last executing test programs: 14.293936995s ago: executing program 4 (id=1448): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) splice(r5, 0x0, r3, 0x0, 0x1e8640, 0x0) 13.974092096s ago: executing program 1 (id=1450): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) epoll_create(0x6) r3 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180), 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x3) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 13.232327229s ago: executing program 4 (id=1451): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4084}, 0x4000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000200)={0x0, 0x2}, &(0x7f0000000240)=0x8) 12.437205013s ago: executing program 1 (id=1454): openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syslog(0x4, &(0x7f0000002000)=""/245, 0xf5) 12.400903006s ago: executing program 4 (id=1455): close(0x3) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) modify_ldt$write(0x1, 0x0, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x1e9000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) 9.270029588s ago: executing program 1 (id=1463): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0xcf, &(0x7f0000000040)=ANY=[], 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff) chmod(&(0x7f0000000140)='./file0\x00', 0x0) 8.060551736s ago: executing program 1 (id=1468): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55) 7.441962767s ago: executing program 3 (id=1469): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x8000}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x12, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40, 0x0, 0x0, 0x2000000}]) dup3(r2, r0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x5, 0x24, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, 0x0, 0x4000050) 6.980190737s ago: executing program 1 (id=1471): r0 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r0, &(0x7f0000ff6000/0x4000)=nil, 0x400c) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) gettid() syz_usb_control_io(r1, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x12, 0x7, {0x7, 0x1, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x20, 0xb}, 0x0, 0x0, 0x0, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x800, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000180)) ioctl$HIDIOCGFEATURE(r2, 0xc0404807, &(0x7f0000000080)={0x9, "f3514236b22af193f97d6eeda96a7d6522ab7e935c7beacd659eaec9627e39ced18b6993686036893d26272074e39a2e315ac47935e472d25025e8111fbd7132"}) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ff7000/0x2000)=nil) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x10) 6.969122688s ago: executing program 4 (id=1472): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r3, &(0x7f00000008c0)=[{&(0x7f0000000340)='9', 0x1}], 0x1) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) recvmmsg(r2, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) 6.342967735s ago: executing program 2 (id=1474): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-des3_ede-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, 0x0, 0x0, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) 5.66547513s ago: executing program 3 (id=1476): socket$kcm(0x29, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x3) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$netlink(0x10, 0x3, 0xf) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000), 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x80200) r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) ioctl$IMADDTIMER(r3, 0x80044940, &(0x7f0000000280)=0x14) read(r3, &(0x7f00000019c0)=""/4097, 0x1001) syz_open_dev$cec(&(0x7f0000000180), 0x0, 0x40a04) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) pipe2$watch_queue(&(0x7f00000003c0), 0x80) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xb7, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x90}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x47, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x158, 0x500b, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00', {}, {}, 0x21, 0x0, 0x41}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@pkttype={{0x28}, {0x5, 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@unspec=@cluster={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) gettid() ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) add_key$keyring(0x0, &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff) 5.66457732s ago: executing program 2 (id=1477): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000005c0)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000019100)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f00000329c0)=""/102376, 0x18fe8) write$sndseq(0xffffffffffffffff, 0x0, 0x0) fanotify_init(0x8, 0x80000) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r1, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) 5.634430535s ago: executing program 0 (id=1478): socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f0000000340)={0x0, 0x7079, 0x0, 0x14, 0xce, 0x0, r1}, &(0x7f0000000140), 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x80}, 0x1c) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440), 0x10) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r4 = accept4$unix(r2, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/72, 0x4c}], 0x29, 0x0, 0xfffffed5}, 0x0) 5.44638924s ago: executing program 4 (id=1479): syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="120100027a1b5c2002040256717b0102030109021200010702200409042502003b524201dd54149b16f7038cfdd46718c9412dcffb16b34291a5f24cca501e94c7a9b45288ac382466bea618c4a57a3b259995638d4385aa0f6e74cbb6b42d42831fd00ca41ffc473eb272f3d5fed241ea08f1e865145fa11fa5b92df440f2529065741f7d47863ee56f739eb1469932c5e20d1878195007d3996b67c24e85b885ea991b3cc343653961ce43dcc947"], 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000240), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0}) 4.866242967s ago: executing program 0 (id=1480): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x9, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019000100000000f7ffffff00e00000020000000000000000000000000000000000000000000000000000000000000000000000000a0000002900", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000700000000000000000000000000000000000000000000000200000000000000ffffffffffffffff"], 0xb8}}, 0x4004) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.857632731s ago: executing program 3 (id=1481): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x41, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x80000004, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.57953791s ago: executing program 0 (id=1482): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x8912, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4.578354572s ago: executing program 2 (id=1483): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1a000}}, 0x40) r0 = socket(0x40000000015, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r2) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000019100)) memfd_create(&(0x7f0000000000)='\t^\x1ax1\xc7\xbe\xa1\xc6F\xfa\x9cq\xb1w&\xdfP\xba\xdf\xf9F\xc1\xd4x\xaa\x92~srQ\xeaS\x88\xad\xd1Js\\\xb2\xc5\xed\xe8\x7f\xdc(\x01\xcey\xc7\x15?\n\xad\xe7R\x9e\xe1K\xfd\xc95f@O}\\\xdd\xca!;\xf38\'D9\xcb\xda\xa1\xc1p\xd4)\x18x\x17\xab7\x06\x9f\xe3X\v\xf2\xcc\x05\xb4( m\xde\x0f\xf3\xf8\x1b\vW\x00\x90\x01\xfe\x1e<\xabL-3\xe6\x81V\x8d3\x1b$\x0e\x00\x00\x00\x00\x00\x00\x94&\xac\x88\x95\xff\xda\x14d\xcbx\bx\x95\xab\xcb@\x8d\xa0\xe4I\xff\x87\x90\xd9\x89O\x98\x90\x86\xff\xcc\xc1\xf5\r\xea\x19c\xba\xa9\"d$\x01h\x0f&/B\xa5\x18%\xc7\x00\x17\x00\x00sH\xc7ex#\xb0\xe4\x1b\xce\x0f\xear,-\n\xe6gB#\x8ch=:F$\xe6\x87\xf0AF\xd5\x84c\xd5\xd5(\xb3\xac\x9b\x80\x81y\xf1\a\x0f \xbb\xfa\xd3\x88\xad=5J\x13>u\x8c\x00\x00\x00\x00\xff\xff\xff\xff\xb8~\xaa-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\xdf\xcf\b\x9f\xb6\xf2\x84\xbag\xe5.\xe4\x1f\xb3\xf4\xc6\xad\x06\x1btb\"\x87\x0f\xd7\xf9\x10~\xdc7\xe7\xdc\x11\xd8?\x040\xc5%%\x1c\x8d\xe0\xb99\x10\x11\x84\xbb\xa9\x9em\x1d\xfd\xd4\xcf\x8cH\xa6\x980\xadg\x9b\x8b$\x0e\x04\xd8\xaa\x17\xac\xf4\xda\xd0z\x87H\x03Du\x91\x839\xec\xd7\xde\xf2P\xf6dj-b\x84\x18\xe9\fy`\xca\x86Za7\xe4P\x95B\xeefTdk\x83\xcc\xa4\xa5\b\x1e\x998\x042\xb2\xdd\x8a\xea\xefQ\xf3-Z\a\xd3\xbb\xd5\x80\xb7\v\xa9\xae*\xca\xd90\xc8\xf4_\xe9N7*K:\xe1\xa4\xf7G\a\xd4Q\f7\xdeK,&\xf8\xe7\xffj\xd1\xae\xa1\x04\xf9\xd5\xc5\\\xcc:\xb1\xa70\x84\xf72 \xd1\xcb}Ky\xa5\x9bx&\xad\xf0U\x1aK\x8bN\xcd\xf50\xa3\xc7\xee\x7f\x1a#\xc9\xb3^\xdd/\x13\xb6\xe9%\xed\x04\xf4o}\x17U\x16C\xb2\xea7C\xb6fH$\xd6\xeb\x03\xd2\xa9\xa0\x9a\x93\xed-S\xe5p\xa28*\x98C\xa9\xf5\xf1*\xaa3\xb9\x88\xb3E\x03\x06\xf7\xa7', 0xa) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) 3.708275737s ago: executing program 3 (id=1484): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b32, &(0x7f0000000000)={'wlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}) write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={'batadv0\x00', {0x2, 0x0, @empty}}) socket$packet(0x11, 0x2, 0x300) socket$inet(0x2, 0x1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) recvmmsg(r1, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000c40)}, {0x0}], 0x2, &(0x7f0000002e00)=""/197, 0xc5}, 0xffffffff}], 0x1, 0x0, 0x0) listen(r1, 0xfff) accept4(r1, 0x0, 0x0, 0x0) 3.505334699s ago: executing program 1 (id=1485): socket$inet_sctp(0x2, 0x5, 0x84) r0 = syz_io_uring_setup(0x5bf, &(0x7f0000000440)={0x0, 0xe7a4, 0x0, 0x1, 0x294}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_READ=@pass_buffer={0x16, 0xa, 0x0, @fd_index=0x9, 0xc, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) fremovexattr(0xffffffffffffffff, &(0x7f0000000640)=@random={'security.', '-[(!-\x00'}) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) io_uring_enter(r0, 0xc54, 0xc993, 0x1, 0x0, 0x0) 2.602399465s ago: executing program 0 (id=1486): r0 = socket$kcm(0x2d, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000640)=0x17) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'sit0\x00', 0x0}) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, 0x0, &(0x7f0000000380), 0xffffd6c0}, 0x38) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@dev, 0x0, r5}) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00'}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000001800ef0100000000000000000a00000000000000000000001400050000000000000000000000000000000002"], 0x30}, 0x1, 0x11}, 0x0) 2.497986405s ago: executing program 2 (id=1487): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r5, 0x1, 0x40000, 0x0, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 2.257392885s ago: executing program 0 (id=1488): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r2, 0x0, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000010000108000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="fffd00000400000008001b"], 0x28}}, 0x0) 1.170301214s ago: executing program 2 (id=1489): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd50200000009"], 0x7c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a0000000000000000070000", @ANYRES32], 0x34}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1c}, 0x1, 0x3000000, 0x0, 0x800}, 0x8080) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYBLOB="0000000000000000b705008500000000000000278b4260399b930da78025af0469d82e2e6ae0c9a6e6299751d24002606dc4264e6425d2699df53b2e1dbaa86e290b8c8788f14334ec156d48fe2907b609e7b1593b3c5769aef4ef2860dbd2df4d7735bf3b2c5e4cc71c2cba4aaa932d89dd46305f80e06362459aaf286bc2ad59ead55fd5dabec69693bd966247b4480115106600afb5972465072ebfcae091424fa01b9927ac92d20d2b86953d617cc84a13a9080889a012e024b8707c7c528ccc3cb5a4ea2a0eb578f50ac8803e8a04d8b33f5e9e77307fbf7b0a197893fa3d1aeb23a6773c80ef6d0503c66bb7c28dda0a221dde1e93812367c9aeb5", @ANYRES32, @ANYBLOB="000000000000010185100000070080", @ANYRESOCT, @ANYRES8], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000340)=[{0x0, 0x4, 0x4, 0x6}, {0x10000002, 0x2, 0x0, 0x3}], 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.132889423s ago: executing program 3 (id=1490): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x15a) mq_getsetattr(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) readlink(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 957.723329ms ago: executing program 4 (id=1491): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x8000000, @loopback, 0xfc, 0x1}, 0x20) 862.398815ms ago: executing program 0 (id=1492): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) modify_ldt$write(0x1, &(0x7f0000000180)={0x3, 0x1000, 0x4000}, 0x10) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 778.641855ms ago: executing program 2 (id=1493): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x1c, 0x2, 0x6, 0x202, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4040) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) socket(0x1f, 0x93e8147f690a27dc, 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRESDEC=r2], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) r3 = socket(0x2b, 0x1, 0x1) setsockopt$MRT_DEL_MFC_PROXY(r3, 0x0, 0xd3, 0x0, 0x0) 0s ago: executing program 3 (id=1494): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20) kernel console output (not intermixed with test programs): f_read_tagged: read failed, block=512, location=512 [ 104.364368][ T6133] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 104.372104][ T6133] UDF-fs: Scanning with blocksize 512 failed [ 104.379364][ T6133] syz.2.70: attempt to access beyond end of device [ 104.379364][ T6133] loop2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 104.392466][ T6133] syz.2.70: attempt to access beyond end of device [ 104.392466][ T6133] loop2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 104.405591][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 104.415428][ T6133] syz.2.70: attempt to access beyond end of device [ 104.415428][ T6133] loop2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 104.428520][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 104.438465][ T6133] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 104.446182][ T6133] UDF-fs: Scanning with blocksize 1024 failed [ 104.454273][ T6133] syz.2.70: attempt to access beyond end of device [ 104.454273][ T6133] loop2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 104.467336][ T6133] syz.2.70: attempt to access beyond end of device [ 104.467336][ T6133] loop2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 104.480343][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 104.490144][ T6133] syz.2.70: attempt to access beyond end of device [ 104.490144][ T6133] loop2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 104.504157][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 104.513845][ T6133] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 104.521536][ T6133] UDF-fs: Scanning with blocksize 2048 failed [ 104.528357][ T6133] syz.2.70: attempt to access beyond end of device [ 104.528357][ T6133] loop2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 104.541504][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 104.552774][ T6133] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 104.562619][ T6133] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 104.570310][ T6133] UDF-fs: Scanning with blocksize 4096 failed [ 104.576497][ T6133] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 104.662143][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.714028][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.767424][ T5837] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 104.814961][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.949353][ T5837] usb 2-1: config 0 descriptor?? [ 