last executing test programs: 3m43.968655868s ago: executing program 1 (id=884): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYRES16=r5, @ANYBLOB="010080000000000000000800000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="8b3300000000000000000500000008000300", @ANYRES64], 0x38}}, 0x0) 3m42.646143636s ago: executing program 1 (id=889): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffff341) 3m41.821864621s ago: executing program 1 (id=896): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a000000020000", 0x7) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) write(r0, &(0x7f0000000180)="a1", 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9) 3m41.066647985s ago: executing program 1 (id=900): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000500)='.\x00', 0xffffffffffffff9c, &(0x7f0000000580)='./file0/file0\x00', 0x0) umount2(0x0, 0xa) 3m40.48713722s ago: executing program 1 (id=905): socket$packet(0x11, 0x2, 0x300) r0 = socket(0xa, 0x3, 0x87) sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x1b) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendmmsg$inet(r1, 0x0, 0x0, 0x2000c044) 3m39.58669923s ago: executing program 1 (id=909): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x14000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001000000000000000000"], 0xb8}}, 0x20040014) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) 3m37.673681053s ago: executing program 32 (id=909): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x14000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001000000000000000000"], 0xb8}}, 0x20040014) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) 14.130137415s ago: executing program 5 (id=1585): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000000)="e6", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r0, 0x1) recvfrom(r0, 0x0, 0x0, 0x61, 0x0, 0x0) 12.025578868s ago: executing program 5 (id=1589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1c060}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket(0x2a, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000440)=@caif, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x10b8}, 0x200008c0) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, 0x0, 0x18}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r6 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x31c000}) 9.71518546s ago: executing program 4 (id=1594): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x23d50e}) 9.322018896s ago: executing program 0 (id=1596): socket$packet(0x11, 0x3, 0x300) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000006c0)) socketpair$unix(0x1, 0x3, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0) ioctl$COMEDI_CMD(r0, 0x80506409, &(0x7f0000000100)={0x0, 0x20, 0x10, 0x6dd, 0x4, 0x0, 0x2, 0xb05, 0x20, 0x1, 0x40, 0x7, &(0x7f0000000000)=[0x4], 0x8, 0x0}) 9.156119503s ago: executing program 3 (id=1597): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x9c}}, 0x0) 8.935222909s ago: executing program 5 (id=1598): syz_emit_ethernet(0x7f, &(0x7f00000001c0)={@random="856b934629fa", @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x49, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x22eb, 0x0, 0x0, [0x4d98]}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "c047c4"}, {0xdd86}}}}}}}, 0x0) 8.915219141s ago: executing program 0 (id=1599): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_stats_latency\x00', 0xffffffffffffffff, 0x0, 0xf}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 8.886802304s ago: executing program 4 (id=1600): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lchown(&(0x7f0000000700)='./file0\x00', 0x0, 0x0) 8.65922472s ago: executing program 3 (id=1601): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), 0x6}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000780)={0x200, 0x1, &(0x7f0000000280)=[0x0], &(0x7f00000002c0)=[0x9], &(0x7f0000000400)=[r1, 0x0, 0x0], &(0x7f0000000740), 0x0, 0x522}) 8.606609762s ago: executing program 2 (id=1602): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, 0x0, 0x8850) 8.446687392s ago: executing program 5 (id=1603): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = socket(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xffffff07, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0xe) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x22102, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) 8.131476305s ago: executing program 0 (id=1604): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c0017"], 0x38}}, 0x0) 8.016883004s ago: executing program 4 (id=1605): syz_emit_vhci(0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x99}, "0304769b31e63c29c3cf2094f492463d1e9e95083f24eabd9ae5c1f75b3c0e0455988a8831ee90264511e09f20ae0b342c73079411640f34dfcea012cf9dbce5466bb127a344165d56c0ae490882e7d392947f681f75a09214968df85173ea5ef7ded4a5cfe66a85eb762fdc97163cfb9025adb97683b6ec3663a2398d9e52bc0d4b01eb98b015a91f13d1b2b3c1d3b63aa43ce3aac1f97db5"}, 0x9d) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffffff7, 0xdaca, 0xe) syz_emit_vhci(&(0x7f0000001700)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x0, @none, "35ce219b7c6664cc2011d8622a15857be192f214d1cafa2c946aa163fc9b6757a93bb1240ec5acfd30d38c4b0f64fb1fa163ee26b91a03f34dbb5c6cad8b1d6454199af787bb94edc4996a35ebfa24fc9461442c974bcc84447e978053a186dfb62f48282339fca1012e19b5f69272b3079279d27e97fd2ee0b5d72d5ac9dadb93f254a78f713dec8267f9563a79a7dfe2573ab444e13837330fb62c4c78c762e8671dfb77d180bfbebd597f28cd2cd99957c047e23e0070ef59fd95c2e587c3df361200f458af8883f2b5090ff28d76e2eda4de373c93b9b69b3894bf038a33c9e9a9a5d6c1ff3e93399ab89c6f4f74cf4e9a08010e50aa"}}}, 0x102) socket$packet(0x11, 0x3, 0x300) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={0x0}}, 0x4c000) ioctl$KVM_CAP_HYPERV_VP_INDEX(0xffffffffffffffff, 0x4068aea3, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001b80)='freezer.self_freezing\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000001bc0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x4}}, 0x9) 7.947209587s ago: executing program 2 (id=1606): syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="bb0900000000000000f1f98186dd60f4ad"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x52f}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="080000000000000090000040"]) 7.944898521s ago: executing program 3 (id=1607): syz_emit_vhci(&(0x7f0000001080)=ANY=[@ANYBLOB], 0x8) 6.957911175s ago: executing program 3 (id=1608): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1b1c, 0x1c0c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000180)={0x20, 0xe, 0xa, {0xa, 0xb, "9799387af9dd7231"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) landlock_restrict_self(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x400000, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r4, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60) getsockopt$inet_buf(r4, 0x118, 0x2, 0x0, &(0x7f00000003c0)) ioctl$sock_SIOCGPGRP(r2, 0x8904, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r6 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) write$binfmt_register(r6, &(0x7f0000000280)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x5, 0x3a, '#! ', 0x3a, '/dev/kvm\x00', 0x3a, './file0'}, 0x33) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc8}}, 0x4) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) 6.911090156s ago: executing program 0 (id=1609): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x8000) socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg(r2, &(0x7f0000000c80)={&(0x7f0000000a40)=@qipcrtr={0x2a, 0x2, 0x8000}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000ac0)="d5c7", 0x2}], 0x1}, 0x4040044) socket(0x1d, 0x2, 0x6) socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) r3 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25ff02000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x30}], 0x1}, 0x0) 6.894211742s ago: executing program 4 (id=1610): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB]) 6.411206535s ago: executing program 2 (id=1611): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa0}}, 0x0) 4.489933762s ago: executing program 0 (id=1612): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x6, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x10}, {0x1, 0xb}, {0x8, 0xc}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1f, 0x40, 0xd, 0x2b9376c, 0x8, 0xfffffffd, 0x41a3, 0x1, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4.055385924s ago: executing program 4 (id=1613): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000200)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0x16) socket(0x10, 0x3, 0x0) syz_emit_ethernet(0x7f, &(0x7f00000001c0)={@random="856b934629fa", @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x49, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x22eb, 0x0, 0x0, [0x4d98]}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "c047c4"}, {0xdd86}}}}}}}, 0x0) 3.973451056s ago: executing program 2 (id=1614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x8000) socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg(r2, &(0x7f0000000c80)={&(0x7f0000000a40)=@qipcrtr={0x2a, 0x2, 0x8000}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000ac0)="d5c7", 0x2}], 0x1}, 0x4040044) socket(0x1d, 0x2, 0x6) socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511}) r3 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25ff02000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x30}], 0x1}, 0x0) 2.045386238s ago: executing program 4 (id=1615): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lchown(&(0x7f0000000700)='./file0\x00', 0x0, 0x0) 1.572154429s ago: executing program 2 (id=1616): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, 0x0, 0x8850) 1.048598774s ago: executing program 3 (id=1617): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r3, 0xffffffffffffffff}) close_range(r0, r4, 0x0) 417.974679ms ago: executing program 5 (id=1618): r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25ff02000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x30}], 0x1}, 0x0) 348.507917ms ago: executing program 0 (id=1619): socket$nl_route(0x10, 0x3, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r1, 0x40046411, &(0x7f0000000000)=0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0) 77.779592ms ago: executing program 5 (id=1620): syz_emit_vhci(0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x99}, "0304769b31e63c29c3cf2094f492463d1e9e95083f24eabd9ae5c1f75b3c0e0455988a8831ee90264511e09f20ae0b342c73079411640f34dfcea012cf9dbce5466bb127a344165d56c0ae490882e7d392947f681f75a09214968df85173ea5ef7ded4a5cfe66a85eb762fdc97163cfb9025adb97683b6ec3663a2398d9e52bc0d4b01eb98b015a91f13d1b2b3c1d3b63aa43ce3aac1f97db5"}, 0x9d) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffffff7, 0xdaca, 0xe) syz_emit_vhci(&(0x7f0000001700)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x0, @none, "35ce219b7c6664cc2011d8622a15857be192f214d1cafa2c946aa163fc9b6757a93bb1240ec5acfd30d38c4b0f64fb1fa163ee26b91a03f34dbb5c6cad8b1d6454199af787bb94edc4996a35ebfa24fc9461442c974bcc84447e978053a186dfb62f48282339fca1012e19b5f69272b3079279d27e97fd2ee0b5d72d5ac9dadb93f254a78f713dec8267f9563a79a7dfe2573ab444e13837330fb62c4c78c762e8671dfb77d180bfbebd597f28cd2cd99957c047e23e0070ef59fd95c2e587c3df361200f458af8883f2b5090ff28d76e2eda4de373c93b9b69b3894bf038a33c9e9a9a5d6c1ff3e93399ab89c6f4f74cf4e9a08010e50aa"}}}, 0x102) socket$packet(0x11, 0x3, 0x300) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={0x0}}, 0x4c000) syz_emit_vhci(&(0x7f0000001b40)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001b80)='freezer.self_freezing\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000001bc0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x4}}, 0x9) 38.165198ms ago: executing program 3 (id=1621): syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="bb0900000000000000f1f98186dd60f4ad"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="080000000000000090000040"]) 0s ago: executing program 2 (id=1622): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1c060}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket(0x2a, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000440)=@caif, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x10b8}, 0x200008c0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x31c000}) kernel console output (not intermixed with test programs): oot/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 326.093192][ T30] audit: type=1326 audit(1756951968.843:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6914 comm="syz.0.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 326.157974][ T6921] netlink: 64 bytes leftover after parsing attributes in process `syz.1.329'. [ 327.804109][ T6938] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'. [ 327.813759][ T6938] netlink: 108 bytes leftover after parsing attributes in process `syz.3.336'. [ 327.824108][ T6938] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'. [ 327.834135][ T6938] netlink: 108 bytes leftover after parsing attributes in process `syz.3.336'. [ 327.846856][ T6938] netlink: 84 bytes leftover after parsing attributes in process `syz.3.336'. [ 328.129977][ T6934] loop1: detected capacity change from 0 to 2048 [ 328.777551][ T6944] Zero length message leads to an empty skb [ 329.617700][ T6950] netlink: 64 bytes leftover after parsing attributes in process `syz.2.342'. [ 330.706193][ T6960] netlink: 'syz.3.346': attribute type 3 has an invalid length. [ 332.634919][ T6978] loop0: detected capacity change from 0 to 2048 [ 332.804049][ T6978] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 332.909941][ T30] kauditd_printk_skb: 85 callbacks suppressed [ 332.910028][ T30] audit: type=1800 audit(1756951975.763:467): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.353" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 333.017689][ T30] audit: type=1326 audit(1756951975.833:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.040993][ T30] audit: type=1326 audit(1756951975.833:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.064453][ T30] audit: type=1326 audit(1756951975.833:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.090966][ T30] audit: type=1326 audit(1756951975.843:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.114762][ T30] audit: type=1326 audit(1756951975.843:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.138034][ T30] audit: type=1326 audit(1756951975.853:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.160980][ T30] audit: type=1326 audit(1756951975.853:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f820f58ec23 code=0x7ffc0000 [ 333.187319][ T30] audit: type=1326 audit(1756951975.873:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f820f58ec23 code=0x7ffc0000 [ 333.211899][ T30] audit: type=1326 audit(1756951975.873:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6983 comm="syz.4.