last executing test programs: 9.007047173s ago: executing program 4 (id=2904): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000300)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000950000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x42, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x8}, 0x10}, 0x90) socket$inet6(0xa, 0x1, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r2) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r4, 0x0, 0x0) r5 = dup(0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000090400"/20, @ANYRES32=0x0, @ANYBLOB="00000000401000002400128009000100626f6e64000000001400028008000a000000000008000b00", @ANYRES32=0x0, @ANYBLOB="ecf1a6d1c5490142fda20878beaad03fd7d938c8ae020d290b85eb748b8c9239b660167b111f8dc408139aa149ccf4249294fdf78661ee96b31d2c7429a8651334661735a2f609e913ec05d99c83a30bc3139e71d9ea886f6624c3b3f75f602f6579543a0be23f1b726a8330c107583e6bbe8c00353bdeaf4426b3a9582ec01931abae8987864e3554bfdef2df1cbece9de9a77ecfc7dedf2efc93e735a4fd0c11eb43f4fad4050887db1c156ab442c01154ee1a279e"], 0x44}}, 0x0) ptrace$getregs(0xe, r2, 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) io_setup(0x222, &(0x7f0000000180)=0x0) socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r9, 0x25, 0x0, @void}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f00000002c0)={'syztnl2\x00', r9, 0x29, 0x9, 0x2, 0x1, 0x8, @empty, @local, 0x20, 0x8, 0x5, 0x2}}) io_submit(r8, 0x2, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r7, &(0x7f0000000000)='%', 0x1}, 0x0]) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r10, &(0x7f0000001780)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x1c, 0x2, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}}}, 0xa0) 8.138080571s ago: executing program 4 (id=2906): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000900)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) connect$x25(0xffffffffffffffff, 0x0, 0x0) futex_waitv(0x0, 0x0, 0x0, 0x0, 0x0) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x0, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="04010000", @ANYRES32=0x0, @ANYBLOB="e80002803800010024000100d9476c625f66746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400000000003c00010024000100757365725f6c696e6b75705f656e61626c6564000000000000000000000000000500030006000000040004"], 0x104}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="8400000010000305000000000000000003000000", @ANYRES32=0x0, @ANYBLOB="00000000000000006400128009000100626f6e640000000054000280"], 0x84}}, 0x0) write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000100)='reno\x00', 0x5) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000000)=',', 0x1}], 0x1}, 0x8940) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000100)="5fc903ce8cb5049e077f3ba953190a8ce22e51a45861006641e661523ed30e13487a64d3e98231a20c5e08ebe24801b531c63d06db0e6cca2bdb10dd7d02d74ab9dd95bd33747598fc1e063ff967b7c16abd2076323dca7cd2cc5ab8225b6d31c8029cfe91c8f8c0", 0x68}, {&(0x7f0000000980)="941dd634f75d70afed00837e63d7a620c1b5fd6f48660a86826b474ffb6274f02f52586f30140dafd6a0baffee63a7bafec8837268f35cf21be882e4ac6c522534080f35b3033aeb3f84e473f0b8c5a0d132378d8d7ff5299fd7616415c9c97f6331af9d07a746bb657558522dcee4c292efe922ce9584ec0ca31b7f5362419bd2084f5f9d2ef32bb866383dcb862e17ae85989ce20040b023f6d6b6", 0x9c}, {&(0x7f0000000480)=':', 0x1}], 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x41, 0x3, 0x1c8, 0x0, 0xa, 0x9a000000, 0xf8, 0x0, 0x190, 0x1f0, 0x1f0, 0x190, 0x1f0, 0x3, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'veth0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'veth0_vlan\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x228) 4.826167144s ago: executing program 4 (id=2917): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$kcm(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) process_vm_readv(0x0, &(0x7f0000001600)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/55, 0x37}, {&(0x7f0000000100)=""/160, 0xa0}, {&(0x7f0000001880)=""/83, 0x53}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/236, 0xec}, {&(0x7f0000001340)=""/132, 0x84}, {&(0x7f0000001400)=""/144, 0x90}, {&(0x7f0000001500)=""/249, 0xf9}], 0x9, &(0x7f0000001840)=[{&(0x7f00000016c0)=""/153, 0x99}, {&(0x7f0000001780)=""/133, 0x85}], 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast1, @local, [], [], 'gretap0\x00', 'nr0\x00'}, 0x0, 0xa8, 0xf0, 0x60030000, {0x0, 0xff000000}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@loopback, 'macvlan1\x00'}}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0xffffffff, 0xfffffe00}}, @common=@hbh={{0x48}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398) eventfd(0x3) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000001900)="e79469c454c44d2315aa", 0xfffffffffffffcb6, 0x4008055, &(0x7f0000001940)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}, 0xfffffffd}, 0x1c) r4 = getpid() ioctl$BINDER_FREEZE(0xffffffffffffffff, 0x400c620e, &(0x7f00000000c0)={r4, 0x0, 0x1}) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x3e9, 0x400, 0x70bd2c, 0x25dfdbfb, {0x77, 0x0, 0x1, r4, 0x9, 0x7f, 0x9bed, 0xfffffffd, 0x0, 0x3e, 0x4}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48001) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r3, 0x1) dup(0xffffffffffffffff) socket$tipc(0x1e, 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x4}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x20000023896) 3.836060246s ago: executing program 4 (id=2927): open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=@framed={{}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000001}, {0x85, 0x0, 0x0, 0x4}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3.742200341s ago: executing program 3 (id=2928): r0 = socket(0x200000100000011, 0x803, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) sendmmsg$sock(r0, &(0x7f0000001b00)=[{{&(0x7f0000000180)=@ll={0x11, 0x0, r2}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000200)="041f999c295f034799638bd3096b", 0xe}], 0x1, &(0x7f0000000300)=[@mark={{0x14}}], 0x18}}], 0x1, 0x0) 3.732427318s ago: executing program 0 (id=2929): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x3}]}}}]}, 0x3c}}, 0x0) 3.563497005s ago: executing program 0 (id=2931): socket$nl_route(0x10, 0x3, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r1, 0x0, 0x0) dup3(r2, r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) r3 = socket$unix(0x1, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r4 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r4, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close(r5) ioctl$TIOCL_BLANKSCREEN(r3, 0x5450, 0x0) 3.49196644s ago: executing program 3 (id=2932): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00') openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0xab, 0x0}, 0x0) close(r2) timer_create(0x0, 0x0, 0x0) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8901, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) fcntl$addseals(r0, 0x2, 0x0) 2.80443362s ago: executing program 2 (id=2940): r0 = gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8) readv(r1, 0x0, 0x0) close(r1) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r2, &(0x7f0000000140)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r3) rt_sigreturn() socket$inet6_icmp(0xa, 0x2, 0x3a) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) 2.652590247s ago: executing program 4 (id=2941): unshare(0x28000600) unshare(0x40000000) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg$sock(r0, &(0x7f0000000500)=[{{&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}}}, 0x80, 0x0}}, {{&(0x7f0000000100)=@caif=@dgm, 0x80, 0x0}}], 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000700), r1) 2.598720154s ago: executing program 0 (id=2942): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK/file0\x00'}, 0x6e) 2.521421444s ago: executing program 3 (id=2943): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0) 2.518020715s ago: executing program 2 (id=2944): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x2, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x88}}, 0x0) 2.462040757s ago: executing program 0 (id=2945): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f00000002c0)={0x11, 0x17, r1, 0x1, 0x0, 0x6, @random="1672b0b3b9b7"}, 0x14) bind$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) 2.360686965s ago: executing program 0 (id=2946): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/70, 0x46}}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000100)=0x1e79, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.290104171s ago: executing program 2 (id=2947): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000802, 0x0, 0x0) 2.199010536s ago: executing program 1 (id=2948): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x4, 0x0, &(0x7f00000003c0)=0xffffff51) 2.172230282s ago: executing program 2 (id=2949): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) close(0x3) 2.073504098s ago: executing program 4 (id=2950): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) syz_usb_disconnect(r0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x54, 0x63, 0x4b, 0x0, 0x5c6, 0x9047, 0x60fe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2b, 0xcc, 0x94}}]}}]}}, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x60, 0x2}, @rumble}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2778) syz_usb_disconnect(0xffffffffffffffff) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) 2.054148402s ago: executing program 0 (id=2951): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100001cd4766dc2d935761a0100635e34de2c47a738", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x80002, 0x88) socket$inet(0x2, 0x0, 0x0) r3 = memfd_secret(0x0) close(r3) socket$unix(0x1, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback, 0x0, 0x10, 0x5}}) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) ppoll(&(0x7f0000000d40)=[{r2}], 0x1, &(0x7f0000000dc0)={0x0, 0x3938700}, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r4}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="0206000003000000000000000000000001"], 0x18}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0) syz_usb_connect$uac1(0x0, 0xb6, &(0x7f0000000380)=ANY=[@ANYBLOB="12011003000000106b1d01014000010203010902a40003010040000904000000010100000a24010400050201020b24050009cb4f45a100b709240400085a652a220c2402000000006a000000000824080301044b980524050000090401000001020000090401010101020000082402010000000009050109ff0300800107250100000000090402000001020000090402010101020000092402020700a66a000724010000011009058209000200000007250100000000"], &(0x7f0000002280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000001018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r8}, 0x10) clock_settime(0x0, &(0x7f0000000540)={0x77359400}) getresuid(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 1.955062797s ago: executing program 1 (id=2952): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xe0}}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 1.696797364s ago: executing program 1 (id=2953): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$mice(0xffffff9c, &(0x7f0000000240), 0xc2000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.681277697s ago: executing program 2 (id=2954): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000100)={r1}) 1.557318871s ago: executing program 3 (id=2955): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x254, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x22a, 0x33, @beacon={{{}, {}, @device_a, @broadcast, @random="90e488f9971a"}, 0x0, @random, 0x0, @void, @void, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x0, 0x0, 0xb06}}, [{0xdd, 0x73, "eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24"}, {0xdd, 0xa3, "4f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f"}, {0xdd, 0x4a, "5dad8ac12f96664d51c30bd3379c2d305630cd93fec0b4249d429b451f52399f26b866650e0e9464949a974045190fa9251c8b6aacda7ecc351ee9cb5512364284512cf7643040ee1f52"}, {0xdd, 0x78, "83534cd40fda26eabadf3814f88fa9c5d39124ac6ffcf2583cbdd58fa0969b3e6783c46ed2318e977c080347f36fa8d773079f6224521c4c8b10e4a9454bece9457b66b239a7eaff140a8d9131349399c804bb1a81f829c6ab11af5cfe8df9f59ec093d26c17fe50bb0550d71068d1627631bb2db934cb18"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x254}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000080)={0x0, 0xea60}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000003100)={@ifindex, 0xffffffffffffffff, 0x11, 0x10, 0xffffffffffffffff, @prog_fd}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x6e, 0x1, 0x2fb, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x80, 0x800, 0xe5b}}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081780000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afc0513466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea01d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a07f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a126a1bdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0d5d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f10bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d00b07862c4fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52c094016406cdd32abf77fea373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515dca8811922929e08538fab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f57cbc05cd897f40693ec427ea71578130cde48de3b4dda0c7b615b57ccd4f8ac729a80f891d91a89d967948b9d95b1f22480ab48969e86b854a8c17f3e264ce11f9f63552364e759eec94572f2f7b0e2f293573d0b80709815f4344f908c00"/2646], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x1, 