105.491148][ T5837] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 105.546605][ T5837] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 105.615648][ T5837] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 105.661407][ T5837] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 105.719455][ T5837] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 105.803276][ T5837] lenovo 0003:17EF:6047.0002: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0 [ 105.845565][ T6145] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 105.976403][ T10] usb 5-1: USB disconnect, device number 2 [ 106.668850][ T5948] usb 2-1: USB disconnect, device number 2 [ 107.226449][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 107.238960][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 107.248957][ T6173] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 107.257043][ T6173] UDF-fs: Scanning with blocksize 512 failed [ 107.270283][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 107.281533][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 107.291306][ T6173] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 107.299155][ T6173] UDF-fs: Scanning with blocksize 1024 failed [ 107.310417][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 107.323382][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 107.338758][ T6173] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 107.346644][ T6173] UDF-fs: Scanning with blocksize 2048 failed [ 107.356904][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 107.368024][ T6173] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 107.378017][ T6173] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 107.385842][ T6173] UDF-fs: Scanning with blocksize 4096 failed [ 107.392337][ T6173] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 108.356313][ T6188] vivid-000: disconnect [ 108.425002][ T6182] vivid-000: reconnect [ 109.573950][ T6211] syz.2.94 uses obsolete (PF_INET,SOCK_PACKET) [ 110.791438][ T6248] syz_tun: entered allmulticast mode [ 110.824157][ T6248] mroute: pending queue full, dropping entries [ 110.832467][ T30] audit: type=1400 audit(1744672015.688:2): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="_" object="w" requested=w pid=6246 comm="syz.3.109" daddr=224.0.3.0 [ 110.851066][ T6246] syz_tun: left allmulticast mode [ 111.106409][ T6260] capability: warning: `syz.3.112' uses 32-bit capabilities (legacy support in use) [ 111.741195][ T6277] Bluetooth: MGMT ver 1.23 [ 115.202646][ T95] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 115.383001][ T95] usb 3-1: Using ep0 maxpacket: 16 [ 115.396735][ T95] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 115.411278][ T95] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 115.423242][ T95] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 115.440817][ T95] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 115.450534][ T95] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.459180][ T95] usb 3-1: Product: syz [ 115.463764][ T95] usb 3-1: Manufacturer: syz [ 115.468505][ T95] usb 3-1: SerialNumber: syz [ 115.927495][ T95] usb 3-1: 0:2 : does not exist [ 116.952236][ T5948] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 117.016096][ T95] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 117.089609][ T95] usb 3-1: USB disconnect, device number 3 [ 117.111814][ T6377] fuse: Bad value for 'fd' [ 117.124905][ T5948] usb 4-1: Using ep0 maxpacket: 16 [ 117.173401][ T5948] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 117.213363][ T5948] usb 4-1: config 0 has no interface number 0 [ 117.223630][ T5948] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 117.255482][ T5948] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 117.270609][ T5948] usb 4-1: config 0 interface 41 has no altsetting 0 [ 117.295714][ T5948] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 117.328518][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.357849][ T5948] usb 4-1: Product: syz [ 117.366078][ T5948] usb 4-1: Manufacturer: syz [ 117.379383][ T5948] usb 4-1: SerialNumber: syz [ 117.380381][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.414019][ T5948] usb 4-1: config 0 descriptor?? [ 117.430143][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 117.439283][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 117.501304][ T6386] overlayfs: failed to clone upperpath [ 117.679495][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 117.712893][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 118.135937][ T5948] Error reading MAC address [ 118.194137][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 118.201481][ T6366] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 118.706901][ T30] audit: type=1326 audit(1744672023.568:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 118.789391][ T30] audit: type=1326 audit(1744672023.598:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 118.848371][ T30] audit: type=1326 audit(1744672023.608:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 118.950731][ T30] audit: type=1326 audit(1744672023.628:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.015056][ T5948] sr9700 4-1:0.41 eth1: register 'sr9700' at usb-dummy_hcd.3-1, CoreChip SR9700 USB Ethernet, 5e:ff:15:86:90:00 [ 119.040379][ T30] audit: type=1326 audit(1744672023.628:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.068069][ T5948] usb 4-1: USB disconnect, device number 4 [ 119.081616][ T30] audit: type=1326 audit(1744672023.638:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.114335][ T5948] sr9700 4-1:0.41 eth1: unregister 'sr9700' usb-dummy_hcd.3-1, CoreChip SR9700 USB Ethernet [ 119.162235][ T30] audit: type=1326 audit(1744672023.638:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.206197][ T30] audit: type=1326 audit(1744672023.638:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.258479][ T30] audit: type=1326 audit(1744672023.638:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 119.318792][ T30] audit: type=1326 audit(1744672023.638:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6409 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872f98d169 code=0x7ffc0000 [ 120.082392][ T6435] syz_tun: entered allmulticast mode [ 120.159478][ T6432] syz_tun: left allmulticast mode [ 121.172598][ T5948] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 121.363367][ T5948] usb 5-1: Using ep0 maxpacket: 8 [ 121.399295][ T5948] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 121.413879][ T5948] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 121.438526][ T5948] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 121.470034][ T5948] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.511769][ T5948] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 121.562254][ T5948] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.053422][ T5948] usb 5-1: GET_CAPABILITIES returned 0 [ 122.059032][ T5948] usbtmc 5-1:16.0: can't read capabilities [ 122.280284][ T882] usb 5-1: USB disconnect, device number 3 [ 122.522436][ T5844] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 122.531094][ T5844] Bluetooth: hci0: Injecting HCI hardware error event [ 122.540410][ T5844] Bluetooth: hci0: hardware error 0x00 [ 123.074247][ T6502] syz.0.198: vmalloc error: size 33554432, failed to allocated page array size 65536, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 123.122347][ T6502] CPU: 0 UID: 0 PID: 6502 Comm: syz.0.198 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 123.122380][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.122392][ T6502] Call Trace: [ 123.122400][ T6502] [ 123.122409][ T6502] dump_stack_lvl+0x241/0x360 [ 123.122523][ T6502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.122562][ T6502] ? __pfx__printk+0x10/0x10 [ 123.122588][ T6502] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 123.122620][ T6502] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 123.122687][ T6502] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 123.122740][ T6502] warn_alloc+0x27c/0x410 [ 123.122791][ T6502] ? __pfx_warn_alloc+0x10/0x10 [ 123.122825][ T6502] ? xp_create_and_assign_umem+0x17b/0xc60 [ 123.122851][ T6502] ? __get_vm_area_node+0x1c8/0x2d0 [ 123.122873][ T6502] ? __get_vm_area_node+0x25c/0x2d0 [ 123.122904][ T6502] __vmalloc_node_range_noprof+0x634/0x1390 [ 123.122950][ T6502] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 123.122983][ T6502] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 123.123008][ T6502] ? __kasan_kmalloc_large+0x1a/0xa0 [ 123.123047][ T6502] ? xp_create_and_assign_umem+0x17b/0xc60 [ 123.123093][ T6502] __kvmalloc_node_noprof+0x3b2/0x5a0 [ 123.123117][ T6502] ? xp_create_and_assign_umem+0x17b/0xc60 [ 123.123143][ T6502] ? xp_create_and_assign_umem+0x17b/0xc60 [ 123.123176][ T6502] xp_create_and_assign_umem+0x17b/0xc60 [ 123.123218][ T6502] ? dev_get_by_index+0x23/0x2d0 [ 123.123250][ T6502] xsk_bind+0x435/0xfb0 [ 123.123284][ T6502] __sys_bind+0x1de/0x290 [ 123.123319][ T6502] ? __pfx___sys_bind+0x10/0x10 [ 123.123377][ T6502] __x64_sys_bind+0x7a/0x90 [ 123.123410][ T6502] do_syscall_64+0xf3/0x230 [ 123.123435][ T6502] ? clear_bhb_loop+0x45/0xa0 [ 123.123460][ T6502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.123481][ T6502] RIP: 0033:0x7fc58818d169 [ 123.123503][ T6502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.123520][ T6502] RSP: 002b:00007fc589047038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 123.123544][ T6502] RAX: ffffffffffffffda RBX: 00007fc5883a6240 RCX: 00007fc58818d169 [ 123.123558][ T6502] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 123.123572][ T6502] RBP: 00007fc58820e990 R08: 0000000000000000 R09: 0000000000000000 [ 123.123584][ T6502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.123596][ T6502] R13: 0000000000000001 R14: 00007fc5883a6240 R15: 00007ffec2e163d8 [ 123.123632][ T6502] [ 123.123640][ T6502] Mem-Info: [ 123.418506][ T6502] active_anon:3192 inactive_anon:6420 isolated_anon:0 [ 123.418506][ T6502] active_file:12324 inactive_file:40859 isolated_file:0 [ 123.418506][ T6502] unevictable:768 dirty:291 writeback:0 [ 123.418506][ T6502] slab_reclaimable:9923 slab_unreclaimable:98504 [ 123.418506][ T6502] mapped:31826 shmem:5429 pagetables:937 [ 123.418506][ T6502] sec_pagetables:0 bounce:0 [ 123.418506][ T6502] kernel_misc_reclaimable:0 [ 123.418506][ T6502] free:1315614 free_pcp:495 free_cma:0 [ 123.464103][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.637014][ T6502] Node 0 active_anon:12768kB inactive_anon:30580kB active_file:49220kB inactive_file:163436kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132104kB dirty:1164kB writeback:0kB shmem:24880kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11228kB pagetables:3748kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 123.671316][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.724039][ T6502] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 123.755828][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.786261][ T6502] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 123.834983][ T6502] lowmem_reserve[]: 0 2488 2488 2488 2488 [ 123.840965][ T6502] Node 0 DMA32 free:1324080kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:14064kB inactive_anon:29676kB active_file:49128kB inactive_file:163424kB unevictable:1536kB writepending:1164kB present:3129332kB managed:2547732kB mlocked:0kB bounce:0kB free_pcp:6172kB local_pcp:1004kB free_cma:0kB [ 123.877142][ T6502] lowmem_reserve[]: 0 0 0 0 0 [ 123.888265][ T6502] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:92kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 123.972832][ T6502] lowmem_reserve[]: 0 0 0 0 0 [ 123.988288][ T6502] Node 1 Normal free:3907860kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 124.058139][ T6502] lowmem_reserve[]: 0 0 0 0 0 [ 124.074006][ T6502] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 124.116085][ T6502] Node 0 DMA32: 291*4kB (UME) 450*8kB (M) 441*16kB (UME) 344*32kB (UME) 239*64kB (UME) 49*128kB (UM) 24*256kB (ME) 15*512kB (UM) 7*1024kB (M) 0*2048kB 312*4096kB (UM) = 1343340kB [ 124.159287][ T6502] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 124.186613][ T6502] Node 1 Normal: 239*4kB (UE) 55*8kB (UME) 40*16kB (UME) 229*32kB (UME) 104*64kB (UME) 27*128kB (UME) 19*256kB (UME) 11*512kB (UME) 1*1024kB (M) 3*2048kB (UE) 945*4096kB (M) = 3907860kB [ 124.241710][ T6502] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 124.280762][ T6502] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 124.314841][ T6502] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 124.341422][ T6502] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 124.351457][ T6502] 54625 total pagecache pages [ 124.356819][ T6502] 0 pages in swap cache [ 124.361026][ T6502] Free swap = 124996kB [ 124.365818][ T6502] Total swap = 124996kB [ 124.370110][ T6502] 2097051 pages RAM [ 124.378669][ T6502] 0 pages HighMem/MovableOnly [ 124.392622][ T6502] 428459 pages reserved [ 124.402149][ T6502] 0 pages cma reserved [ 124.672419][ T5844] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 124.884043][ T6552] netlink: 16 bytes leftover after parsing attributes in process `syz.4.212'. [ 124.912847][ T882] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.032450][ T5837] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 125.082194][ T882] usb 2-1: Using ep0 maxpacket: 32 [ 125.089546][ T882] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 125.104124][ T882] usb 2-1: config 0 has no interface number 0 [ 125.110853][ T882] usb 2-1: config 0 interface 184 has no altsetting 0 [ 125.123453][ T882] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 125.135951][ T882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.144156][ T882] usb 2-1: Product: syz [ 125.149040][ T882] usb 2-1: Manufacturer: syz [ 125.155683][ T882] usb 2-1: SerialNumber: syz [ 125.165790][ T882] usb 2-1: config 0 descriptor?? [ 125.176685][ T882] smsc75xx v1.0.0 [ 125.204404][ T5837] usb 4-1: Using ep0 maxpacket: 16 [ 125.230241][ T5837] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 125.255174][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 125.286049][ T5837] usb 4-1: Product: syz [ 125.290306][ T5837] usb 4-1: Manufacturer: syz [ 125.305823][ T5837] usb 4-1: SerialNumber: syz [ 125.349481][ T5837] usb 4-1: config 0 descriptor?? [ 125.586066][ T5837] usb 4-1: USB disconnect, device number 5 [ 125.952597][ T882] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 125.968573][ T882] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 126.376945][ T6576] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 126.616727][ T6580] bio_check_eod: 14 callbacks suppressed [ 126.616807][ T6580] syz.4.222: attempt to access beyond end of device [ 126.616807][ T6580] loop4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 126.639163][ T6580] syz.4.222: attempt to access beyond end of device [ 126.639163][ T6580] loop4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 126.653308][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 126.665249][ T6580] syz.4.222: attempt to access beyond end of device [ 126.665249][ T6580] loop4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 126.679987][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 126.690799][ T6580] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 126.698920][ T6580] UDF-fs: Scanning with blocksize 512 failed [ 126.712499][ T6580] syz.4.222: attempt to access beyond end of device [ 126.712499][ T6580] loop4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 126.737643][ T6580] syz.4.222: attempt to access