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 333.339613][ T5807] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.252964][ T6999] netlink: 68 bytes leftover after parsing attributes in process `syz.3.362'. [ 335.308234][ T3912] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.429773][ T3912] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.639142][ T7011] loop3: detected capacity change from 0 to 512 [ 335.721626][ T3958] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.794521][ T7011] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 335.885200][ T7011] EXT4-fs (loop3): orphan cleanup on readonly fs [ 335.916981][ T3958] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.018801][ T7011] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.365: Failed to acquire dquot type 1 [ 336.107739][ T7011] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.365: bg 0: block 40: padding at end of block bitmap is not set [ 336.195672][ T7011] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 336.254429][ T7011] EXT4-fs (loop3): 1 truncate cleaned up [ 336.264283][ T7011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 336.316277][ T7008] netlink: 'syz.3.365': attribute type 33 has an invalid length. [ 336.325525][ T7008] netlink: 152 bytes leftover after parsing attributes in process `syz.3.365'. [ 337.270501][ T5812] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.464817][ T5817] Bluetooth: hci1: command 0x0406 tx timeout [ 339.471518][ T49] Bluetooth: hci0: command 0x0406 tx timeout [ 339.478645][ T5107] Bluetooth: hci3: command 0x0406 tx timeout [ 339.481487][ T5820] Bluetooth: hci2: command 0x0406 tx timeout [ 339.485770][ T49] Bluetooth: hci4: command 0x0406 tx timeout [ 340.001302][ T7057] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.284162][ T7057] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.299803][ T7058] loop2: detected capacity change from 0 to 512 [ 340.614661][ T7058] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 340.660423][ T7057] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.965458][ T7057] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.235233][ T7058] EXT4-fs (loop2): orphan cleanup on readonly fs [ 341.271671][ T7058] __quota_error: 5 callbacks suppressed [ 341.271767][ T7058] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 341.287724][ T7058] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 341.300612][ T7058] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.382: Failed to acquire dquot type 1 [ 341.432798][ T3912] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.487652][ T7058] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.382: bg 0: block 40: padding at end of block bitmap is not set [ 341.579630][ T7058] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 341.641398][ T7058] EXT4-fs (loop2): 1 truncate cleaned up [ 341.655066][ T3958] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.665634][ T3958] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.694861][ T7058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 341.723145][ T3958] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.831693][ T7057] netlink: 'syz.2.382': attribute type 33 has an invalid length. [ 341.840394][ T7057] netlink: 152 bytes leftover after parsing attributes in process `syz.2.382'. [ 341.914628][ T7073] netlink: 'syz.3.387': attribute type 21 has an invalid length. [ 342.169543][ T30] audit: type=1326 audit(1756951985.013:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x50000 [ 342.303398][ T30] audit: type=1326 audit(1756951985.063:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x50000 [ 342.326971][ T30] audit: type=1326 audit(1756951985.063:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x50000 [ 342.349964][ T30] audit: type=1326 audit(1756951985.073:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f2d8c18ebe9 code=0x50000 [ 342.373185][ T30] audit: type=1326 audit(1756951985.073:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2d8c1c14a5 code=0x50000 [ 342.399110][ T30] audit: type=1326 audit(1756951985.073:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7075 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f2d8c18ebe9 code=0x50000 [ 342.870683][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.613145][ T30] audit: type=1326 audit(1756951988.453:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 345.636998][ T30] audit: type=1326 audit(1756951988.453:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 346.742360][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 346.749334][ T30] audit: type=1326 audit(1756951989.593:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 346.772215][ T30] audit: type=1326 audit(1756951989.593:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 347.034847][ T30] audit: type=1326 audit(1756951989.873:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2d8c18d550 code=0x7ffc0000 [ 347.057844][ T30] audit: type=1326 audit(1756951989.873:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 347.081180][ T30] audit: type=1326 audit(1756951989.893:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 347.277902][ T7117] loop3: detected capacity change from 0 to 2048 [ 347.360445][ T30] audit: type=1326 audit(1756951990.033:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 347.446321][ T7117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 347.572904][ T30] audit: type=1800 audit(1756951990.393:510): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.405" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 347.746608][ T30] audit: type=1326 audit(1756951990.493:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 347.774163][ T30] audit: type=1326 audit(1756951990.493:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7111 comm="syz.1.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 348.218527][ T5812] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.303973][ T5168] udevd[5168]: worker [5993] terminated by signal 33 (Unknown signal 33) [ 348.334726][ T5168] udevd[5168]: worker [5993] failed while handling '/devices/virtual/block/loop3' [ 349.013952][ T30] audit: type=1326 audit(1756951991.853:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7145 comm="syz.4.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820f58ebe9 code=0x7ffc0000 [ 349.293038][ T7148] netlink: 65536 bytes leftover after parsing attributes in process `syz.2.415'. [ 353.399083][ T7196] loop1: detected capacity change from 0 to 512 [ 353.503799][ T7196] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 353.517242][ T7196] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 354.289853][ T5814] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 357.424593][ T7254] loop1: detected capacity change from 0 to 512 [ 357.510011][ T7254] EXT4-fs: Ignoring removed bh option [ 357.516143][ T7254] EXT4-fs: Ignoring removed mblk_io_submit option [ 357.609476][ T7254] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 357.723438][ T7254] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 357.733210][ T7254] EXT4-fs (loop1): orphan cleanup on readonly fs [ 357.775203][ T7254] __quota_error: 35 callbacks suppressed [ 357.775296][ T7254] Quota error (device loop1): do_insert_tree: Free block already used in tree: block 4 [ 357.791859][ T7254] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota [ 357.802401][ T7254] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.457: Failed to acquire dquot type 1 [ 357.894307][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.901121][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 357.941977][ T7254] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.457: Invalid block bitmap block 0 in block_group 0 [ 358.009428][ T7254] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.457: Invalid block bitmap block 0 in block_group 0 [ 358.075377][ T7254] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.457: Invalid block bitmap block 0 in block_group 0 [ 358.143920][ T7254] Quota error (device loop1): write_blk: dquota write failed [ 358.152376][ T7254] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 358.169345][ T7254] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.457: Failed to acquire dquot type 1 [ 358.285027][ T7254] Quota error (device loop1): write_blk: dquota write failed [ 358.294632][ T7254] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 358.304976][ T7254] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.457: Failed to acquire dquot type 1 [ 358.376312][ T7254] EXT4-fs (loop1): 1 orphan inode deleted [ 358.415246][ T7254] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 359.193692][ T5814] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.974555][ T7291] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 361.344863][ T7296] netlink: 'syz.1.476': attribute type 4 has an invalid length. [ 361.755508][ T7308] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.478'. [ 364.085615][ T7337] loop0: detected capacity change from 0 to 2048 [ 364.305384][ T7337] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 365.088760][ T5807] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 365.167217][ T5807] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 365.384132][ T7353] loop2: detected capacity change from 0 to 256 [ 365.438065][ T5807] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.604992][ T7362] 9pnet_fd: Insufficient options for proto=fd [ 367.693888][ T5900] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 367.928122][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 367.940283][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 368.044631][ T7375] netlink: 'syz.2.502': attribute type 4 has an invalid length. [ 368.066917][ T5900] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 368.080776][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 368.091365][ T5900] usb 2-1: SerialNumber: syz [ 368.587951][ T5900] usb 2-1: 0:2 : does not exist [ 368.595109][ T5900] usb 2-1: unit 5 not found! [ 368.760247][ T5900] usb 2-1: USB disconnect, device number 3 [ 369.386630][ T6368] udevd[6368]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 370.800800][ T7409] netlink: 'syz.2.516': attribute type 4 has an invalid length. [ 371.623368][ T7422] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 371.630175][ T7422] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 371.638765][ T7422] vhci_hcd vhci_hcd.0: Device attached [ 371.658056][ T7415] pim6reg1: entered promiscuous mode [ 371.668523][ T7415] pim6reg1: entered allmulticast mode [ 371.704840][ T7422] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5) [ 371.711730][ T7422] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 371.723952][ T7422] vhci_hcd vhci_hcd.0: Device attached [ 371.821865][ T7425] vhci_hcd: connection closed [ 371.823782][ T58] vhci_hcd: stop threads [ 371.833635][ T58] vhci_hcd: release socket [ 371.838334][ T58] vhci_hcd: disconnect device [ 371.842911][ T5873] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 371.863708][ T7423] vhci_hcd: connection closed [ 371.899171][ T58] vhci_hcd: stop threads [ 371.908723][ T58] vhci_hcd: release socket [ 371.913728][ T58] vhci_hcd: disconnect device [ 371.918787][ T5900] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 371.927547][ T5900] usb 39-1: enqueue for inactive port 0 [ 372.025862][ T5900] vhci_hcd: vhci_device speed not set [ 372.052274][ T7431] 9pnet_fd: Insufficient options for proto=fd [ 372.099269][ T5873] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 372.110170][ T5873] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 372.174219][ T5873] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 372.187495][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 372.197067][ T5873] usb 1-1: SerialNumber: syz [ 372.601526][ T5873] usb 1-1: 0:2 : does not exist [ 372.608216][ T5873] usb 1-1: unit 5 not found! [ 372.782780][ T5873] usb 1-1: USB disconnect, device number 3 [ 373.174792][ T7440] loop3: detected capacity change from 0 to 512 [ 373.466110][ T6368] udevd[6368]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 373.477356][ T7440] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 373.496524][ T7440] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.884244][ T7449] netlink: 'syz.4.530': attribute type 4 has an invalid length. [ 374.827058][ T5812] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 375.060420][ T7463] 9pnet_fd: Insufficient options for proto=fd [ 376.474577][ T7469] loop2: detected capacity change from 0 to 8192 [ 376.684231][ T5873] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 376.710502][ T30] audit: type=1804 audit(1756952019.563:549): pid=7469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.538" name="/newroot/113/file1/bus" dev="loop2" ino=1048602 res=1 errno=0 [ 376.824945][ T7483] netlink: 'syz.0.544': attribute type 4 has an invalid length. [ 376.907356][ T5873] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 376.918180][ T5873] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 376.957067][ T5873] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 376.967098][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 376.975637][ T5873] usb 2-1: SerialNumber: syz [ 377.457859][ T5873] usb 2-1: 0:2 : does not exist [ 377.463303][ T5873] usb 2-1: unit 5 not found! [ 377.698835][ T5873] usb 2-1: USB disconnect, device number 4 [ 378.306495][ T7498] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.549'. [ 378.388159][ T7494] loop2: detected capacity change from 0 to 2048 [ 378.548409][ T7494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 378.637855][ T6448] udevd[6448]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 