last executing test programs: 44.67690973s ago: executing program 2 (id=1065): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, 0x0, &(0x7f0000000380)=r2}, 0x20) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c100}, 0xc048) sendmsg$NFT_BATCH(r6, 0x0, 0x40) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000a80)=@gcm_128={{0x303}, "9ff3d6661480294c", "5fa3c0bf46782bbee21b09b7446edc75", "5bee93e1", "f11bb8cba3046ce3"}, 0x28) 43.403929983s ago: executing program 2 (id=1071): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) unshare(0x66020000) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000180)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x68, 0x0, 0x0, 0x2f, 0x0, @empty, @multicast1}, {0x2001, 0x880b, 0xc, 0x0, @opaque="75d00021"}}}}}, 0x0) 42.301089877s ago: executing program 2 (id=1074): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x964, 0x89f8}, 0x8) 42.135691597s ago: executing program 4 (id=1076): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = semget$private(0x0, 0x6, 0x0) semtimedop(r3, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) semop(r3, &(0x7f00000000c0)=[{0x4, 0x1}], 0x1) semop(r3, &(0x7f0000000000)=[{0x2, 0x0, 0x2000}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 41.692056294s ago: executing program 4 (id=1078): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x44000000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) readlink(0x0, 0x0, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r6], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'veth1_to_hsr\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 41.619804171s ago: executing program 2 (id=1079): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffffb}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/udp6\x00') read$dsp(r2, &(0x7f00000002c0)=""/140, 0x8c) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000006c0)) 41.365240653s ago: executing program 4 (id=1080): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0xd, 0x0, 0x93}, 0xe) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x3, 0x8069}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x3}}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) 41.146678063s ago: executing program 4 (id=1081): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000000002}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 40.168561921s ago: executing program 4 (id=1083): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) prctl$PR_GET_NAME(0x10, &(0x7f00000000c0)=""/223) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x46) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xe, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, 0x0, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0x3, 0x0, 0x0) write(r3, &(0x7f0000000300), 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c) r5 = socket$kcm(0xa, 0x2, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r2, &(0x7f0000000340), 0xd, 0x45833af92e4b38ff, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDELRT(r7, 0x890c, &(0x7f0000005fc0)={@local, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x7, 0x8000, 0x3d, 0x500, 0x5, 0x18c0012}) r8 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r8, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) 38.323750357s ago: executing program 2 (id=1087): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {0x5, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x6717}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004070}, 0x810) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x5) 37.979539893s ago: executing program 2 (id=1091): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0xf, 0x123080) ioctl$XFS_IOC_FSGROWFSRT(r0, 0x40105870, &(0x7f0000000080)={0x31b9, 0x3}) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x4000) ioctl$BLKGETZONESZ(r1, 0x80041284, &(0x7f0000001240)=0x7) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007a1ff00", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 37.58720407s ago: executing program 4 (id=1093): r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x80, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x12}, 0x8, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0}) connect$unix(r1, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_clone3(&(0x7f0000000600)={0x2000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f00000002c0), {0x20}, &(0x7f0000000500)=""/94, 0x5e, &(0x7f0000000580)=""/87, &(0x7f0000000300)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) ptrace$cont(0x20, r5, 0x40, 0x1) r6 = socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x1, 0x3}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010020bd7000fbdbdf2526000000180001801400020064756d6d7930"], 0x2c}}, 0x20000000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYRES32=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d821}, 0x24000000) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89, 0x10800}, 0x50) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r12 = socket(0x10, 0x80002, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r11, @ANYBLOB="00000000000000001c001a800800028008000200080000003e1200000800"], 0x44}}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)={'#! ', './file0'}, 0xb) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xf}, {}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) setsockopt$MRT6_FLUSH(r12, 0x29, 0xd4, &(0x7f0000000680)=0x1, 0x4) 22.640700247s ago: executing program 32 (id=1091): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0xf, 0x123080) ioctl$XFS_IOC_FSGROWFSRT(r0, 0x40105870, &(0x7f0000000080)={0x31b9, 0x3}) r1 = syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x4000) ioctl$BLKGETZONESZ(r1, 0x80041284, &(0x7f0000001240)=0x7) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007a1ff00", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 22.55220201s ago: executing program 33 (id=1093): r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x80, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x12}, 0x8, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0}) connect$unix(r1, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_clone3(&(0x7f0000000600)={0x2000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f00000002c0), {0x20}, &(0x7f0000000500)=""/94, 0x5e, &(0x7f0000000580)=""/87, &(0x7f0000000300)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) ptrace$cont(0x20, r5, 0x40, 0x1) r6 = socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x1, 0x3}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010020bd7000fbdbdf2526000000180001801400020064756d6d7930"], 0x2c}}, 0x20000000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYRES32=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d821}, 0x24000000) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89, 0x10800}, 0x50) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r12 = socket(0x10, 0x80002, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r11, @ANYBLOB="00000000000000001c001a800800028008000200080000003e1200000800"], 0x44}}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)={'#! ', './file0'}, 0xb) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xf}, {}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) setsockopt$MRT6_FLUSH(r12, 0x29, 0xd4, &(0x7f0000000680)=0x1, 0x4) 9.292513221s ago: executing program 3 (id=1206): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r6, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x45, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 9.100722175s ago: executing program 3 (id=1208): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000340), &(0x7f0000000380)=r2}, 0x20) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c100}, 0xc048) sendmsg$NFT_BATCH(r6, 0x0, 0x40) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000a80)=@gcm_128={{0x303}, "9ff3d6661480294c", "5fa3c0bf46782bbee21b09b7446edc75", "5bee93e1", "f11bb8cba3046ce3"}, 0x28) 8.182985524s ago: executing program 3 (id=1213): syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca00090506"], 0x0) 6.664804122s ago: executing program 5 (id=1222): socket$pppoe(0x18, 0x1, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) syz_emit_ethernet(0x2a, &(0x7f00000001c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0x31, 0x1c, 0x65, 0x0, 0xa6, 0x1, 0x0, @remote, @multicast1}, @address_reply={0x12, 0x0, 0x0, 0x8}}}}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x29, 0x81, 0x4, 0x6, 0x8, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7800, 0x20, 0x5, 0x5}}) bind$xdp(r2, &(0x7f0000000340)={0x2c, 0x0, r4, 0x17}, 0x10) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) openat$sysctl(0xffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r5, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xfff2, 0xffff}, {0xffff, 0x5}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010) 6.609123931s ago: executing program 5 (id=1223): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000340), &(0x7f0000000380)=r2}, 0x20) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c100}, 0xc048) sendmsg$NFT_BATCH(r6, 0x0, 0x40) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000a80)=@gcm_128={{0x303}, "9ff3d6661480294c", "5fa3c0bf46782bbee21b09b7446edc75", "5bee93e1", "f11bb8cba3046ce3"}, 0x28) 5.750241511s ago: executing program 5 (id=1226): syz_usb_connect$uac1(0x3, 0x72, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x2a39, 0x3fb0, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x60, 0x3, 0x1, 0x3, 0x48, 0x3, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x3, 0x3, 0x6, {0x7, 0x25, 0x1, 0xc, 0x0, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x9, 0x6, 0x3, {0x7, 0x25, 0x1, 0x4, 0x3, 0xa4b8}}}}}}}}]}}, 0x0) 5.106374301s ago: executing program 3 (id=1230): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000004c0)={0xffffffff, {{0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, 0xff7ffffd}}, {{0xa, 0xce07, 0x4, @empty, 0x4ed}}}, 0x108) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f00000004c0)=[@ioring_restriction_register_op={0x0, 0x9}], 0x1) io_uring_register$IORING_REGISTER_IOWQ_AFF(0xffffffffffffffff, 0x25, &(0x7f0000000d40)="01", 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)="a73b0bc93bfb797e5c542761747f2ee9b1f119020956a038fc082fc8d81695304626d4fb940881d1034863c8e53c058b011328c49867ad0f4e655f7d768cb59f54500337ff4aeeec57e7bad23bd08e", 0x4f}], 0x1}, 0x810) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000200)={0x203, 0xa, 0x2}) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000500)=@userptr={0x6, 0xa, 0x4, 0x1, 0x0, {0x0, 0x2710}, {0x1, 0xc, 0xd2, 0x6, 0x77, 0x6, "0080ca6f"}, 0xff, 0x2, {&(0x7f00000002c0)}, 0x6}) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x3a}]}, @IPSET_ATTR_FAMILY={0xfffffffffffffd71, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000380)={0x2, {{0xa, 0x4e20, 0x1, @mcast1, 0x1000}}, {{0xa, 0x4e22, 0x7, @empty, 0x3ff}}}, 0x108) rt_sigpending(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000001180)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x27) 5.105823241s ago: executing program 3 (id=1231): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0/file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r3 = fcntl$dupfd(r2, 0x0, r2) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x304}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "5f2307e0", "2ce6f8da8e55c427"}, 0x28) syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x9916, 0x0, 0x0, 0x164, 0x0, r3}, &(0x7f0000000040)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000580)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) bpf$MAP_CREATE(0x0, 0x0, 0x50) r6 = syz_open_procfs(0x0, 0x0) ioctl$EVIOCGLED(r6, 0x80404519, 0x0) 4.579787023s ago: executing program 0 (id=1233): socket$packet(0x11, 0x3, 0x300) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 4.071862198s ago: executing program 5 (id=1234): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) connect$inet6(r0, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r1, 0x0, 0x0) 3.636057087s ago: executing program 0 (id=1236): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r6, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x45, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 3.621860155s ago: executing program 0 (id=1238): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0xd70, &(0x7f0000000080)={0x0, 0x6f2f, 0x80, 0x2, 0x250}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x1}, 0x20) 3.445547382s ago: executing program 0 (id=1239): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xfffffffb}, 0x0) read$dsp(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x41e) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000006c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) 2.746692132s ago: executing program 1 (id=1240): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0xe6e12000, 0x41000, 0x8, 0x6f, 0x3, 0x80, 0x40, 0x6, 0x0, 0x2e, 0x19}, {0xd000, 0x1, 0xc, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x56, 0x5, 0x3, 0xc0}, {0xdddd1000, 0x10000, 0x0, 0x9, 0x3, 0x8, 0xfe, 0x9, 0x1, 0xab, 0x5, 0x7e}, {0x70000, 0x26000, 0x3, 0x5d, 0x4, 0x42, 0x3, 0xff, 0x6, 0x7, 0xe}, {0x0, 0x9000, 0x9, 0x3, 0x7, 0x7, 0xab, 0x7f, 0x9e, 0x9, 0xf7, 0x83}, {0x10000, 0x80a0000, 0x10, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0x11, 0x3c}, {0x0, 0x40000, 0x0, 0x5, 0x7, 0x2, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0x5000, 0x22f000, 0x8, 0x5, 0xf, 0x7, 0xff, 0x18, 0x2, 0x23, 0x7, 0x9}, {0x4000, 0x8}, {0x10000, 0x82}, 0x80000031, 0x0, 0x70000, 0x242101, 0xb, 0x0, 0xa000, [0x6840400000000000, 0x400000000004, 0x5a, 0x100]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x45, 0x0, 0x0) 2.300067498s ago: executing program 6 (id=1242): syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mremap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 2.159881882s ago: executing program 1 (id=1243): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x229c2, 0x137) fcntl$setlease(r3, 0x400, 0x1) fremovexattr(r3, &(0x7f0000000040)=@random={'system.', 'system.posix_acl_default\x00'}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x2) write(r4, &(0x7f00000008c0)="bae2bf808214ff98d8d00b4e4aa5b63a86342a471feaedd023fe0d23081a02d33e4a469ab9d700b98dbc637a1ab17ee404dfa6c5d5a144ee59221d4b94680ba508343a208a525cff39a2733191ec729e1ed6ee89970d901cdde9274de2a14d16d4b60efff4a823051100a4766a36baa70307cd088fcc9e7146a60c52282f525d113a20c411358bfa0b288791cc9dba6ba75a160cb7beda4a2a7f1a2fa5c565ff344c6b7550c85aeec24195055e0cb2b5ed37875be4e627ef1027ef44c76edb024b67d2dd316c9025880d70300e9ac5abae459e1de4d6868facadaf5c07042ba04768b47d542ef67510bc6a31e1c671cd366d1060843996078b8bceab4299a1fd7ff0318b010dfc8a95b9163505bdde7f92bccfb94a227d620c7fbf355564d75dadaeb40bfa148575d175ba6b276dd1f08de275305c679ed2ca319a0d0ea310eee868429deb863319197812d62a2961765536e8b81edabf419b3ee6c60e17b9c61353366cb3e11572e94b996053feb7854704a86cd638976f8373557ca455e43463252bff8f4835f05ac57cc3e29031d648a942c4f83823378367ff5ff6157e59ccb6b7236eeca6a5f962d3f79b677fa1d2b8baa374f5aab9ecabd7f024941d73db13ba01090a7544d51c2e1ffc35d383b355c359568623715caadca70f1125419af0a5ec9832a5885c29ac40b3fe2f9f173934bb57eef3c9ab71d1b747554fb403d22cd39f98d2ac6df121c75ea827d1790db6fc7c21f601f75bc9b7d5facd83cf77e4b666e3257fb81ac213d2afccd3cc5e2bab7db075d051cd5c9f860f421e672e6d3c2ffce5f51b45e24a1dcf27de17e47ad0d34fa1ead3fc3892593f29f94f26413603c490f9c7d0682de6f9048ae911615975cee4e8b1349133192bfe71130368238688b67b74631a1a524699d28d86427694f753daf88e009c4d34ed310fea1c7356e5abc256595589f704a69b36b6dd05060f3abd79af70d2eb438b85b3d35d300eabaf51bdf479e07ff1338eba821f0c2a395cd355103df33032c1cd8edcdc5425f4418f18b7c1e85fceeb6f41fbaed2573052cf087659520618fe64ec82ae8484b2ddb50a41762fc3f90b3ceb8b2d10bac688e2d35d35e93639ab72384bebe7690c467f0f678bd75c9aa67bc96d94c98ced73d22c6776c918fe50143b80dc80d97326858cbbff3d66f7dc788b788ef275c5037081e9f025e3becca7cf496f7cddd0da37a4ea323d5037bf", 0x36f) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) 2.09464175s ago: executing program 6 (id=1244): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r7, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x45, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r9, {0xffe0}, {0x8}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0xc, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x1], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 1.326904297s ago: executing program 6 (id=1245): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121300, 0x0) ioctl$TIOCMSET(r0, 0x5418, 0x0) 1.222096368s ago: executing program 1 (id=1246): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) 1.135806842s ago: executing program 6 (id=1247): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/7, 0x7) 1.067901569s ago: executing program 1 (id=1248): unshare(0x24020400) r0 = syz_open_dev$sndpcmp(&(0x7f0000001740), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r0, 0xc0884123, &(0x7f0000000000)={0x6, "31aeb6bf53768468d0eab6c0a4e98c88c0f69a3fe8d98bc6342595be7cce9e36b6e8662699ba3f3034110e1adfc9c447f94b68ae6d00dd5a45aacd75768b86a1", {0x8000, 0x87}}) 1.067535109s ago: executing program 6 (id=1249): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000000240)={'syzkaller0\x00', @random="2b0100004ec6"}) 975.074502ms ago: executing program 5 (id=1250): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000340), &(0x7f0000000380)=r2}, 0x20) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c100}, 0xc048) sendmsg$NFT_BATCH(r6, 0x0, 0x40) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r7, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000a80)=@gcm_128={{0x303}, "9ff3d6661480294c", "5fa3c0bf46782bbee21b09b7446edc75", "5bee93e1", "f11bb8cba3046ce3"}, 0x28) 941.456796ms ago: executing program 6 (id=1251): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0) mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) getdents(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$dri(0x0, 0x1, 0x240981) openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0502, 0x49) io_setup(0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) ioctl$USBDEVFS_DISCSIGNAL(r2, 0x8010550e, &(0x7f0000000140)={0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$vim2m(0x0, 0x782, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d00090509a914"], 