beyond end of device [ 126.737643][ T6580] loop4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 126.751482][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 126.766402][ T6580] syz.4.222: attempt to access beyond end of device [ 126.766402][ T6580] loop4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 126.781277][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 126.792035][ T6580] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 126.799870][ T6580] UDF-fs: Scanning with blocksize 1024 failed [ 126.811094][ T6580] syz.4.222: attempt to access beyond end of device [ 126.811094][ T6580] loop4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 126.826854][ T6580] syz.4.222: attempt to access beyond end of device [ 126.826854][ T6580] loop4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 126.841088][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 126.852117][ T6580] syz.4.222: attempt to access beyond end of device [ 126.852117][ T6580] loop4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 126.868314][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 126.879280][ T6580] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 126.888203][ T6580] UDF-fs: Scanning with blocksize 2048 failed [ 126.898738][ T6580] syz.4.222: attempt to access beyond end of device [ 126.898738][ T6580] loop4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 126.913509][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 126.924606][ T6580] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 126.934574][ T6580] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 126.942557][ T6580] UDF-fs: Scanning with blocksize 4096 failed [ 126.949403][ T6580] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 127.674230][ T882] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 127.763248][ T882] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71 [ 127.822128][ T882] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 127.862555][ T6587] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 127.892389][ T882] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 127.994720][ T882] usb 2-1: USB disconnect, device number 3 [ 128.860863][ T6616] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 130.156277][ T6642] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 130.788000][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 130.788021][ T30] audit: type=1326 audit(1744672035.648:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 130.882562][ T6654] syzkaller0: entered promiscuous mode [ 130.888324][ T6654] syzkaller0: entered allmulticast mode [ 130.921320][ T30] audit: type=1326 audit(1744672035.648:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 130.957719][ T30] audit: type=1326 audit(1744672035.678:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 131.045357][ T30] audit: type=1326 audit(1744672035.678:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 131.531230][ T30] audit: type=1326 audit(1744672035.678:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6661 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa6643bfa25 code=0x7ffc0000 [ 131.923718][ T30] audit: type=1326 audit(1744672035.688:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 132.104400][ T30] audit: type=1326 audit(1744672035.688:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 132.279634][ T30] audit: type=1326 audit(1744672035.688:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 132.372162][ T30] audit: type=1326 audit(1744672035.698:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 133.185942][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.198073][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.263843][ T30] audit: type=1326 audit(1744672035.698:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6656 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa66438d169 code=0x7ffc0000 [ 133.766975][ T6688] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 133.831086][ T6690] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 135.729932][ T6703] Process accounting resumed [ 137.397770][ T6725] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 137.414966][ T6726] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 137.592663][ T6729] netlink: 156 bytes leftover after parsing attributes in process `syz.0.264'. [ 137.649080][ T6729] warning: `syz.0.264' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 137.685398][ T6733] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 138.789858][ T6752] netlink: 'syz.2.271': attribute type 10 has an invalid length. [ 138.874238][ T6752] batman_adv: batadv0: Adding interface: team0 [ 138.880655][ T6752] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.906815][ T6752] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 139.436559][ T6757] netlink: 'syz.0.274': attribute type 1 has an invalid length. [ 139.519587][ T6763] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 140.452725][ T6782] trusted_key: encrypted_key: key user:syz not found [ 140.904575][ T5948] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 141.100091][ T5948] usb 3-1: Using ep0 maxpacket: 32 [ 141.113847][ T5948] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 141.129008][ T5948] usb 3-1: config 0 has no interface number 0 [ 141.143252][ T5948] usb 3-1: config 0 interface 12 has no altsetting 0 [ 141.165729][ T5948] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 141.188612][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.207075][ T5948] usb 3-1: Product: syz [ 141.232784][ T5948] usb 3-1: Manufacturer: syz [ 141.237623][ T5948] usb 3-1: SerialNumber: syz [ 141.263115][ T5948] usb 3-1: config 0 descriptor?? [ 142.528912][ T6833] netlink: 24 bytes leftover after parsing attributes in process `syz.0.291'. [ 143.273182][ T5948] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 143.288765][ T5948] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 143.299466][ T5948] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 143.324215][ T5948] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 143.567141][ T5948] usb 3-1: USB disconnect, device number 4 [ 143.790234][ T6843] syzkaller0: entered promiscuous mode [ 143.806430][ T6843] syzkaller0: entered allmulticast mode [ 144.232783][ T6865] bio_check_eod: 2 callbacks suppressed [ 144.232807][ T6865] syz.1.300: attempt to access beyond end of device [ 144.232807][ T6865] loop1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 145.494823][ T6865] syz.1.300: attempt to access beyond end of device [ 145.494823][ T6865] loop1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 145.676503][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 145.724000][ T6865] syz.1.300: attempt to access beyond end of device [ 145.724000][ T6865] loop1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 145.743351][ T6876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'. [ 145.776699][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 145.801631][ T6865] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 145.822615][ T6865] UDF-fs: Scanning with blocksize 512 failed [ 145.838125][ T6865] syz.1.300: attempt to access beyond end of device [ 145.838125][ T6865] loop1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 145.866633][ T6865] syz.1.300: attempt to access beyond end of device [ 145.866633][ T6865] loop1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 145.991136][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807d901c00: rx timeout, send abort [ 146.017183][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 146.062572][ T6865] syz.1.300: attempt to access beyond end of device [ 146.062572][ T6865] loop1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 146.104226][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 146.141412][ T6865] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 146.165874][ T6865] UDF-fs: Scanning with blocksize 1024 failed [ 146.245222][ T6865] syz.1.300: attempt to access beyond end of device [ 146.245222][ T6865] loop1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 146.445717][ T6865] syz.1.300: attempt to access beyond end of device [ 146.445717][ T6865] loop1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 146.491797][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802ff5ec00: rx timeout, send abort [ 146.500660][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807d901c00: abort rx timeout. Force session deactivation [ 146.505538][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 146.723239][ T6865] syz.1.300: attempt to access beyond end of device [ 146.723239][ T6865] loop1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 146.859087][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 146.959637][ T6865] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 147.000317][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802ff5ec00: abort rx timeout. Force session deactivation [ 147.024116][ T6865] UDF-fs: Scanning with blocksize 2048 failed [ 147.107915][ T6865] syz.1.300: attempt to access beyond end of device [ 147.107915][ T6865] loop1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 147.230410][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 147.252515][ T6865] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 147.262231][ T6865] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 147.270020][ T6865] UDF-fs: Scanning with blocksize 4096 failed [ 147.279322][ T6865] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 148.792428][ T95] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 148.896068][ T6888] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 148.996529][ T95] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 149.005780][ T95] usb 3-1: config 179 has no interface number 0 [ 149.012376][ T95] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 64 [ 149.024730][ T95] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 149.036449][ T95] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 149.047126][ T95] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 149.060795][ T95] usb 3-1: config 179 interface 65 has no altsetting 0 [ 149.068054][ T95] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 149.077383][ T95] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.097022][ T6886] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 149.149036][ T95] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input8 [ 149.511557][ T5837] usb 3-1: USB disconnect, device number 5 [ 149.517729][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 149.622292][ T5837] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 149.702643][ T6897] netlink: 24 bytes leftover after parsing attributes in process `syz.0.311'. [ 149.745009][ T6897] sch_tbf: burst 88 is lower than device veth7 mtu (1514) ! [ 149.852866][ T95] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 150.013971][ T95] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 150.033522][ T95] usb 4-1: config 0 has no interfaces? [ 150.043623][ T95] usb 4-1: config 0 has no interfaces? [ 150.052107][ T95] usb 4-1: config 0 has no interfaces? [ 150.063538][ T95] usb 4-1: config 0 has no interfaces? [ 150.077389][ T95] usb 4-1: config 0 has no interfaces? [ 150.087975][ T95] usb 4-1: config 0 has no interfaces? [ 150.099157][ T95] usb 4-1: config 0 has no interfaces? [ 150.109791][ T95] usb 4-1: config 0 has no interfaces? [ 150.120599][ T95] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 150.139002][ T95] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 150.165783][ T95] usb 4-1: Product: syz [ 150.178181][ T95] usb 4-1: Manufacturer: syz [ 150.190176][ T95] usb 4-1: SerialNumber: syz [ 150.439151][ T95] usb 4-1: config 0 descriptor?? [ 150.714511][ T95] usb 4-1: USB disconnect, device number 6 [ 151.130388][ T6915] netlink: 16 bytes leftover after parsing attributes in process `syz.1.317'. [ 151.211308][ T6915] bond0: entered promiscuous mode [ 151.244618][ T6915] bond_slave_0: entered promiscuous mode [ 151.267428][ T6915] bond_slave_1: entered promiscuous mode [ 151.304847][ T6915] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 151.344899][ T6915] bond0: left promiscuous mode [ 151.368819][ T6915] bond_slave_0: left promiscuous mode [ 151.390152][ T6915] bond_slave_1: left promiscuous mode [ 152.093255][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 152.093277][ T30] audit: type=1804 audit(1744672056.958:47): pid=6918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.318" name="/newroot/49/bus/bus" dev="overlay" ino=276 res=1 errno=0 [ 152.130024][ T6920] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 153.612234][ T5837] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 153.820466][ T5837] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 153.902836][ T5837] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 154.312356][ T5837] usb 4-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 154.347182][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.419482][ T5837] usb 4-1: config 0 descriptor?? [ 154.448671][ T6940] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 154.786409][ T6955] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 154.847793][ T6955] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 154.910280][ T5837] usbhid 4-1:0.0: can't add hid device: -71 [ 154.921813][ T6958] kvm: user requested TSC rate below hardware speed [ 154.956371][ T5837] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 154.984071][ T5837] usb 4-1: USB disconnect, device number 7 [ 155.378956][ T6966] vlan2: entered promiscuous mode [ 155.388246][ T6968] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.416614][ T6966] bridge0: entered promiscuous mode [ 155.437040][ T6966] vlan2: entered allmulticast mode [ 155.494422][ T6966] bridge0: entered allmulticast mode [ 155.523839][ T6969] batman_adv: batadv0: Removing interface: team0 [ 155.575897][ T6969] bridge_slave_0: left allmulticast mode [ 155.581805][ T6969] bridge_slave_0: left promiscuous mode [ 155.608679][ T6969] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.661725][ T6969] bridge_slave_1: left allmulticast mode [ 155.669318][ T6969] bridge_slave_1: left promiscuous mode [ 155.686256][ T6969] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.106639][ T6969] bond0: (slave bond_slave_0): Releasing backup interface [ 156.294245][ T6969] bond0: (slave bond_slave_1): Releasing backup interface [ 156.334553][ T6978] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 156.402957][ T6969] team0: Port device team_slave_0 removed [ 156.430628][ T6969] team0: Port device team_slave_1 removed [ 156.451812][ T6969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.485873][ T6969] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.498155][ T6969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.509775][ T6969] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.588840][ T6983] netlink: 'syz.0.341': attribute type 39 has an invalid length. [ 157.282265][ T5886] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 157.933012][ T5886] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 157.941707][ T5886] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 157.964502][ T5886] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 157.989611][ T5886] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 158.264505][ T5886] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 158.987768][ T5886] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 159.003234][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 159.158482][ T7009] new mount options do not match