378.756709][ T7494] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.547: bg 0: block 464: padding at end of block bitmap is not set [ 378.803874][ T7505] loop3: detected capacity change from 0 to 512 [ 379.027213][ T7505] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 379.042378][ T7505] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 379.150265][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 379.459636][ T5812] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 380.695177][ T7523] netlink: 'syz.4.556': attribute type 4 has an invalid length. [ 381.599958][ T30] audit: type=1326 audit(1756952024.433:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.626714][ T30] audit: type=1326 audit(1756952024.433:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.655080][ T30] audit: type=1326 audit(1756952024.443:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.678195][ T30] audit: type=1326 audit(1756952024.443:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.701157][ T30] audit: type=1326 audit(1756952024.443:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.729405][ T30] audit: type=1326 audit(1756952024.443:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.753316][ T30] audit: type=1326 audit(1756952024.453:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.776375][ T30] audit: type=1326 audit(1756952024.453:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.799287][ T30] audit: type=1326 audit(1756952024.453:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.825914][ T30] audit: type=1326 audit(1756952024.453:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.849787][ T30] audit: type=1326 audit(1756952024.453:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.873016][ T30] audit: type=1326 audit(1756952024.453:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.895747][ T30] audit: type=1326 audit(1756952024.463:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.923663][ T30] audit: type=1326 audit(1756952024.463:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.947417][ T30] audit: type=1326 audit(1756952024.463:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7534 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2d8c18ebe9 code=0x7ffc0000 [ 381.976104][ T5900] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 382.193153][ T5900] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 382.203916][ T5900] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 382.447353][ T7543] 9pnet_fd: Insufficient options for proto=fd [ 382.473696][ T5900] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 382.483352][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 382.491763][ T5900] usb 5-1: SerialNumber: syz [ 382.944822][ T5900] usb 5-1: 0:2 : does not exist [ 382.962974][ T5900] usb 5-1: unit 5 not found! [ 383.204964][ T5900] usb 5-1: USB disconnect, device number 2 [ 383.381331][ T5873] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 383.391209][ T5873] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 383.400109][ T5873] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x3 [ 383.554664][ T5873] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 384.119105][ T6368] udevd[6368]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 384.220134][ T7560] netlink: 'syz.3.570': attribute type 4 has an invalid length. [ 384.685072][ T7563] sd 0:0:1:0: device reset [ 385.075232][ T7563] loop2: detected capacity change from 0 to 512 [ 385.406524][ T7563] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.420432][ T7563] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 385.483548][ T7572] loop3: detected capacity change from 0 to 512 [ 385.540502][ T7563] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 385.788347][ T7572] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.806138][ T7572] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 385.835036][ T7585] netlink: 65536 bytes leftover after parsing attributes in process `syz.1.574'. [ 386.159535][ T7569] fido_id[7569]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 386.465478][ T5812] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 387.466982][ T7604] netlink: 'syz.4.583': attribute type 4 has an invalid length. [ 388.101407][ T7613] loop4: detected capacity change from 0 to 128 [ 388.255471][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 388.255557][ T30] audit: type=1800 audit(1756952031.113:588): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.587" name="file2" dev="loop4" ino=1048603 res=0 errno=0 [ 388.333587][ T7613] syz.4.587: attempt to access beyond end of device [ 388.333587][ T7613] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 389.174090][ T7626] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.592'. [ 390.228058][ T7639] loop3: detected capacity change from 0 to 764 [ 390.460994][ T7642] netlink: 'syz.1.597': attribute type 4 has an invalid length. [ 390.640979][ T7645] tipc: Enabled bearer , priority 0 [ 390.679800][ T7645] syzkaller0: entered promiscuous mode [ 390.687781][ T7645] syzkaller0: entered allmulticast mode [ 390.725184][ T7639] Symlink component flag not implemented [ 390.731441][ T7639] Symlink component flag not implemented (129) [ 390.741391][ T7639] rock: directory entry would overflow storage [ 390.748349][ T7639] rock: sig=0x4f50, size=4, remaining=3 [ 390.754528][ T7639] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 390.856514][ T7645] tipc: Resetting bearer [ 390.906438][ T7641] tipc: Resetting bearer [ 390.967885][ T7641] tipc: Disabling bearer [ 391.963678][ T7653] netlink: 292 bytes leftover after parsing attributes in process `syz.0.602'. [ 392.033529][ T7653] netlink: 292 bytes leftover after parsing attributes in process `syz.0.602'. [ 393.054025][ T7671] netlink: 'syz.0.610': attribute type 4 has an invalid length. [ 393.244160][ T7677] netlink: 65536 bytes leftover after parsing attributes in process `syz.1.609'. [ 393.372345][ T7673] sd 0:0:1:0: device reset [ 393.516931][ T7673] loop2: detected capacity change from 0 to 512 [ 393.565430][ T7681] tipc: Enabled bearer , priority 0 [ 393.615062][ T7681] syzkaller0: entered promiscuous mode [ 393.621234][ T7681] syzkaller0: entered allmulticast mode [ 393.781420][ T7681] tipc: Resetting bearer [ 393.871865][ T7673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 393.885198][ T7673] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 393.909349][ T7680] tipc: Resetting bearer [ 393.971231][ T7680] tipc: Disabling bearer [ 394.341464][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.404916][ T7710] netlink: 'syz.4.624': attribute type 4 has an invalid length. [ 398.606810][ T7719] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.627'. [ 399.706449][ T7724] tipc: Enabled bearer , priority 0 [ 399.839530][ T7725] syzkaller0: entered promiscuous mode [ 399.845833][ T7725] syzkaller0: entered allmulticast mode [ 400.421953][ T7726] tipc: Resetting bearer [ 400.702735][ T5876] tipc: Node number set to 4230440314 [ 401.103024][ T7722] tipc: Resetting bearer [ 401.274152][ T7722] tipc: Disabling bearer [ 403.082306][ T7698] Set syz1 is full, maxelem 65536 reached [ 403.770960][ T7745] netlink: 'syz.1.637': attribute type 4 has an invalid length. [ 404.752098][ T7752] syz.4.638 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 406.464054][ T7760] netlink: 292 bytes leftover after parsing attributes in process `syz.2.644'. [ 407.244197][ T30] audit: type=1326 audit(1756952050.023:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.267862][ T30] audit: type=1326 audit(1756952050.073:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.572848][ T30] audit: type=1326 audit(1756952050.183:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.573152][ T30] audit: type=1326 audit(1756952050.203:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.573436][ T30] audit: type=1326 audit(1756952050.223:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.573710][ T30] audit: type=1326 audit(1756952050.223:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.573989][ T30] audit: type=1326 audit(1756952050.243:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.574268][ T30] audit: type=1326 audit(1756952050.243:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.574554][ T30] audit: type=1326 audit(1756952050.293:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 407.574831][ T30] audit: type=1326 audit(1756952050.323:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7761 comm="syz.0.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 408.436899][ T7775] netlink: 'syz.1.650': attribute type 4 has an invalid length. [ 409.878716][ T7791] netlink: 'syz.3.655': attribute type 4 has an invalid length. [ 411.365025][ T7811] netlink: 'syz.1.664': attribute type 4 has an invalid length. [ 412.879210][ T7830] macvlan1: entered promiscuous mode [ 412.893721][ T7830] ipvlan0: entered promiscuous mode [ 412.905124][ T7830] ipvlan0: left promiscuous mode [ 412.963089][ T7830] macvlan1: left promiscuous mode [ 413.804433][ T7839] netlink: 'syz.0.672': attribute type 4 has an invalid length. [ 415.934376][ T7851] netlink: 292 bytes leftover after parsing attributes in process `syz.4.676'. [ 415.958112][ T7852] netlink: 'syz.0.679': attribute type 4 has an invalid length. [ 417.651665][ T7869] syz_tun: entered allmulticast mode [ 418.547184][ T7868] syz_tun: left allmulticast mode [ 419.029536][ T7880] netlink: 'syz.3.689': attribute type 4 has an invalid length. [ 419.381700][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.391507][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 420.174974][ T7883] tipc: Enabled bearer , priority 0 [ 420.279797][ T7889] syzkaller0: entered promiscuous mode [ 420.285717][ T7889] syzkaller0: entered allmulticast mode [ 420.565444][ T7882] tipc: Resetting bearer [ 420.634173][ T7882] tipc: Disabling bearer [ 421.200606][ T7903] netlink: 'syz.2.695': attribute type 4 has an invalid length. [ 422.706542][ T7920] netlink: 'syz.2.703': attribute type 4 has an invalid length. [ 423.466065][ T7931] tipc: Started in network mode [ 423.471559][ T7931] tipc: Node identity 12222383b221, cluster identity 4711 [ 423.480175][ T7931] tipc: Enabled bearer , priority 0 [ 423.643857][ T7933] syzkaller0: entered promiscuous mode [ 423.649870][ T7933] syzkaller0: entered allmulticast mode [ 423.741737][ T7928] tipc: Resetting bearer [ 423.788861][ T7928] tipc: Disabling bearer [ 423.906191][ T7936] netlink: 'syz.2.710': attribute type 4 has an invalid length. [ 424.276123][ T5876] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 424.463591][ T7945] netlink: 292 bytes leftover after parsing attributes in process `syz.0.713'. [ 424.481043][ T7943] loop9: detected capacity change from 0 to 7 [ 424.490843][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 424.502325][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 424.671004][ T5876] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 424.680872][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 424.689509][ T5876] usb 2-1: SerialNumber: syz [ 424.695275][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.695473][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.695684][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.695862][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.696096][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.740832][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.749371][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.758207][ T7943] ldm_validate_partition_table(): Disk read failed. [ 424.765423][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.773973][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.782143][ T7943] Buffer I/O error on dev loop9, logical block 0, async page read [ 424.790953][ T7943] Dev loop9: unable to read RDB block 0 [ 424.797559][ T7943] loop9: unable to read partition table [ 424.819709][ T7943] loop9: partition table beyond EOD, truncated [ 424.826766][ T7943] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 424.826766][ T7943] ) failed (rc=-5) [ 425.203624][ T5876] usb 2-1: 0:2 : does not exist [ 425.208832][ T5876] usb 2-1: unit 5 not found! [ 425.402034][ T5876] usb 2-1: USB disconnect, device number 5 [ 425.679173][ T7881] udevd[7881]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 426.075242][ T7955] netlink: 'syz.1.718': attribute type 4 has an invalid length. [ 427.238483][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 427.238571][ T30] audit: type=1326 audit(1756952070.093:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.268187][ T30] audit: type=1326 audit(1756952070.093:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.293924][ T30] audit: type=1326 audit(1756952070.093:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.317609][ T30] audit: type=1326 audit(1756952070.093:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.340744][ T30] audit: type=1326 audit(1756952070.093:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.363749][ T30] audit: type=1326 audit(1756952070.093:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.653010][ T30] audit: type=1326 audit(1756952070.393:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.676007][ T30] audit: type=1326 audit(1756952070.393:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7976 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f559ddc14a5 code=0x7ffc0000 [ 427.702201][ T30] audit: type=1326 audit(1756952070.393:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 427.726113][ T30] audit: type=1326 audit(1756952070.543:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7976 comm="syz.0.724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f559dd8ebe9 code=0x7ffc0000 [ 428.438313][ T5876] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 428.840850][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 428.851562][ T5876] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 428.908635][ T5876] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 428.921852][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 428.931684][ T5876] usb 5-1: SerialNumber: syz [ 429.419150][ T5876] usb 5-1: 0:2 : does not exist [ 429.429546][ T5876] usb 5-1: unit 5 not found! [ 429.610710][ T5876] usb 