0x0) r4 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$P9_RVERSION(r4, 0x0, 0x0) close(r4) 941.153705ms ago: executing program 0 (id=1252): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 940.799866ms ago: executing program 3 (id=1253): socket(0x2c, 0x3, 0x1000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) r2 = syz_io_uring_setup(0x3af2, &(0x7f00000000c0)={0x0, 0xa5f5, 0x80, 0x2, 0x131}, &(0x7f0000000140), 0x0) io_uring_register$IORING_REGISTER_MEM_REGION(r2, 0x22, 0x0, 0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) r3 = socket(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='rdma.current\x00', 0x7a44, 0x1700) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r4, 0x952de000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r3, 0x0, 0x4000) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8801}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r7, 0x0) 685.208818ms ago: executing program 0 (id=1254): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0xe6e12000, 0x41000, 0x8, 0x6f, 0x3, 0x80, 0x40, 0x6, 0x0, 0x2e, 0x19}, {0xd000, 0x1, 0xc, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x56, 0x5, 0x3, 0xc0}, {0xdddd1000, 0x10000, 0x0, 0x9, 0x3, 0x8, 0xfe, 0x9, 0x1, 0xab, 0x5, 0x7e}, {0x70000, 0x26000, 0x3, 0x5d, 0x4, 0x42, 0x3, 0xff, 0x6, 0x7, 0xe}, {0x0, 0x9000, 0x9, 0x3, 0x7, 0x7, 0xab, 0x7f, 0x9e, 0x9, 0xf7, 0x83}, {0x10000, 0x80a0000, 0x10, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0x11, 0x3c}, {0x0, 0x40000, 0x0, 0x5, 0x7, 0x2, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0x5000, 0x22f000, 0x8, 0x5, 0xf, 0x7, 0xff, 0x18, 0x2, 0x23, 0x7, 0x9}, {0x4000, 0x8}, {0x10000, 0x82}, 0x80000031, 0x0, 0x70000, 0x242101, 0xb, 0x0, 0xa000, [0x6840400000000000, 0x400000000004, 0x5a, 0x100]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x45, 0x0, 0x0) 685.072768ms ago: executing program 1 (id=1255): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108}) syz_io_uring_setup(0x867, &(0x7f0000000140)={0x0, 0x9164, 0x1000, 0x1, 0x358}, &(0x7f00000002c0), &(0x7f0000ff4000)) 613.137774ms ago: executing program 1 (id=1256): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x229c2, 0x137) fcntl$setlease(r3, 0x400, 0x1) fremovexattr(r3, &(0x7f0000000040)=@random={'system.', 'system.posix_acl_default\x00'}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x2) write(r4, &(0x7f00000008c0)="bae2bf808214ff98d8d00b4e4aa5b63a86342a471feaedd023fe0d23081a02d33e4a469ab9d700b98dbc637a1ab17ee404dfa6c5d5a144ee59221d4b94680ba508343a208a525cff39a2733191ec729e1ed6ee89970d901cdde9274de2a14d16d4b60efff4a823051100a4766a36baa70307cd088fcc9e7146a60c52282f525d113a20c411358bfa0b288791cc9dba6ba75a160cb7beda4a2a7f1a2fa5c565ff344c6b7550c85aeec24195055e0cb2b5ed37875be4e627ef1027ef44c76edb024b67d2dd316c9025880d70300e9ac5abae459e1de4d6868facadaf5c07042ba04768b47d542ef67510bc6a31e1c671cd366d1060843996078b8bceab4299a1fd7ff0318b010dfc8a95b9163505bdde7f92bccfb94a227d620c7fbf355564d75dadaeb40bfa148575d175ba6b276dd1f08de275305c679ed2ca319a0d0ea310eee868429deb863319197812d62a2961765536e8b81edabf419b3ee6c60e17b9c61353366cb3e11572e94b996053feb7854704a86cd638976f8373557ca455e43463252bff8f4835f05ac57cc3e29031d648a942c4f83823378367ff5ff6157e59ccb6b7236eeca6a5f962d3f79b677fa1d2b8baa374f5aab9ecabd7f024941d73db13ba01090a7544d51c2e1ffc35d383b355c359568623715caadca70f1125419af0a5ec9832a5885c29ac40b3fe2f9f173934bb57eef3c9ab71d1b747554fb403d22cd39f98d2ac6df121c75ea827d1790db6fc7c21f601f75bc9b7d5facd83cf77e4b666e3257fb81ac213d2afccd3cc5e2bab7db075d051cd5c9f860f421e672e6d3c2ffce5f51b45e24a1dcf27de17e47ad0d34fa1ead3fc3892593f29f94f26413603c490f9c7d0682de6f9048ae911615975cee4e8b1349133192bfe71130368238688b67b74631a1a524699d28d86427694f753daf88e009c4d34ed310fea1c7356e5abc256595589f704a69b36b6dd05060f3abd79af70d2eb438b85b3d35d300eabaf51bdf479e07ff1338eba821f0c2a395cd355103df33032c1cd8edcdc5425f4418f18b7c1e85fceeb6f41fbaed2573052cf087659520618fe64ec82ae8484b2ddb50a41762fc3f90b3ceb8b2d10bac688e2d35d35e93639ab72384bebe7690c467f0f678bd75c9aa67bc96d94c98ced73d22c6776c918fe50143b80dc80d97326858cbbff3d66f7dc788b788ef275c5037081e9f025e3becca7cf496f7cddd0da37a4ea323d5037bf", 0x36f) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) 0s ago: executing program 5 (id=1257): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xa841, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000340)="bf9da8", 0x3}, {0x0}], 0x2, 0x5, 0xfffffffb, 0x1a) kernel console output (not intermixed with test programs): sb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 57.030768][ T4230] as10x_usb: error during firmware upload part1 [ 57.038145][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.049694][ T4230] Registered device nBox DVB-T Dongle [ 57.109941][ T7] usb 4-1: config 0 descriptor?? [ 57.190693][ T4295] device macvtap1 entered promiscuous mode [ 57.209242][ T4295] device ip6gretap0 left promiscuous mode [ 57.293562][ T4230] Bluetooth: hci0: command 0x0419 tx timeout [ 57.300050][ T4230] Bluetooth: hci1: command 0x0419 tx timeout [ 57.313537][ T4294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11'. [ 57.333100][ T4230] Bluetooth: hci4: command 0x0419 tx timeout [ 57.340199][ T4294] device bridge_slave_1 left promiscuous mode [ 57.352335][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.361587][ T4230] Bluetooth: hci2: command 0x0419 tx timeout [ 57.385507][ T1111] Bluetooth: hci3: command 0x0419 tx timeout [ 57.538552][ T4294] device bridge_slave_0 left promiscuous mode [ 57.546188][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.613541][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 57.622985][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!! [ 57.633165][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #30a!!! [ 57.639735][ T7] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 57.642608][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #30a!!! [ 57.659511][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 57.659882][ T7] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max [ 57.668680][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 57.669669][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 57.694338][ C1] vkms_vblank_simulate: vblank timer overrun [ 57.734628][ T7] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max [ 57.759187][ T7] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max [ 57.770588][ T7] microsoft 0003:045E:07DA.0001: usage index exceeded [ 57.782717][ T7] microsoft 0003:045E:07DA.0001: item 0 0 2 2 parsing failed [ 57.799158][ T7] microsoft 0003:045E:07DA.0001: parse failed [ 57.823202][ T7] microsoft: probe of 0003:045E:07DA.0001 failed with error -22 [ 57.847993][ T7] usb 4-1: USB disconnect, device number 2 [ 57.923371][ T4300] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.768957][ T4309] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = -2, id = 0 [ 58.853069][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #240!!! [ 58.865048][ T4231] usb 3-1: USB disconnect, device number 2 [ 59.215593][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 59.224647][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #288!!! [ 59.520012][ T7] usb 1-1: USB disconnect, device number 2 [ 59.583942][ T7] Unregistered device nBox DVB-T Dongle [ 59.598993][ T7] as10x_usb: device has been disconnected [ 60.033089][ T4338] syz.1.19 uses obsolete (PF_INET,SOCK_PACKET) [ 61.001771][ T4364] loop6: detected capacity change from 0 to 7 [ 61.348760][ T4364] Dev loop6: unable to read RDB block 7 [ 61.354821][ T4364] loop6: unable to read partition table [ 61.362015][ T4364] loop6: partition table beyond EOD, truncated [ 61.369214][ T4364] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 61.624726][ T4365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 61.665205][ T4365] netlink: 'syz.1.27': attribute type 18 has an invalid length. [ 61.673395][ T4365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27'. [ 62.187706][ T4380] syz.2.22 (4380) used greatest stack depth: 19856 bytes left [ 62.467715][ T4387] tipc: Started in network mode [ 62.501818][ T4387] tipc: Node identity 5, cluster identity 3 [ 62.528574][ T4387] tipc: Node number set to 5 [ 63.207029][ T4396] affs: No valid root block on device nullb0 [ 63.514820][ T4394] batman_adv: batadv0: Adding interface: dummy0 [ 63.534130][ T4394] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.559747][ T4394] batman_adv: batadv0: Interface activated: dummy0 [ 63.579345][ T4399] batadv0: mtu less than device minimum [ 63.633167][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.646438][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.659454][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.672047][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.684713][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.696759][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.709574][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.721888][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.733956][ T4399] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 63.900502][ T4412] loop6: detected capacity change from 0 to 7 [ 63.915232][ T4412] Dev loop6: unable to read RDB block 7 [ 63.921091][ T4412] loop6: unable to read partition table [ 63.927709][ T4412] loop6: partition table beyond EOD, truncated [ 63.934265][ T4412] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 68.517068][ T4173] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 68.933207][ T4173] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.968251][ T4173] usb 4-1: config 0 has no interfaces? [ 68.983070][ T4173] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 69.022969][ T4173] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.081471][ T4173] usb 4-1: config 0 descriptor?? [ 69.345623][ T4469] syz.2.59 sent an empty control message without MSG_MORE. [ 69.360936][ T4231] usb 4-1: USB disconnect, device number 3 [ 71.123016][ T1111] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 71.376000][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.384015][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.453200][ T1111] usb 5-1: Using ep0 maxpacket: 16 [ 71.575273][ T1111] usb 5-1: config 1 has an invalid interface number: 228 but max is 0 [ 71.671947][ T1111] usb 5-1: config 1 has no interface number 0 [ 71.715217][ T1111] usb 5-1: config 1 interface 228 altsetting 239 bulk endpoint 0xD has invalid maxpacket 1024 [ 71.779315][ T1111] usb 5-1: config 1 interface 228 has no altsetting 0 [ 71.956072][ T1111] usb 5-1: New USB device found, idVendor=0a5c, idProduct=396e, bcdDevice=21.b9 [ 72.011061][ T1111] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.061330][ T1111] usb 5-1: Product: syz [ 72.100678][ T1111] usb 5-1: Manufacturer: syz [ 72.161266][ T4531] syz.3.77 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 72.290328][ T1111] usb 5-1: SerialNumber: syz [ 72.342654][ T4514] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 72.660640][ T1111] usb 5-1: USB disconnect, device number 2 [ 76.181677][ T4590] IPVS: Scheduler module ip_vs_ not found [ 76.442353][ T4598] fuse: Bad value for 'fd' [ 76.508057][ T21] cfg80211: failed to load regulatory.db [ 78.713620][ T4629] program syz.1.109 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.731221][ T4623] device batadv0 entered promiscuous mode [ 78.784635][ T4623] device vlan2 entered promiscuous mode [ 79.068260][ T4645] fuse: Bad value for 'fd' [ 80.573057][ T4227] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 80.833001][ T4227] usb 3-1: Using ep0 maxpacket: 8 [ 80.975649][ T4227] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 80.991013][ T4227] usb 3-1: config 0 has no interface number 0 [ 81.021101][ T4227] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 81.053271][ T4227] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 81.076767][ T4227] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 81.090952][ T4227] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 81.119654][ T4227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.413084][ T4230] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 81.783127][ T4230] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.801120][ T4230] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 81.811515][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.837943][ T4230] usb 1-1: config 0 descriptor?? [ 81.881068][ T4227] usb 3-1: config 0 descriptor?? [ 81.925429][ T4227] ldusb 3-1:0.55: Interrupt in endpoint not found [ 82.048405][ T4680] sp0: Synchronizing with TNC [ 82.054926][ T4679] fuse: Bad value for 'fd' [ 82.155870][ T4227] usb 3-1: USB disconnect, device number 3 [ 82.323093][ T4230] ath6kl: Failed to read usb control message: -71 [ 82.342872][ T4230] ath6kl: Unable to read the bmi data from the device: -71 [ 82.351260][ T4230] ath6kl: Unable to recv target info: -71 [ 82.368984][ T4230] ath6kl: Failed to init ath6kl core: -71 [ 82.389130][ T4230] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 82.410561][ T4230] usb 1-1: USB disconnect, device number 3 [ 82.484583][ T4677] [U] [ 83.471694][ T4697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.131'. [ 83.552982][ T1111] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 83.560904][ T4697] netlink: 4 bytes leftover after parsing attributes in process `syz.4.131'. [ 83.584988][ T4697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.131'. [ 84.003053][ T1111] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 85.326511][ T1111] usb 3-1: config 0 has no interface number 0 [ 85.365049][ T1111] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 85.385953][ T1111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.439132][ T1111] usb 3-1: config 0 descriptor?? [ 85.505403][ T1111] usb 3-1: selecting invalid altsetting 1 [ 85.553845][ T1111] dvb_ttusb_budget: ttusb_init_controller: error [ 85.560266][ T1111] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 85.786838][ T4721] loop6: detected capacity change from 0 to 7 [ 85.798019][ T4721] Dev loop6: unable to read RDB block 7 [ 85.804032][ T4721] loop6: unable to read partition table [ 85.810376][ T4721] loop6: partition table beyond EOD, truncated [ 85.816974][ T4721] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 85.983420][ T1111] DVB: Unable to find symbol cx22700_attach() [ 86.059612][ T1111] DVB: Unable to find symbol tda10046_attach() [ 86.073027][ T1111] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 86.117403][ T1111] usb 3-1: USB disconnect, device number 4 [ 86.418130][ T4732] netlink: 20 bytes leftover after parsing attributes in process `syz.4.140'. [ 86.565352][ T4735] netlink: 'syz.4.141': attribute type 16 has an invalid length. [ 86.605513][ T4735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.141'. [ 87.520736][ T4761] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 87.735784][ T4763] loop6: detected capacity change from 0 to 7 [ 87.748741][ T4763] Dev loop6: unable to read RDB block 7 [ 87.754776][ T4763] loop6: unable to read partition table [ 87.761205][ T4763] loop6: partition table beyond EOD, truncated [ 87.767607][ T4763] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 88.615956][ T4774] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 89.304805][ T4793] netlink: 168 bytes leftover after parsing attributes in process `syz.0.155'. [ 92.317605][ T4865] device syzkaller0 entered promiscuous mode [ 92.331784][ T4865] tipc: Started in network mode [ 92.344527][ T4865] tipc: Node identity d230c60821d7, cluster identity 4711 [ 92.362331][ T4865] tipc: Enabled bearer , priority 0 [ 92.370421][ T4863] netlink: 104 bytes leftover after parsing attributes in process `syz.3.175'. [ 92.391615][ T4864] tipc: Resetting bearer [ 92.434237][ T4864] tipc: Disabling bearer [ 94.354906][ T1111] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 94.382642][ T4954] device vlan2 entered promiscuous mode [ 94.502502][ T4956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.187'. [ 94.763567][ T1111] usb 2-1: unable to get BOS descriptor or descriptor too short [ 94.823212][ T1111] usb 2-1: not running at top speed; connect to a high speed hub [ 94.943178][ T1111] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.976377][ T1111] usb 2-1: config 1 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 95.007473][ T1111] usb 2-1: config 1 interface 0 has no altsetting 0 [ 95.183269][ T1111] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.201317][ T1111] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.244802][ T1111] usb 2-1: Product: syz [ 95.251573][ T1111] usb 2-1: Manufacturer: syz [ 95.262263][ T1111] usb 2-1: SerialNumber: syz [ 95.653662][ T1111] usb 2-1: bad CDC descriptors [ 95.781682][ T1111] usb 2-1: USB disconnect, device number 2 [ 95.907061][ T4970] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 96.373465][ T21] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 96.692969][ T1111] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 96.778616][ T21] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.832581][ T21] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 97.003455][ T21] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.81 [ 97.023403][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.049191][ T21] usb 2-1: Product: syz [ 97.062068][ T21] usb 2-1: Manufacturer: syz [ 97.072231][ T21] usb 2-1: SerialNumber: syz [ 97.083079][ T1111] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 97.091645][ T1111] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.353082][ T1111] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 97.381417][ T26] audit: type=1326 audit(1773338840.891:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 97.397368][ T21] usb 2-1: USB disconnect, device number 3 [ 97.477470][ T1111] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 97.553253][ T26] audit: type=1326 audit(1773338840.901:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 97.576937][ T1111] usb 1-1: Manufacturer: syz [ 97.594506][ T1111] usb 1-1: config 0 descriptor?? [ 97.630153][ T26] audit: type=1326 audit(1773338840.901:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 97.744746][ T1111] igorplugusb 1-1:0.0: incorrect number of endpoints [ 97.748238][ T26] audit: type=1326 audit(1773338840.901:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 97.868948][ T26] audit: type=1326 audit(1773338840.901:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 98.008799][ T26] audit: type=1326 audit(1773338840.901:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 98.118672][ T26] audit: type=1326 audit(1773338840.911:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 98.229246][ T26] audit: type=1326 audit(1773338840.911:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 98.330903][ T26] audit: type=1326 audit(1773338840.911:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 98.428233][ T26] audit: type=1326 audit(1773338840.911:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4978 comm="syz.1.