the existing superblock, will be ignored [ 159.183344][ T5886] usb 4-1: Product: syz [ 159.188229][ T5886] usb 4-1: Manufacturer: syz [ 159.753871][ T5886] cdc_wdm 4-1:1.0: skipping garbage [ 159.772393][ T5886] cdc_wdm 4-1:1.0: skipping garbage [ 159.793065][ T5886] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 159.799064][ T5886] cdc_wdm 4-1:1.0: Unknown control protocol [ 159.883353][ T7011] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 160.995806][ T5886] usb 4-1: USB disconnect, device number 8 [ 161.491919][ T7027] netlink: del zone limit has 4 unknown bytes [ 162.276301][ T7031] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 162.496867][ T7034] bio_check_eod: 2 callbacks suppressed [ 162.496886][ T7034] syz.4.358: attempt to access beyond end of device [ 162.496886][ T7034] loop4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 162.622558][ T7034] syz.4.358: attempt to access beyond end of device [ 162.622558][ T7034] loop4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 162.678699][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 162.714620][ T7034] syz.4.358: attempt to access beyond end of device [ 162.714620][ T7034] loop4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 162.770820][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 162.879396][ T7034] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 162.930781][ T7047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.362'. [ 162.949998][ T7034] UDF-fs: Scanning with blocksize 512 failed [ 162.956092][ T7047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.362'. [ 163.003509][ T7034] syz.4.358: attempt to access beyond end of device [ 163.003509][ T7034] loop4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 163.101512][ T7047] ip6gretap0: entered promiscuous mode [ 163.115259][ T7034] syz.4.358: attempt to access beyond end of device [ 163.115259][ T7034] loop4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 163.169464][ T7047] erspan0: entered promiscuous mode [ 163.236194][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 163.763190][ T7034] syz.4.358: attempt to access beyond end of device [ 163.763190][ T7034] loop4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 164.091946][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 164.199187][ T7034] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 164.222078][ T7034] UDF-fs: Scanning with blocksize 1024 failed [ 164.250493][ T7034] syz.4.358: attempt to access beyond end of device [ 164.250493][ T7034] loop4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 164.362406][ T7034] syz.4.358: attempt to access beyond end of device [ 164.362406][ T7034] loop4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 164.421561][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 164.466926][ T7034] syz.4.358: attempt to access beyond end of device [ 164.466926][ T7034] loop4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 164.520774][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 164.547458][ T5948] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 164.601157][ T7034] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 164.636782][ T7034] UDF-fs: Scanning with blocksize 2048 failed [ 164.646175][ T7034] syz.4.358: attempt to access beyond end of device [ 164.646175][ T7034] loop4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 164.666882][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 164.678588][ T7034] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 164.691851][ T7034] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 164.700827][ T7034] UDF-fs: Scanning with blocksize 4096 failed [ 164.708203][ T7034] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 164.726692][ T5948] usb 3-1: Using ep0 maxpacket: 16 [ 164.737617][ T5948] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 164.758141][ T5948] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 164.782875][ T5948] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 164.792616][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.812141][ T5948] usb 3-1: Product: syz [ 164.819191][ T5948] usb 3-1: Manufacturer: syz [ 164.825121][ T5948] usb 3-1: SerialNumber: syz [ 165.061349][ T5948] usb 3-1: 0:2 : does not exist [ 165.091065][ T5948] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 165.430401][ T5948] usb 3-1: USB disconnect, device number 6 [ 165.933823][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 167.262597][ T7091] tty tty1: ldisc open failed (-12), clearing slot 0 [ 167.992163][ T7096] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 169.647744][ T5948] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 170.302862][ T5948] usb 5-1: no configurations [ 170.307547][ T5948] usb 5-1: can't read configurations, error -22 [ 170.472355][ T5948] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 172.782023][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 173.892320][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 174.414352][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 174.448162][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.476944][ T10] usb 3-1: Product: syz [ 174.481237][ T10] usb 3-1: Manufacturer: syz [ 174.523076][ T10] usb 3-1: SerialNumber: syz [ 174.557353][ T10] usb 3-1: config 0 descriptor?? [ 174.881854][ T10] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 175.716778][ T7161] process 'syz.0.395' launched './file0' with NULL argv: empty string added [ 176.475077][ T10] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 176.605552][ T5948] usb 5-1: device descriptor read/all, error -110 [ 176.614351][ T5948] usb usb5-port1: attempt power cycle [ 176.639790][ T10] usb 3-1: USB disconnect, device number 7 [ 177.422088][ T5948] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 177.572103][ T5948] usb 5-1: device descriptor read/8, error -32 [ 177.832482][ T30] audit: type=1804 audit(1744672082.648:48): pid=7177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.402" name="/newroot/82/file1" dev="fuse" ino=1 res=1 errno=0 [ 177.924544][ T30] audit: type=1800 audit(1744672082.648:49): pid=7177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.402" name="/" dev="fuse" ino=1 res=0 errno=0 [ 177.944868][ T30] audit: type=1800 audit(1744672082.668:50): pid=7177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.402" name="/" dev="fuse" ino=1 res=0 errno=0 [ 187.267263][ T7224] netlink: 68 bytes leftover after parsing attributes in process `syz.4.415'. [ 189.324319][ T7243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.420'. [ 189.405583][ T7243] 8021q: adding VLAN 0 to HW filter on device team1 [ 189.432927][ T7246] syzkaller0: entered allmulticast mode [ 190.021817][ T7258] mmap: syz.4.425 (7258) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 194.812781][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.819279][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.379610][ T7304] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 199.252660][ T5948] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 199.736564][ T5948] usb 5-1: Using ep0 maxpacket: 8 [ 199.743265][ T2992] Bluetooth: hci6: Frame reassembly failed (-84) [ 199.774219][ T5948] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 199.802105][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.827519][ T5948] usb 5-1: Product: syz [ 199.839219][ T5948] usb 5-1: Manufacturer: syz [ 199.858533][ T5948] usb 5-1: SerialNumber: syz [ 199.882254][ T5948] usb 5-1: config 0 descriptor?? [ 200.187236][ T5948] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 201.584746][ T2992] Bluetooth: Error in BCSP hdr checksum [ 201.714110][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 201.792193][ T5142] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 201.844691][ T2992] Bluetooth: Error in BCSP hdr checksum [ 202.260428][ T7357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.453'. [ 202.483349][ T7357] vlan3: entered promiscuous mode [ 202.507175][ T7357] dummy0: entered promiscuous mode [ 203.359394][ T5948] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 203.838268][ T7372] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 203.857576][ T5948] usb 5-1: USB disconnect, device number 8 [ 209.821997][ C1] sched: DL replenish lagged too much [ 211.914205][ T7400] macvtap1: entered allmulticast mode [ 211.919676][ T7400] veth0_macvtap: entered allmulticast mode [ 212.257283][ T7409] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 212.355135][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 212.361281][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 212.368231][ T5142] Bluetooth: hci1: command 0x0406 tx timeout [ 213.822090][ T7421] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 213.987631][ T7427] capability: warning: `syz.0.473' uses deprecated v2 capabilities in a way that may be insecure [ 217.938956][ T7460] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 219.474021][ T7476] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 228.836746][ T7538] dlm: no local IP address has been set [ 228.842769][ T7538] dlm: cannot start dlm midcomms -107 [ 228.943950][ T7540] openvswitch: netlink: Key 0 has unexpected len 20 expected 0 [ 229.817380][ T7545] netlink: 'syz.0.503': attribute type 16 has an invalid length. [ 229.825435][ T7545] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.503'. [ 231.426391][ T7548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.507'. [ 231.451166][ T30] audit: type=1326 audit(1744672136.308:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.0.506" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x0 [ 232.916350][ T7566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.509'. [ 232.960927][ T7566] netlink: 'syz.4.509': attribute type 1 has an invalid length. [ 233.452265][ T95] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 233.695569][ T95] usb 4-1: Using ep0 maxpacket: 16 [ 233.709954][ T95] usb 4-1: config 0 has an invalid interface number: 145 but max is 0 [ 234.542128][ T95] usb 4-1: config 0 has no interface number 0 [ 234.551900][ T95] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 234.562252][ T95] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.570295][ T95] usb 4-1: Product: syz [ 234.575251][ T95] usb 4-1: Manufacturer: syz [ 234.581364][ T95] usb 4-1: SerialNumber: syz [ 234.657983][ T95] usb 4-1: config 0 descriptor?? [ 234.752258][ T95] hub 4-1:0.145: bad descriptor, ignoring hub [ 234.772184][ T95] hub 4-1:0.145: probe with driver hub failed with error -5 [ 234.804709][ T95] usbhid 4-1:0.145: couldn't find an input interrupt endpoint [ 236.032336][ T5886] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 236.055674][ T7568] bridge_slave_0: left allmulticast mode [ 236.067551][ T7568] bridge_slave_0: left promiscuous mode [ 236.076726][ T7568] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.258314][ T5886] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.277085][ T7568] bridge_slave_1: left allmulticast mode [ 236.283313][ T5886] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 236.284572][ T7568] bridge_slave_1: left promiscuous mode [ 236.294943][ T5886] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 236.299381][ T7568] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.313271][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 237.072483][ T5886] usb 3-1: SerialNumber: syz [ 237.073037][ T7568] bond0: (slave bond_slave_0): Releasing backup interface [ 237.112129][ T24] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 237.170270][ T7568] bond0: (slave bond_slave_1): Releasing backup interface [ 237.226004][ T7568] team0: Port device team_slave_0 removed [ 237.241189][ T7568] team0: Port device team_slave_1 removed [ 237.253476][ T7568] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.267161][ T7568] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.281640][ T7568] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.300607][ T5886] usb 3-1: 0:2 : does not exist [ 237.356943][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 237.374197][ T7568] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.452160][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 237.603019][ T24] usb 5-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 237.697230][ T5886] usb 3-1: USB disconnect, device number 8 [ 237.715027][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.746160][ T24] usb 5-1: config 0 descriptor?? [ 238.756014][ T24] usb 5-1: can't set config #0, error -71 [ 239.418315][ T24] usb 5-1: USB disconnect, device number 9 [ 239.523683][ T7612] hub 2-0:1.0: USB hub found [ 239.532353][ T7612] hub 2-0:1.0: 1 port detected [ 240.297763][ T24] usb 4-1: USB disconnect, device number 9 [ 241.291550][ T7622] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nbd2": -EINTR [ 241.408822][ T7404] udevd[7404]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 243.015453][ T7621] geneve0: entered allmulticast mode [ 243.858026][ T7634] delete_channel: no stack [ 249.088638][ T7678] Cannot find add_set index 0 as target [ 253.025452][ T5837] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 254.025775][ T5837] usb 2-1: device descriptor read/64, error -71 [ 254.283856][ T5837] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 254.539566][ T5837] usb 2-1: device descriptor read/64, error -71 [ 254.892954][ T5837] usb usb2-port1: attempt power cycle [ 255.283635][ T5837] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 255.508976][ T5837] usb 2-1: device descriptor read/8, error -71 [ 256.542898][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.550692][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.889729][ T7767] overlayfs: failed to resolve './file0': -2 [ 266.829942][ T5886] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 267.282930][ T5886] usb 5-1: config 0 has an invalid interface number: 20 but max is 0 [ 267.302180][ T5886] usb 5-1: config 0 has no interface number 0 [ 267.361165][ T5886] usb 5-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 267.402555][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.462449][ T5886] usb 5-1: Product: syz [ 267.466732][ T5886] usb 5-1: Manufacturer: syz [ 267.493456][ T5886] usb 5-1: SerialNumber: syz [ 267.622810][ T5886] usb 5-1: config 0 descriptor?? [ 267.639894][ T5886] usb-storage 5-1:0.20: USB Mass Storage device detected [ 267.712967][ T5886] usb-storage 5-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 268.235301][ T7829] xt_CT: You must specify a L4 protocol and not use inversions on it [ 269.369122][ T7814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.402468][ T7814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.444090][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.4.576'. [ 269.509985][ T7837] overlayfs: failed to clone upperpath [ 269.533415][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.4.576'. [ 269.622600][ T7814] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 269.631885][ T7814] team0: entered promiscuous mode [ 269.678469][ T7814] team_slave_0: entered promiscuous mode [ 269.706213][ T7814] team_slave_1: entered promiscuous mode [ 269.727255][ T7814] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 269.739856][ T7814] Cannot create hsr debugfs directory [ 269.778604][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 269.832714][ T5837] usb 5-1: USB disconnect, device number 10 [ 269.949007][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 270.009855][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 270.030475][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.051622][ T10] usb 3-1: config 0 descriptor?? [ 270.075635][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 270.484042][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 270.514935][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 270.538857][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 270.556966][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 271.544974][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 272.384257][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 272.421576][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 272.463474][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 272.498641][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 272.554133][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 272.582827][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 272.609373][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 272.652893][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 272.693465][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 272.731277][ T10] pwc: recv_control_msg error -32 req 04 val 1100 [ 272.794187][ T10] pwc: Registered as video103. [ 272.804786][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 273.028779][ T10] usb 3-1: USB disconnect, device number 9 [ 273.390541][ T7869] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 275.832633][ T7885] smc: net device bond0 applied user defined pnetid SYZ0 [ 275.883852][ T7883] netlink: 12 bytes leftover after parsing attributes in process `syz.4.596'. [ 277.983805][ T7903] input: syz0 as /devices/virtual/input/input11 [ 278.954284][ T7913] netlink: 28 bytes leftover after parsing attributes in process `syz.4.596'. [ 279.649609][ T7892] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 280.663728][ T7915] delete_channel: no stack [ 281.511134][ T7932] Driver unsupported XDP return value 0 on prog (id 87) dev N/A, expect packet loss! [ 281.632636][ T7939] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 284.272047][ T5142] Bluetooth: hci4: command 0x0406 tx timeout [ 296.993452][ T8029] sp0: Synchronizing with TNC [ 297.198717][ T8024] [U] è [ 299.102100][ T8054] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 299.414709][ T8060] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 304.359530][ T8093] overlayfs: failed to clone upperpath [ 305.538501][ T8100] 9pnet_fd: Insufficient options for proto=fd [ 306.159275][ T5884] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 306.412090][ T5884] usb 5-1: Using ep0 maxpacket: 8 [ 306.419563][ T5884] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 306.441996][ T5884] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 306.492103][ T5884] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 306.519995][ T5884] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 306.552077][ T5884] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 306.571378][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.791483][ T8115] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 308.811542][ T8115] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 311.116128][ T5884] usb 5-1: usb_control_msg returned -71 [ 311.127049][ T5884] usbtmc 5-1:16.0: can't read capabilities [ 311.274946][ T5884] usb 5-1: USB disconnect, device number 11 [ 311.833022][ T5884] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 311.975187][ T8136] overlayfs: failed to clone upperpath [ 313.056707][ T5884] usb 5-1: Using ep0 maxpacket: 8 [ 313.698979][ T5142] Bluetooth: hci4: command 0x0406 tx timeout [ 313.698978][ T5884] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 313.699009][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.522818][ T5884] usb 5-1: Product: syz [ 314.527132][ T5884] usb 5-1: Manufacturer: syz [ 314.531827][ T5884] usb 5-1: SerialNumber: syz [ 314.570956][ T5884] usb 5-1: config 0 descriptor?? [ 314.596787][ T5884] usb 5-1: can't set config #0, error -71 [ 314.635104][ T5884] usb 5-1: USB disconnect, device number 12 [ 317.524571][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.531722][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.218800][ T8172] dccp_close: ABORT with 3 bytes unread [ 319.358524][ T95] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 319.840629][ T95] usb 4-1: Using ep0 maxpacket: 8 [ 321.004315][ T95] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 321.254763][ T95] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.282069][ T95] usb 4-1: Product: syz [ 321.289537][ T95] usb 4-1: Manufacturer: syz [ 321.294830][ T95] usb 4-1: SerialNumber: syz [ 321.632781][ T95] usb 4-1: config 0 descriptor?? [ 321.654215][ T95] usb 4-1: can't set config #0, error -71 [ 321.702439][ T95] usb 4-1: USB disconnect, device number 10 [ 322.896886][ T5142] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 322.906768][ T5142] CPU: 1 UID: 0 PID: 5142 Comm: kworker/u9:1 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 322.906788][ T5142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.906796][ T5142] Workqueue: hci2 hci_rx_work [ 322.906816][ T5142] Call Trace: [ 322.906822][ T5142] [ 322.906828][ T5142] dump_stack_lvl+0x241/0x360 [ 322.906849][ T5142] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.906866][ T5142] ? __pfx__printk+0x10/0x10 [ 322.906881][ T5142] ? kernfs_path_from_node+0x2b/0x250 [ 322.906901][ T5142] ? kernfs_path_from_node+0x217/0x250 [ 322.906918][ T5142] sysfs_create_dir_ns+0x2fd/0x3f0 [ 322.906935][ T5142] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 322.906957][ T5142] kobject_add_internal+0x435/0x8d0 [ 322.906980][ T5142] kobject_add+0x15b/0x230 [ 322.906995][ T5142] ? do_raw_spin_unlock+0x13c/0x8b0 [ 322.907012][ T5142] ? device_add+0x3e7/0xbf0 [ 322.907026][ T5142] ? __pfx_kobject_add+0x10/0x10 [ 322.907042][ T5142] ? _raw_spin_unlock+0x28/0x50 [ 322.907056][ T5142] ? get_device_parent+0x165/0x410 [ 322.907073][ T5142] device_add+0x4e5/0xbf0 [ 322.907091][ T5142] hci_conn_add_sysfs+0xe8/0x200 [ 322.907111][ T5142] le_conn_complete_evt+0xc6e/0x12a0 [ 322.907134][ T5142] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 322.907147][ T5142] ? __mutex_unlock_slowpath+0x229/0x800 [ 322.907164][ T5142] ? __skb_clone+0x5c/0x6d0 [ 322.907179][ T5142] ? skb_pull_data+0x112/0x230 [ 322.907197][ T5142] hci_le_enh_conn_complete_evt+0x185/0x420 [ 322.907216][ T5142] hci_event_packet+0xa5c/0x1550 [ 322.907237][ T5142] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 322.907254][ T5142] ? __pfx_hci_event_packet+0x10/0x10 [ 322.907275][ T5142] ? kcov_remote_start+0x480/0x7d0 [ 322.907292][ T5142] ? lockdep_hardirqs_on+0x9d/0x150 [ 322.907309][ T5142] ? hci_send_to_monitor+0xdc/0x530 [ 322.907325][ T5142] hci_rx_work+0x3f3/0xdb0 [ 322.907342][ T5142] ? process_scheduled_works+0x9cb/0x18e0 [ 322.907355][ T5142] process_scheduled_works+0xac3/0x18e0 [ 322.907386][ T5142] ? __pfx_process_scheduled_works+0x10/0x10 [ 322.907404][ T5142] ? assign_work+0x367/0x3d0 [ 322.907420][ T5142] worker_thread+0x870/0xd50 [ 322.907443][ T5142] ? __kthread_parkme+0x1a8/0x200 [ 322.907458][ T5142] ? __pfx_worker_thread+0x10/0x10 [ 322.907472][ T5142] kthread+0x7b7/0x940 [ 322.907488][ T5142] ? __pfx_worker_thread+0x10/0x10 [ 322.907502][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907515][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907530][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907545][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907559][ T5142] ? _raw_spin_unlock_irq+0x23/0x50 [ 322.907570][ T5142] ? lockdep_hardirqs_on+0x9d/0x150 [ 322.907583][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907599][ T5142] ret_from_fork+0x4b/0x80 [ 322.907610][ T5142] ? __pfx_kthread+0x10/0x10 [ 322.907625][ T5142] ret_from_fork_asm+0x1a/0x30 [ 322.907652][ T5142] [ 322.907674][ T5142] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 323.212125][ T5142] Bluetooth: hci2: failed to register connection device [ 324.902504][ T95] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 325.132220][ T95] usb 5-1: Using ep0 maxpacket: 16 [ 325.145733][ T95] usb 5-1: config 0 has an invalid interface number: 123 but max is 0 [ 325.924242][ T95] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 325.936636][ T95] usb 5-1: config 0 has no interface number 0 [ 325.947516][ T95] usb 5-1: config 0 interface 123 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1024 [ 325.958195][ T95] usb 5-1: config 0 interface 123 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 325.975771][ T95] usb 5-1: New USB device found, idVendor=04b8, idProduct=0521, bcdDevice=68.25 [ 326.038232][ T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.091539][ T95] usb 5-1: Product: syz [ 326.101135][ T95] usb 5-1: Manufacturer: syz [ 326.113417][ T95] usb 5-1: SerialNumber: syz [ 326.138884][ T95] usb 5-1: config 0 descriptor?? [ 327.098645][ T8210] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 327.110982][ T95] pl2303 5-1:0.123: required endpoints missing [ 328.167533][ T95] usb 5-1: USB disconnect, device number 13 [ 328.532052][ T8226] netem: incorrect gi model size [ 328.537984][ T8226] netem: change failed [ 328.978335][ T8242] smc: net device bond0 erased user defined pnetid SYZ0 [ 329.039075][ T8231] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 329.132602][ T8241] syz.4.688 (8241): drop_caches: 2 [ 332.123838][ T8249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.406321][ T10] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 332.453892][ T8268] futex_wake_op: syz.2.692 tries to shift op by -33; fix this program [ 333.068874][ T10] usb 4-1: device descriptor read/64, error -71 [ 337.205487][ T8303] netlink: 20 bytes leftover after parsing attributes in process `syz.0.702'. [ 337.442355][ T8310] block device autoloading is deprecated and will be removed. [ 349.650426][ T8382] evm: overlay not supported [ 352.857947][ T8397] netlink: 'syz.0.723': attribute type 1 has an invalid length. [ 352.866948][ T8397] netlink: 20 bytes leftover after parsing attributes in process `syz.0.723'. [ 356.602786][ T8427] xt_CT: You must specify a L4 protocol and not use inversions on it [ 357.871236][ T8425] delete_channel: no stack [ 358.177080][ T8445] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 360.812099][ T8455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.735'. [ 362.045241][ T8464] tty tty1: ldisc open failed (-12), clearing slot 0 [ 362.385648][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 362.625170][ T8470] input: syz1 as /devices/virtual/input/input12 [ 363.792126][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 363.882342][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 364.149060][ T10] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 364.252379][ T10] usb 4-1: can't read configurations, error -71 [ 374.752490][ T8542] vivid-002: kernel_thread() failed [ 378.054465][ T10] IPVS: starting estimator thread 0... [ 378.272172][ T8572] IPVS: using max 24 ests per chain, 57600 per kthread [ 378.919180][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.926278][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.065997][ T8621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.771'. [ 384.090380][ T8621] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 387.450864][ T8641] Malformed UNC in devname [ 387.450864][ T8641] [ 387.458016][ T8641] CIFS: VFS: Malformed UNC in devname [ 390.315613][ T8647] ipip0: entered allmulticast mode [ 394.999310][ T8683] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.729112][ T8700] ufs: Invalid option: "'&" or missing value [ 396.736588][ T8700] ufs: wrong mount options [ 399.788073][ T8714] xt_connbytes: Forcing CT accounting to be enabled [ 399.795068][ T8714] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 399.807035][ T8714] xt_bpf: check failed: parse error [ 401.267732][ T8725] lo speed is unknown, defaulting to 1000 [ 401.274470][ T8725] lo speed is unknown, defaulting to 1000 [ 401.286232][ T8725] lo speed is unknown, defaulting to 1000 [ 401.381054][ T8725] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 402.072826][ T8725] lo speed is unknown, defaulting to 1000 [ 402.080076][ T8725] lo speed is unknown, defaulting to 1000 [ 402.087962][ T8725] lo speed is unknown, defaulting to 1000 [ 402.094818][ T8725] lo speed is unknown, defaulting to 1000 [ 402.101699][ T8725] lo speed is unknown, defaulting to 1000 [ 404.718447][ T8742] netlink: 56 bytes leftover after parsing attributes in process `syz.1.802'. [ 405.535070][ T8752] kAFS: No cell specified [ 405.541834][ T8752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.805'. [ 406.776101][ T30] audit: type=1800 audit(1744672311.638:52): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.808" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 407.792490][ T8757] can0: slcan on ttyS3. [ 408.344503][ T8756] can0 (unregistered): slcan off ttyS3. [ 408.892448][ T8773] ntfs3(nullb0): Primary boot signature is not NTFS. [ 408.900560][ T8773] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 412.801763][ T8792] dccp_xmit_packet: Payload too large (65456) for featneg. [ 415.055243][ T8798] syz.2.817 (8798): drop_caches: 2 [ 415.063907][ T8798] syz.2.817 (8798): drop_caches: 2 [ 416.520040][ T30] audit: type=1107 audit(1744672320.588:53): pid=8799 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 416.762302][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 417.754457][ T8826] netlink: 'syz.4.824': attribute type 1 has an invalid length. [ 417.792725][ T8826] netlink: 244 bytes leftover after parsing attributes in process `syz.4.824'. [ 417.992534][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 419.972319][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 419.972634][ T8829] netlink: 500 bytes leftover after parsing attributes in process `syz.2.825'. [ 419.989996][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 420.676839][ T8841] MTD: Couldn't look up 'Ÿë': -2 [ 421.039988][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 421.615018][ T8843] netlink: 'syz.1.827': attribute type 10 has an invalid length. [ 421.622973][ T8843] netlink: 40 bytes leftover after parsing attributes in process `syz.1.827'. [ 421.633222][ T8843] geneve0: left allmulticast mode [ 421.667665][ T8843] team0: Port device geneve0 added [ 422.178913][ T8843] syz.1.827 (8843) used greatest stack depth: 17992 bytes left [ 422.318591][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 423.093536][ T8853] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 423.103246][ T8853] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 423.469483][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 423.773869][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 423.782722][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 423.845066][ T8856] overlayfs: missing 'lowerdir' [ 424.462001][ T5142] Bluetooth: hci5: command 0x1003 tx timeout [ 424.466272][ T5831] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 424.495749][ T30] audit: type=1326 audit(1744672329.358:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8858 comm="syz.0.833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc58818d169 code=0x0 [ 424.528365][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 424.941961][ T8866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.832'. [ 424.987050][ T8866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.832'. [ 425.698580][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 426.995755][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 427.056654][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.238258][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 