5-1: USB disconnect, device number 3 [ 429.657800][ T7996] netlink: 'syz.1.732': attribute type 4 has an invalid length. [ 429.802038][ T7881] udevd[7881]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 432.035006][ T8020] netlink: 65536 bytes leftover after parsing attributes in process `syz.0.741'. [ 434.971384][ T5900] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 436.157612][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 436.168348][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 436.196652][ T5900] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 436.211297][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 436.220536][ T5900] usb 4-1: SerialNumber: syz [ 437.509708][ T5900] usb 4-1: can't set config #1, error -71 [ 437.578972][ T5900] usb 4-1: USB disconnect, device number 4 [ 438.927662][ T8003] Set syz1 is full, maxelem 65536 reached [ 439.346946][ T8060] hub 2-0:1.0: USB hub found [ 439.366706][ T8060] hub 2-0:1.0: 1 port detected [ 440.915997][ T5876] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 441.064884][ T8078] netlink: 'syz.0.762': attribute type 4 has an invalid length. [ 441.142098][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 441.152965][ T5876] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 441.218124][ T5876] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 441.228146][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 441.236596][ T5876] usb 5-1: SerialNumber: syz [ 441.651310][ T5876] usb 5-1: 0:2 : does not exist [ 441.656668][ T5876] usb 5-1: unit 5 not found! [ 441.857428][ T5876] usb 5-1: USB disconnect, device number 4 [ 442.066955][ T8034] udevd[8034]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 443.982372][ T8096] lo speed is unknown, defaulting to 1000 [ 443.991492][ T8096] lo speed is unknown, defaulting to 1000 [ 443.999626][ T8096] lo speed is unknown, defaulting to 1000 [ 444.556024][ T8096] infiniband sz1: set down [ 444.560802][ T8096] infiniband sz1: added lo [ 444.612268][ T8096] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 444.622996][ T8096] infiniband sz1: Couldn't open port 1 [ 444.688749][ T8096] RDS/IB: sz1: added [ 444.694184][ T8096] smc: adding ib device sz1 with port count 1 [ 444.700885][ T8096] smc: ib device sz1 port 1 has pnetid [ 444.709238][ T8096] lo speed is unknown, defaulting to 1000 [ 444.737145][ T5876] lo speed is unknown, defaulting to 1000 [ 444.745425][ T5876] lo speed is unknown, defaulting to 1000 [ 445.098307][ T8114] netlink: 'syz.3.774': attribute type 4 has an invalid length. [ 445.920170][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 445.933742][ T8096] lo speed is unknown, defaulting to 1000 [ 446.187436][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 446.198556][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 446.353654][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 446.363539][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 446.371945][ T9] usb 2-1: SerialNumber: syz [ 446.486453][ T8096] lo speed is unknown, defaulting to 1000 [ 446.928577][ T9] usb 2-1: 0:2 : does not exist [ 446.934211][ T9] usb 2-1: unit 5 not found! [ 447.188796][ T9] usb 2-1: USB disconnect, device number 6 [ 447.276080][ T8132] tipc: Started in network mode [ 447.283486][ T8132] tipc: Node identity a677bd8a0d8b, cluster identity 4711 [ 447.293559][ T8132] tipc: Enabled bearer , priority 0 [ 447.326280][ T8134] syzkaller0: entered promiscuous mode [ 447.332100][ T8134] syzkaller0: entered allmulticast mode [ 447.437809][ T8132] tipc: Resetting bearer [ 447.484190][ T8131] tipc: Resetting bearer [ 447.521916][ T8131] tipc: Disabling bearer [ 447.781150][ T8096] lo speed is unknown, defaulting to 1000 [ 448.877065][ T8156] netlink: 'syz.4.789': attribute type 4 has an invalid length. [ 449.073946][ T8160] syz_tun: entered allmulticast mode [ 449.847504][ T8158] syz_tun: left allmulticast mode [ 450.071097][ T8034] udevd[8034]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 450.207251][ T8096] lo speed is unknown, defaulting to 1000 [ 451.306199][ T8177] tipc: Enabled bearer , priority 0 [ 451.388932][ T8177] syzkaller0: entered promiscuous mode [ 451.395799][ T8177] syzkaller0: entered allmulticast mode [ 451.475344][ T8177] tipc: Resetting bearer [ 451.554186][ T8173] tipc: Resetting bearer [ 451.587797][ T8173] tipc: Disabling bearer [ 451.593936][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 452.244783][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 452.255406][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 452.313486][ T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 452.324505][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 452.333633][ T9] usb 3-1: SerialNumber: syz [ 453.341669][ T9] usb 3-1: 0:2 : does not exist [ 453.347265][ T9] usb 3-1: unit 5 not found! [ 453.772959][ T9] usb 3-1: USB disconnect, device number 2 [ 454.451696][ T8034] udevd[8034]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 455.219639][ T8200] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.804'. [ 457.817796][ T8179] Set syz1 is full, maxelem 65536 reached [ 458.685417][ T8231] syzkaller0: entered promiscuous mode [ 458.691746][ T8231] syzkaller0: entered allmulticast mode [ 460.544632][ T5876] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 460.866208][ T5876] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 460.877109][ T5876] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 461.060221][ T5876] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 461.073353][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 461.081719][ T5876] usb 3-1: SerialNumber: syz [ 461.602929][ T5876] usb 3-1: 0:2 : does not exist [ 461.608804][ T5876] usb 3-1: unit 5 not found! [ 462.464376][ T5876] usb 3-1: USB disconnect, device number 3 [ 462.566631][ T8256] rdma_rxe: rxe_newlink: failed to add lo [ 462.891012][ T8034] udevd[8034]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 462.991495][ T8260] netlink: 'syz.0.824': attribute type 4 has an invalid length. [ 463.982750][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 463.982838][ T30] audit: type=1326 audit(1756952106.833:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.012343][ T30] audit: type=1326 audit(1756952106.863:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.039872][ T30] audit: type=1326 audit(1756952106.863:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.064019][ T30] audit: type=1326 audit(1756952106.863:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.086987][ T30] audit: type=1326 audit(1756952106.873:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.115139][ T30] audit: type=1326 audit(1756952106.873:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.142151][ T30] audit: type=1326 audit(1756952106.873:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.166622][ T30] audit: type=1326 audit(1756952106.893:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.189798][ T30] audit: type=1326 audit(1756952106.893:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.214062][ T30] audit: type=1326 audit(1756952106.893:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8273 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f16a5b8ebe9 code=0x7ffc0000 [ 464.325141][ T8278] netlink: 65536 bytes leftover after parsing attributes in process `syz.4.831'. [ 464.973833][ T8288] rdma_rxe: rxe_newlink: failed to add lo [ 465.720627][ T8303] syz_tun: entered allmulticast mode [ 466.034294][ T8307] syz_tun: entered allmulticast mode [ 466.686604][ T8306] syz_tun: left allmulticast mode [ 467.334479][ T8329] rdma_rxe: rxe_newlink: failed to add lo [ 467.355321][ T8328] syz_tun: entered allmulticast mode [ 468.007316][ T8324] syz_tun: left allmulticast mode [ 468.608308][ T8346] netlink: 32 bytes leftover after parsing attributes in process `syz.1.857'. [ 469.180279][ T8353] syz_tun: entered allmulticast mode [ 469.755623][ T8351] syz_tun: left allmulticast mode [ 469.850344][ T8361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.864'. [ 472.288126][ T8401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.878'. [ 473.526445][ T8424] tipc: Enabled bearer , priority 0 [ 473.588516][ T8424] syzkaller0: entered promiscuous mode [ 473.596320][ T8424] syzkaller0: entered allmulticast mode [ 473.700514][ T8427] tipc: Resetting bearer [ 473.724188][ T8422] tipc: Resetting bearer [ 473.743788][ T8433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.888'. [ 473.800809][ T8422] tipc: Disabling bearer [ 475.999763][ T8465] tipc: Enabled bearer , priority 0 [ 476.047104][ T8465] syzkaller0: entered promiscuous mode [ 476.053682][ T8465] syzkaller0: entered allmulticast mode [ 476.161337][ T8465] tipc: Resetting bearer [ 476.179931][ T8463] tipc: Resetting bearer [ 476.212384][ T8463] tipc: Disabling bearer [ 476.974858][ T3724] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.187728][ T3724] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.390288][ T3724] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.530382][ T3724] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.830721][ T3724] bridge_slave_1: left allmulticast mode [ 477.837025][ T3724] bridge_slave_1: left promiscuous mode [ 477.844279][ T3724] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.931546][ T3724] bridge_slave_0: left allmulticast mode [ 477.937667][ T3724] bridge_slave_0: left promiscuous mode [ 477.944484][ T3724] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.512383][ T3724] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 478.534101][ T3724] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 478.550314][ T3724] bond0 (unregistering): Released all slaves [ 478.708209][ T3724] tipc: Left network mode [ 479.553487][ T3724] hsr_slave_0: left promiscuous mode [ 479.592195][ T3724] hsr_slave_1: left promiscuous mode [ 479.604418][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 479.612044][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 479.639866][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 479.648220][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 479.734180][ T3724] veth1_macvtap: left promiscuous mode [ 479.740404][ T3724] veth0_macvtap: left promiscuous mode [ 479.746847][ T3724] veth1_vlan: left promiscuous mode [ 479.753121][ T3724] veth0_vlan: left promiscuous mode [ 480.330651][ T5815] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 480.341559][ T5815] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 480.354182][ T5815] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 480.369977][ T5815] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 480.382949][ T5815] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 480.749392][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 480.850553][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.857772][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 481.217251][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 481.228255][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 481.413542][ T3724] team0 (unregistering): Port device team_slave_1 removed [ 482.148259][ T3724] team0 (unregistering): Port device team_slave_0 removed [ 483.064046][ T5815] Bluetooth: hci3: command tx timeout [ 483.150436][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 483.160504][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 483.169192][ T9] usb 4-1: SerialNumber: syz [ 483.885388][ T9] usb 4-1: can't set config #1, error -71 [ 483.969566][ T9] usb 4-1: USB disconnect, device number 5 [ 484.889641][ T8500] lo speed is unknown, defaulting to 1000 [ 485.133094][ T5815] Bluetooth: hci3: command tx timeout [ 486.373930][ T8536] netlink: 292 bytes leftover after parsing attributes in process `syz.3.927'. [ 486.425613][ T8536] netlink: 292 bytes leftover after parsing attributes in process `syz.3.927'. [ 486.804520][ T8500] chnl_net:caif_netlink_parms(): no params data found [ 487.213301][ T5815] Bluetooth: hci3: command tx timeout [ 487.232788][ T5873] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 487.466800][ T5873] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 487.477760][ T5873] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 487.531143][ T5873] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 487.541672][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 487.550597][ T5873] usb 4-1: SerialNumber: syz [ 487.910749][ T5873] usb 4-1: 0:2 : does not exist [ 487.916398][ T5873] usb 4-1: unit 5 not found! [ 488.014620][ T5873] usb 4-1: USB disconnect, device number 6 [ 488.217355][ T8034] udevd[8034]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 488.655171][ T8500] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.663092][ T8500] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.671124][ T8500] bridge_slave_0: entered allmulticast mode [ 488.683566][ T8500] bridge_slave_0: entered promiscuous mode [ 488.745386][ T8572] netlink: 292 bytes leftover after parsing attributes in process `syz.3.940'. [ 488.757491][ T8500] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.765687][ T8500] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.773742][ T8500] bridge_slave_1: entered allmulticast mode [ 488.784110][ T8500] bridge_slave_1: entered promiscuous mode [ 488.814982][ T8572] netlink: 292 bytes leftover after parsing attributes in process `syz.3.940'. [ 489.159887][ T8500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 489.223999][ T8500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.279835][ T8578] syz_tun: entered allmulticast mode [ 489.292907][ T5815] Bluetooth: hci3: command tx timeout [ 489.892014][ T8576] syz_tun: left allmulticast mode [ 489.922176][ T8500] team0: Port device team_slave_0 added [ 490.015242][ T8500] team0: Port device team_slave_1 added [ 490.501376][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.509348][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.536378][ T8500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.702020][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 490.709573][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.741191][ T8500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.340448][ T8500] hsr_slave_0: entered promiscuous mode [ 491.351646][ T8500] hsr_slave_1: entered promiscuous mode [ 