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f77e5e74799 code=0x7ffc0000 [ 99.326721][ T5023] netlink: 136 bytes leftover after parsing attributes in process `syz.3.207'. [ 99.376580][ T5023] net_ratelimit: 11 callbacks suppressed [ 99.376592][ T5023] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 99.579860][ T4230] usb 1-1: USB disconnect, device number 4 [ 101.171264][ T5053] netdevsim netdevsim2: Direct firmware load for . [ 101.171264][ T5053] failed with error -2 [ 101.260706][ T5053] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 101.260706][ T5053] [ 105.234904][ T5111] xt_hashlimit: size too large, truncated to 1048576 [ 105.973017][ T21] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 107.143080][ T21] usb 2-1: unable to get BOS descriptor or descriptor too short [ 107.193205][ T21] usb 2-1: not running at top speed; connect to a high speed hub [ 107.329087][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.381966][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.430479][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.460209][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.473167][ T21] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 107.508960][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.513012][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.547433][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.555044][ T21] usb 2-1: Product: syz [ 107.555065][ T21] usb 2-1: Manufacturer: syz [ 107.555079][ T21] usb 2-1: SerialNumber: syz [ 107.606919][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.626299][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.646611][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.674890][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.693442][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.710585][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.721745][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.736879][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.758479][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.776360][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.790647][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.812945][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.823353][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.838650][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.849991][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.867671][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.879277][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.890261][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.919894][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.933380][ T21] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 107.940053][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.961295][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 107.963117][ T21] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 107.976192][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.006528][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.029235][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.042970][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.067828][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.082980][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.083749][ T21] usb 2-1: USB disconnect, device number 4 [ 108.108714][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.136854][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.168438][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.197941][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.233365][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.269827][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.321059][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.369878][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.418762][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.442810][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.461246][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.469481][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.477728][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.497915][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.528773][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.553053][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.581626][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.605995][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.615958][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.629074][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.638014][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.646582][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.657130][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.681236][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.705767][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.714682][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.726199][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.734722][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.742410][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.750748][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.762993][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.791859][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.812096][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.828626][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.836754][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.844863][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.852522][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.861441][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.869744][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.877556][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.894112][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.906580][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.914819][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.922397][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.931714][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.940590][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.952539][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.961281][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.975491][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.985799][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 108.996820][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.006690][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.018145][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.028131][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.040894][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.050796][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.062712][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.072818][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.086086][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.096409][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.108028][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.117870][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.129014][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.147857][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.155805][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.168877][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.176951][ T4230] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0 [ 109.211607][ T4230] hid-generic 0000:0000:0004.0002: hidraw0: HID v0.03 Device [syz1] on syz0 [ 110.012968][ T4230] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 110.058360][ T5149] fido_id[5149]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 110.352113][ T5163] netlink: 76 bytes leftover after parsing attributes in process `syz.4.251'. [ 110.413606][ T4230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.437282][ T4230] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 110.472544][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.511159][ T4230] usb 2-1: config 0 descriptor?? [ 110.823069][ T4230] ath6kl: Failed to submit usb control message: -71 [ 110.865959][ T4230] ath6kl: unable to send the bmi data to the device: -71 [ 110.912996][ T4230] ath6kl: Unable to send get target info: -71 [ 110.937810][ T4230] ath6kl: Failed to init ath6kl core: -71 [ 111.695668][ T5172] netlink: 'syz.3.253': attribute type 20 has an invalid length. [ 111.705069][ T4230] ath6kl_usb: probe of 2-1:0.0 failed with error -71 [ 111.708553][ T4230] usb 2-1: USB disconnect, device number 5 [ 111.989807][ T4516] udevd[4516]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 112.482995][ T4230] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 112.803001][ T4226] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 113.015462][ T5185] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 113.022427][ T5185] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 113.031833][ T5185] vhci_hcd vhci_hcd.0: Device attached [ 113.259190][ T5186] vhci_hcd: connection closed [ 113.793817][ T4917] vhci_hcd: stop threads [ 113.878120][ T4917] vhci_hcd: release socket [ 113.900140][ T4917] vhci_hcd: disconnect device [ 113.973188][ T21] vhci_hcd: vhci_device speed not set [ 114.183166][ T4230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.196162][ T4226] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 114.225725][ T4226] usb 2-1: config 0 has no interface number 0 [ 114.243482][ T4230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.394214][ T4230] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 114.419752][ T4230] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 114.511026][ T4226] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 114.540118][ T4226] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.550275][ T4230] usb 4-1: Manufacturer: syz [ 114.857224][ T4226] usb 2-1: Product: syz [ 114.941202][ T4230] usb 4-1: config 0 descriptor?? [ 115.007847][ T4226] usb 2-1: Manufacturer: syz [ 115.146998][ T4226] usb 2-1: SerialNumber: syz [ 115.177848][ T4230] usb 4-1: can't set config #0, error -71 [ 115.213346][ T4226] usb 2-1: config 0 descriptor?? [ 115.219913][ T4230] usb 4-1: USB disconnect, device number 4 [ 115.248242][ T4226] usb 2-1: can't set config #0, error -71 [ 115.258601][ T4226] usb 2-1: USB disconnect, device number 6 [ 115.308088][ T5209] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 116.876441][ T5233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 116.923184][ T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 117.543090][ T23] usb 5-1: config 1 interface 0 has no altsetting 0 [ 118.914676][ T23] usb 5-1: string descriptor 0 read error: -22 [ 118.932477][ T23] usb 5-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.40 [ 118.982974][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.933035][ T21] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 121.263301][ T23] usbhid 5-1:1.0: can't add hid device: -71 [ 121.295991][ T23] usbhid: probe of 5-1:1.0 failed with error -71 [ 121.305829][ T23] usb 5-1: USB disconnect, device number 3 [ 121.350848][ T21] usb 1-1: config 0 has an invalid interface number: 11 but max is 0 [ 121.361583][ T21] usb 1-1: config 0 has no interface number 0 [ 121.374001][ T21] usb 1-1: config 0 interface 11 altsetting 245 endpoint 0x7 has an invalid bInterval 129, changing to 11 [ 121.398724][ T21] usb 1-1: config 0 interface 11 altsetting 245 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 121.614629][ T21] usb 1-1: config 0 interface 11 altsetting 245 endpoint 0x87 has invalid wMaxPacketSize 0 [ 121.639726][ T21] usb 1-1: config 0 interface 11 has no altsetting 0 [ 121.649971][ T21] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 121.670389][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.694167][ T21] usb 1-1: config 0 descriptor?? [ 122.290976][ T4227] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 122.301305][ T21] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected [ 122.350583][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81 [ 122.390483][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82 [ 122.404720][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1 [ 122.418110][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2 [ 122.430502][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 85 [ 122.442057][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 5 [ 122.481278][ T21] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 122.526701][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 83 [ 122.535673][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 84 [ 122.544512][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 3 [ 122.553535][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 4 [ 122.561807][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 86 [ 122.570697][ T21] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 6 [ 122.580149][ T4227] usb 4-1: Using ep0 maxpacket: 32 [ 122.608927][ T21] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 122.692958][ T21] usb 1-1: USB disconnect, device number 5 [ 122.703970][ T4227] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 122.723705][ T4227] usb 4-1: config 0 has no interface number 0 [ 122.730848][ T4227] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 122.742445][ T4227] usb 4-1: config 0 interface 89 has no altsetting 0 [ 123.014787][ T4227] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 123.024449][ T4227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.061431][ T4227] usb 4-1: Product: syz [ 123.086847][ T21] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 123.153052][ T4227] usb 4-1: Manufacturer: syz [ 123.157903][ T4227] usb 4-1: SerialNumber: syz [ 123.185661][ T21] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 123.216101][ T4227] usb 4-1: config 0 descriptor?? [ 123.242384][ T21] keyspan 1-1:0.11: device disconnected [ 123.285367][ T4227] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 123.326027][ T4227] em28xx 4-1:0.89: Video interface 89 found: [ 123.933099][ T4227] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 124.974161][ T4227] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 124.996703][ T4227] em28xx 4-1:0.89: board has no eeprom [ 125.113017][ T4227] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 125.125255][ T4227] em28xx 4-1:0.89: analog set to bulk mode. [ 125.157592][ T21] em28xx 4-1:0.89: Registering V4L2 extension [ 125.204933][ T4227] usb 4-1: USB disconnect, device number 5 [ 125.239818][ T4227] em28xx 4-1:0.89: Disconnecting em28xx [ 125.350338][ T21] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 125.373168][ T21] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 125.407208][ T21] em28xx 4-1:0.89: No AC97 audio processor [ 125.471387][ T21] usb 4-1: Decoder not found [ 125.500234][ T21] em28xx 4-1:0.89: failed to create media graph [ 125.540729][ T21] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 125.596825][ T21] em28xx 4-1:0.89: Registering snapshot button... [ 125.648999][ T21] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input5 [ 125.716317][ T21] em28xx 4-1:0.89: Remote control support is not available for this card. [ 125.753262][ T4227] em28xx 4-1:0.89: Closing input extension [ 125.766921][ T4227] em28xx 4-1:0.89: Deregistering snapshot button [ 125.905584][ T4227] em28xx 4-1:0.89: Freeing device [ 127.849211][ T5365] device syzkaller0 entered promiscuous mode [ 132.815136][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.829261][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.155890][ T4227] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 135.682967][ T4227] usb 2-1: Using ep0 maxpacket: 32 [ 136.303060][ T4227] usb 2-1: unable to get BOS descriptor or descriptor too short [ 136.423048][ T4227] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.445715][ T4227] usb 2-1: config 1 interface 0 altsetting 234 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 136.536074][ T4227] usb 2-1: config 1 interface 0 altsetting 234 endpoint 0x8E has invalid wMaxPacketSize 0 [ 136.582990][ T4227] usb 2-1: config 1 interface 0 altsetting 234 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 136.627772][ T4227] usb 2-1: config 1 interface 0 has no altsetting 0 [ 136.778901][ T5469] netlink: 8 bytes leftover after parsing attributes in process `syz.4.339'. [ 136.843229][ T4227] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40 [ 136.860139][ T5480] loop6: detected capacity change from 0 to 7 [ 136.878012][ T5480] Dev loop6: unable to read RDB block 7 [ 136.884661][ T5480] loop6: unable to read partition table [ 136.891119][ T5480] loop6: partition table beyond EOD, truncated [ 136.898268][ T5480] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 137.066331][ T4227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.081518][ T4227] usb 2-1: Product: syz [ 137.091033][ T4227] usb 2-1: Manufacturer: syz [ 137.096379][ T4227] usb 2-1: SerialNumber: syz [ 137.319699][ T5485] libceph: resolve '0..' (ret=-3): failed [ 137.577250][ T4227] usb 2-1: USB disconnect, device number 7 [ 137.645075][ T5501] capability: warning: `syz.3.350' uses deprecated v2 capabilities in a way that may be insecure [ 139.208060][ T5528] loop6: detected capacity change from 0 to 7 [ 139.532969][ T4226] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 139.573285][ T5528] Dev loop6: unable to read RDB block 7 [ 139.625918][ T5528] loop6: unable to read