428.566983][ T8882] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 428.570650][ T8892] sp0: Synchronizing with TNC [ 429.083487][ T8900] IPVS: set_ctl: invalid protocol: 22 172.30.1.5:20003 [ 429.906854][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.115234][ T8902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.127387][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.138212][ T8902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.238928][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.503686][ T8899] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.532682][ T8899] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.541338][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 431.945344][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 431.961192][ T2922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 434.980082][ T5968] net_ratelimit: 5 callbacks suppressed [ 434.980100][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 436.222005][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.231272][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.261285][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.269936][ T6020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.292691][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.312132][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 438.099576][ T8966] dvmrp0: entered allmulticast mode [ 438.690396][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 438.746291][ T8967] mkiss: ax0: crc mode is auto. [ 439.722291][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 440.936402][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.942968][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.960121][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 441.065363][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 441.659445][ T8979] 9pnet_fd: p9_fd_create_tcp (8979): problem connecting socket to 127.0.0.1 [ 442.002430][ T8993] netlink: 48 bytes leftover after parsing attributes in process `syz.2.863'. [ 442.039405][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 442.926552][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 442.950840][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 442.961241][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 442.970179][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 444.280928][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 444.322340][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 444.830514][ T9023] lo speed is unknown, defaulting to 1000 [ 445.452076][ T52] IPVS: starting estimator thread 0... [ 445.469909][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 445.542540][ T9027] IPVS: using max 26 ests per chain, 62400 per kthread [ 445.958601][ T9033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.874'. [ 447.392755][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 448.100090][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 448.796074][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 449.625157][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 449.788348][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 450.263957][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 451.312122][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 451.882583][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 452.067184][ T9058] autofs: Bad value for 'fd' [ 452.357764][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 452.515308][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.458623][ T9069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.467104][ T9069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.475674][ T9069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.486963][ T9069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.495388][ T9069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.532367][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 454.282314][ T9059] delete_channel: no stack [ 454.739702][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 454.922320][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 455.548084][ T9093] netlink: 20 bytes leftover after parsing attributes in process `syz.1.892'. [ 455.912552][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 457.809021][ T9119] netlink: 'syz.1.903': attribute type 58 has an invalid length. [ 457.850603][ T5831] Bluetooth: hci1: unexpected event for opcode 0x0c26 [ 457.953866][ T5837] net_ratelimit: 2 callbacks suppressed [ 457.953890][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 458.062334][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 458.233205][ T9135] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 459.359071][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 459.832596][ T5882] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 459.886549][ T9171] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 459.994882][ T9174] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 460.003223][ T5882] usb 5-1: Using ep0 maxpacket: 32 [ 460.026734][ T5882] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=cd.c6 [ 460.044198][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.062026][ T5882] usb 5-1: Product: syz [ 460.072112][ T5882] usb 5-1: Manufacturer: syz [ 460.103114][ T5882] usb 5-1: SerialNumber: syz [ 460.134877][ T5882] usb 5-1: config 0 descriptor?? [ 460.439436][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 461.493409][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 461.504703][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 461.990610][ T9206] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 462.826120][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 462.968532][ T10] usb 5-1: USB disconnect, device number 14 [ 463.002817][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 463.020310][ T9213] vlan0: entered promiscuous mode [ 463.499202][ T9227] misc userio: The device must be registered before sending interrupts [ 463.505789][ T9231] usb usb8: usbfs: process 9231 (syz.2.951) did not claim interface 0 before use [ 463.802095][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 463.810649][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 463.819570][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 463.828168][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.312367][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.515857][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 465.692340][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 465.905113][ T9265] tmpfs: Bad value for 'mpol' [ 466.202006][ T5884] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 466.279640][ T9282] netlink: 20 bytes leftover after parsing attributes in process `syz.3.973'. [ 466.395088][ T5884] usb 3-1: Using ep0 maxpacket: 32 [ 466.409977][ T5884] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 466.441940][ T5884] usb 3-1: config 0 has no interface number 0 [ 466.490683][ T5884] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 466.512104][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.520669][ T5884] usb 3-1: Product: syz [ 466.556029][ T5884] usb 3-1: Manufacturer: syz [ 466.560717][ T5884] usb 3-1: SerialNumber: syz [ 466.562953][ T9292] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 466.604618][ T5884] usb 3-1: config 0 descriptor?? [ 466.634282][ T5884] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 466.672897][ T5884] usb 3-1: selecting invalid altsetting 1 [ 466.687332][ T5884] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 466.746770][ T5884] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 466.758539][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 466.800232][ T5884] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 466.816621][ T5884] usb 3-1: media controller created [ 466.905623][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 467.048081][ T5884] usb 3-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)... [ 467.077175][ T5884] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 467.101595][ T9314] netlink: 36 bytes leftover after parsing attributes in process `syz.1.989'. [ 467.307666][ T5884] DVB: Unable to find symbol mxl5005s_attach() [ 467.312015][ T9321] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 467.348239][ T5884] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 467.538068][ T5884] usb 3-1: USB disconnect, device number 10 [ 467.616472][ T9334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.998'. [ 468.300022][ T9363] No source specified [ 468.893616][ T9374] overlayfs: failed to clone upperpath [ 468.920011][ T30] audit: type=1326 audit(1744672373.618:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.083398][ T5968] net_ratelimit: 4 callbacks suppressed [ 469.083422][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 469.420644][ T30] audit: type=1326 audit(1744672373.618:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.486145][ T30] audit: type=1326 audit(1744672373.628:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.552573][ T30] audit: type=1326 audit(1744672373.628:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.672362][ T30] audit: type=1326 audit(1744672373.628:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.748253][ T9382] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 469.769295][ T30] audit: type=1326 audit(1744672373.628:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.878031][ T30] audit: type=1326 audit(1744672373.628:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 469.938168][ T30] audit: type=1326 audit(1744672373.628:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 470.021033][ T30] audit: type=1326 audit(1744672373.638:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 470.079398][ T30] audit: type=1326 audit(1744672373.638:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9365 comm="syz.0.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 470.112500][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 470.596845][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 470.642638][ T9418] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1037'. [ 470.652526][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1040'. [ 471.155003][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 472.118330][ T9456] bio_check_eod: 2 callbacks suppressed [ 472.118377][ T9456] syz.3.1052: attempt to access beyond end of device [ 472.118377][ T9456] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 472.407359][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 472.550038][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 473.183839][ T9498] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.1072'. [ 473.365932][ T9507] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1076'. [ 473.456565][ T9512] netlink: 'syz.0.1078': attribute type 2 has an invalid length. [ 473.479419][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 473.504098][ T9515] netlink: 'syz.3.1080': attribute type 5 has an invalid length. [ 473.635759][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.329347][ T9541] netlink: set zone limit has 4 unknown bytes [ 474.364322][ T9549] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.373709][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.503939][ T9553] vlan2: entered promiscuous mode [ 474.510961][ T9553] bridge0: entered promiscuous mode [ 474.519331][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.786822][ T9555] lo speed is unknown, defaulting to 1000 [ 475.559649][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 475.576647][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 475.576670][ T30] audit: type=1326 audit(1744672380.438:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 475.659916][ T30] audit: type=1326 audit(1744672380.438:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 475.712956][ T9596] netlink: 'syz.3.1118': attribute type 11 has an invalid length. [ 475.717477][ T30] audit: type=1326 audit(1744672380.468:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 475.793721][ T30] audit: type=1326 audit(1744672380.468:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 475.850555][ T30] audit: type=1326 audit(1744672380.468:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 475.930393][ T30] audit: type=1326 audit(1744672380.478:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 476.009948][ T30] audit: type=1326 audit(1744672380.478:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 476.096392][ T30] audit: type=1326 audit(1744672380.478:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 476.138890][ T30] audit: type=1326 audit(1744672380.478:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 476.204652][ T30] audit: type=1326 audit(1744672380.478:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x7ffc0000 [ 476.342546][ T9613] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 476.351708][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 476.492214][ T9619] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 476.527934][ T9619] dvmrp1: linktype set to 776 [ 476.592319][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 476.678884][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 477.023430][ T9639] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1136'. [ 477.478231][ T9657] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1146'. [ 477.640059][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 478.546359][ T9684] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1158'. [ 478.570642][ T9685] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1157'. [ 479.221962][ T5884] usb 5-1: new low-speed USB device number 15 using dummy_hcd [ 479.505634][ T5884] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 479.531950][ T5884] usb 5-1: config 179 has no interface number 0 [ 479.557578][ T5884] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 479.583908][ T9726] program syz.3.1178 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.592359][ T5884] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 479.643278][ T5884] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 479.681956][ T5884] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 479.715253][ T9214] net_ratelimit: 1 callbacks suppressed [ 479.715278][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 479.729120][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 479.731888][ T5884] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 479.772545][ T5884] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 479.814196][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.846582][ T9701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 479.892308][ T9701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 480.592328][ T95] usb 5-1: USB disconnect, device number 15 [ 480.592411][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 480.607054][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 480.768633][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 481.384211][ T9772] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 481.798961][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 481.952603][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 482.752377][ T95] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 482.838841][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.285317][ T9825] syz.2.1212: attempt to access beyond end of device [ 483.285317][ T9825] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 