491.361575][ T8500] debugfs: 'hsr0' already exists in 'hsr' [ 491.367709][ T8500] Cannot create hsr debugfs directory [ 491.594225][ T8611] dvmrp0: entered allmulticast mode [ 491.803730][ T8615] netlink: 292 bytes leftover after parsing attributes in process `syz.0.953'. [ 491.897487][ T8616] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 491.933483][ T8615] netlink: 292 bytes leftover after parsing attributes in process `syz.0.953'. [ 492.688194][ T8500] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 492.754620][ T8500] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 492.847448][ T8500] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 492.904557][ T8500] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 493.240875][ T8633] syzkaller1: entered promiscuous mode [ 493.247170][ T8633] syzkaller1: entered allmulticast mode [ 494.004296][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 494.373589][ T8638] tipc: Enabled bearer , priority 0 [ 494.528340][ T8639] syzkaller0: entered promiscuous mode [ 494.536320][ T8639] syzkaller0: entered allmulticast mode [ 494.694695][ T8637] tipc: Resetting bearer [ 494.768340][ T8637] tipc: Disabling bearer [ 495.129178][ T8500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 495.366753][ T8500] 8021q: adding VLAN 0 to HW filter on device team0 [ 495.477049][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.484809][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 495.590590][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.598433][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 496.742759][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 496.758744][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 498.570849][ T8500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 498.743907][ T8686] tipc: Enabled bearer , priority 0 [ 498.805245][ T8690] syzkaller0: entered promiscuous mode [ 498.811196][ T8690] syzkaller0: entered allmulticast mode [ 498.926712][ T8683] tipc: Resetting bearer [ 499.016169][ T8683] tipc: Disabling bearer [ 499.833798][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 499.833889][ T30] audit: type=1326 audit(1756952142.693:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 499.960057][ T30] audit: type=1326 audit(1756952142.743:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 499.968218][ T8708] Set syz1 is full, maxelem 65536 reached [ 499.987903][ T30] audit: type=1326 audit(1756952142.753:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.014224][ T30] audit: type=1326 audit(1756952142.793:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.037685][ T30] audit: type=1326 audit(1756952142.793:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.062034][ T30] audit: type=1326 audit(1756952142.793:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.089126][ T30] audit: type=1326 audit(1756952142.793:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.089409][ T30] audit: type=1326 audit(1756952142.813:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.089674][ T30] audit: type=1326 audit(1756952142.873:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 500.089943][ T30] audit: type=1326 audit(1756952142.873:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8705 comm="syz.2.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x7ffc0000 [ 501.305542][ T8500] veth0_vlan: entered promiscuous mode [ 501.386437][ T8500] veth1_vlan: entered promiscuous mode [ 501.755930][ T8500] veth0_macvtap: entered promiscuous mode [ 501.852718][ T8728] tipc: Enabled bearer , priority 0 [ 501.865500][ T8500] veth1_macvtap: entered promiscuous mode [ 501.911948][ T8731] syzkaller0: entered promiscuous mode [ 501.918670][ T8731] syzkaller0: entered allmulticast mode [ 502.005321][ T8726] tipc: Resetting bearer [ 502.049523][ T8726] tipc: Disabling bearer [ 502.086576][ T8734] Set syz1 is full, maxelem 65536 reached [ 502.190087][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 502.304296][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 502.411672][ T3724] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.470538][ T3724] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.518271][ T3724] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.587971][ T58] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.944064][ T8755] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 509.265373][ T8778] tipc: Enabled bearer , priority 0 [ 509.345143][ T8784] syzkaller0: entered promiscuous mode [ 509.350859][ T8784] syzkaller0: entered allmulticast mode [ 509.482189][ T8776] tipc: Resetting bearer [ 509.542023][ T8776] tipc: Disabling bearer [ 509.995755][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 510.004329][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 510.017276][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.026786][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.035152][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.043309][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.051717][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.059840][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.068110][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.076275][ T5873] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 510.721463][ T5873] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 512.116544][ T8803] fido_id[8803]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 513.556079][ T8822] syz_tun: entered allmulticast mode [ 513.589128][ T8821] syz_tun: left allmulticast mode [ 514.465905][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 514.465998][ T30] audit: type=1800 audit(1756952157.323:675): pid=8833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1022" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 514.634239][ T8832] tipc: Started in network mode [ 514.639807][ T8832] tipc: Node identity 9ac546f183e5, cluster identity 4711 [ 514.648414][ T8832] tipc: Enabled bearer , priority 0 [ 514.941445][ T8832] tipc: Resetting bearer [ 515.298003][ T8829] tipc: Disabling bearer [ 515.829462][ T5873] hid_parser_main: 4 callbacks suppressed [ 515.829582][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 515.844788][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 515.857663][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.866975][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.875167][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.883430][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.891419][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.900180][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.908525][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 515.917162][ T5873] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 516.587890][ T5873] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 517.556822][ T8850] fido_id[8850]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 518.126148][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.135489][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.424017][ T4983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.432269][ T4983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.327261][ T5873] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 520.055670][ T8882] fido_id[8882]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 520.160149][ T8896] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1039'. [ 520.613702][ T8902] syz_tun: entered allmulticast mode [ 520.647943][ T8900] syz_tun: left allmulticast mode [ 521.472005][ T5900] hid_parser_main: 18 callbacks suppressed [ 521.472113][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x4 [ 521.491423][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x2 [ 521.500595][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x3 [ 521.508882][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x0 [ 521.517084][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x0 [ 521.525254][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x0 [ 521.533457][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x0 [ 521.541463][ T5900] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x0 [ 521.662237][ T8920] tipc: Enabled bearer , priority 0 [ 521.707046][ T8920] syzkaller0: entered promiscuous mode [ 521.712905][ T8920] syzkaller0: entered allmulticast mode [ 521.754408][ T5900] hid-generic 0000:3000000:0000.0005: hidraw0: HID v0.00 Device [sy] on syz0 [ 521.911993][ T8920] tipc: Resetting bearer [ 522.004796][ T8918] tipc: Resetting bearer [ 522.045856][ T8918] tipc: Disabling bearer [ 522.205241][ T8930] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1054'. [ 522.421015][ T8928] fido_id[8928]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 522.692841][ T5900] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 522.754705][ T8940] syz_tun: entered allmulticast mode [ 522.806998][ T8939] syz_tun: left allmulticast mode [ 522.883412][ T5900] usb 3-1: Using ep0 maxpacket: 8 [ 522.941989][ T5900] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 522.952168][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.960792][ T5900] usb 3-1: Product: syz [ 522.965449][ T5900] usb 3-1: Manufacturer: syz [ 522.970261][ T5900] usb 3-1: SerialNumber: syz [ 523.060649][ T5900] usb 3-1: config 0 descriptor?? [ 523.328371][ T5900] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 528.172186][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4 [ 528.180624][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2 [ 528.189319][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3 [ 528.197434][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0 [ 528.205573][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0 [ 528.213794][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0 [ 528.221865][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0 [ 528.230418][ T5873] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0 [ 528.364356][ T5900] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 528.395828][ T5900] usb 3-1: USB disconnect, device number 4 [ 528.558504][ T5873] hid-generic 0000:3000000:0000.0006: hidraw0: HID v0.00 Device [sy] on syz0 [ 528.580411][ T8972] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1069'. [ 528.755783][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 528.778010][ T5876] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 528.923665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 528.960805][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 529.014195][ T5876] usb 4-1: Using ep0 maxpacket: 32 [ 529.044685][ T5876] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 529.053788][ T5876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 529.067068][ T5876] usb 4-1: config 0 has no interface number 0 [ 529.141731][ T5876] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 529.151328][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.159928][ T5876] usb 4-1: Product: syz [ 529.168960][ T5876] usb 4-1: Manufacturer: syz [ 529.175468][ T5876] usb 4-1: SerialNumber: syz [ 529.284788][ T5876] usb 4-1: config 0 descriptor?? [ 529.288567][ T8973] fido_id[8973]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 529.316004][ T8976] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.433471][ T8979] netlink: 356 bytes leftover after parsing attributes in process `syz.5.1070'. [ 529.444489][ T8980] syz_tun: entered allmulticast mode [ 529.491262][ T8977] syz_tun: left allmulticast mode [ 529.544970][ T5876] usb 4-1: USB disconnect, device number 7 [ 529.740477][ T8976] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.847087][ T8979] netlink: 'syz.5.1070': attribute type 33 has an invalid length. [ 529.855770][ T8979] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1070'. [ 529.987261][ T8976] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.132817][ T8976] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.609032][ T57] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.714984][ T3724] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.806909][ T3724] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.851116][ T3724] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.204936][ T9001] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1078'. [ 531.219882][ T9001] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1078'. [ 532.409316][ T9011] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1081'. [ 532.524256][ T5815] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 532.531468][ T5815] Bluetooth: Wrong link type (-22) [ 534.576689][ T9035] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.675323][ T9038] netlink: 356 bytes leftover after parsing attributes in process `syz.5.1092'. [ 534.872147][ T9035] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.216441][ T9038] netlink: 'syz.5.1092': attribute type 33 has an invalid length. [ 535.225184][ T9038] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1092'. [ 537.711984][ T9035] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.081081][ T9058] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1096'. [ 538.164995][ T9035] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.216513][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 538.226170][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 538.236007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 538.245943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 538.826169][ T1086] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.841812][ T9063] syzkaller0: entered promiscuous mode [ 538.858344][ T9063] syzkaller0: entered allmulticast mode [ 538.963503][ T3991] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.985743][ T3991] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.003090][ T3991] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.233084][ T9076] syz_tun: entered allmulticast mode [ 540.815847][ T9089] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1110'. [ 541.439330][ T9100] netlink: 356 bytes leftover after parsing attributes in process `syz.0.1113'. [ 541.482940][ T9097] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.504420][ T5873] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 541.580665][ T9100] netlink: 'syz.0.1113': attribute type 33 has an invalid length. [ 