partition table [ 139.686789][ T5528] loop6: partition table beyond EOD, truncated [ 139.703052][ T5528] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 139.953227][ T4226] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.005712][ T4226] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.043045][ T4226] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 140.077569][ T4226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.146530][ T4226] usb 4-1: config 0 descriptor?? [ 140.634789][ T4226] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 140.706665][ T4226] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 140.760317][ T4226] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0003/input/input8 [ 140.806837][ T4226] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 142.115390][ T5575] loop6: detected capacity change from 0 to 7 [ 142.132500][ T5575] Dev loop6: unable to read RDB block 7 [ 142.138565][ T5575] loop6: unable to read partition table [ 142.144857][ T5575] loop6: partition table beyond EOD, truncated [ 142.151451][ T5575] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 142.637775][ T4274] usb 4-1: USB disconnect, device number 6 [ 144.876029][ T5608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.383'. [ 146.063872][ T5608] device hsr_slave_1 left promiscuous mode [ 147.554886][ T5636] libceph: resolve '0..' (ret=-3): failed [ 149.597824][ T5671] Zero length message leads to an empty skb [ 149.656467][ T5675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.399'. [ 152.872241][ T5692] syz.3.403 (5692): drop_caches: 2 [ 155.342653][ T5740] overlayfs: missing 'lowerdir' [ 155.767111][ T5736] netlink: 136 bytes leftover after parsing attributes in process `syz.2.416'. [ 155.783389][ T5736] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 156.823536][ T5760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.421'. [ 160.693226][ T5803] device vlan2 entered promiscuous mode [ 160.867892][ T5803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.435'. [ 160.892960][ T4228] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 162.036464][ T4228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 162.058884][ T4228] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 162.079652][ T4228] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 162.184531][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.238531][ T4228] usb 1-1: config 0 descriptor?? [ 162.503178][ T4227] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 162.523181][ T1111] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 162.527136][ T4228] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 162.729913][ T5806] iowarrior 1-1:0.0: Error -90 while submitting URB [ 162.801325][ T4228] usb 1-1: USB disconnect, device number 6 [ 162.903780][ T4227] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 162.923112][ T4227] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 162.959121][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.997347][ T4227] usb 5-1: config 0 descriptor?? [ 163.063202][ T1111] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 163.181751][ T1111] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.198260][ T1111] usb 2-1: Product: syz [ 163.203799][ T1111] usb 2-1: Manufacturer: syz [ 163.213274][ T1111] usb 2-1: SerialNumber: syz [ 163.534169][ T4227] ath6kl: Failed to read usb control message: -71 [ 163.545355][ T4227] ath6kl: Unable to read the bmi data from the device: -71 [ 163.563307][ T4227] ath6kl: Unable to recv target info: -71 [ 163.703494][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 164.121474][ T4227] ath6kl: Failed to init ath6kl core: -71 [ 164.176772][ T4227] ath6kl_usb: probe of 5-1:0.0 failed with error -71 [ 164.286631][ T4227] usb 5-1: USB disconnect, device number 4 [ 165.363004][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32 [ 165.883168][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71 [ 165.943834][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71 [ 166.073075][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71 [ 166.129266][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71 [ 167.003011][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71 [ 167.113060][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71 [ 167.178071][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71 [ 167.283122][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71 [ 167.383119][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 167.447993][ T1111] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 167.590566][ T1111] lan78xx: probe of 2-1:1.0 failed with error -71 [ 167.636989][ T1111] usb 2-1: USB disconnect, device number 8 [ 168.429719][ T1111] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 168.781281][ T5906] netlink: 16 bytes leftover after parsing attributes in process `syz.2.468'. [ 169.013203][ T1111] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.062002][ T1111] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 169.126780][ T1111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.177796][ T1111] usb 2-1: config 0 descriptor?? [ 169.653087][ T1111] ath6kl: Failed to read usb control message: -71 [ 169.665746][ T1111] ath6kl: Unable to read the bmi data from the device: -71 [ 169.697013][ T1111] ath6kl: Unable to recv target info: -71 [ 169.722492][ T1111] ath6kl: Failed to init ath6kl core: -71 [ 169.761929][ T1111] ath6kl_usb: probe of 2-1:0.0 failed with error -71 [ 169.802046][ T1111] usb 2-1: USB disconnect, device number 9 [ 173.232973][ T4230] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 173.249641][ T4226] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 173.291700][ T5975] netlink: 16 bytes leftover after parsing attributes in process `syz.2.494'. [ 173.377709][ T5978] netlink: 24 bytes leftover after parsing attributes in process `syz.0.496'. [ 173.733336][ T4227] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 174.003226][ T4227] usb 3-1: Using ep0 maxpacket: 32 [ 174.193116][ T4227] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 174.202787][ T4227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.272718][ T5993] usb usb1: usbfs: process 5993 (syz.4.501) did not claim interface 0 before use [ 174.289612][ T4227] usb 3-1: config 0 descriptor?? [ 174.402037][ T5995] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 174.462103][ T4226] usb 4-1: config 0 has no interfaces? [ 174.469090][ T4230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.479701][ T4226] usb 4-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00 [ 174.489487][ T4230] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 174.499062][ T4226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.507404][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.517614][ T4226] usb 4-1: config 0 descriptor?? [ 174.527758][ T4230] usb 2-1: config 0 descriptor?? [ 174.553246][ T4227] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 174.627298][ T4227] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 174.751048][ T4227] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 174.824422][ T4227] usb 3-1: media controller created [ 175.017772][ T4227] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 175.277127][ T6008] input: syz0 as /devices/virtual/input/input9 [ 175.323155][ T4230] ath6kl: Failed to submit usb control message: -71 [ 175.335353][ T4230] ath6kl: unable to send the bmi data to the device: -71 [ 175.342501][ T4230] ath6kl: Unable to send get target info: -71 [ 175.349562][ T4230] ath6kl: Failed to init ath6kl core: -71 [ 175.371178][ T4230] ath6kl_usb: probe of 2-1:0.0 failed with error -71 [ 175.382546][ T4230] usb 2-1: USB disconnect, device number 10 [ 175.509790][ T6018] netlink: 24 bytes leftover after parsing attributes in process `syz.4.507'. [ 175.853033][ T4228] Bluetooth: hci0: command 0x0406 tx timeout [ 175.860625][ T4228] Bluetooth: hci1: command 0x0406 tx timeout [ 175.877509][ T4228] Bluetooth: hci4: command 0x0406 tx timeout [ 175.897002][ T4228] Bluetooth: hci2: command 0x0406 tx timeout [ 175.914685][ T4228] Bluetooth: hci3: command 0x0406 tx timeout [ 175.935737][ T5981] cifs: Unknown parameter 'fd' [ 175.952962][ T4227] stb0899_attach: Driver disabled by Kconfig [ 175.960383][ T4227] az6027: no front-end attached [ 175.960383][ T4227] [ 176.013055][ T4227] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 176.030923][ T4227] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 176.072137][ T4227] dvb-usb: schedule remote query interval to 400 msecs. [ 176.090511][ T4227] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 177.028745][ T13] usb 4-1: USB disconnect, device number 7 [ 178.060344][ T4227] usb 3-1: USB disconnect, device number 5 [ 178.088349][ T6054] netlink: 24 bytes leftover after parsing attributes in process `syz.2.518'. [ 178.224166][ T4227] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 178.303064][ T4173] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 178.702950][ T4227] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 178.713247][ T4173] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.758737][ T4173] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 178.789340][ T4173] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.842304][ T4173] usb 1-1: config 0 descriptor?? [ 178.962998][ T4227] usb 3-1: Using ep0 maxpacket: 8 [ 179.083046][ T4227] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 179.095643][ T4227] usb 3-1: config 2 has no interface number 0 [ 179.112726][ T4227] usb 3-1: config 2 interface 31 has no altsetting 0 [ 179.775171][ T4173] ath6kl: Failed to read usb control message: -71 [ 179.781919][ T4173] ath6kl: Unable to read the bmi data from the device: -71 [ 179.793742][ T4227] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 179.872346][ T4227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.881412][ T4173] ath6kl: Unable to recv target info: -71 [ 179.888125][ T6072] overlayfs: missing 'workdir' [ 179.907686][ T4227] usb 3-1: Product: syz [ 179.922070][ T4227] usb 3-1: Manufacturer: syz [ 179.952496][ T4227] usb 3-1: SerialNumber: syz [ 179.979083][ T4173] ath6kl: Failed to init ath6kl core: -71 [ 180.025762][ T4173] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 180.089284][ T4173] usb 1-1: USB disconnect, device number 7 [ 181.353181][ T4227] ch9200: probe of 3-1:2.31 failed with error -22 [ 181.373122][ T4227] usb 3-1: USB disconnect, device number 6 [ 181.410755][ T6088] netlink: 12 bytes leftover after parsing attributes in process `syz.0.530'. [ 181.554693][ T6096] netlink: 4 bytes leftover after parsing attributes in process `syz.4.532'. [ 183.131181][ T6120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.543'. [ 183.337422][ T4173] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 183.743230][ T4173] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.844604][ T4173] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 184.043753][ T4173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.087136][ T4173] usb 5-1: config 0 descriptor?? [ 184.230875][ T6141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.548'. [ 184.651575][ T4173] ath6kl: Failed to read usb control message: -71 [ 184.703442][ T4173] ath6kl: Unable to read the bmi data from the device: -71 [ 184.746684][ T4173] ath6kl: Unable to recv target info: -71 [ 185.266731][ T4173] ath6kl: Failed to init ath6kl core: -71 [ 185.387344][ T4173] ath6kl_usb: probe of 5-1:0.0 failed with error -71 [ 185.455882][ T4173] usb 5-1: USB disconnect, device number 5 [ 185.594248][ T6163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.556'. [ 187.311745][ T6178] netlink: 4 bytes leftover after parsing attributes in process `syz.4.561'. [ 188.173325][ T4173] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 188.409223][ T6196] netlink: 36 bytes leftover after parsing attributes in process `syz.3.568'. [ 188.778784][ T4173] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.813356][ T4173] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 188.822800][ T4173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.725361][ T4173] usb 3-1: config 0 descriptor?? [ 190.116856][ T4274] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 190.827350][ T4173] ath6kl: Failed to read usb control message: -71 [ 190.880115][ T4173] ath6kl: Unable to read the bmi data from the device: -71 [ 190.893180][ T4173] ath6kl: Unable to recv target info: -71 [ 190.944162][ T4173] ath6kl: Failed to init ath6kl core: -71 [ 190.983106][ T4173] ath6kl_usb: probe of 3-1:0.0 failed with error -71 [ 191.034174][ T4173] usb 3-1: USB disconnect, device number 7 [ 191.204152][ T6240] device syzkaller0 entered promiscuous mode [ 191.233112][ T4274] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 191.251437][ T4274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.275042][ T4274] usb 2-1: Product: syz [ 191.312824][ T4274] usb 2-1: Manufacturer: syz [ 191.339323][ T4274] usb 2-1: SerialNumber: syz [ 191.429423][ T4274] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 193.538405][ T4230] usb 2-1: USB disconnect, device number 11 [ 193.553156][ T4274] usb 2-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 193.597084][ T4230] usb 2-1: ath9k_htc: USB layer deinitialized [ 193.815590][ T6273] device syzkaller0 entered promiscuous mode [ 194.153008][ T4230] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 194.257060][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.264157][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.573364][ T4230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.633479][ T4230] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 194.680369][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.727938][ T4230] usb 2-1: config 0 descriptor?? [ 195.233071][ T4230] ath6kl: Failed to read usb control message: -71 [ 195.328592][ T4230] ath6kl: Unable to read the bmi data from the device: -71 [ 195.852714][ T4230] ath6kl: Unable to recv target info: -71 [ 198.072977][ T1111] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 198.835694][ T1111] usb 4-1: Using ep0 maxpacket: 8 [ 199.006926][ T6351] process 'syz.2.615' launched './file0' with NULL argv: empty string added [ 199.103028][ T1111] usb 4-1: unable to get BOS descriptor or descriptor too short [ 199.193636][ T1111] usb 4-1: config 6 has an invalid interface number: 236 but max is 0 [ 199.218816][ T1111] usb 4-1: config 6 has no interface number 0 [ 199.252359][ T1111] usb 4-1: config 6 interface 236 has no altsetting 0 [ 199.503225][ T1111] usb 4-1: New USB device found, idVendor=0af0, idProduct=d157, bcdDevice=e4.e9 [ 199.524341][ T1111] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.567586][ T1111] usb 4-1: Product: syz [ 199.583477][ T1111] usb 4-1: Manufacturer: syz [ 199.593818][ T1111] usb 4-1: SerialNumber: syz [ 200.007386][ T1111] usb 4-1: USB disconnect, device number 8 [ 200.653015][ T1111] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 200.774651][ T7] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 201.046246][ T1111] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.059251][ T7] usb 4-1: Using ep0 maxpacket: 32 [ 201.074020][ T1111] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.088680][ T1111] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 201.098884][ T1111] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.117556][ T1111] usb 5-1: config 0 descriptor?? [ 201.189526][ T7] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 201.209125][ T7] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.257644][ T7] usb 4-1: config 0 has no interface number 0 [ 201.283058][ T7] usb 4-1: config 0 interface 67 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 201.513179][ T7] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 201.540302][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.566873][ T7] usb 4-1: Product: syz [ 201.578065][ T7] usb 4-1: Manufacturer: syz [ 201.604540][ T7] usb 4-1: SerialNumber: syz [ 201.636174][ T7] usb 4-1: config 0 descriptor?? [ 201.703710][ T7] smsc95xx v2.0.0 [ 201.707994][ T7] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 201.734529][ T7] smsc95xx: probe of 4-1:0.67 failed with error -22 [ 201.913085][ T1111] usbhid 5-1:0.0: can't add hid device: -71 [ 201.919296][ T1111] usbhid: probe of 5-1:0.0 failed with error -71 [ 201.974105][ T1111] usb 5-1: USB disconnect, device number 6 [ 202.443895][ T1111] usb 4-1: USB disconnect, device number 9 [ 202.561004][ T6434] device syzkaller0 entered promiscuous mode [ 203.953058][ T7] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 204.212964][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 204.623188][ T7] usb 4-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 204.654292][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.662492][ T7] usb 4-1: Product: syz [ 204.727062][ T7] usb 4-1: Manufacturer: syz [ 204.794203][ T7] usb 4-1: SerialNumber: syz [ 204.868194][ T7] usb 4-1: config 0 descriptor?? [ 204.948336][ T7] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 204.967464][ T7] pctv452e: pctv452e_power_ctrl: 1 [ 204.967464][ T7] [ 205.042945][ T7] usb 4-1: selecting invalid altsetting 3 [ 205.176066][ T7] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 205.176066][ T7] [ 205.851823][ T7] dvb-usb: bulk message failed: -22 (5/0) [ 205.999439][ T7] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 206.654213][ T7] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 206.668002][ T7] usb 4-1: media controller created [ 206.748276][ T6498] overlayfs: missing 'lowerdir' [ 206.768404][ T7] dvb-usb: bulk message failed: -22 (8/0) [ 206.783071][ T7] pctv452e: I2C error -22; AA 01 A0 01 14 -> aa 01 31 04 a0 01 14 [ 206.791469][ T7] dvb-usb: MAC address reading failed. [ 206.806816][ T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 206.984810][ T7] DVB: Unable to find symbol stb0899_attach() [ 206.998845][ T7] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 207.303048][ T7] rc_core: IR keymap rc-tt-1500 not found [ 207.310958][ T7] Registered IR keymap rc-empty [ 207.341010][ T7] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 207.412308][ T7] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input11 [ 207.481453][ T7] dvb-usb: schedule remote query interval to 100 msecs. [ 207.520873][ T7] pctv452e: pctv452e_power_ctrl: 0 [ 207.520873][ T7] [ 207.570624][ T7] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 207.626893][ T6496] dvb-usb: bulk message failed: -22 (4/0) [ 207.653088][ T6496] dvb-usb: error -22 while querying for an remote control event. [ 207.795350][ T6496] dvb-usb: bulk message failed: -22 (4/0) [ 207.801290][ T6496] dvb-usb: error -22 while querying for an remote control event. [ 207.816907][ T6537] fuse: Bad value for 'fd' [ 207.955446][ T6496] dvb-usb: bulk message failed: -22 (4/0) [ 207.964602][ T6496] dvb-usb: error -22 while querying for an remote control event. [ 208.113999][ T6496] dvb-usb: bulk message failed: -22 (4/0) [ 208.128815][ T6496] dvb-usb: error -22 while querying for an remote control event. [ 208.258649][ T6496] dvb-usb: bulk message failed: -22 (4/0) [ 208.266528][ T6496] dvb-usb: error -22 while querying for an remote control event. [ 208.288621][ T23] usb 4-1: USB disconnect, device number 10 [ 208.503522][ T23] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 208.633003][ T6496] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 208.962697][ T6558] overlayfs: missing 'lowerdir' [ 209.383118][ T6496] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.420948][ T6496] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.492944][ T6496] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 209.506202][ T6496] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 209.515799][ T6496] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.535795][ T6496] usb 5-1: config 0 descriptor?? [ 210.015563][ T6496] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 210.100709][ T6496] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 211.264457][ C0] plantronics 0003:047F:FFFF.0004: usb_submit_urb(ctrl) failed: -1 [ 212.231874][ T6598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.667'. [ 212.339992][ T6598] device hsr_slave_1 left promiscuous mode [ 212.748318][ T4231] usb 5-1: USB disconnect, device number 7 [ 213.125025][ T6622] device syzkaller0 entered promiscuous mode [ 213.485735][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 213.485750][ T26] audit: type=1400 audit(1773338957.001:18): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6626 comm="syz.3.675" [ 215.175272][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.679'. [ 215.833657][ T4231] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 215.947374][ T6643] device hsr_slave_1 left promiscuous mode [ 216.693785][ T4231] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 216.809592][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.980382][ T4231] usb 5-1: Product: syz [ 217.031597][ T4231] usb 5-1: Manufacturer: syz [ 217.063284][ T4231] usb 5-1: SerialNumber: syz [ 217.100848][ T4231] usb 5-1: config 0 descriptor?? [ 218.453362][ T4231] usb 5-1: unexpected transceiver, part 0x00 version 0xe2 [ 218.462999][ T4231] usb 5-1: Firmware version (0.0) predates our first public release. [ 218.492920][ T4231] usb 5-1: Please update to version 0.2 or newer [ 218.673175][ T4231] usb 5-1: atusb_probe: initialization failed, error = -19 [ 218.699471][ T4231] usb 5-1: USB disconnect, device number 8 [ 222.613276][ T4227] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 222.623593][ T6766] netlink: 24 bytes leftover after parsing attributes in process `syz.0.715'. [ 222.813181][ T4232] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 222.893056][ T4227] usb 5-1: Using ep0 maxpacket: 8 [ 223.173103][ T4232] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.190547][ T4232] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 223.208972][ T4232] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.224295][ T4227] usb 5-1: unable to get BOS descriptor or descriptor too short [ 223.252229][ T4232] usb 4-1: config 0 descriptor?? [ 224.239962][ T6782] sched: RT throttling activated [ 224.383984][ T4227] usb 5-1: config 6 has an invalid interface number: 236 but max is 0 [ 224.392946][ T4227] usb 5-1: config 6 has no interface number 0 [ 224.399276][ T4227] usb 5-1: config 6 interface 236 has no altsetting 0 [ 224.523089][ T6789] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 224.529843][ T6789] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 224.538212][ T6789] vhci_hcd vhci_hcd.0: Device attached [ 224.544137][ T4232] ath6kl: Failed to read usb control message: -71 [ 224.551643][ T4232] ath6kl: Unable to read the bmi data from the device: -71 [ 224.559715][ T4232] ath6kl: Unable to recv target info: -71 [ 224.580018][ T6790] vhci_hcd: connection closed [ 224.581146][ T4930] vhci_hcd: stop threads [ 224.593042][ T4930] vhci_hcd: release socket [ 224.593142][ T4227] usb 5-1: New USB device found, idVendor=0af0, idProduct=d157, bcdDevice=e4.e9 [ 224.597473][ T4930] vhci_hcd: disconnect device [ 224.635760][ T4227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.654466][ T4227] usb 5-1: Product: syz [ 224.667598][ T4227] usb 5-1: Manufacturer: syz [ 224.675411][ T4227] usb 5-1: SerialNumber: syz [ 224.810555][ T6794] loop6: detected capacity change from 0 to 7 [ 224.820895][ T6794] Dev loop6: unable to read RDB block 7 [ 224.827048][ T6794] loop6: unable to read partition table [ 224.833075][ T6794] loop6: partition table beyond EOD, truncated [ 224.839680][ T6794] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 225.055044][ T4227] usb 5-1: USB disconnect, device number 9 [ 225.125107][ T6799] device syzkaller0 entered promiscuous mode [ 228.186629][ T6839] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 228.193594][ T6839] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 228.201520][ T6839] vhci_hcd vhci_hcd.0: Device attached [ 228.230936][ T6837] loop6: detected capacity change from 0 to 7 [ 228.239667][ T6841] vhci_hcd: connection closed [ 228.242420][ T6837] Dev loop6: unable to read RDB block 7 [ 228.253888][ T6837] loop6: unable to read partition table [ 228.260430][ T6837] loop6: partition table beyond EOD, truncated [ 228.267384][ T6837] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 228.292273][ T4930] vhci_hcd: stop threads [ 228.302549][ T4930] vhci_hcd: release socket [ 228.329677][ T4930] vhci_hcd: disconnect device [ 229.210047][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.2.742'. [ 229.240142][ T6859] libceph: resolve '0..' (ret=-3): failed [ 230.770190][ T6886] loop6: detected capacity change from 0 to 7 [ 230.779846][ T6886] Dev loop6: unable to read RDB block 7 [ 230.785732][ T6886] loop6: unable to read partition table [ 230.791583][ T6886] loop6: partition table beyond EOD, truncated [ 230.797859][ T6886] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 230.888424][ T6885] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 230.895655][ T6885] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 230.904914][ T6885] vhci_hcd vhci_hcd.0: Device attached [ 230.949674][ T6887] vhci_hcd: connection closed [ 230.949914][ T4930] vhci_hcd: stop threads [ 230.971941][ T4930] vhci_hcd: release socket [ 230.978561][ T4930] vhci_hcd: disconnect device [ 232.237488][ T6903] netlink: 4 bytes leftover after parsing attributes in process `syz.1.754'. [ 233.695104][ T6926] loop6: detected capacity change from 0 to 7 [ 233.705521][ T6926] Dev loop6: unable to read RDB block 7 [ 233.711278][ T6926] loop6: unable to read partition table [ 233.717544][ T6926] loop6: partition table beyond EOD, truncated [ 233.723716][ T6926] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 234.093065][ T1108] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 234.483962][ T1108] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 234.599828][ T1108] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 234.692955][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.713843][ T1108] usb 5-1: config 0 descriptor?? [ 234.901303][ T6955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.770'. [ 235.066842][ T6962] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 235.073452][ T6962] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 235.081696][ T6962] vhci_hcd vhci_hcd.0: Device attached [ 235.099444][ T6963] vhci_hcd: connection closed [ 235.099843][ T4923] vhci_hcd: stop threads [ 235.115211][ T4923] vhci_hcd: release socket [ 235.126357][ T4923] vhci_hcd: disconnect device [ 235.242993][ T1108] ath6kl: Failed to read usb control message: -71 [ 235.249544][ T1108] ath6kl: Unable to read the bmi data from the device: -71 [ 235.257561][ T1108] ath6kl: Unable to recv target info: -71 [ 236.168467][ T6977] loop6: detected capacity change from 0 to 7 [ 236.178187][ T6977] Dev loop6: unable to read RDB block 7 [ 236.184567][ T6977] loop6: unable to read partition table [ 236.190760][ T6977] loop6: partition table beyond EOD, truncated [ 236.197194][ T6977] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 237.640578][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.783'. [ 238.895474][ T7017] device syzkaller0 entered promiscuous mode [ 239.031541][ T7026] loop6: detected capacity change from 0 to 7 [ 239.042957][ T7026] Dev loop6: unable to read RDB block 7 [ 239.048666][ T7026] loop6: unable to read partition table [ 239.054817][ T7026] loop6: partition table beyond EOD, truncated [ 239.061355][ T7026] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 239.111620][ T7027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.791'. [ 239.365770][ T7029] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 239.372511][ T7029] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 239.381389][ T7029] vhci_hcd vhci_hcd.0: Device attached [ 239.399179][ T7030] vhci_hcd: connection closed [ 239.400382][ T4930] vhci_hcd: stop threads [ 239.415593][ T4930] vhci_hcd: release socket [ 239.431550][ T4930] vhci_hcd: disconnect device [ 242.624727][ T7068] loop6: detected capacity change from 0 to 7 [ 242.633664][ T7068] Dev loop6: unable to read RDB block 7 [ 242.639352][ T7068] loop6: unable to read partition table [ 242.645417][ T7068] loop6: partition table beyond EOD, truncated [ 242.651916][ T7068] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 242.674930][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.801'. [ 243.213212][ T7084] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 243.219789][ T7084] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 243.227480][ T7084] vhci_hcd vhci_hcd.0: Device attached [ 243.988084][ T7086] vhci_hcd: connection closed [ 243.996500][ T4921] vhci_hcd: stop threads [ 244.010756][ T4921] vhci_hcd: release socket [ 244.021094][ T4921] vhci_hcd: disconnect device [ 244.063037][ T6496] usb 41-1: new low-speed USB device number 3 using vhci_hcd [ 244.095533][ T6496] usb 41-1: enqueue for inactive port 0 [ 244.193051][ T6496] vhci_hcd: vhci_device speed not set [ 244.463034][ T7] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 244.553080][ T7103] loop6: detected capacity change from 0 to 7 [ 244.562986][ T7103] Dev loop6: unable to read RDB block 7 [ 244.568703][ T7103] loop6: unable to read partition table [ 244.574568][ T7103] loop6: partition table beyond EOD, truncated [ 244.581157][ T7103] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 246.171696][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.211650][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.229468][ T7] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 246.251726][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.269973][ T7] usb 3-1: config 0 descriptor?? [ 246.314191][ T7119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.816'. [ 247.276077][ T7] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 247.290083][ T7] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 247.309580][ T7] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0005/input/input12 [ 247.343831][ T7] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 247.549632][ T23] usb 3-1: USB disconnect, device number 8 [ 247.702552][ T7137] fido_id[7137]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 247.776381][ T7146] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 247.783125][ T7146] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 247.791143][ T7146] vhci_hcd vhci_hcd.0: Device attached [ 247.839901][ T7147] vhci_hcd: connection closed [ 247.840466][ T4923] vhci_hcd: stop threads [ 247.888263][ T4923] vhci_hcd: release socket [ 247.905644][ T4923] vhci_hcd: disconnect device [ 249.733086][ T7156] loop6: detected capacity change from 0 to 7 [ 249.743215][ T7156] Dev loop6: unable to read RDB block 7 [ 249.749585][ T7156] loop6: unable to read partition table [ 249.755622][ T7156] loop6: partition table beyond EOD, truncated [ 249.762125][ T7156] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 249.976873][ T7162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.828'. [ 251.722914][ T6496] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 252.083152][ T6496] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.122375][ T6496] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 252.219333][ T7193] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 252.225955][ T7193] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 252.233658][ T7193] vhci_hcd vhci_hcd.0: Device attached [ 252.256670][ T6496] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.265072][ T7196] vhci_hcd: connection closed [ 252.279007][ T6496] usb 1-1: config 0 descriptor?? [ 252.663339][ T4930] vhci_hcd: stop threads [ 252.667865][ T4930] vhci_hcd: release socket [ 252.703543][ T4930] vhci_hcd: disconnect device [ 252.867594][ T7204] loop6: detected capacity change from 0 to 7 [ 252.878024][ T7204] Dev loop6: unable to read RDB block 7 [ 252.883988][ T7204] loop6: unable to read partition table [ 252.889934][ T7204] loop6: partition table beyond EOD, truncated [ 252.896353][ T7204] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 253.082971][ T6496] ath6kl: Failed to read usb control message: -71 [ 253.136316][ T6496] ath6kl: Unable to read the bmi data from the device: -71 [ 253.144280][ T6496] ath6kl: Unable to recv target info: -71 [ 255.288548][ C0] ODEBUG: Out of memory. ODEBUG disabled [ 255.793585][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.803299][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.349835][ T7245] loop6: detected capacity change from 0 to 7 [ 256.359935][ T7245] Dev loop6: unable to read RDB block 7 [ 256.365593][ T7245] loop6: unable to read partition table [ 256.371376][ T7245] loop6: partition table beyond EOD, truncated [ 256.377810][ T7245] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 256.601194][ T7250] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 256.607821][ T7250] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 256.615534][ T7250] vhci_hcd vhci_hcd.0: Device attached [ 256.631339][ T7251] vhci_hcd: connection closed [ 256.631468][ T4930] vhci_hcd: stop threads [ 256.678066][ T4930] vhci_hcd: release socket [ 256.698365][ T4930] vhci_hcd: disconnect device [ 257.591258][ T7249] syz.0.854 (7249): drop_caches: 2 [ 261.239461][ T7292] loop6: detected capacity change from 0 to 7 [ 261.251110][ T7292] Dev loop6: unable to read RDB block 7 [ 261.257593][ T7292] loop6: unable to read partition table [ 261.264062][ T7292] loop6: partition table beyond EOD, truncated [ 261.270468][ T7292] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 261.329898][ T7296] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 261.336470][ T7296] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 261.344761][ T7296] vhci_hcd vhci_hcd.0: Device attached [ 261.364305][ T7300] vhci_hcd: connection closed [ 261.364940][ T4919] vhci_hcd: stop threads [ 261.417070][ T7303] device syzkaller0 entered promiscuous mode [ 261.429262][ T4919] vhci_hcd: release socket [ 261.470976][ T4919] vhci_hcd: disconnect device [ 263.879276][ T7343] netlink: 16 bytes leftover after parsing attributes in process `syz.3.878'. [ 265.943697][ T7360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.882'. [ 272.130632][ T7456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.912'. [ 273.687167][ T7495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.924'. [ 275.337751][ T7540] netlink: 4 bytes leftover after parsing attributes in process `syz.1.937'. [ 276.163263][ T7561] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 276.170167][ T7561] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 276.178851][ T7561] vhci_hcd vhci_hcd.0: Device attached [ 276.541555][ T7562] vhci_hcd: connection closed [ 276.542402][ T4921] vhci_hcd: stop threads [ 276.582139][ T4921] vhci_hcd: release socket [ 276.625887][ T4921] vhci_hcd: disconnect device [ 277.210309][ T7582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.950'. [ 279.995788][ T7612] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 280.002685][ T7612] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 280.010417][ T7612] vhci_hcd vhci_hcd.0: Device attached [ 280.018222][ T7613] vhci_hcd: connection closed [ 280.019749][ T4921] vhci_hcd: stop threads [ 280.466595][ T4921] vhci_hcd: release socket [ 280.474315][ T4921] vhci_hcd: disconnect device [ 280.555642][ T7611] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 280.703772][ T7632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.964'. [ 281.432852][ T7646] netlink: 'syz.2.969': attribute type 6 has an invalid length. [ 281.919253][ T26] audit: type=1326 audit(1773339025.431:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 281.941900][ C1] vkms_vblank_simulate: vblank timer overrun [ 282.562542][ T26] audit: type=1326 audit(1773339025.471:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.677276][ T26] audit: type=1326 audit(1773339025.471:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.701831][ T26] audit: type=1326 audit(1773339025.471:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.725214][ C1] vkms_vblank_simulate: vblank timer overrun [ 282.734102][ T26] audit: type=1326 audit(1773339025.471:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.758308][ T26] audit: type=1326 audit(1773339025.471:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.787444][ T26] audit: type=1326 audit(1773339025.471:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 282.811477][ C1] vkms_vblank_simulate: vblank timer overrun [ 282.919828][ T7666] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 282.926705][ T7666] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 282.934880][ T7666] vhci_hcd vhci_hcd.0: Device attached [ 283.177481][ T26] audit: type=1326 audit(1773339025.471:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 283.282963][ T7] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 283.434429][ T26] audit: type=1326 audit(1773339025.471:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 283.558253][ T7667] vhci_hcd: connection reset by peer [ 283.564729][ T4919] vhci_hcd: stop threads [ 283.569374][ T4919] vhci_hcd: release socket [ 283.634402][ T4919] vhci_hcd: disconnect device [ 283.774396][ T26] audit: type=1326 audit(1773339025.471:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.0.