483.873570][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.906587][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 483.906608][ T30] audit: type=1326 audit(1744672388.768:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9834 comm="syz.0.1218" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc58818d169 code=0x0 [ 483.970104][ T9837] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 484.568604][ T9860] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1229'. [ 484.636082][ T95] kernel read not supported for file /vga_arbiter (pid: 95 comm: kworker/0:2) [ 484.918919][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.795605][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.968450][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 485.999163][ T9911] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 486.178509][ T9914] lo speed is unknown, defaulting to 1000 [ 486.272966][ T9921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1249'. [ 486.349469][ T9921] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.359128][ T9921] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.368227][ T9921] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.377262][ T9921] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.391772][ T9921] vxlan0: entered promiscuous mode [ 486.750689][ T9936] lo: entered allmulticast mode [ 486.773387][ T9935] netlink: 'syz.1.1255': attribute type 4 has an invalid length. [ 486.774020][ T9933] lo: left allmulticast mode [ 487.000340][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.094867][ T9956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.103679][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.146080][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.836009][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 489.037105][ T9966] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 489.189642][ T52] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 489.396562][ T52] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 489.418006][ T52] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 489.448791][ T52] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 489.471612][ T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.509116][ T9962] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 489.529342][ T52] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 489.789314][ T5882] usb 3-1: USB disconnect, device number 11 [ 490.105880][ T7592] udevd[7592]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 490.202486][ T5886] net_ratelimit: 1 callbacks suppressed [ 490.202507][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.205038][ T9986] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1276'. [ 490.843680][T10010] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1287'. [ 490.885595][T10010] netem: unknown loss type 13 [ 490.890619][T10010] netem: change failed [ 491.262409][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.410389][T10032] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1297'. [ 491.553329][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.874706][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.303567][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.637517][T10067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1310'. [ 493.312345][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.631557][T10079] kvm: emulating exchange as write [ 494.383026][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.428430][ T30] audit: type=1326 audit(1744672399.288:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10113 comm="syz.0.1326" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc58818d169 code=0x0 [ 494.956354][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.384335][T10131] syz.1.1329: attempt to access beyond end of device [ 495.384335][T10131] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 495.738271][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.181755][T10153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1334'. [ 496.770095][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.132580][T10179] syzkaller0: entered allmulticast mode [ 497.144983][T10179] syzkaller0: entered promiscuous mode [ 497.208317][T10179] syzkaller0 (unregistering): left promiscuous mode [ 497.261116][T10179] syzkaller0 (unregistering): left allmulticast mode [ 497.769779][T10188] lo speed is unknown, defaulting to 1000 [ 498.044294][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.073894][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.352032][ T30] audit: type=1326 audit(1744672403.198:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 498.476105][ T30] audit: type=1326 audit(1744672403.198:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 498.537068][ T30] audit: type=1326 audit(1744672403.198:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 498.562399][ T30] audit: type=1326 audit(1744672403.258:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 498.590668][ T30] audit: type=1326 audit(1744672403.258:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 498.637067][ T30] audit: type=1326 audit(1744672403.268:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 499.045979][ T30] audit: type=1326 audit(1744672403.268:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 499.278727][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.302290][ T30] audit: type=1326 audit(1744672403.268:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 499.331262][ T30] audit: type=1326 audit(1744672403.278:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.295325][ T30] audit: type=1326 audit(1744672403.278:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.318211][ T30] audit: type=1326 audit(1744672403.278:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.340991][ T30] audit: type=1326 audit(1744672403.278:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.363120][ T30] audit: type=1326 audit(1744672403.278:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.385366][ T30] audit: type=1326 audit(1744672403.288:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.407482][ T30] audit: type=1326 audit(1744672403.288:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.430058][ T30] audit: type=1326 audit(1744672403.288:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.472175][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.529365][ T30] audit: type=1326 audit(1744672403.288:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.614092][ T30] audit: type=1326 audit(1744672403.288:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10195 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe21718d169 code=0x7ffc0000 [ 500.639609][ T30] audit: type=1326 audit(1744672403.308:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10198 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe2171bfa25 code=0x7ffc0000 [ 500.743024][T10222] hsr0: entered promiscuous mode [ 501.152796][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.490899][T10217] hsr0: left promiscuous mode [ 501.502754][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.562170][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.796320][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.807551][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.609586][T10240] lo speed is unknown, defaulting to 1000 [ 502.744284][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.842125][ T52] IPVS: starting estimator thread 0... [ 503.021184][T10248] IPVS: using max 26 ests per chain, 62400 per kthread [ 503.826632][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.579849][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.853325][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.212389][T10287] tipc: Started in network mode [ 505.245124][T10287] tipc: Node identity 080211000001, cluster identity 4711 [ 506.551260][T10287] tipc: Enabled bearer , priority 0 [ 506.583472][T10296] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 506.613890][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 506.686873][T10296] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 507.696850][ T5882] tipc: Node number set to 134418688 [ 507.704736][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 507.736936][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 507.771046][T10292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 509.339033][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 509.472077][ T5882] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 509.782123][ T5882] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 510.393033][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.490460][ T5882] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 510.499702][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.519846][ T5882] usb 5-1: config 0 descriptor?? [ 510.573180][ T5882] pwc: Askey VC010 type 2 USB webcam detected. [ 510.612303][ T52] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 510.642197][T10346] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1398'. [ 510.748592][T10348] IPVS: Scheduler module ip_vs_sip not found [ 510.755450][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.765503][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.811973][ T52] usb 4-1: Using ep0 maxpacket: 32 [ 510.841045][ T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.882000][ T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.903543][ T52] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 510.915925][ T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.948506][ T52] usb 4-1: config 0 descriptor?? [ 511.101169][T10356] syz.1.1401: attempt to access beyond end of device [ 511.101169][T10356] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 511.117595][T10356] EXT4-fs (loop1): unable to read superblock [ 511.157667][ T5882] pwc: recv_control_msg error -32 req 02 val 2b00 [ 511.175063][ T5882] pwc: recv_control_msg error -32 req 02 val 2700 [ 511.269426][ T5882] pwc: recv_control_msg error -32 req 02 val 2c00 [ 511.367796][ T5882] pwc: recv_control_msg error -32 req 04 val 1000 [ 511.623378][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 511.677384][ T5882] pwc: recv_control_msg error -32 req 04 val 1400 [ 511.698272][ T5882] pwc: recv_control_msg error -71 req 02 val 2000 [ 511.736789][ T5882] pwc: recv_control_msg error -71 req 02 val 2100 [ 511.772601][ T5882] pwc: recv_control_msg error -71 req 04 val 1500 [ 511.810001][ T5882] pwc: recv_control_msg error -71 req 02 val 2500 [ 511.868299][ T52] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.0003/input/input13 [ 511.983657][ T5882] pwc: recv_control_msg error -71 req 02 val 2400 [ 511.995312][ T5882] pwc: recv_control_msg error -71 req 02 val 2600 [ 512.012209][ T5882] pwc: recv_control_msg error -71 req 02 val 2900 [ 512.024620][ T52] sony 0003:054C:03D5.0003: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 512.030123][ T5882] pwc: recv_control_msg error -71 req 02 val 2800 [ 512.061183][ T5882] pwc: recv_control_msg error -71 req 04 val 1100 [ 512.081773][ T5882] pwc: recv_control_msg error -71 req 04 val 1200 [ 512.111406][ T5882] pwc: Registered as video103. [ 512.157427][ T5882] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14 [ 512.184038][ T10] usb 4-1: USB disconnect, device number 15 [ 512.184911][T10368] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 512.272293][ T5886] lo speed is unknown, defaulting to 1000 [ 512.301717][ T5882] usb 5-1: USB disconnect, device number 16 [ 512.428840][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 512.428863][ T30] audit: type=1800 audit(1744672417.288:135): pid=10377 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1406" name="/" dev="9p" ino=2 res=0 errno=0 [ 512.761918][T10380] new mount options do not match the existing superblock, will be ignored [ 512.812397][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 513.278544][T10382] netlink: 'syz.4.1408': attribute type 1 has an invalid length. [ 513.516962][T10382] 8021q: adding VLAN 0 to HW filter on device bond2 [ 513.526898][T10389] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 514.277557][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.381377][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.406568][ T2976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.426618][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.440062][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.546731][T10388] 8021q: adding VLAN 0 to HW filter on device bond2 [ 514.565745][T10388] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 514.582562][T10388] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 514.726504][T10382] ip6erspan0: entered promiscuous mode [ 514.772409][T10382] bond2: (slave ip6erspan0): making interface the new active one [ 514.787712][T10382] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 515.500524][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 516.933509][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 517.952716][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.452299][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.352281][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.475157][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.493255][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.555437][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.563982][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.119269][T10456] netlink: del zone limit has 4 unknown bytes [ 521.777935][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.034876][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 523.803315][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.484433][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.317867][T10487] loop6: detected capacity change from 0 to 63 [ 525.900954][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.054681][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.064181][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.079713][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.089058][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.104378][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.113623][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.129176][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.138475][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.147702][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.156636][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.165875][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.174304][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.183602][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.191950][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.201297][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.288600][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.297982][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.308067][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.317356][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.331851][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.341100][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.453539][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.462966][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 526.918372][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 527.312240][T10487] ldm_validate_partition_table(): Disk read failed. [ 527.467813][T10487] Dev loop6: unable to read RDB block 0 [ 527.504940][T10487] loop6: unable to read partition table [ 527.511671][T10487] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 