541.589332][ T9100] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1113'. [ 541.618438][ T9097] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.723915][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 541.739274][ T5873] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 541.751283][ T5873] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 541.762312][ T5873] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 541.773076][ T5873] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 541.787059][ T5873] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 541.796477][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.830012][ T9097] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.097874][ T9097] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.196428][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 542.204013][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 542.300784][ T5873] usb 5-1: usb_control_msg returned -71 [ 542.307628][ T5873] usbtmc 5-1:16.0: can't read capabilities [ 542.452032][ T5873] usb 5-1: USB disconnect, device number 5 [ 542.753318][ T3991] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.763077][ T1086] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.835211][ T3991] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.856908][ T3991] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.934468][ T9123] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1124'. [ 544.253056][ T5900] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 544.516318][ T5900] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0 [ 544.528284][ T5900] usb 1-1: config 0 interface 0 has no altsetting 0 [ 544.535699][ T5900] usb 1-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 544.545255][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.855854][ T5900] usb 1-1: config 0 descriptor?? [ 545.449993][ T5900] usbhid 1-1:0.0: can't add hid device: -71 [ 545.458455][ T5900] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 545.861987][ T5900] usb 1-1: USB disconnect, device number 4 [ 548.506728][ T5873] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 550.781532][ T9181] rdma_rxe: rxe_newlink: failed to add lo [ 551.261108][ T5873] usb 4-1: Using ep0 maxpacket: 16 [ 551.277339][ T5873] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.290112][ T5873] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.301599][ T5873] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.312101][ T5873] usb 4-1: config 0 interface 0 has no altsetting 0 [ 551.320310][ T5873] usb 4-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 551.330056][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.494033][ T5873] usb 4-1: config 0 descriptor?? [ 552.211537][ T5873] usb 4-1: can't set config #0, error -71 [ 552.222828][ T5873] usb 4-1: USB disconnect, device number 8 [ 552.434288][ T30] audit: type=1326 audit(1756952195.283:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.458286][ T30] audit: type=1326 audit(1756952195.303:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.481686][ T30] audit: type=1326 audit(1756952195.313:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.505335][ T30] audit: type=1326 audit(1756952195.313:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.653424][ T30] audit: type=1326 audit(1756952195.393:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.653715][ T30] audit: type=1326 audit(1756952195.403:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.653982][ T30] audit: type=1326 audit(1756952195.423:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.654260][ T30] audit: type=1326 audit(1756952195.423:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.654519][ T30] audit: type=1326 audit(1756952195.433:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 552.654784][ T30] audit: type=1326 audit(1756952195.453:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9192 comm="syz.5.1150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 554.303624][ T5867] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 554.349540][ T5900] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 554.613070][ T5867] usb 5-1: Using ep0 maxpacket: 8 [ 554.620597][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 554.650580][ T5867] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 554.662105][ T5867] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 554.671833][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.698343][ T5900] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 554.707363][ T5900] usb 3-1: config 0 has no interface number 0 [ 554.714988][ T5900] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 554.725654][ T5900] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 554.736230][ T5900] usb 3-1: config 0 interface 126 has no altsetting 0 [ 554.843936][ T5900] usb 3-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 554.853774][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.862127][ T5900] usb 3-1: Product: syz [ 554.866884][ T5900] usb 3-1: Manufacturer: syz [ 554.871791][ T5900] usb 3-1: SerialNumber: syz [ 554.915813][ T5900] usb 3-1: config 0 descriptor?? [ 554.925818][ T9219] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 554.939730][ T9219] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 555.516407][ T5900] ir_usb 3-1:0.126: IR Dongle converter detected [ 555.724349][ T5900] usb 3-1: IRDA class descriptor not found, device not bound [ 555.812948][ T5900] usb 3-1: USB disconnect, device number 5 [ 557.137405][ T5900] usb 5-1: USB disconnect, device number 6 [ 557.274880][ T9260] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1177'. [ 557.344545][ T9260] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1177'. [ 562.116865][ T5867] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 562.341510][ T9283] netlink: 'syz.0.1187': attribute type 4 has an invalid length. [ 562.383051][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 562.706673][ T5867] usb 4-1: config 0 has an invalid interface number: 126 but max is 0 [ 562.715629][ T5867] usb 4-1: config 0 has no interface number 0 [ 562.722716][ T5867] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 562.734750][ T5867] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 562.745777][ T5867] usb 4-1: config 0 interface 126 has no altsetting 0 [ 563.165016][ T5867] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 563.174802][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.183723][ T5867] usb 4-1: Product: syz [ 563.188382][ T5867] usb 4-1: Manufacturer: syz [ 563.194011][ T5867] usb 4-1: SerialNumber: syz [ 563.309053][ T5867] usb 4-1: config 0 descriptor?? [ 563.321672][ T9280] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 563.335028][ T9280] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 564.247192][ T5867] ir_usb 4-1:0.126: IR Dongle converter detected [ 564.454073][ T5867] usb 4-1: IRDA class descriptor not found, device not bound [ 564.637785][ T5867] usb 4-1: USB disconnect, device number 9 [ 565.952947][ T5873] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 565.954483][ T9302] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1193'. [ 566.000420][ T9302] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1193'. [ 566.150267][ T5873] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.160578][ T5873] usb 5-1: config 0 interface 0 has no altsetting 0 [ 566.167750][ T5873] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 566.177305][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.236042][ T5873] usb 5-1: config 0 descriptor?? [ 566.685360][ T5873] usbhid 5-1:0.0: can't add hid device: -71 [ 566.692103][ T5873] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 566.774025][ T5873] usb 5-1: USB disconnect, device number 7 [ 566.874694][ T9314] netlink: 'syz.5.1199': attribute type 4 has an invalid length. [ 567.774939][ T9331] binder: 9328:9331 unknown command 0 [ 567.780572][ T9331] binder: 9328:9331 ioctl c0306201 200000000080 returned -22 [ 567.815024][ T9330] binder_alloc: 9328: binder_alloc_buf, no vma [ 569.221375][ T9341] netlink: 292 bytes leftover after parsing attributes in process `syz.3.1208'. [ 570.942863][ T5867] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 570.963524][ T5873] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 571.173031][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 571.230690][ T5873] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 571.240923][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.249570][ T5873] usb 5-1: Product: syz [ 571.254094][ T5873] usb 5-1: Manufacturer: syz [ 571.258976][ T5873] usb 5-1: SerialNumber: syz [ 571.375090][ T5873] usb 5-1: config 0 descriptor?? [ 571.436032][ T5867] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 571.446995][ T5867] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 571.693733][ T5873] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 572.275999][ T5867] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 572.285683][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 572.294266][ T5867] usb 4-1: SerialNumber: syz [ 573.094931][ T5873] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 573.254455][ T5873] usb 5-1: USB disconnect, device number 8 [ 574.116053][ T9378] netlink: 292 bytes leftover after parsing attributes in process `syz.3.1223'. [ 574.240644][ T5815] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 574.788636][ T5867] usb 4-1: 0:2 : does not exist [ 574.794110][ T5867] usb 4-1: unit 5 not found! [ 574.914409][ T9385] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 574.926988][ T9385] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 574.951037][ T5867] usb 4-1: USB disconnect, device number 10 [ 575.622075][ T9293] udevd[9293]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 575.900451][ T9395] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 575.912769][ T9395] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 581.723214][ T5867] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 581.943661][ T5867] usb 3-1: Using ep0 maxpacket: 32 [ 581.976178][ T5867] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 581.984944][ T5867] usb 3-1: config 0 has no interface number 0 [ 581.991364][ T5867] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 582.002084][ T5867] usb 3-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 582.012773][ T5867] usb 3-1: config 0 interface 126 has no altsetting 0 [ 582.065438][ T9444] binder: 9442:9444 unknown command 0 [ 582.071320][ T9444] binder: 9442:9444 ioctl c0306201 200000000080 returned -22 [ 582.091572][ T5867] usb 3-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 582.101729][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.110338][ T5867] usb 3-1: Product: syz [ 582.114978][ T5867] usb 3-1: Manufacturer: syz [ 582.119813][ T5867] usb 3-1: SerialNumber: syz [ 582.154858][ T5867] usb 3-1: config 0 descriptor?? [ 582.163608][ T9437] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 582.205667][ T9437] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 582.757235][ T5867] ir_usb 3-1:0.126: IR Dongle converter detected [ 582.991211][ T5867] usb 3-1: IR Dongle converter now attached to ttyUSB0 [ 583.186861][ T5867] usb 3-1: USB disconnect, device number 6 [ 583.249317][ T5867] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0 [ 583.261783][ T5867] ir_usb 3-1:0.126: device disconnected [ 583.530668][ T9463] tipc: Enabled bearer , priority 0 [ 583.562018][ T9467] syzkaller0: entered promiscuous mode [ 583.568309][ T9467] syzkaller0: entered allmulticast mode [ 583.618131][ T9463] tipc: Resetting bearer [ 583.660400][ T9461] tipc: Resetting bearer [ 583.681985][ T9461] tipc: Disabling bearer [ 586.643623][ T9503] tipc: Enabled bearer , priority 0 [ 586.664767][ T9503] syzkaller0: entered promiscuous mode [ 586.664893][ T9503] syzkaller0: entered allmulticast mode [ 586.719593][ T9503] tipc: Resetting bearer [ 586.764596][ T9501] tipc: Resetting bearer [ 586.918802][ T9501] tipc: Disabling bearer [ 591.538510][ T9545] tipc: Enabling of bearer rejected, failed to enable media [ 594.495733][ T5815] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 595.463003][ T9576] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 595.474791][ T9576] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 596.437642][ T5867] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 596.613553][ T5867] usb 1-1: Using ep0 maxpacket: 32 [ 596.660761][ T5867] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 596.671330][ T5867] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 596.682209][ T5867] usb 1-1: config 0 interface 0 has no altsetting 0 [ 596.830037][ T5867] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=dc.8e [ 596.839947][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.848695][ T5867] usb 1-1: Product: syz [ 596.853671][ T5867] usb 1-1: Manufacturer: syz [ 596.860753][ T5867] usb 1-1: SerialNumber: syz [ 596.878410][ T5867] usb 1-1: config 0 descriptor?? [ 597.919426][ T5867] gs_usb 1-1:0.0: Couldn't get device config: (err=-121) [ 597.927730][ T5867] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -121 [ 598.265845][ T9597] tipc: Enabled bearer , priority 0 [ 598.291126][ T9597] syzkaller0: entered promiscuous mode [ 598.299670][ T9597] syzkaller0: entered allmulticast mode [ 598.788839][ T9599] tipc: Resetting bearer [ 598.988718][ T9596] tipc: Resetting bearer [ 599.050590][ T9596] tipc: Disabling bearer [ 600.850318][ T5867] usb 1-1: USB disconnect, device number 5 [ 602.048201][ T9618] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 602.061194][ T9618] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 603.289234][ T9625] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 603.301151][ T9625] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 603.644850][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.651566][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 606.854507][ T9657] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 606.866349][ T9657] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 609.080341][ T9677] warning: `syz.0.1328' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 611.372129][ T9701] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.441563][ T9703] netlink: 