0xffffffff}}, @int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}]}}, &(0x7f0000000740)=""/105, 0x42, 0x69, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r8, 0x0, 0x14, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000240)="482eadffffffffffff", 0x0}, 0x50) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @multicast}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff0180c2000b0086dd6012000800383a00fc010000000000000000000000000000ff0200000000000000000000000000010100007800000000600ad91500002c00ff010000000000000000000000000001fe8000000000000000000000000000040000009000000000"], 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00e7ff0000000000140003007465616d5f736c6176655f300000000008000a"], 0x3c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x9, 0x1002, &(0x7f00000004c0)=""/4098}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) 1.496021124s ago: executing program 1 (id=2956): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x7e}, [@ldst={0x6}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x0, 0x13580}, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000000000103afffe8000000000000000000000000800bbff02000000000000000000d8ed94a00186009078ff00000200000000000000003a1108df859474c71d4da595765e25aeeaa2d86ed2da9595b37db2cfc3a10d15b1c5e46116d6cc917d432227dd79660503bb8a970b9216033db8b4298d8071b8100729dc70dfda9a3bb5c17a9b709c78e536ce262c7c57ed4c73e23a771bdbe1ceca98d4a0cfd6086f6dbcfa5b0d"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8d}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(r1, 0x0, &(0x7f0000000040)=0x6) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='l%\x86\xce6\xdb\f\xcf\x19|\xc9O\x7f\xce\x8f\x7f\x1c\xeay\x06\x00\x00\x00\a0\r\x13\xaa\x84r\xd7^\xe82\x0f\x1a\xf1\x02\x00\x1e&{\xee2\x95I\xca\xbevl\x12\xb6 \xd4') prctl$PR_SET_SECCOMP(0x10, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='map_files\x00') getdents64(r2, &(0x7f0000002f40)=""/4098, 0x1002) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x16, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x5}, [@exit, @btf_id={0x18, 0x6, 0x3, 0x0, 0x4}, @ringbuf_query, @ringbuf_query, @tail_call, @call={0x85, 0x0, 0x0, 0x12}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000100)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x5, 0x9, 0x4, 0x4}, {0x1, 0x5, 0x9, 0x3}], 0x10, 0x1}, 0x90) accept4$packet(r2, &(0x7f00000002c0), &(0x7f00000003c0)=0x14, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/159) getuid() r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x9}, {0x6, 0x0, 0x0, 0x7ffffffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x0) 1.428188771s ago: executing program 2 (id=2957): timerfd_create(0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a0000904000001030101000921000800012201000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 239.979107ms ago: executing program 3 (id=2958): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='ext4_evict_inode\x00', r1}, 0x10) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000180)='./control\x00', 0xa4000960) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42}, 0x10) bind$tipc(r4, 0x0, 0x0) close(r4) 176.740869ms ago: executing program 1 (id=2959): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000802, 0x0, 0x0) 24.005461ms ago: executing program 1 (id=2960): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x2080) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r4, 0x40405514, &(0x7f0000000000)={0x0, 0x0, 0x800000, 0x0, 'syz0\x00'}) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r4, 0x40405515, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 'syz0\x00'}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b40)={{r5}, 0x0, 0x0}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0x5523, 0x0) recvmsg(r3, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r3, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYRES64], 0x100000530) unshare(0x4000400) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d6200100000000000000ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a0932f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c43ff010000000000000128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4d535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420ec6196e1ee3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee99367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57d31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) 0s ago: executing program 3 (id=2961): unshare(0x28000600) unshare(0x40000000) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg$sock(r0, &(0x7f0000000500)=[{{&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}}}, 0x80, 0x0}}, {{&(0x7f0000000100)=@caif=@dgm, 0x80, 0x0}}], 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000700), r1) kernel console output (not intermixed with test programs): netlink: 8 bytes leftover after parsing attributes in process `syz.2.2449'. [ 706.599901][T14933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.645509][T14933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.680598][T15065] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 706.717660][T15068] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 706.808055][T15067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2455'. [ 706.916801][T10720] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 706.962049][T14933] team0: Port device team_slave_0 added [ 707.022365][T14933] team0: Port device team_slave_1 added [ 707.150265][T10720] usb 3-1: Using ep0 maxpacket: 8 [ 707.162358][T14933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 707.176721][T10720] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 707.214404][T14933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.229914][T10720] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 707.271571][T10720] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.321551][T14933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 707.351049][T10720] usb 3-1: config 0 descriptor?? [ 707.400663][T10720] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 707.457920][T14933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 707.500223][T14933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 707.640212][T14933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 707.685750][ T29] audit: type=1326 audit(1719481507.719:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 707.707459][ C0] vkms_vblank_simulate: vblank timer overrun [ 707.734412][T15080] tmpfs: Unknown parameter 'usrquotahe_free' [ 707.804206][ T4476] Bluetooth: hci7: unexpected event for opcode 0x0000 [ 707.804831][ T29] audit: type=1326 audit(1719481507.749:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 707.979976][T10720] gspca_vc032x: reg_r err -71 [ 707.999456][T10720] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 708.007702][ T29] audit: type=1326 audit(1719481507.759:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007759][ T29] audit: type=1326 audit(1719481507.759:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007807][ T29] audit: type=1326 audit(1719481507.759:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007855][ T29] audit: type=1326 audit(1719481507.759:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007901][ T29] audit: type=1326 audit(1719481507.759:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007948][ T29] audit: type=1326 audit(1719481507.759:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.007994][ T29] audit: type=1326 audit(1719481507.759:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15075 comm="syz.4.2459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bb175ae9 code=0x7ffc0000 [ 708.073653][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.139177][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.227705][T14933] hsr_slave_0: entered promiscuous mode [ 708.244186][T14933] hsr_slave_1: entered promiscuous mode [ 708.300166][T14933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 708.320472][T14933] Cannot create hsr debugfs directory [ 708.417147][T10720] usb 3-1: USB disconnect, device number 49 [ 709.058527][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.070225][T10720] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 709.275372][T10720] usb 2-1: Using ep0 maxpacket: 32 [ 709.311582][T10720] usb 2-1: New USB device found, idVendor=10c4, idProduct=81aa, bcdDevice=99.d3 [ 709.353038][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.363861][T10720] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.391934][T10720] usb 2-1: Product: syz [ 709.409925][T10720] usb 2-1: Manufacturer: syz [ 709.447060][T10720] usb 2-1: SerialNumber: syz [ 709.505711][T10720] usb 2-1: config 0 descriptor?? [ 709.516761][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.563526][T10720] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 709.717828][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.918773][T15103] 9pnet_fd: Insufficient options for proto=fd [ 710.040844][T10720] usb 2-1: USB disconnect, device number 54 [ 710.051566][T15105] tmpfs: Unknown parameter 'usrquotahe_free' [ 710.518796][ T5079] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 710.531681][ T5079] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 710.548869][ T5079] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 710.567875][ T5079] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 710.576017][ T5079] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 710.586119][ T5079] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 710.587005][ T51] bridge_slave_1: left allmulticast mode [ 710.646956][ T51] bridge_slave_1: left promiscuous mode [ 710.656978][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.714107][ T51] bridge_slave_0: left allmulticast mode [ 710.726449][ T51] bridge_slave_0: left promiscuous mode [ 710.741795][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.248764][T15126] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 711.569919][T15136] hugetlbfs: Bad value 'm' for mount option 'size' [ 711.569919][T15136] [ 711.862290][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.873736][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.888231][ T51] bond0 (unregistering): Released all slaves [ 711.919196][T15123] tipc: Started in network mode [ 711.930823][T15123] tipc: Node identity 3693a44b761e, cluster identity 4711 [ 711.942109][T15123] tipc: Enabled bearer , priority 0 [ 712.010261][T11158] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 712.066043][T15125] tipc: Resetting bearer [ 712.097574][T15117] tipc: Resetting bearer [ 712.218524][T11158] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 712.235072][T11158] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.246911][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 712.246955][ T29] audit: type=1326 audit(1719481512.279:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15139 comm="syz.1.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 712.279136][T11158] usb 1-1: Product: syz [ 712.285770][T11158] usb 1-1: Manufacturer: syz [ 712.295568][T11158] usb 1-1: SerialNumber: syz [ 712.304579][ T29] audit: type=1326 audit(1719481512.279:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15139 comm="syz.1.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 712.328620][T11158] usb 1-1: config 0 descriptor?? [ 712.335259][ T29] audit: type=1326 audit(1719481512.289:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15139 comm="syz.1.2471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 712.616003][T12341] usb 1-1: USB disconnect, device number 57 [ 712.721322][ T4476] Bluetooth: hci5: command tx timeout [ 712.750433][T11158] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 712.944748][T11158] usb 2-1: Using ep0 maxpacket: 8 [ 712.954430][T11158] usb 2-1: config 6 has an invalid interface number: 3 but max is 2 [ 712.962738][T11158] usb 2-1: config 6 has an invalid interface number: 243 but max is 2 [ 712.971138][T11158] usb 2-1: config 6 has an invalid interface number: 251 but max is 2 [ 712.974636][T10720] tipc: Node number set to 1083024459 [ 712.979335][T11158] usb 2-1: config 6 has no interface number 0 [ 712.979361][T11158] usb 2-1: config 6 has no interface number 1 [ 712.997642][T11158] usb 2-1: config 6 has no interface number 2 [ 713.009884][T11158] usb 2-1: config 6 interface 243 altsetting 0 bulk endpoint 0xD has invalid maxpacket 1024 [ 713.023330][T11158] usb 2-1: config 6 interface 243 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 16 [ 713.041339][T11158] usb 2-1: config 6 interface 243 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 713.054459][T11158] usb 2-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 713.065412][T11158] usb 2-1: config 6 interface 243 altsetting 0 endpoint 0xB8 has an invalid bInterval 247, changing to 7 [ 713.076742][T11158] usb 2-1: config 6 interface 243 altsetting 0 endpoint 0xB8 has invalid maxpacket 8638, setting to 1024 [ 713.088265][T11158] usb 2-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 713.099163][T11158] usb 2-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 713.110722][T11158] usb 2-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x64, skipping [ 713.121859][T11158] usb 2-1: config 6 interface 243 altsetting 0 has 13 endpoint descriptors, different from the interface descriptor's value: 11 [ 713.136561][T11158] usb 2-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 713.152228][T11158] usb 2-1: config 6 interface 251 altsetting 147 endpoint 0x6 has an invalid bInterval 31, changing to 7 [ 713.166145][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x6, skipping [ 713.180000][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x9, skipping [ 713.191305][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x4, skipping [ 713.210996][T11158] usb 2-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 713.222557][T11158] usb 2-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 713.236386][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xD, skipping [ 713.247474][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x3, skipping [ 713.267863][T11158] usb 2-1: config 6 interface 251 altsetting 147 endpoint 0x8A has an invalid bInterval 128, changing to 7 [ 713.281697][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xF, skipping [ 713.292820][T11158] usb 2-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xE, skipping [ 713.303838][T11158] usb 2-1: config 6 interface 3 has no altsetting 0 [ 713.310642][T11158] usb 2-1: config 6 interface 251 has no altsetting 0 [ 713.322634][T11158] usb 2-1: New USB device found, idVendor=19d2, idProduct=0176, bcdDevice=dc.28 [ 713.333801][T11158] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.342023][T11158] usb 2-1: Product: ࠌ [ 713.346215][T11158] usb 2-1: Manufacturer: 〉 [ 713.351248][T11158] usb 2-1: SerialNumber: 屉쿮峭Ⳇ옜타撅ꨱ鹒驹끤⌒꘤팽뗌嗝㕰㮚撫⤸쨵袉잹鴂樓牧쎸럜ቍ閹ധ乸愊뭘皔㪯㹖✸켮䠈웧 [ 713.650996][T11158] usb 2-1: USB disconnect, device number 55 [ 714.500816][ T5130] usb 2-1: new full-speed USB device number 56 using dummy_hcd [ 714.698477][ T5130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 714.709714][ T5130] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 714.728743][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.739650][ T5130] usb 2-1: config 0 descriptor?? [ 714.747698][ T5130] hub 2-1:0.0: USB hub found [ 714.793806][ T4476] Bluetooth: hci5: command tx timeout [ 714.804764][T15117] tipc: Disabling bearer [ 714.853117][T15153] netlink: 'syz.0.2473': attribute type 2 has an invalid length. [ 714.891294][T15153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2473'. [ 714.912378][T15149] netlink: 'syz.0.2473': attribute type 1 has an invalid length. [ 714.937936][T15149] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2473'. [ 714.947984][T15154] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2473'. [ 714.954764][ T5130] hub 2-1:0.0: 1 port detected [ 714.965005][T15156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2473'. [ 715.063071][T15162] xt_socket: unknown flags 0x50 [ 715.317055][ T51] hsr_slave_0: left promiscuous mode [ 715.344123][ T51] hsr_slave_1: left promiscuous mode [ 715.358274][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 715.395817][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 715.416535][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 715.436533][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.534238][ T51] veth1_macvtap: left promiscuous mode [ 715.568764][ T51] veth0_macvtap: left promiscuous mode [ 715.580348][ T5158] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 715.590497][ T51] veth1_vlan: left promiscuous mode [ 715.595971][ T51] veth0_vlan: left promiscuous mode [ 715.615644][ T5130] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 715.624025][T12341] usb 2-1: USB disconnect, device number 56 [ 715.794971][ T5158] usb 1-1: Using ep0 maxpacket: 32 [ 715.818889][ T5158] usb 1-1: New USB device found, idVendor=10c4, idProduct=81aa, bcdDevice=99.d3 [ 715.850270][ T5158] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.871909][ T5158] usb 1-1: Product: syz [ 715.881418][ T5158] usb 1-1: Manufacturer: syz [ 715.894843][ T5158] usb 1-1: SerialNumber: syz [ 715.923053][ T5158] usb 1-1: config 0 descriptor?? [ 715.944108][ T5158] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 716.385140][ T5158] usb 1-1: USB disconnect, device number 58 [ 716.530357][T12341] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 716.732869][T12341] usb 2-1: Using ep0 maxpacket: 16 [ 716.748694][T12341] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 716.759145][T12341] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 716.770359][T12341] usb 2-1: Product: syz [ 716.774653][T12341] usb 2-1: Manufacturer: syz [ 716.779274][T12341] usb 2-1: SerialNumber: syz [ 716.792615][T12341] usb 2-1: config 0 descriptor?? [ 716.870269][ T4476] Bluetooth: hci5: command tx timeout [ 716.991813][ T51] team0 (unregistering): Port device team_slave_1 removed [ 717.027994][T11158] usb 2-1: USB disconnect, device number 57 [ 717.139914][ T51] team0 (unregistering): Port device team_slave_0 removed [ 718.645429][T14933] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 718.673259][T14933] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 718.749773][T15197] pimreg: entered allmulticast mode [ 718.755953][T15198] pimreg: left allmulticast mode [ 718.789035][T14933] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 718.950268][ T4476] Bluetooth: hci5: command tx timeout [ 718.960820][T14933] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 719.263426][T15211] netlink: 'syz.0.2484': attribute type 2 has an invalid length. [ 719.291322][T15211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2484'. [ 719.385699][T15213] netlink: 'syz.0.2484': attribute type 1 has an invalid length. [ 719.394959][T15213] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2484'. [ 719.406814][T15211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2484'. [ 719.475268][T15207] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2484'. [ 719.615692][T15109] chnl_net:caif_netlink_parms(): no params data found [ 719.973361][T15228] tmpfs: Unknown parameter 'usrquotahe_free' [ 720.020737][T15109] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.053358][T15109] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.091757][T15109] bridge_slave_0: entered allmulticast mode [ 720.119668][T15109] bridge_slave_0: entered promiscuous mode [ 720.183545][T15109] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.200609][T15109] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.209104][T15109] bridge_slave_1: entered allmulticast mode [ 720.226073][T15109] bridge_slave_1: entered promiscuous mode [ 720.244446][T14933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 