528.552039][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.062134][T10511] netlink: 'syz.4.1444': attribute type 1 has an invalid length. [ 529.225672][T10513] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 529.240756][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.254858][T10513] bond3: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 529.273669][T10515] xt_CT: You must specify a L4 protocol and not use inversions on it [ 529.366581][T10513] bond3: (slave vcan1): making interface the new active one [ 529.578688][T10513] bond3: (slave vcan1): Enslaving as an active interface with an up link [ 529.638292][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.402037][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.675992][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.189124][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.198621][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.206877][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.223212][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.233718][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.106467][ T5831] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 535.118646][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: kworker/u9:2 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 535.118678][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 535.118699][ T5831] Workqueue: hci3 hci_rx_work [ 535.118727][ T5831] Call Trace: [ 535.118737][ T5831] [ 535.118746][ T5831] dump_stack_lvl+0x241/0x360 [ 535.118781][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 535.118810][ T5831] ? __pfx__printk+0x10/0x10 [ 535.118836][ T5831] ? kernfs_path_from_node+0x2b/0x250 [ 535.118869][ T5831] ? kernfs_path_from_node+0x217/0x250 [ 535.118900][ T5831] sysfs_create_dir_ns+0x2fd/0x3f0 [ 535.118930][ T5831] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 535.118968][ T5831] kobject_add_internal+0x435/0x8d0 [ 535.119007][ T5831] kobject_add+0x15b/0x230 [ 535.119033][ T5831] ? do_raw_spin_unlock+0x13c/0x8b0 [ 535.119062][ T5831] ? device_add+0x3e7/0xbf0 [ 535.119087][ T5831] ? __pfx_kobject_add+0x10/0x10 [ 535.119114][ T5831] ? _raw_spin_unlock+0x28/0x50 [ 535.119140][ T5831] ? get_device_parent+0x165/0x410 [ 535.119169][ T5831] device_add+0x4e5/0xbf0 [ 535.119201][ T5831] hci_conn_add_sysfs+0xe8/0x200 [ 535.119235][ T5831] le_conn_complete_evt+0xc6e/0x12a0 [ 535.119278][ T5831] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 535.119300][ T5831] ? __mutex_unlock_slowpath+0x229/0x800 [ 535.119331][ T5831] ? __skb_clone+0x5c/0x6d0 [ 535.119358][ T5831] ? skb_pull_data+0x112/0x230 [ 535.119390][ T5831] hci_le_conn_complete_evt+0x18c/0x420 [ 535.119424][ T5831] hci_event_packet+0xa5c/0x1550 [ 535.119471][ T5831] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 535.119501][ T5831] ? __pfx_hci_event_packet+0x10/0x10 [ 535.119538][ T5831] ? kcov_remote_start+0x480/0x7d0 [ 535.119566][ T5831] ? lockdep_hardirqs_on+0x9d/0x150 [ 535.119596][ T5831] ? hci_send_to_monitor+0xdc/0x530 [ 535.119625][ T5831] hci_rx_work+0x3f3/0xdb0 [ 535.119658][ T5831] ? process_scheduled_works+0x9cb/0x18e0 [ 535.119680][ T5831] process_scheduled_works+0xac3/0x18e0 [ 535.119741][ T5831] ? __pfx_process_scheduled_works+0x10/0x10 [ 535.119776][ T5831] ? assign_work+0x367/0x3d0 [ 535.119805][ T5831] worker_thread+0x870/0xd50 [ 535.119848][ T5831] ? __kthread_parkme+0x1a8/0x200 [ 535.119877][ T5831] ? __pfx_worker_thread+0x10/0x10 [ 535.119900][ T5831] kthread+0x7b7/0x940 [ 535.119929][ T5831] ? __pfx_worker_thread+0x10/0x10 [ 535.119953][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.119976][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.120001][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.120027][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.120052][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 535.120071][ T5831] ? lockdep_hardirqs_on+0x9d/0x150 [ 535.120095][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.120122][ T5831] ret_from_fork+0x4b/0x80 [ 535.120141][ T5831] ? __pfx_kthread+0x10/0x10 [ 535.120167][ T5831] ret_from_fork_asm+0x1a/0x30 [ 535.120216][ T5831] [ 535.398241][ C0] vkms_vblank_simulate: vblank timer overrun [ 535.403358][ T5831] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 535.418542][ T5831] Bluetooth: hci3: failed to register connection device [ 535.419350][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 535.449364][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 536.747199][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.275166][T10592] ERROR: device name not specified. [ 537.632442][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.799393][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.956898][T10598] batman_adv: batadv0: Adding interface: dummy0 [ 537.964060][T10598] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.002567][T10598] batman_adv: batadv0: Interface activated: dummy0 [ 538.029856][T10601] batadv0: mtu less than device minimum [ 538.038143][T10601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 538.049801][T10601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 538.061047][T10601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 539.538786][T10620] xt_CT: You must specify a L4 protocol and not use inversions on it [ 539.657252][ T5882] net_ratelimit: 18 callbacks suppressed [ 539.657279][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 540.229869][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 540.302480][ T5882] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 541.191879][ T5882] usb 5-1: Using ep0 maxpacket: 32 [ 541.281245][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 541.310262][ T5882] usb 5-1: config 7 has an invalid interface number: 37 but max is 0 [ 541.320392][ T5882] usb 5-1: config 7 has no interface number 0 [ 541.327813][ T5882] usb 5-1: config 7 interface 37 has no altsetting 0 [ 541.482773][T10637] overlayfs: failed to clone lowerpath [ 542.181387][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 542.201882][ T5882] usb 5-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=7b.71 [ 542.213489][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.221514][ T5882] usb 5-1: Product: syz [ 542.226458][ T5882] usb 5-1: Manufacturer: syz [ 542.231184][ T5882] usb 5-1: SerialNumber: syz [ 542.319386][T10644] IPv6: NLM_F_REPLACE set, but no existing node found! [ 542.365120][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.595559][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.801782][ T5882] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 544.024927][ T5882] gspca_m5602: Failed to find a sensor [ 544.034352][ T5882] ALi m5602 5-1:7.37: ALi m5602 webcam failed [ 544.045109][ T5882] usb 5-1: USB disconnect, device number 17 [ 544.733262][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 544.911322][T10670] [ 544.913710][T10670] ====================================================== [ 544.920907][T10670] WARNING: possible circular locking dependency detected [ 544.927941][T10670] 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 Not tainted [ 544.935052][T10670] ------------------------------------------------------ [ 544.942144][T10670] syz.2.1493/10670 is trying to acquire lock: [ 544.948294][T10670] ffffffff900eb308 (rtnl_mutex){+.+.}-{4:4}, at: ip_mroute_setsockopt+0x161/0x11f0 [ 544.957718][T10670] [ 544.957718][T10670] but task is already holding lock: [ 544.965274][T10670] ffff88807c290aa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 544.975403][T10670] [ 544.975403][T10670] which lock already depends on the new lock. [ 544.975403][T10670] [ 544.985808][T10670] [ 544.985808][T10670] the existing dependency chain (in reverse order) is: [ 544.994824][T10670] [ 544.994824][T10670] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 545.003787][T10670] lock_acquire+0x116/0x2f0 [ 545.008819][T10670] __mutex_lock+0x1a5/0x10c0 [ 545.013938][T10670] smc_switch_to_fallback+0x35/0xda0 [ 545.019750][T10670] smc_sendmsg+0x11f/0x530 [ 545.024691][T10670] __sock_sendmsg+0x221/0x270 [ 545.029982][T10670] __sys_sendto+0x365/0x4c0 [ 545.035007][T10670] __x64_sys_sendto+0xde/0x100 [ 545.040294][T10670] do_syscall_64+0xf3/0x230 [ 545.045340][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.051758][T10670] [ 545.051758][T10670] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 545.059424][T10670] lock_acquire+0x116/0x2f0 [ 545.064457][T10670] lock_sock_nested+0x48/0x100 [ 545.069928][T10670] do_ip_setsockopt+0x17e9/0x39c0 [ 545.076038][T10670] ip_setsockopt+0x63/0x100 [ 545.081081][T10670] do_sock_setsockopt+0x3b1/0x710 [ 545.086907][T10670] __x64_sys_setsockopt+0x1ee/0x280 [ 545.092631][T10670] do_syscall_64+0xf3/0x230 [ 545.097749][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.104355][T10670] [ 545.104355][T10670] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 545.111664][T10670] validate_chain+0xa69/0x24e0 [ 545.117014][T10670] __lock_acquire+0xad5/0xd80 [ 545.122328][T10670] lock_acquire+0x116/0x2f0 [ 545.127449][T10670] __mutex_lock+0x1a5/0x10c0 [ 545.132573][T10670] ip_mroute_setsockopt+0x161/0x11f0 [ 545.138647][T10670] do_ip_setsockopt+0x1114/0x39c0 [ 545.144200][T10670] ip_setsockopt+0x63/0x100 [ 545.149229][T10670] smc_setsockopt+0x25c/0xd50 [ 545.154433][T10670] do_sock_setsockopt+0x3b1/0x710 [ 545.160066][T10670] __x64_sys_setsockopt+0x1ee/0x280 [ 545.165787][T10670] do_syscall_64+0xf3/0x230 [ 545.170905][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.177321][T10670] [ 545.177321][T10670] other info that might help us debug this: [ 545.177321][T10670] [ 545.187645][T10670] Chain exists of: [ 545.187645][T10670] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 545.187645][T10670] [ 545.201216][T10670] Possible unsafe locking scenario: [ 545.201216][T10670] [ 545.208676][T10670] CPU0 CPU1 [ 545.214102][T10670] ---- ---- [ 545.219476][T10670] lock(&smc->clcsock_release_lock); [ 545.224941][T10670] lock(sk_lock-AF_INET); [ 545.231882][T10670] lock(&smc->clcsock_release_lock); [ 545.239790][T10670] lock(rtnl_mutex); [ 545.243776][T10670] [ 545.243776][T10670] *** DEADLOCK *** [ 545.243776][T10670] [ 545.251925][T10670] 1 lock held by syz.2.1493/10670: [ 545.257057][T10670] #0: ffff88807c290aa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 545.267773][T10670] [ 545.267773][T10670] stack backtrace: [ 545.273660][T10670] CPU: 1 UID: 0 PID: 10670 Comm: syz.2.1493 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 545.273681][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 545.273691][T10670] Call Trace: [ 545.273697][T10670] [ 545.273703][T10670] dump_stack_lvl+0x241/0x360 [ 545.273726][T10670] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.273747][T10670] ? __pfx__printk+0x10/0x10 [ 545.273767][T10670] ? print_lock+0x171/0x1a0 [ 545.273786][T10670] print_circular_bug+0x2e1/0x300 [ 545.273806][T10670] check_noncircular+0x142/0x160 [ 545.273828][T10670] validate_chain+0xa69/0x24e0 [ 545.273849][T10670] ? irqentry_exit+0x63/0x90 [ 545.273865][T10670] ? lockdep_hardirqs_on+0x9d/0x150 [ 545.273886][T10670] __lock_acquire+0xad5/0xd80 [ 545.273903][T10670] lock_acquire+0x116/0x2f0 [ 545.273916][T10670] ? ip_mroute_setsockopt+0x161/0x11f0 [ 545.273940][T10670] __mutex_lock+0x1a5/0x10c0 [ 545.273957][T10670] ? ip_mroute_setsockopt+0x161/0x11f0 [ 545.273980][T10670] ? preempt_schedule_common+0x84/0xd0 [ 545.273996][T10670] ? ip_mroute_setsockopt+0x161/0x11f0 [ 545.274015][T10670] ? __pfx___mutex_lock+0x10/0x10 [ 545.274039][T10670] ip_mroute_setsockopt+0x161/0x11f0 [ 545.274058][T10670] ? preempt_schedule+0xe4/0xf0 [ 545.274073][T10670] ? preempt_schedule_common+0x84/0xd0 [ 545.274092][T10670] ? register_lock_class+0x54/0x330 [ 545.274106][T10670] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 545.274131][T10670] ? __pfx___mutex_trylock_common+0x10/0x10 [ 545.274151][T10670] do_ip_setsockopt+0x1114/0x39c0 [ 545.274172][T10670] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 545.274191][T10670] ? smc_setsockopt+0x1b2/0xd50 [ 545.274207][T10670] ? __pfx___mutex_lock+0x10/0x10 [ 545.274226][T10670] ? futex_wake+0x525/0x5d0 [ 545.274243][T10670] ip_setsockopt+0x63/0x100 [ 545.274260][T10670] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 545.274282][T10670] smc_setsockopt+0x25c/0xd50 [ 545.274301][T10670] ? __pfx_smc_setsockopt+0x10/0x10 [ 545.274336][T10670] ? __lock_acquire+0xad5/0xd80 [ 545.274353][T10670] ? __pfx_smc_setsockopt+0x10/0x10 [ 545.274370][T10670] do_sock_setsockopt+0x3b1/0x710 [ 545.274388][T10670] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 545.274410][T10670] ? __fget_files+0x2a/0x420 [ 545.274428][T10670] ? __fget_files+0x39d/0x420 [ 545.274444][T10670] ? __fget_files+0x2a/0x420 [ 545.274462][T10670] __x64_sys_setsockopt+0x1ee/0x280 [ 545.274479][T10670] do_syscall_64+0xf3/0x230 [ 545.274498][T10670] ? clear_bhb_loop+0x45/0xa0 [ 545.274515][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.274530][T10670] RIP: 0033:0x7ff6df18d169 [ 545.274546][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.274559][T10670] RSP: 002b:00007ff6e0096038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 545.274576][T10670] RAX: ffffffffffffffda RBX: 00007ff6df3a6080 RCX: 00007ff6df18d169 [ 545.274589][T10670] RDX: 00000000000000d3 RSI: 0000000000000000 RDI: 0000000000000009 [ 545.274601][T10670] RBP: 00007ff6df20e990 R08: 0000000000000000 R09: 0000000000000000 [ 545.274611][T10670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.274621][T10670] R13: 0000000000000000 R14: 00007ff6df3a6080 R15: 00007ffd3ad09b78 [ 545.274645][T10670] [ 545.282192][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.441569][T10672] netlink: 'syz.3.1494': attribute type 27 has an invalid length. [ 545.792301][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.964829][T10672] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.975987][T10672] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.986988][T10672] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.998947][T10672] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.026617][T10672] tipc: Resetting bearer [ 546.034384][T10672] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode [ 546.041662][T10672] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode [ 546.125114][T10673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.135098][T10673] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.145335][T10673] chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 [ 546.156002][T10673] caif:caif_disconnect_client(): nothing to disconnect [ 546.164594][T10673] chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT [ 546.174716][T10673] chnl_net:chnl_net_open(): state disconnected [ 546.181550][T10673] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 546.832361][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 547.872605][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.352134][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.914071][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.152195][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.952490][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.992131][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.392839][ T9214] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.032139][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 553.072111][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 554.112352][ T882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 554.432212][ T5882] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog