI: 00000000c0085504 RDI: 0000000000000004 [ 1623.233429][T26642] RBP: 00007fb708613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1623.241407][T26642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1623.249383][T26642] R13: 00007fb7087e6038 R14: 00007fb7087e5fa0 R15: 00007ffe511ae068 [ 1623.257377][T26642] [ 1623.260704][T26642] Kernel Offset: disabled [ 1623.265068][T26642] Rebooting in 86400 seconds..