720.295591][T15109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.348788][T15109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.524533][T15109] team0: Port device team_slave_0 added [ 720.578292][T15109] team0: Port device team_slave_1 added [ 720.711215][T14933] 8021q: adding VLAN 0 to HW filter on device team0 [ 720.903470][T15109] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 720.963563][T15109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.015609][T15109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.052218][T12341] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.052358][T12341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 721.064447][T12341] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.064582][T12341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 721.072907][T15109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.072930][T15109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.072960][T15109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.327959][T15246] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 721.339384][T15109] hsr_slave_0: entered promiscuous mode [ 721.349339][T15109] hsr_slave_1: entered promiscuous mode [ 721.353388][T15109] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.353505][T15109] Cannot create hsr debugfs directory [ 722.574110][T15266] binder: BINDER_SET_CONTEXT_MGR already set [ 722.595932][T15266] binder: 15265:15266 ioctl 4018620d 200001c0 returned -16 [ 723.187466][T15272] netlink: 'syz.2.2494': attribute type 2 has an invalid length. [ 723.197409][T15272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2494'. [ 723.224235][T15273] tunl0: entered promiscuous mode [ 723.253359][T15273] netlink: 'syz.2.2494': attribute type 1 has an invalid length. [ 723.272594][T15273] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2494'. [ 723.292555][T15274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2494'. [ 723.326978][T14933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.375712][T15272] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2494'. [ 723.812917][ T4476] Bluetooth: hci1: unexpected event 0x04 length: 14 > 10 [ 723.832933][T14933] veth0_vlan: entered promiscuous mode [ 723.889287][T15109] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 724.002182][T15109] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 724.171725][T15109] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 724.202383][T15109] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 724.265334][T14933] veth1_vlan: entered promiscuous mode [ 724.672867][T15301] pimreg: entered allmulticast mode [ 724.688596][T15301] pimreg: left allmulticast mode [ 725.793228][T14933] veth0_macvtap: entered promiscuous mode [ 725.803342][ T29] audit: type=1804 audit(1719481525.709:596): pid=15310 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2499" name="/root/syzkaller.Jh4QsY/36/bus" dev="sda1" ino=2047 res=1 errno=0 [ 725.803406][ T29] audit: type=1326 audit(1719481525.709:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15305 comm="syz.2.2499" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16dc375ae9 code=0x0 [ 725.814187][T14933] veth1_macvtap: entered promiscuous mode [ 725.835946][ T4476] Bluetooth: hci1: command tx timeout [ 726.618087][ T29] audit: type=1326 audit(1719481526.649:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15311 comm="syz.0.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7fc00000 [ 726.628790][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 726.671818][ T29] audit: type=1326 audit(1719481526.689:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15311 comm="syz.0.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fa696175ae9 code=0x7fc00000 [ 726.714424][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.747875][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 726.765967][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.798154][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 726.819258][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.845375][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 726.858793][ T29] audit: type=1326 audit(1719481526.889:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15311 comm="syz.0.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7fc00000 [ 726.878245][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.927849][T14933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 727.029982][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 727.076798][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 727.129605][T15331] MD5 Hash not found for [fe80::bb].0->[ff02::1].20002 [F.]L3 index 0 [ 727.138138][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 727.175152][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 727.197072][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 727.226118][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 727.276969][T14933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 727.309187][T14933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 727.332226][T14933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 727.369270][T14933] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.396054][T14933] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.410204][T14933] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.440393][T14933] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.476714][T15342] netlink: 'syz.2.2504': attribute type 2 has an invalid length. [ 727.500133][T15342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2504'. [ 727.544036][T15343] netlink: 'syz.2.2504': attribute type 1 has an invalid length. [ 727.567369][T15343] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2504'. [ 727.612936][T15345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2504'. [ 727.642682][T15342] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2504'. [ 727.843906][T15109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 727.936762][T15109] 8021q: adding VLAN 0 to HW filter on device team0 [ 728.055467][T10720] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.062697][T10720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.182495][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.189739][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.238664][ T9000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 728.269417][ T9000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.283448][T15362] tmpfs: Unknown parameter 'usrquotahe_free' [ 728.536033][ T9000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 728.577637][ T9000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.942319][T15379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2430'. [ 729.004613][T15379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2430'. [ 729.236907][T15109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 729.454033][T15394] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2510'. [ 730.115656][T15412] netlink: 'syz.3.2514': attribute type 2 has an invalid length. [ 730.150923][T15412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2514'. [ 730.311514][T15413] tunl0: entered promiscuous mode [ 730.367664][T15413] netlink: 'syz.3.2514': attribute type 1 has an invalid length. [ 730.412216][T15413] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2514'. [ 730.442946][ T51] Bluetooth: hci6: Frame reassembly failed (-84) [ 730.454327][T15414] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2514'. [ 730.615535][T15413] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2514'. [ 730.695952][T15109] veth0_vlan: entered promiscuous mode [ 730.798003][T15109] veth1_vlan: entered promiscuous mode [ 730.918183][T15109] veth0_macvtap: entered promiscuous mode [ 730.940825][T10720] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 730.956795][T15109] veth1_macvtap: entered promiscuous mode [ 731.090657][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.133607][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.165868][T10720] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 731.178976][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.189728][T10720] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 731.211959][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.224477][T10720] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 731.256289][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.269357][T10720] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 731.303455][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.319271][T10720] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 731.329501][T10720] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 731.337994][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.349906][T10720] usb 2-1: Product: syz [ 731.358604][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.378409][T10720] usb 2-1: Manufacturer: syz [ 731.409061][T10720] cdc_wdm 2-1:1.0: skipping garbage [ 731.419392][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.440024][T10720] cdc_wdm 2-1:1.0: skipping garbage [ 731.466301][T10720] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 731.472343][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.482554][T10720] cdc_wdm 2-1:1.0: Unknown control protocol [ 731.508161][T15109] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 731.568661][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.588718][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.604979][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.687943][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.714914][T15422] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 731.751092][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.792255][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.805429][ T5129] usb 2-1: USB disconnect, device number 58 [ 731.842113][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.869650][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.886783][T15109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.939379][T15109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.977513][T15109] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 732.004766][T15438] tipc: Started in network mode [ 732.010467][T15438] tipc: Node identity 6635004000000f3, cluster identity 4711 [ 732.021942][T15438] tipc: Enabling of bearer rejected, failed to enable media [ 732.052544][T15109] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.104379][T15109] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.117109][T15109] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.127222][T15109] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.237086][T15447] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 732.424174][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.447902][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 732.470962][ T5079] Bluetooth: hci6: command 0x1003 tx timeout [ 732.481649][ T4476] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 732.544489][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.553152][ T29] audit: type=1326 audit(1719481532.589:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 732.566197][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 732.619012][ T29] audit: type=1326 audit(1719481532.589:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 732.646277][ T29] audit: type=1326 audit(1719481532.619:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 732.742674][ T29] audit: type=1326 audit(1719481532.619:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 732.901726][ T29] audit: type=1326 audit(1719481532.619:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 732.995347][ T29] audit: type=1326 audit(1719481532.619:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa69617469f code=0x7ffc0000 [ 733.017932][T15466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2465'. [ 733.130336][ T29] audit: type=1326 audit(1719481532.619:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 733.251843][ T29] audit: type=1326 audit(1719481532.629:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 733.524666][ T29] audit: type=1326 audit(1719481532.629:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 733.848049][ T29] audit: type=1326 audit(1719481532.629:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15455 comm="syz.0.