356 bytes leftover after parsing attributes in process `syz.2.1339'. [ 613.208438][ T9701] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.971517][ T9701] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.226828][ T9701] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.717485][ T4983] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.885716][ T4983] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.050436][ T3912] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.079417][ T5867] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 615.188267][ T3912] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.355486][ T5867] usb 1-1: Using ep0 maxpacket: 32 [ 615.480597][ T5867] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 615.491623][ T5867] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 615.501859][ T5867] usb 1-1: config 0 interface 0 has no altsetting 0 [ 615.552874][ T5867] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=dc.8e [ 615.562593][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.571389][ T5867] usb 1-1: Product: syz [ 615.576148][ T5867] usb 1-1: Manufacturer: syz [ 615.581414][ T5867] usb 1-1: SerialNumber: syz [ 615.644481][ T5867] usb 1-1: config 0 descriptor?? [ 616.384187][ T9721] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 616.396442][ T9721] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 616.439223][ T5867] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 616.694581][ T5867] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 0 (-EREMOTEIO) [ 616.704300][ T5867] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -121 [ 616.804706][ T9726] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 617.020734][ T5867] usb 1-1: USB disconnect, device number 6 [ 618.046033][ T9742] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 618.057925][ T9742] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 618.891631][ T9743] libceph: resolve '4..' (ret=-3): failed [ 619.174792][ T5900] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 619.383004][ T5900] usb 6-1: Using ep0 maxpacket: 8 [ 619.431329][ T5900] usb 6-1: config index 0 descriptor too short (expected 30, got 18) [ 619.530965][ T5900] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 619.541709][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.551329][ T5900] usb 6-1: Product: syz [ 619.556726][ T5900] usb 6-1: Manufacturer: syz [ 619.561907][ T5900] usb 6-1: SerialNumber: syz [ 619.985453][ T5900] usb 6-1: config 0 descriptor?? [ 620.078571][ T5900] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 620.087815][ T5900] usb 6-1: setting power ON [ 620.093595][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 620.375373][ T9762] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 620.387038][ T9762] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 620.872686][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 620.911986][ T9750] dvb-usb: bulk message failed: -22 (3/0) [ 620.918600][ T9750] dvb-usb: bulk message failed: -22 (3/0) [ 620.924360][ T5900] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 620.934919][ T5900] usb 6-1: media controller created [ 621.097741][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 623.874845][ T5900] usb 6-1: selecting invalid altsetting 6 [ 623.880864][ T5900] usb 6-1: digital interface selection failed (-22) [ 623.888210][ T5900] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 623.985820][ T9767] netlink: 'syz.2.1358': attribute type 4 has an invalid length. [ 623.985824][ T5900] usb 6-1: setting power OFF [ 623.998970][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 624.005121][ T5900] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 624.014787][ T5900] (NULL device *): no alternate interface [ 624.118923][ T9770] netlink: 'syz.2.1358': attribute type 4 has an invalid length. [ 624.459567][ T5900] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 624.481453][ T5900] usb 6-1: USB disconnect, device number 2 [ 625.814238][ T9784] rdma_rxe: rxe_newlink: failed to add lo [ 627.110885][ T9799] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 627.123150][ T9799] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 628.039393][ T9805] libceph: resolve '4..' (ret=-3): failed [ 628.278796][ T9808] netlink: 'syz.5.1374': attribute type 4 has an invalid length. [ 628.352199][ T9808] netlink: 'syz.5.1374': attribute type 4 has an invalid length. [ 632.478086][ T9840] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 632.490238][ T9840] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 633.311193][ T9855] netlink: 'syz.5.1390': attribute type 4 has an invalid length. [ 633.384561][ T9858] netlink: 'syz.5.1390': attribute type 4 has an invalid length. [ 634.160882][ T9856] sz1: rxe_newlink: already configured on lo [ 634.196663][ T5815] Bluetooth: hci4: unexpected event for opcode 0x1407 [ 635.236535][ T9875] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 635.248551][ T9875] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 636.686891][ T9889] Bluetooth: MGMT ver 1.23 [ 637.124860][ T9897] netlink: 'syz.3.1406': attribute type 4 has an invalid length. [ 637.165471][ T9902] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1408'. [ 637.184867][ T9903] netlink: 'syz.3.1406': attribute type 4 has an invalid length. [ 638.696175][ T9913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1411'. [ 640.884997][ T5873] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 640.956210][ T9946] netlink: 'syz.5.1423': attribute type 4 has an invalid length. [ 640.999369][ T5815] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 641.009422][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(none) [ 641.009593][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 641.009752][ T5815] Workqueue: hci0 hci_rx_work [ 641.009928][ T5815] Call Trace: [ 641.009986][ T5815] [ 641.010048][ T5815] __dump_stack+0x26/0x30 [ 641.010243][ T5815] dump_stack_lvl+0x1df/0x270 [ 641.010438][ T5815] dump_stack+0x1e/0x25 [ 641.010615][ T5815] sysfs_create_dir_ns+0x46c/0x540 [ 641.010881][ T5815] kobject_add_internal+0xeed/0x1840 [ 641.011081][ T5815] kobject_add+0x2c1/0x410 [ 641.011272][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 641.011458][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 641.011661][ T5815] device_add+0xa70/0x1c10 [ 641.011869][ T5815] hci_conn_add_sysfs+0x15f/0x2f0 [ 641.012103][ T5815] le_conn_complete_evt+0x1b35/0x21b0 [ 641.012353][ T5815] hci_le_conn_complete_evt+0x157/0x260 [ 641.012569][ T5815] hci_le_meta_evt+0x6e8/0x960 [ 641.012751][ T5815] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 641.012968][ T5815] hci_event_packet+0xce2/0x1e40 [ 641.013130][ T5815] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 641.013361][ T5815] hci_rx_work+0x9a8/0x12b0 [ 641.013557][ T5815] ? __pfx_hci_rx_work+0x10/0x10 [ 641.013738][ T5815] process_scheduled_works+0xb8e/0x1d80 [ 641.014039][ T5815] worker_thread+0xedf/0x1590 [ 641.014309][ T5815] kthread+0xd59/0xf00 [ 641.014463][ T5815] ? __pfx_worker_thread+0x10/0x10 [ 641.014717][ T5815] ? __pfx_kthread+0x10/0x10 [ 641.014879][ T5815] ret_from_fork+0x1e3/0x310 [ 641.015040][ T5815] ? __pfx_kthread+0x10/0x10 [ 641.015204][ T5815] ret_from_fork_asm+0x1a/0x30 [ 641.015448][ T5815] [ 641.033501][ T9946] netlink: 'syz.5.1423': attribute type 4 has an invalid length. [ 641.037091][ T5815] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 641.205687][ T5815] Bluetooth: hci0: failed to register connection device [ 641.233151][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 641.250959][ T5873] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 641.302109][ T5873] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 641.312117][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.320787][ T5873] usb 5-1: Product: syz [ 641.325560][ T5873] usb 5-1: Manufacturer: syz [ 641.330379][ T5873] usb 5-1: SerialNumber: syz [ 641.431419][ T5873] usb 5-1: config 0 descriptor?? [ 641.518737][ T5873] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 641.527433][ T5873] usb 5-1: setting power ON [ 641.532310][ T5873] dvb-usb: bulk message failed: -22 (2/0) [ 641.614317][ T5873] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 641.660097][ T5873] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 641.669372][ T5873] usb 5-1: media controller created [ 641.696482][ T9942] dvb-usb: bulk message failed: -22 (3/0) [ 641.703107][ T9942] cxusb: i2c wr: len=79 is too big! [ 641.703107][ T9942] [ 641.802581][ T5873] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 642.037616][ T5873] usb 5-1: selecting invalid altsetting 6 [ 642.043901][ T5873] usb 5-1: digital interface selection failed (-22) [ 642.050983][ T5873] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 642.097896][ T5873] usb 5-1: setting power OFF [ 642.103027][ T5873] dvb-usb: bulk message failed: -22 (2/0) [ 642.108951][ T5873] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 642.118676][ T5873] (NULL device *): no alternate interface [ 642.667973][ T5873] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 642.746472][ T5873] usb 5-1: USB disconnect, device number 9 [ 644.302802][ T5900] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 644.746078][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 644.757673][ T5900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.767809][ T5900] usb 4-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 644.777200][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.898259][ T5900] usb 4-1: config 0 descriptor?? [ 645.224795][ T5815] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 645.235140][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(none) [ 645.235312][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 645.235438][ T5815] Workqueue: hci4 hci_rx_work [ 645.235591][ T5815] Call Trace: [ 645.235656][ T5815] [ 645.235709][ T5815] __dump_stack+0x26/0x30 [ 645.235888][ T5815] dump_stack_lvl+0x1df/0x270 [ 645.236077][ T5815] dump_stack+0x1e/0x25 [ 645.236237][ T5815] sysfs_create_dir_ns+0x46c/0x540 [ 645.236470][ T5815] kobject_add_internal+0xeed/0x1840 [ 645.236663][ T5815] kobject_add+0x2c1/0x410 [ 645.236828][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 645.236998][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 645.237178][ T5815] device_add+0xa70/0x1c10 [ 645.237355][ T5815] hci_conn_add_sysfs+0x15f/0x2f0 [ 645.237572][ T5815] le_conn_complete_evt+0x1b35/0x21b0 [ 645.237804][ T5815] hci_le_conn_complete_evt+0x157/0x260 [ 645.237998][ T5815] hci_le_meta_evt+0x6e8/0x960 [ 645.238158][ T5815] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 645.238353][ T5815] hci_event_packet+0xce2/0x1e40 [ 645.238493][ T5815] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 645.238735][ T5815] hci_rx_work+0x9a8/0x12b0 [ 645.238923][ T5815] ? __pfx_hci_rx_work+0x10/0x10 [ 645.239096][ T5815] process_scheduled_works+0xb8e/0x1d80 [ 645.239367][ T5815] worker_thread+0xedf/0x1590 [ 645.239592][ T5815] kthread+0xd59/0xf00 [ 645.239745][ T5815] ? __pfx_worker_thread+0x10/0x10 [ 645.239963][ T5815] ? __pfx_kthread+0x10/0x10 [ 645.240107][ T5815] ret_from_fork+0x1e3/0x310 [ 645.240245][ T5815] ? __pfx_kthread+0x10/0x10 [ 645.240386][ T5815] ret_from_fork_asm+0x1a/0x30 [ 645.240607][ T5815] [ 645.240743][ T5815] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 645.425782][ T5815] Bluetooth: hci4: failed to register connection device [ 645.479168][ T5900] usbhid 4-1:0.0: can't add hid device: -71 [ 645.486364][ T5900] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 645.537558][ T9999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1440'. [ 645.633248][ T5900] usb 4-1: USB disconnect, device number 11 [ 647.276196][ T5900] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 647.376676][ T5821] Bluetooth: hci0: command 0x0406 tx timeout [ 647.474903][ T5900] usb 5-1: Using ep0 maxpacket: 8 [ 647.520104][ T5900] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 647.549449][ T5900] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 647.559312][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.568305][ T5900] usb 5-1: Product: syz [ 647.573029][ T5900] usb 5-1: Manufacturer: syz [ 647.577847][ T5900] usb 5-1: SerialNumber: syz [ 647.633672][ T5900] usb 5-1: config 0 descriptor?? [ 647.655609][ T5900] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 647.664056][ T5900] usb 5-1: setting power ON [ 647.668763][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 647.740724][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 647.772777][ T5900] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 647.781780][ T5900] usb 5-1: media controller created [ 647.849042][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 647.873571][T10021] dvb-usb: bulk message failed: -22 (3/0) [ 647.879555][T10021] cxusb: i2c wr: len=80 is too big! [ 647.879555][T10021] [ 648.051622][ T5900] usb 5-1: selecting invalid altsetting 6 [ 648.057922][ T5900] usb 5-1: digital interface selection failed (-22) [ 648.065301][ T5900] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 648.132124][ T5900] usb 5-1: setting power OFF [ 648.137449][ T5900] dvb-usb: bulk message failed: -22 (2/0) [ 648.144212][ T5900] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 648.153822][ T5900] (NULL device *): no alternate interface [ 648.726161][ T5873] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 649.036593][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.048492][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.058900][ T5873] usb 3-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 649.068632][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.358049][ T5900] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 649.375412][ T5900] usb 5-1: USB disconnect, device number 10 [ 649.408022][ T5873] usb 3-1: config 0 descriptor?? [ 649.723275][ T5900] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 649.966728][ T5900] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.977359][ T5900] usb 5-1: config 0 interface 0 has no altsetting 0 [ 649.984807][ T5900] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 649.994314][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.073489][ T5900] usb 5-1: config 0 descriptor?? [ 650.097303][ T9] usb 3-1: USB