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 284.211969][ T7682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.978'. [ 285.367105][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 285.383196][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 286.049707][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 286.058491][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 286.156340][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 286.168718][ T7698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 286.361962][ T7708] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 286.414792][ T7708] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 286.503345][ T7708] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 286.529994][ T7708] device bridge_slave_0 left promiscuous mode [ 286.553666][ T7708] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.611908][ T7708] device bridge_slave_1 left promiscuous mode [ 286.643326][ T7708] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.745681][ T7708] bond0: (slave bond_slave_0): Releasing backup interface [ 286.826360][ T7708] bond0: (slave bond_slave_1): Releasing backup interface [ 287.135317][ T7708] team0: Port device team_slave_0 removed [ 287.283316][ T7708] team0: Port device team_slave_1 removed [ 287.455552][ T7708] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.809890][ T7708] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 288.308421][ T7708] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 288.412972][ T7] vhci_hcd: vhci_device speed not set [ 289.208696][ T7708] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 289.459243][ T7730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.989'. [ 290.295839][ T7734] device syzkaller1 entered promiscuous mode [ 291.533927][ T7761] udc-core: couldn't find an available UDC or it's busy [ 291.541193][ T7761] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 292.820287][ T7783] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 292.827273][ T7783] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 292.835906][ T7783] vhci_hcd vhci_hcd.0: Device attached [ 293.038280][ T7784] vhci_hcd: connection closed [ 293.039144][ T4930] vhci_hcd: stop threads [ 293.117816][ T4226] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 293.582905][ T4930] vhci_hcd: release socket [ 293.630146][ T4930] vhci_hcd: disconnect device [ 296.262666][ T7819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1011'. [ 296.303798][ T7819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.961908][ T7819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.780912][ T4226] vhci_hcd: vhci_device speed not set [ 304.112173][ T7931] misc userio: Can't change port type on an already running userio instance [ 304.378111][ T7935] device syzkaller1 entered promiscuous mode [ 308.600988][ T7993] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1061'. [ 308.834089][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1064'. [ 310.321961][ T8020] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1070'. [ 311.176506][ T8036] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1073'. [ 311.889089][ T8057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1078'. [ 315.053690][ T8083] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1086'. [ 315.077741][ T8081] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1085'. [ 317.137092][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.145598][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.410732][ T8137] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1098'. [ 319.453593][ T8139] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1099'. [ 323.589685][ T8178] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1110'. [ 323.811570][ T8182] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1112'. [ 324.088234][ T8187] device syzkaller0 entered promiscuous mode [ 327.530261][ T8231] device syzkaller0 entered promiscuous mode [ 329.750966][ T8254] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1135'. [ 329.829651][ T8257] device syzkaller0 entered promiscuous mode [ 329.879716][ T8259] tipc: Enabled bearer , priority 0 [ 329.899483][ T8259] tipc: Resetting bearer [ 330.133634][ T8263] device syzkaller0 entered promiscuous mode [ 330.913176][ T8038] tipc: Node number set to 4092053000 [ 331.023169][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1144'. [ 331.156022][ T8283] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1145'. [ 331.383143][ T8278] chnl_net:caif_netlink_parms(): no params data found [ 331.448620][ T8280] chnl_net:caif_netlink_parms(): no params data found [ 331.569246][ T8278] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.586285][ T8278] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.600044][ T8278] device bridge_slave_0 entered promiscuous mode [ 331.632158][ T8278] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.639789][ T8278] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.652328][ T8278] device bridge_slave_1 entered promiscuous mode [ 331.666711][ T8280] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.677318][ T8280] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.686997][ T8280] device bridge_slave_0 entered promiscuous mode [ 331.702552][ T8280] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.710230][ T8280] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.718765][ T8280] device bridge_slave_1 entered promiscuous mode [ 331.744635][ T8278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.756564][ T8280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.771780][ T8280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.789524][ T8278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.815452][ T8280] team0: Port device team_slave_0 added [ 331.837088][ T8280] team0: Port device team_slave_1 added [ 331.846238][ T8278] team0: Port device team_slave_0 added [ 331.859074][ T8299] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1147'. [ 331.871882][ T8278] team0: Port device team_slave_1 added [ 331.885122][ T8280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 331.892183][ T8280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.920297][ T8280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.950444][ T8280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.958297][ T8280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.985537][ T8280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.997710][ T8278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 332.012905][ T8278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 332.055185][ T8278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 332.081165][ T8278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 332.088607][ T8278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 332.115101][ T8278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 332.138177][ T8280] device hsr_slave_0 entered promiscuous mode [ 332.164002][ T8280] device hsr_slave_1 entered promiscuous mode [ 332.180608][ T8280] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 332.209238][ T8280] Cannot create hsr debugfs directory [ 332.325288][ T8278] device hsr_slave_0 entered promiscuous mode [ 332.339739][ T8278] device hsr_slave_1 entered promiscuous mode [ 332.346668][ T8278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 332.356987][ T8278] Cannot create hsr debugfs directory [ 332.711386][ T8309] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1151'. [ 332.922496][ T8278] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 332.923224][ T8323] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1154'. [ 332.983829][ T8278] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 333.025901][ T8278] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 333.066756][ T8280] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 333.090072][ T8278] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 333.108077][ T8280] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 333.130764][ T8280] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 333.133136][ T7723] Bluetooth: hci5: command 0x0409 tx timeout [ 333.168768][ T8280] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 333.213015][ T7723] Bluetooth: hci6: command 0x0409 tx timeout [ 333.359921][ T8278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.391846][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.414504][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.433511][ T8278] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.518258][ T8280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.527827][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 333.540779][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.550023][ T4934] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.557336][ T4934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.566649][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 333.585862][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 333.594940][ T4934] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.602384][ T4934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.617431][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 333.626944][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 333.648034][ T8280] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.662011][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.680348][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.741562][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 333.772007][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 333.812201][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.829107][ T4934] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.836521][ T4934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.850749][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 333.868748][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 333.882490][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 333.912431][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 333.922327][ T4934] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.930115][ T4934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.952592][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 333.962877][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 333.971936][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 333.983663][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 333.998817][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 334.028339][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 334.041599][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 334.054439][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 334.064921][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 334.079178][ T8338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1158'. [ 334.107910][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 334.136319][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 334.166037][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 334.237195][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 334.270882][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 334.317724][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 334.330861][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 334.346014][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 334.360021][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 334.372920][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 334.410973][ T8280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 334.492290][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 334.509514][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 334.543985][ T8278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.724569][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 334.732463][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 334.756789][ T8280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.822960][ T8365] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1165'. [ 335.015136][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 335.052722][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 335.138447][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 335.159649][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 335.180772][ T8278] device veth0_vlan entered promiscuous mode [ 335.214678][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 335.236348][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 335.262763][ T8278] device veth1_vlan entered promiscuous mode [ 335.270299][ T4226] Bluetooth: hci5: command 0x041b tx timeout [ 335.293419][ T4228] Bluetooth: hci6: command 0x041b tx timeout [ 335.303269][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 335.311461][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 335.322483][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 335.368064][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 335.385041][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 335.398791][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 335.409917][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 335.426893][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 335.436433][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 335.447587][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 335.464935][ T8278] device veth0_macvtap entered promiscuous mode [ 335.477997][ T8280] device veth0_vlan entered promiscuous mode [ 335.496051][ T8278] device veth1_macvtap entered promiscuous mode [ 335.511920][ T8280] device veth1_vlan entered promiscuous mode [ 335.542063][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.562195][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.573291][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.593538][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.611878][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.635029][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.651447][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.664908][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.682187][ T8278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.712067][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 335.722654][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 335.745404][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 335.764919][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 335.780354][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 335.791355][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 335.807149][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.827465][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.849145][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.880895][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.892695][ T8278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.911034][ T8278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.923975][ T8278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.936670][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 335.947658][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 335.957156][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 335.967043][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 335.980318][ T8278] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.996730][ T8278] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.006121][ T8278] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.015450][ T8278] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.031631][ T8280] device veth0_macvtap entered promiscuous mode [ 336.061371][ T8280] device veth1_macvtap entered promiscuous mode [ 336.089322][ T4919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 336.106361][ T4919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 336.297186][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.310960][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.321843][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.407254][ T8398] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1170'. [ 336.453980][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.519551][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.578036][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.639848][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.700464][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.772158][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.838443][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.895732][ T8280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.911979][ T8397] netlink: 'syz.3.1171': attribute type 10 has an invalid length. [ 336.926342][ T8397] 8021q: adding VLAN 0 to HW filter on device team0 [ 336.945964][ T8397] bond0: (slave team0): Enslaving as an active interface with an up link [ 336.956508][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 336.975902][ T4921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 337.006897][ T4810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.036664][ T4810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.065372][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.087646][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.098271][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.109162][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.119411][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.131909][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.153533][ T8280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.166259][ T8280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.193511][ T8280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 337.205920][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 337.228282][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 337.243735][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 337.271098][ T8280] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.292992][ T4228] Bluetooth: hci5: command 0x040f tx timeout [ 337.305078][ T8410] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1174'. [ 337.318089][ T8280] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.372998][ T4228] Bluetooth: hci6: command 0x040f tx timeout [ 337.448463][ T8280] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.501940][ T8280] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.567067][ T4810] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.603311][ T4810] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.623924][ T4930] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 337.866416][ T4930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.887529][ T4930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.951882][ T4919] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 338.022931][ T4226] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 338.040210][ T4919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 338.074707][ T4919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 338.133326][ T4934] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 338.272947][ T4226] usb 6-1: Using ep0 maxpacket: 32 [ 338.375040][ T26] kauditd_printk_skb: 25 callbacks suppressed [ 338.375054][ T26] audit: type=1326 audit(1773339081.891:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.433120][ T4226] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 338.456376][ T4226] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.508765][ T4226] usb 6-1: config 0 descriptor?? [ 338.541178][ T26] audit: type=1326 audit(1773339081.941:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.640916][ T26] audit: type=1326 audit(1773339081.941:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.675914][ T26] audit: type=1326 audit(1773339081.941:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f282768ffce code=0x7ffc0000 [ 338.715443][ T26] audit: type=1326 audit(1773339081.941:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.739998][ T26] audit: type=1326 audit(1773339081.941:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.780874][ T26] audit: type=1326 audit(1773339081.941:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.813227][ T4226] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 338.847843][ T26] audit: type=1326 audit(1773339081.941:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 338.848123][ T4226] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 338.893094][ T1111] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 338.971715][ T26] audit: type=1326 audit(1773339081.941:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 339.044846][ T26] audit: type=1326 audit(1773339081.941:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8426 comm="syz.6.1143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28276cf799 code=0x7ffc0000 [ 339.069475][ T4226] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 339.096471][ T4226] usb 6-1: media controller created [ 339.115618][ T4226] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 339.245438][ T8439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1180'. [ 339.383719][ T4228] Bluetooth: hci5: command 0x0419 tx timeout [ 339.428815][ T8443] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1181'. [ 339.477934][ T4228] Bluetooth: hci6: command 0x0419 tx timeout [ 339.976697][ T1111] usb 7-1: config 0 has an invalid interface number: 244 but max is 0 [ 339.985817][ T1111] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.999822][ T1111] usb 7-1: config 0 has no interface number 0 [ 340.012374][ T1111] usb 7-1: config 0 interface 244 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 340.024085][ T1111] usb 7-1: config 0 interface 244 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 340.035255][ T1111] usb 7-1: config 0 interface 244 altsetting 0 endpoint 0xC has invalid maxpacket 512, setting to 8 [ 340.052983][ T1111] usb 7-1: config 0 interface 244 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 8 [ 340.064444][ T1111] usb 7-1: config 0 interface 244 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 15 [ 340.086183][ T8450] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1184'. [ 340.106084][ T1111] usb 7-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=e1.32 [ 340.130874][ T1111] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.163168][ T1111] usb 7-1: config 0 descriptor?? [ 340.183825][ T8427] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 340.463026][ T1111] usb 7-1: string descriptor 0 read error: -71 [ 340.470815][ T1111] cypress_m8 7-1:0.244: DeLorme Earthmate USB converter detected [ 340.482334][ T1111] earthmate ttyUSB0: required endpoint is missing [ 340.492371][ T1111] usb 7-1: USB disconnect, device number 2 [ 340.497965][ T8419] cifs: Unknown parameter 'fd' [ 340.504956][ T1111] cypress_m8 7-1:0.244: device disconnected [ 340.743812][ T4226] stb0899_attach: Driver disabled by Kconfig [ 340.753517][ T4226] az6027: no front-end attached [ 340.753517][ T4226] [ 340.773586][ T4226] az6027: usb out operation failed. (-71) [ 340.781118][ T4226] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 340.796331][ T4226] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input15 [ 340.811380][ T4226] dvb-usb: schedule remote query interval to 400 msecs. [ 340.820293][ T4226] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 340.863322][ T4226] usb 6-1: USB disconnect, device number 2 [ 340.920961][ T4226] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 341.388624][ T8038] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 341.446863][ T8471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1189'. [ 341.473134][ T8471] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.524679][ T8471] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.674968][ T8038] usb 7-1: Using ep0 maxpacket: 16 [ 341.843075][ T8038] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.862851][ T8038] usb 7-1: config 0 interface 0 has no altsetting 0 [ 341.898139][ T8485] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1196'. [ 342.043701][ T8038] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 342.053603][ T8038] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.061913][ T8038] usb 7-1: Product: syz [ 342.066584][ T8038] usb 7-1: Manufacturer: syz [ 342.071255][ T8038] usb 7-1: SerialNumber: syz [ 342.078159][ T8038] usb 7-1: config 0 descriptor?? [ 342.136998][ T8038] hub 7-1:0.0: bad descriptor, ignoring hub [ 342.143204][ T4226] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 342.151151][ T8038] hub: probe of 7-1:0.0 failed with error -5 [ 342.161563][ T8038] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 342.182963][ T4919] usb 7-1: Failed to submit usb control message: -71 [ 342.195983][ T4919] usb 7-1: unable to send the bmi data to the device: -71 [ 342.204834][ T4919] usb 7-1: unable to get target info from device [ 342.211406][ T4919] usb 7-1: could not get target info (-71) [ 342.217850][ T4919] usb 7-1: could not probe fw (-71) [ 342.413217][ T4226] usb 6-1: Using ep0 maxpacket: 32 [ 342.563152][ T4226] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 342.752992][ T4226] usb 6-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40 [ 342.762739][ T4226] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.773485][ T4226] usb 6-1: Product: syz [ 342.777840][ T4226] usb 6-1: Manufacturer: syz [ 342.782592][ T4226] usb 6-1: SerialNumber: syz [ 342.824631][ T8500] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 342.861828][ T4226] snd-ua101 6-1:1.1: invalid format type [ 342.869230][ T4226] snd-ua101 6-1:1.0: invalid num_altsetting [ 343.066377][ T4229] usb 6-1: USB disconnect, device number 3 [ 343.173116][ T4226] usb 7-1: USB disconnect, device number 3 [ 343.824053][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1204'. [ 343.849667][ T8514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 344.069568][ T8514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 344.249617][ T8523] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1207'. [ 344.605586][ T8532] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1210'. [ 344.793659][ T4226] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 345.012897][ T4226] usb 7-1: device descriptor read/64, error -71 [ 345.282927][ T4226] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 345.483050][ T4226] usb 7-1: device descriptor read/64, error -71 [ 345.569433][ T26] kauditd_printk_skb: 48 callbacks suppressed [ 345.569445][ T26] audit: type=1326 audit(1773339089.081:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.1.1214" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f77e5e74799 code=0x0 [ 345.603196][ T4226] usb usb7-port1: attempt power cycle [ 346.052884][ T4226] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 346.164094][ T4226] usb 7-1: device descriptor read/8, error -71 [ 346.435674][ T4198] Bluetooth: hci0: Unknown advertising packet type: 0x403e [ 346.435824][ T4198] Bluetooth: hci0: Unknown advertising packet type: 0x6e73 [ 346.452875][ T4226] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 346.504607][ T8547] net_ratelimit: 1 callbacks suppressed [ 346.504621][ T8547] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 346.582088][ T4226] usb 7-1: device descriptor read/8, error -71 [ 346.633161][ T8553] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1219'. [ 346.704065][ T4226] usb usb7-port1: unable to enumerate USB device [ 346.810518][ T8560] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1222'. [ 347.992921][ T4228] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 348.000608][ T4231] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 348.242947][ T4231] usb 7-1: Using ep0 maxpacket: 32 [ 348.248345][ T4228] usb 6-1: Using ep0 maxpacket: 32 [ 348.321313][ T8579] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1230'. [ 348.373286][ T4231] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 348.387818][ T4231] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.397826][ T4231] usb 7-1: config 0 descriptor?? [ 348.543720][ T4228] usb 6-1: New USB device found, idVendor=2a39, idProduct=3fb0, bcdDevice= 0.40 [ 348.559301][ T4228] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.571940][ T4228] usb 6-1: Product: syz [ 348.584044][ T4228] usb 6-1: Manufacturer: syz [ 348.591856][ T4228] usb 6-1: SerialNumber: syz [ 348.663082][ T4231] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 348.685369][ T4231] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 348.720136][ T4231] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 348.734627][ T4231] usb 7-1: media controller created [ 348.760076][ T4231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 348.796159][ T8585] IPv6: NLM_F_CREATE should be specified when creating new route [ 348.962992][ T4228] usb 6-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 348.982945][ T4228] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 349.127541][ T4228] usb 6-1: USB disconnect, device number 4 [ 349.742946][ T4226] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 349.842869][ T4231] stb0899_attach: Driver disabled by Kconfig [ 349.853493][ T4231] az6027: no front-end attached [ 349.853493][ T4231] [ 349.883560][ T26] audit: type=1326 audit(1773339093.401:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 349.906033][ C0] vkms_vblank_simulate: vblank timer overrun [ 349.913006][ T4231] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 349.923524][ T26] audit: type=1326 audit(1773339093.401:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 349.924831][ T4231] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input16 [ 349.967163][ T26] audit: type=1326 audit(1773339093.481:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 349.989897][ C0] vkms_vblank_simulate: vblank timer overrun [ 349.998796][ T4226] usb 6-1: device descriptor read/64, error -71 [ 350.016688][ T4231] dvb-usb: schedule remote query interval to 400 msecs. [ 350.026895][ T4231] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 350.102423][ T26] audit: type=1326 audit(1773339093.481:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.125173][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.168986][ T26] audit: type=1326 audit(1773339093.481:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.192230][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.202089][ T4260] usb 7-1: USB disconnect, device number 8 [ 350.288100][ T4260] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 350.297064][ T4226] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 350.349703][ T26] audit: type=1326 audit(1773339093.481:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.372586][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.447203][ T26] audit: type=1326 audit(1773339093.481:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.532901][ T4226] usb 6-1: device descriptor read/64, error -71 [ 350.541932][ T26] audit: type=1326 audit(1773339093.481:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.666788][ T26] audit: type=1326 audit(1773339093.481:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.689815][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.704921][ T4226] usb usb6-port1: attempt power cycle [ 350.824504][ T8610] loop5: detected capacity change from 0 to 4096 [ 350.845049][ T26] audit: type=1326 audit(1773339093.481:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 350.907590][ C0] blk_update_request: I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 350.936335][ C0] blk_update_request: I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 350.948047][ C0] Buffer I/O error on dev loop5, logical block 496, async page read [ 350.965743][ T8607] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 350.986099][ C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x84700 phys_seg 128 prio class 0 [ 350.997645][ C0] blk_update_request: I/O error, dev loop5, sector 1208 op 0x0:(READ) flags 0x80700 phys_seg 67 prio class 0 [ 351.015335][ C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 351.026574][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 351.035956][ T8607] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 351.055715][ T26] audit: type=1326 audit(1773339093.481:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 351.107168][ T8609] delete_channel: no stack [ 351.152960][ T4226] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 351.203700][ T26] audit: type=1326 audit(1773339093.481:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 351.263147][ T4226] usb 6-1: device descriptor read/8, error -71 [ 351.303229][ T26] audit: type=1326 audit(1773339093.481:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 351.488098][ T8619] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1244'. [ 351.511378][ T26] audit: type=1326 audit(1773339093.481:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 352.002189][ T26] audit: type=1326 audit(1773339093.481:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 352.036622][ T26] audit: type=1326 audit(1773339093.481:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 352.061599][ T26] audit: type=1326 audit(1773339093.481:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.0.1238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f494f340799 code=0x7ffc0000 [ 352.062958][ T4226] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 352.343172][ T4226] usb 6-1: device descriptor read/8, error -71 [ 352.483092][ T4226] usb usb6-port1: unable to enumerate USB device [ 352.932904][ T8039] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 353.180041][ T8651] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 353.194085][ T8651] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 353.613762][ T27] INFO: task kworker/0:4:4230 blocked for more than 143 seconds. [ 353.882955][ T27] Not tainted syzkaller #0 [ 353.920779][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 353.953061][ T8039] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 353.976845][ T27] task:kworker/0:4 state:D stack:16792 pid: 4230 ppid: 2 flags:0x00004000 [ 354.002503][ T27] Workqueue: usb_hub_wq hub_event [ 354.009112][ T27] Call Trace: [ 354.019040][ T27] [ 354.022398][ T27] __schedule+0x11ef/0x43c0 [ 354.028381][ T27] ? release_firmware_map_entry+0x190/0x190 [ 354.041802][ T27] ? try_to_wake_up+0x6cf/0x1050 [ 354.052592][ T8039] usb 7-1: config 0 interface 0 has no altsetting 0 [ 354.067857][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 354.093201][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 354.114565][ T27] schedule+0x11b/0x1e0 [ 354.125698][ T27] schedule_timeout+0xbd/0x2d0 [ 354.141574][ T27] ? console_conditional_schedule+0x40/0x40 [ 354.160401][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 354.183972][ T27] ? lock_chain_count+0x20/0x20 [ 354.202884][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 354.228529][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 354.242862][ T27] do_wait_for_common+0x2a2/0x450 [ 354.260359][ T27] ? console_conditional_schedule+0x40/0x40 [ 354.270307][ T8039] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 354.287036][ T8039] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 354.287043][ T27] ? wait_for_completion_killable_timeout+0x60/0x60 [ 354.312653][ T8039] usb 7-1: Product: syz [ 354.317169][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 354.323046][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 354.337785][ T8039] usb 7-1: Manufacturer: syz [ 354.343484][ T27] ? kthread_data+0x4b/0xc0 [ 354.350183][ T27] wait_for_completion+0x48/0x60 [ 354.356608][ T8039] usb 7-1: SerialNumber: syz [ 354.361793][ T27] flush_workqueue+0x664/0x13d0 [ 354.372326][ T27] ? rcu_work_rcufn+0x120/0x120 [ 354.382074][ T8039] usb 7-1: config 0 descriptor?? [ 354.387341][ T27] ? ath6kl_bmi_done+0x1a0/0x1a0 [ 354.395374][ T27] ath6kl_usb_power_off+0x34/0x40 [ 354.414726][ T27] ath6kl_core_init+0xac4/0x1090 [ 354.436514][ T8039] usb 7-1: selecting invalid altsetting 0 [ 354.444885][ T27] ? lockdep_softirqs_off+0x430/0x430 [ 354.485595][ T27] ? ath6kl_core_rx_complete+0x70/0x70 [ 354.501692][ T27] ? memcpy+0x3c/0x60 [ 354.506927][ T27] ? ath6kl_core_create+0x7d6/0x980 [ 354.512336][ T27] ath6kl_usb_probe+0x1302/0x1410 [ 354.518375][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 354.542964][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 354.577142][ T27] ? _raw_spin_unlock+0x40/0x40 [ 354.588503][ T27] ? ktime_get_mono_fast_ns+0x199/0x1b0 [ 354.598811][ T27] ? usb_disable_lpm+0x72/0x370 [ 354.610351][ T27] usb_probe_interface+0x5c5/0xb20 [ 354.616213][ T27] ? usb_register_driver+0x3d0/0x3d0 [ 354.621978][ T27] really_probe+0x284/0xc80 [ 354.634580][ T27] __driver_probe_device+0x18c/0x330 [ 354.640954][ T27] driver_probe_device+0x4f/0x420 [ 354.647376][ T27] __device_attach_driver+0x2b0/0x500 [ 354.653015][ T27] ? deferred_probe_work_func+0x230/0x230 [ 354.658838][ T27] bus_for_each_drv+0x184/0x210 [ 354.672907][ T27] ? deferred_probe_work_func+0x230/0x230 [ 354.686511][ T27] ? subsys_find_device_by_id+0x360/0x360 [ 354.701106][ T8645] usb 7-1: selecting invalid altsetting 0 [ 354.707618][ T27] __device_attach+0x2a8/0x480 [ 354.708867][ T8645] usb 7-1: 0:0: usb_set_interface failed (-22) [ 354.722972][ T27] ? kobject_uevent_env+0x371/0x890 [ 354.728479][ T27] ? device_attach+0x20/0x20 [ 354.741539][ T27] ? kobject_uevent_env+0x371/0x890 [ 354.748217][ T27] bus_probe_device+0xbc/0x1e0 [ 354.753168][ T27] ? device_add+0x97c/0xfb0 [ 354.757838][ T27] device_add+0xa00/0xfb0 [ 354.763334][ T27] usb_set_configuration+0x1991/0x1fd0 [ 354.770018][ T27] ? kernfs_activate+0x1eb/0x210 [ 354.780090][ T27] usb_generic_driver_probe+0x89/0x150 [ 354.787305][ T27] usb_probe_device+0x139/0x270 [ 354.793677][ T27] ? usb_register_device_driver+0x230/0x230 [ 354.800309][ T27] really_probe+0x284/0xc80 [ 354.809974][ T27] __driver_probe_device+0x18c/0x330 [ 354.817058][ T27] driver_probe_device+0x4f/0x420 [ 354.822704][ T27] __device_attach_driver+0x2b0/0x500 [ 354.833009][ T27] ? deferred_probe_work_func+0x230/0x230 [ 354.839514][ T27] bus_for_each_drv+0x184/0x210 [ 354.852934][ T27] ? deferred_probe_work_func+0x230/0x230 [ 354.860707][ T27] ? subsys_find_device_by_id+0x360/0x360 [ 354.872910][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 354.880603][ T27] __device_attach+0x2a8/0x480 [ 354.894233][ T27] ? device_attach+0x20/0x20 [ 354.900027][ T27] ? kobject_uevent_env+0x371/0x890 [ 354.911655][ T27] bus_probe_device+0xbc/0x1e0 [ 354.918412][ T27] ? device_add+0x97c/0xfb0 [ 354.928457][ T27] device_add+0xa00/0xfb0 [ 354.935106][ T27] usb_new_device+0xd65/0x1660 [ 354.941925][ T27] ? lock_chain_count+0x20/0x20 [ 354.954614][ T27] ? usb_disconnect+0x8a0/0x8a0 [ 354.959960][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 354.965642][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 354.971963][ T27] hub_event+0x2e4a/0x55e0 [ 354.980353][ T27] ? hub_post_resume+0x120/0x120 [ 354.988557][ T27] ? read_lock_is_recursive+0x10/0x10 [ 354.997969][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 355.006598][ T27] ? _raw_spin_unlock+0x40/0x40 [ 355.012058][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 355.018918][ T27] process_one_work+0x85f/0x1010 [ 355.025061][ T27] ? worker_detach_from_pool+0x240/0x240 [ 355.030851][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 355.036470][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 355.041812][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 355.047741][ T27] ? wq_worker_running+0x97/0x170 [ 355.053128][ T27] worker_thread+0xaa6/0x1290 [ 355.058824][ T27] kthread+0x436/0x520 [ 355.064912][ T27] ? rcu_lock_release+0x20/0x20 [ 355.070122][ T27] ? kthread_blkcg+0xd0/0xd0 [ 355.074953][ T27] ret_from_fork+0x1f/0x30 [ 355.079564][ T27] [ 355.083101][ T27] INFO: task kworker/1:8:4274 blocked for more than 144 seconds. [ 355.091273][ T27] Not tainted syzkaller #0 [ 355.097330][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.106382][ T27] task:kworker/1:8 state:D stack:19736 pid: 4274 ppid: 2 flags:0x00004000 [ 355.116088][ T27] Workqueue: events request_firmware_work_func [ 355.122621][ T27] Call Trace: [ 355.126529][ T27] [ 355.130644][ T27] __schedule+0x11ef/0x43c0 [ 355.138243][ T27] ? release_firmware_map_entry+0x190/0x190 [ 355.145711][ T27] ? _raw_spin_unlock_irq+0x25/0x40 [ 355.152048][ T27] schedule+0x11b/0x1e0 [ 355.157173][ T27] schedule_preempt_disabled+0xf/0x20 [ 355.166515][ T27] __mutex_lock_common+0xcfc/0x2400 [ 355.175817][ T27] ? ath9k_hif_usb_firmware_cb+0x32c/0x4b0 [ 355.186398][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 355.192852][ T27] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 355.203827][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 355.211242][ T27] ? _raw_spin_unlock+0x40/0x40 [ 355.225950][ T27] mutex_lock_nested+0x17/0x20 [ 355.230789][ T27] ath9k_hif_usb_firmware_cb+0x32c/0x4b0 [ 355.236670][ T27] ? ath9k_hif_request_firmware+0x490/0x490 [ 355.242702][ T27] request_firmware_work_func+0xfb/0x1b0 [ 355.248874][ T27] process_one_work+0x85f/0x1010 [ 355.258989][ T27] ? worker_detach_from_pool+0x240/0x240 [ 355.264945][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 355.272370][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 355.278284][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 355.285034][ T27] ? wq_worker_running+0x97/0x170 [ 355.290194][ T27] worker_thread+0xaa6/0x1290 [ 355.300902][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 355.306324][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 355.313065][ T27] kthread+0x436/0x520 [ 355.317267][ T27] ? rcu_lock_release+0x20/0x20 [ 355.322319][ T27] ? kthread_blkcg+0xd0/0xd0 [ 355.328274][ T27] ret_from_fork+0x1f/0x30 [ 355.332878][ T27] [ 355.336216][ T27] INFO: task udevd:4516 blocked for more than 145 seconds. [ 355.344223][ T27] Not tainted syzkaller #0 [ 355.349453][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.358657][ T27] task:udevd state:D stack:23120 pid: 4516 ppid: 3560 flags:0x00004002 [ 355.368148][ T27] Call Trace: [ 355.371711][ T27] [ 355.374861][ T27] __schedule+0x11ef/0x43c0 [ 355.379621][ T27] ? __mutex_lock_common+0xcf7/0x2400 [ 355.385220][ T27] ? release_firmware_map_entry+0x190/0x190 [ 355.391264][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 355.396404][ T27] ? __mutex_trylock_common+0x86/0x260 [ 355.402515][ T27] ? rcu_lock_release+0x20/0x20 [ 355.407761][ T27] schedule+0x11b/0x1e0 [ 355.412485][ T27] schedule_preempt_disabled+0xf/0x20 [ 355.418119][ T27] __mutex_lock_common+0xcfc/0x2400 [ 355.423706][ T27] ? uevent_show+0x17a/0x330 [ 355.428324][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 355.435364][ T27] mutex_lock_nested+0x17/0x20 [ 355.440158][ T27] uevent_show+0x17a/0x330 [ 355.444804][ T27] dev_attr_show+0x50/0xb0 [ 355.449423][ T27] ? device_get_ownership+0xa0/0xa0 [ 355.454718][ T27] sysfs_kf_seq_show+0x316/0x4c0 [ 355.459814][ T27] seq_read_iter+0x49b/0xd50 [ 355.464484][ T27] vfs_read+0x759/0xd60 [ 355.468813][ T27] ? kernel_read+0x1e0/0x1e0 [ 355.473504][ T27] ? __context_tracking_exit+0x4c/0x80 [ 355.479481][ T27] ? __fdget_pos+0x2c6/0x370 [ 355.484297][ T27] ksys_read+0x152/0x260 [ 355.488716][ T27] ? vfs_write+0xd60/0xd60 [ 355.493314][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 355.498944][ T27] do_syscall_64+0x4c/0xa0 [ 355.503629][ T27] ? clear_bhb_loop+0x30/0x80 [ 355.508573][ T27] ? clear_bhb_loop+0x30/0x80 [ 355.513614][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 355.519695][ T27] RIP: 0033:0x7fc39a5e3407 [ 355.524263][ T27] RSP: 002b:00007ffe6c072eb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 355.533505][ T27] RAX: ffffffffffffffda RBX: 00007fc39a4f5880 RCX: 00007fc39a5e3407 [ 355.541585][ T27] RDX: 0000000000001000 RSI: 000056121b0def10 RDI: 0000000000000008 [ 355.551542][ T27] RBP: 00007fc39a72bff0 R08: 0000000000000000 R09: 0000000000000000 [ 355.559821][ T27] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000a [ 355.568213][ T27] R13: 00007fc39a72bea0 R14: 0000000000000000 R15: 000056121b0e2a70 [ 355.576842][ T27] [ 355.580267][ T27] [ 355.580267][ T27] Showing all locks held in the system: [ 355.589849][ T27] 1 lock held by khungtaskd/27: [ 355.594954][ T27] #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 355.604701][ T27] 5 locks held by kworker/1:2/1108: [ 355.610265][ T27] #0: ffff888144798938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 355.621514][ T27] #1: ffffc90005097d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 355.633436][ T27] #2: ffff888024cac220 (&dev->mutex){....}-{3:3}, at: hub_event+0x19f/0x55e0 [ 355.642454][ T27] #3: ffff888020351220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.651943][ T27] #4: ffff888022e241a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.662846][ T27] 2 locks held by getty/3945: [ 355.667940][ T27] #0: ffff88814c5bc098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 355.678074][ T27] #1: ffffc900025ce2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 [ 355.689039][ T27] 4 locks held by udevd/4176: [ 355.693987][ T27] #0: ffff8880742148b8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xad/0xd50 [ 355.703428][ T27] #1: ffff888060002488 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x51/0x3c0 [ 355.712983][ T27] #2: ffff888057b32008 (kn->active#32){++++}-{0:0}, at: kernfs_seq_start+0x71/0x3c0 [ 355.723272][ T27] #3: ffff88805f1d91a8 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17a/0x330 [ 355.733814][ T27] 4 locks held by udevd/4177: [ 355.739166][ T27] #0: ffff888026d39790 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xad/0xd50 [ 355.748579][ T27] #1: ffff88805eec3888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x51/0x3c0 [ 355.758440][ T27] #2: ffff88805fd74660 (kn->active#32){++++}-{0:0}, at: kernfs_seq_start+0x71/0x3c0 [ 355.769567][ T27] #3: ffff888022e241a8 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17a/0x330 [ 355.779187][ T27] 5 locks held by kworker/0:4/4230: [ 355.784770][ T27] #0: ffff888144798938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 355.795639][ T27] #1: ffffc9000320fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 355.808025][ T27] #2: ffff888024bfb220 (&dev->mutex){....}-{3:3}, at: hub_event+0x19f/0x55e0 [ 355.817359][ T27] #3: ffff88805fa6d220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.827272][ T27] #4: ffff888079fab1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.836739][ T27] 5 locks held by kworker/0:5/4232: [ 355.842278][ T27] #0: ffff888144798938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 355.853358][ T27] #1: ffffc9000322fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 355.864896][ T27] #2: ffff888024c94220 (&dev->mutex){....}-{3:3}, at: hub_event+0x19f/0x55e0 [ 355.875419][ T27] #3: ffff888077af8220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.884945][ T27] #4: ffff88805f1d91a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 355.894389][ T27] 3 locks held by kworker/1:8/4274: [ 355.899680][ T27] #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 355.910086][ T27] #1: ffffc900032dfd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 355.922257][ T27] #2: ffff888024bfb220 (&dev->mutex){....}-{3:3}, at: ath9k_hif_usb_firmware_cb+0x32c/0x4b0 [ 355.932989][ T27] 4 locks held by udevd/4516: [ 355.938372][ T27] #0: ffff888019bf1668 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xad/0xd50 [ 355.947659][ T27] #1: ffff88805f839888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x51/0x3c0 [ 355.958260][ T27] #2: ffff888078fc0748 (kn->active#32){++++}-{0:0}, at: kernfs_seq_start+0x71/0x3c0 [ 355.968229][ T27] #3: ffff888079fab1a8 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17a/0x330 [ 355.977524][ T27] 3 locks held by kworker/u4:11/4810: [ 355.984067][ T27] #0: ffff8880b903a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa5/0x140 [ 355.994249][ T27] #1: ffffc9000151fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 356.007554][ T27] #2: ffff8880b90280d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 356.017297][ T27] 4 locks held by udevd/5499: [ 356.022229][ T27] #0: ffff88802505c8b8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xad/0xd50 [ 356.032401][ T27] #1: ffff88805ed01488 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x51/0x3c0 [ 356.042347][ T27] #2: ffff88807a12dda0 (kn->active#32){++++}-{0:0}, at: kernfs_seq_start+0x71/0x3c0 [ 356.052385][ T27] #3: ffff8880299241a8 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17a/0x330 [ 356.062343][ T27] 5 locks held by kworker/0:7/6496: [ 356.067824][ T27] #0: ffff888144798938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 356.078846][ T27] #1: ffffc90003777d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 356.090247][ T27] #2: ffff8880248f3220 (&dev->mutex){....}-{3:3}, at: hub_event+0x19f/0x55e0 [ 356.100483][ T27] #3: ffff88805fb00220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 356.109892][ T27] #4: ffff8880299241a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x85/0x480 [ 356.119544][ T27] 1 lock held by syz.2.1091/8108: [ 356.124915][ T27] #0: ffff888024cac220 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x185/0x7b0 [ 356.134074][ T27] 1 lock held by syz.4.1093/8117: [ 356.139283][ T27] #0: ffff8880248f3220 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x185/0x7b0 [ 356.148418][ T27] [ 356.151064][ T27] ============================================= [ 356.151064][ T27] [ 356.159568][ T27] NMI backtrace for cpu 1 [ 356.163900][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 356.171351][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 356.181393][ T27] Call Trace: [ 356.184851][ T27] [ 356.188057][ T27] dump_stack_lvl+0x188/0x250 [ 356.192765][ T27] ? show_regs_print_info+0x20/0x20 [ 356.198046][ T27] ? load_image+0x400/0x400 [ 356.202713][ T27] ? nmi_cpu_backtrace+0x1b2/0x3d0 [ 356.207834][ T27] nmi_cpu_backtrace+0x3a2/0x3d0 [ 356.212961][ T27] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 356.219399][ T27] ? _printk+0xda/0x130 [ 356.223943][ T27] ? load_image+0x400/0x400 [ 356.228631][ T27] ? load_image+0x400/0x400 [ 356.233413][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 356.239564][ T27] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 356.245754][ T27] watchdog+0xe0f/0xe50 [ 356.250100][ T27] kthread+0x436/0x520 [ 356.254336][ T27] ? hungtask_pm_notify+0x40/0x40 [ 356.259433][ T27] ? kthread_blkcg+0xd0/0xd0 [ 356.264012][ T27] ret_from_fork+0x1f/0x30 [ 356.268631][ T27] [ 356.272089][ T27] Sending NMI from CPU 1 to CPUs 0: [ 356.277456][ C0] NMI backtrace for cpu 0 [ 356.277469][ C0] CPU: 0 PID: 8038 Comm: kworker/0:9 Not tainted syzkaller #0 [ 356.277485][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 356.277494][ C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries [ 356.277518][ C0] RIP: 0010:___might_sleep+0x8a/0x610 [ 356.277536][ C0] Code: 48 c1 eb 03 48 b8 f1 f1 f1 f1 f8 f2 f2 f2 4a 89 04 23 48 b8 f8 f2 f2 f2 f8 f3 f3 f3 4a 89 44 23 08 e8 ba 72 68 08 85 c0 74 46 <48> c7 c7 00 eb 31 8c be ff ff ff ff e8 55 6f 68 08 85 c0 74 31 e8 [ 356.277549][ C0] RSP: 0018:ffffc9000347fac0 EFLAGS: 00000202 [ 356.277561][ C0] RAX: 0000000000000001 RBX: 1ffff9200068ff60 RCX: ffff888029400000 [ 356.277573][ C0] RDX: 0000000000000000 RSI: 000000000000004e RDI: ffffffff8aad1220 [ 356.277583][ C0] RBP: ffffc9000347fbd8 R08: ffffffff8cc68203 R09: 1ffffffff198d040 [ 356.277594][ C0] R10: dffffc0000000000 R11: fffffbfff198d041 R12: dffffc0000000000 [ 356.277605][ C0] R13: ffff88805b463218 R14: 000000000000076a R15: ffffffffffffffa0 [ 356.277616][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 356.277629][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 356.277640][ C0] CR2: 00002000001ad030 CR3: 000000004b907000 CR4: 00000000003506f0 [ 356.277654][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 356.277663][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 356.277685][ C0] Call Trace: [ 356.277689][ C0] [ 356.277697][ C0] ? wg_ratelimiter_gc_entries+0x380/0x450 [ 356.277714][ C0] ? __might_sleep+0xf0/0xf0 [ 356.277727][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 356.277744][ C0] ? __rwlock_init+0x140/0x140 [ 356.277757][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 356.277774][ C0] ? do_raw_spin_unlock+0x11d/0x230 [ 356.277790][ C0] wg_ratelimiter_gc_entries+0x3a2/0x450 [ 356.277809][ C0] process_one_work+0x85f/0x1010 [ 356.277832][ C0] ? worker_detach_from_pool+0x240/0x240 [ 356.277846][ C0] ? lockdep_hardirqs_off+0x70/0x100 [ 356.277866][ C0] ? _raw_spin_lock_irq+0xb7/0xf0 [ 356.277880][ C0] ? _raw_spin_lock_irqsave+0x100/0x100 [ 356.277895][ C0] ? wq_worker_running+0x97/0x170 [ 356.277910][ C0] worker_thread+0xaa6/0x1290 [ 356.277936][ C0] kthread+0x436/0x520 [ 356.277949][ C0] ? rcu_lock_release+0x20/0x20 [ 356.277963][ C0] ? kthread_blkcg+0xd0/0xd0 [ 356.277976][ C0] ret_from_fork+0x1f/0x30 [ 356.277998][ C0] [ 356.301890][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 356.536605][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 356.543869][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 356.553912][ T27] Call Trace: [ 356.557176][ T27] [ 356.560089][ T27] dump_stack_lvl+0x188/0x250 [ 356.564747][ T27] ? show_regs_print_info+0x20/0x20 [ 356.570030][ T27] ? load_image+0x400/0x400 [ 356.574703][ T27] panic+0x2e5/0x810 [ 356.578683][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 356.584396][ T27] ? bpf_jit_dump+0xd0/0xd0 [ 356.588882][ T27] ? __irq_work_queue_local+0x12c/0x190 [ 356.594665][ T27] ? nmi_trigger_cpumask_backtrace+0x260/0x280 [ 356.600884][ T27] watchdog+0xe4e/0xe50 [ 356.605030][ T27] kthread+0x436/0x520 [ 356.609223][ T27] ? hungtask_pm_notify+0x40/0x40 [ 356.614250][ T27] ? kthread_blkcg+0xd0/0xd0 [ 356.618924][ T27] ret_from_fork+0x1f/0x30 [ 356.623855][ T27] [ 356.627696][ T27] Kernel Offset: disabled [ 356.632023][ T27] Rebooting in 86400 seconds..