disconnect, device number 7 [ 651.171901][ T5900] usbhid 5-1:0.0: can't add hid device: -71 [ 651.179018][ T5900] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 651.196144][ T5900] usb 5-1: USB disconnect, device number 11 [ 651.853273][ T5821] Bluetooth: hci4: command 0x0406 tx timeout [ 652.666153][T10091] binder_alloc: 10090: binder_alloc_buf, no vma [ 653.033068][ T5873] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 653.240871][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.253098][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.263383][ T5873] usb 5-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 653.273065][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.369940][ T5873] usb 5-1: config 0 descriptor?? [ 653.732037][T10111] binder_alloc: 10110: binder_alloc_buf, no vma [ 653.871877][ T5873] usbhid 5-1:0.0: can't add hid device: -71 [ 653.880286][ T5873] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 654.090063][ T5873] usb 5-1: USB disconnect, device number 12 [ 654.703712][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 654.703800][ T30] audit: type=1326 audit(1756952297.553:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10115 comm="syz.2.1483" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f271758ebe9 code=0x0 [ 655.873412][T10132] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 656.143918][ T5873] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 656.343181][ T5873] usb 5-1: device descriptor read/64, error -71 [ 656.603031][ T5873] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 656.795661][ T5873] usb 5-1: device descriptor read/64, error -71 [ 656.934514][ T5873] usb usb5-port1: attempt power cycle [ 657.427093][ T5873] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 657.528824][ T5873] usb 5-1: device descriptor read/8, error -71 [ 657.794951][ T5873] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 657.865488][ T5873] usb 5-1: device descriptor read/8, error -71 [ 657.887653][ T5900] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 657.978094][ T5873] usb usb5-port1: unable to enumerate USB device [ 658.089309][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 658.101576][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.111913][ T5900] usb 3-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 658.121783][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.141113][T10158] binder_alloc: 10157: binder_alloc_buf, no vma [ 658.156644][ T5900] usb 3-1: config 0 descriptor?? [ 658.376075][T10160] tipc: Enabling of bearer rejected, failed to enable media [ 658.608732][ T5900] usbhid 3-1:0.0: can't add hid device: -71 [ 658.615641][ T5900] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 658.666502][ T5900] usb 3-1: USB disconnect, device number 8 [ 659.483010][ T5900] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 659.753447][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 659.813004][ T5900] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 659.824017][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 659.835104][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 659.845555][ T5900] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 659.859223][ T5900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 659.868778][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.838023][ T5900] usb 1-1: GET_CAPABILITIES returned 2f [ 660.844171][ T5900] usbtmc 1-1:16.0: can't read capabilities [ 661.218498][T10183] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 662.204327][ T42] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 662.613009][ T42] usb 5-1: Using ep0 maxpacket: 8 [ 662.635579][T10194] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1512'. [ 662.713233][ T42] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 662.723122][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.731465][ T42] usb 5-1: Product: syz [ 662.736261][ T42] usb 5-1: Manufacturer: syz [ 662.741386][ T42] usb 5-1: SerialNumber: syz [ 662.834716][ T42] usb 5-1: config 0 descriptor?? [ 663.114523][ T42] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 663.221947][ T5900] usb 1-1: USB disconnect, device number 7 [ 663.775427][T10205] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 663.867634][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1515'. [ 663.875518][ T5867] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 664.175826][ T42] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 664.350342][ T42] usb 5-1: USB disconnect, device number 17 [ 664.433248][ T5867] usb 3-1: device descriptor read/64, error -71 [ 664.636361][ T30] audit: type=1326 audit(1756952307.493:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.660097][ T30] audit: type=1326 audit(1756952307.493:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.683327][ T30] audit: type=1326 audit(1756952307.493:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.706614][ T30] audit: type=1326 audit(1756952307.493:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.729845][ T30] audit: type=1326 audit(1756952307.493:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.753724][ T30] audit: type=1326 audit(1756952307.493:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.776991][ T30] audit: type=1326 audit(1756952307.493:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.800442][ T30] audit: type=1326 audit(1756952307.493:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.823403][ T30] audit: type=1326 audit(1756952307.493:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.846470][ T30] audit: type=1326 audit(1756952307.493:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.5.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53e938ebe9 code=0x7ffc0000 [ 664.986098][ T5867] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 665.087022][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 665.094675][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 665.173190][ T5873] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 665.262977][ T5867] usb 3-1: device descriptor read/64, error -71 [ 665.395452][ T5867] usb usb3-port1: attempt power cycle [ 665.400720][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 665.417633][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 665.427988][ T5873] usb 4-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 665.437394][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.516057][ T5873] usb 4-1: config 0 descriptor?? [ 665.568848][T10216] serio: Serial port ptm1 [ 665.762721][ T5867] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 665.805962][ T5867] usb 3-1: device descriptor read/8, error -71 [ 666.068079][ T5873] usbhid 4-1:0.0: can't add hid device: -71 [ 666.075161][ T5873] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 666.082842][ T5867] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 666.113213][ T5867] usb 3-1: device descriptor read/8, error -71 [ 666.190800][ T5873] usb 4-1: USB disconnect, device number 12 [ 666.238527][ T5867] usb usb3-port1: unable to enumerate USB device [ 667.198999][T10242] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 667.989888][T10243] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 668.642892][ T5867] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 668.843033][ T5867] usb 6-1: Using ep0 maxpacket: 8 [ 668.921225][ T5867] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 668.931088][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.939613][ T5867] usb 6-1: Product: syz [ 668.944298][ T5867] usb 6-1: Manufacturer: syz [ 668.949117][ T5867] usb 6-1: SerialNumber: syz [ 669.040812][ T5867] usb 6-1: config 0 descriptor?? [ 669.439082][ T5867] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 670.472649][T10270] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 670.520773][ T5867] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 670.654324][ T5867] usb 6-1: USB disconnect, device number 3 [ 671.393370][T10275] overlayfs: failed to resolve './file1': -2 [ 672.950423][T10297] overlayfs: failed to resolve './file0': -2 [ 673.723348][ T5873] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 673.963775][ T5873] usb 4-1: Using ep0 maxpacket: 8 [ 674.014149][ T5873] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 674.024908][ T5873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 674.036199][ T5873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 674.046834][ T5873] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 674.060652][ T5873] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 674.070613][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.678876][T10306] overlayfs: failed to resolve './file1': -2 [ 675.003290][ T5873] usb 4-1: GET_CAPABILITIES returned f8 [ 675.009391][ T5873] usbtmc 4-1:16.0: can't read capabilities [ 676.311763][T10316] overlayfs: failed to resolve './file1': -2 [ 676.341099][T10312] capability: warning: `syz.0.1554' uses 32-bit capabilities (legacy support in use) [ 677.311942][ T5873] usb 4-1: USB disconnect, device number 13 [ 679.343242][T10342] overlayfs: missing 'lowerdir' [ 679.419468][T10343] overlayfs: failed to resolve './file1': -2 [ 681.243399][T10364] binder: BINDER_SET_CONTEXT_MGR already set [ 681.249829][T10364] binder: 10363:10364 ioctl 4018620d 200000000040 returned -16 [ 681.936618][T10375] overlayfs: missing 'lowerdir' [ 686.593379][T10403] binder_alloc: 10402: binder_alloc_buf, no vma [ 687.321781][T10413] comedi comedi4: bad chanlist[1]=0x7fff0000 chan=0 range length=2 [ 688.876306][ T5821] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 690.546950][ T5873] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 690.830210][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 690.841808][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 690.853320][ T5873] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0c, bcdDevice= 0.00 [ 690.863274][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.889162][ T5873] usb 4-1: config 0 descriptor?? [ 690.898959][T10445] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 692.390407][ T5873] corsair-psu 0003:1B1C:1C0C.0008: hidraw0: USB HID v0.00 Device [HID 1b1c:1c0c] on usb-dummy_hcd.3-1/input0 [ 692.473479][ T5873] corsair-psu 0003:1B1C:1C0C.0008: unable to initialize device (-38) [ 692.554560][ T5873] corsair-psu 0003:1B1C:1C0C.0008: probe with driver corsair-psu failed with error -38 [ 693.264530][T10454] syzkaller0: entered promiscuous mode [ 693.270642][T10454] syzkaller0: entered allmulticast mode [ 694.021963][ T5821] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 695.405301][ T5867] usb 4-1: USB disconnect, device number 14 [ 696.584446][ T9804] ===================================================== [ 696.591889][ T9804] BUG: KMSAN: uninit-value in bnep_session+0x7af/0x4560 [ 696.599368][ T9804] bnep_session+0x7af/0x4560 [ 696.604472][ T9804] kthread+0xd59/0xf00 [ 696.608826][ T9804] ret_from_fork+0x1e3/0x310 [ 696.613833][ T9804] ret_from_fork_asm+0x1a/0x30 [ 696.618808][ T9804] [ 696.621216][ T9804] Uninit was created at: [ 696.626762][ T9804] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 696.633186][ T9804] kmalloc_reserve+0x13c/0x4b0 [ 696.638188][ T9804] __alloc_skb+0x347/0x7d0 [ 696.643091][ T9804] vhci_write+0x125/0x960 [ 696.647588][ T9804] vfs_write+0xbdf/0x15d0 [ 696.652139][ T9804] __x64_sys_write+0x1fb/0x4d0 [ 696.657271][ T9804] x64_sys_call+0x3014/0x3e20 [ 696.662188][ T9804] do_syscall_64+0xd9/0x210 [ 696.667430][ T9804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.673729][ T9804] [ 696.676196][ T9804] CPU: 1 UID: 0 PID: 9804 Comm: kbnepd bnep0 Not tainted syzkaller #0 PREEMPT(none) [ 696.686299][ T9804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 696.696670][ T9804] ===================================================== [ 696.703601][T10478] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1619'. [ 696.703864][ T9804] Disabling lock debugging due to kernel taint [ 696.718996][ T9804] Kernel panic - not syncing: kmsan.panic set ... [ 696.725580][ T9804] CPU: 1 UID: 0 PID: 9804 Comm: kbnepd bnep0 Tainted: G B syzkaller #0 PREEMPT(none) [ 696.736980][ T9804] Tainted: [B]=BAD_PAGE [ 696.741348][ T9804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 696.751554][ T9804] Call Trace: [ 696.754957][ T9804] [ 696.758010][ T9804] __dump_stack+0x26/0x30 [ 696.762665][ T9804] dump_stack_lvl+0x53/0x270 [ 696.767482][ T9804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 696.773528][ T9804] dump_stack+0x1e/0x25 [ 696.777905][ T9804] vpanic+0x361/0xc50 [ 696.782145][ T9804] panic+0x15d/0x160 [ 696.786322][ T9804] kmsan_report+0x31c/0x320 [ 696.791065][ T9804] ? __msan_warning+0x1b/0x30 [ 696.795945][ T9804] ? bnep_session+0x7af/0x4560 [ 696.801041][ T9804] ? kthread+0xd59/0xf00 [ 696.805478][ T9804] ? ret_from_fork+0x1e3/0x310 [ 696.810414][ T9804] ? ret_from_fork_asm+0x1a/0x30 [ 696.815581][ T9804] ? _raw_spin_trylock_bh+0xb1/0xc0 [ 696.820975][ T9804] ? filter_irq_stacks+0x49/0x190 [ 696.826200][ T9804] ? stack_depot_save_flags+0x35/0x7b0 [ 696.831893][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.837202][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.842507][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.847816][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.853149][ T9804] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 696.859665][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.864976][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.870296][ T9804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 696.876317][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.881643][ T9804] __msan_warning+0x1b/0x30 [ 696.886322][ T9804] bnep_session+0x7af/0x4560 [ 696.891241][ T9804] ? kmsan_get_metadata+0xfb/0x160 [ 696.896767][ T9804] ? __pfx_woken_wake_function+0x10/0x10 [ 696.902698][ T9804] ? __kthread_parkme+0x1bd/0x1f0 [ 696.908015][ T9804] kthread+0xd59/0xf00 [ 696.912294][ T9804] ? __pfx_bnep_session+0x10/0x10 [ 696.917585][ T9804] ? __pfx_kthread+0x10/0x10 [ 696.922380][ T9804] ret_from_fork+0x1e3/0x310 [ 696.927209][ T9804] ? __pfx_kthread+0x10/0x10 [ 696.932196][ T9804] ret_from_fork_asm+0x1a/0x30 [ 696.937232][ T9804] [ 696.940669][ T9804] Kernel Offset: disabled [ 696.945194][ T9804] Rebooting in 86400 seconds..