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x7ffc0000 [ 734.225101][T15494] netlink: 'syz.3.2527': attribute type 2 has an invalid length. [ 734.243383][T15494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2527'. [ 734.275493][T15494] netlink: 'syz.3.2527': attribute type 1 has an invalid length. [ 734.286219][T15494] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2527'. [ 734.313738][T15494] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2527'. [ 734.331325][T15497] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2529'. [ 734.370909][T15502] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2527'. [ 734.545096][T15509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2531'. [ 734.588906][T15512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2531'. [ 734.815618][T15510] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 735.070253][T15531] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 735.095316][T15519] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 735.189814][ T9000] Bluetooth: hci6: Frame reassembly failed (-84) [ 736.100166][ T5187] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 736.322985][ T5187] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 736.398188][ T5187] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 736.441215][T15548] tmpfs: Unknown parameter 'usrquotahe_free' [ 736.451812][ T5187] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 736.575936][ T5187] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 736.638905][ T5187] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 736.675658][ T5187] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 736.713102][ T5187] usb 4-1: Product: syz [ 736.735624][ T5187] usb 4-1: Manufacturer: syz [ 736.783935][ T5187] cdc_wdm 4-1:1.0: skipping garbage [ 736.812995][ T5187] cdc_wdm 4-1:1.0: skipping garbage [ 736.841255][ T5187] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 736.873523][ T5187] cdc_wdm 4-1:1.0: Unknown control protocol [ 736.892036][T15550] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 737.011760][T15530] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 737.068927][T11158] usb 4-1: USB disconnect, device number 51 [ 737.197519][ T4476] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 738.032693][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 738.032737][ T29] audit: type=1804 audit(1719481537.949:614): pid=15560 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2542" name="/root/syzkaller.zJqg75/58/bus" dev="sda1" ino=2048 res=1 errno=0 [ 738.078116][ T29] audit: type=1326 audit(1719481537.949:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15558 comm="syz.1.2542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x0 [ 738.694843][T15578] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2546'. [ 738.773605][T15578] team_slave_0: entered promiscuous mode [ 738.779290][T15578] team_slave_0: entered allmulticast mode [ 738.861384][T15578] team0: Port device team_slave_0 removed [ 739.230823][T10720] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 739.242965][T15598] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 739.350670][ T5079] Bluetooth: hci3: command 0x0406 tx timeout [ 739.475725][T15595] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 739.532150][T10720] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 739.620411][T10720] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 739.629507][T10720] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.688048][T10720] usb 1-1: config 0 descriptor?? [ 739.723746][T10720] hub 1-1:0.0: USB hub found [ 739.829294][T15610] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2552'. [ 740.068539][T10720] hub 1-1:0.0: 1 port detected [ 740.664742][T15616] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2553'. [ 741.241639][T10720] hub 1-1:0.0: hub_hub_status failed (err = -32) [ 741.248440][T10720] hub 1-1:0.0: config failed, can't get hub status (err -32) [ 741.556364][T10720] usbhid 1-1:0.0: can't add hid device: -71 [ 741.585474][T10720] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 741.648780][ T5079] Bluetooth: hci6: sending frame failed (-49) [ 741.657451][ T4476] Bluetooth: hci6: Opcode 0x1003 failed: -49 [ 741.686461][T10720] usb 1-1: USB disconnect, device number 59 [ 741.925193][ T29] audit: type=1326 audit(1719481541.959:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15626 comm="syz.4.2556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafabf75ae9 code=0x0 [ 742.220272][T11158] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 742.299963][ T4186] Bluetooth: hci7: Frame reassembly failed (-84) [ 742.442661][T11158] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 742.475938][T11158] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 742.531584][T11158] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 742.571967][T11158] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 742.627543][T11158] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 742.636718][T11158] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 742.644923][T11158] usb 3-1: Product: syz [ 742.649209][T11158] usb 3-1: Manufacturer: syz [ 742.683009][T11158] cdc_wdm 3-1:1.0: skipping garbage [ 742.690587][T11158] cdc_wdm 3-1:1.0: skipping garbage [ 742.709953][T11158] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 742.728397][T11158] cdc_wdm 3-1:1.0: Unknown control protocol [ 742.820324][ T5158] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 742.949351][T15639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2561'. [ 743.043647][ T5158] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 743.052553][ T5158] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 743.065113][T15639] team_slave_0: entered promiscuous mode [ 743.078915][T15639] team_slave_0: entered allmulticast mode [ 743.086323][ T5158] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 743.118445][ T5158] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.149428][T15639] team0: Port device team_slave_0 removed [ 743.162955][ T5158] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 743.182415][ T5158] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 743.202634][ T5158] usb 1-1: Product: syz [ 743.205128][T15622] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 743.206863][ T5158] usb 1-1: Manufacturer: syz [ 743.261207][ T5158] cdc_wdm 1-1:1.0: skipping garbage [ 743.275458][ T5158] cdc_wdm 1-1:1.0: skipping garbage [ 743.299258][ T5158] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 743.323262][ T5126] usb 3-1: USB disconnect, device number 50 [ 743.341818][ T5158] cdc_wdm 1-1:1.0: Unknown control protocol [ 743.372109][T15641] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 743.477272][T15633] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 743.532444][T10720] usb 1-1: USB disconnect, device number 60 [ 743.974803][T15654] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 744.310982][ T4476] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 744.311026][ T5079] Bluetooth: hci7: command 0x1003 tx timeout [ 744.490172][T11158] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 744.672462][T11158] usb 2-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 744.710742][T11158] usb 2-1: language id specifier not provided by device, defaulting to English [ 744.721196][ T5126] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 744.733634][T11158] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 744.744433][T11158] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.752612][T11158] usb 2-1: Product: syz [ 744.757027][T11158] usb 2-1: Manufacturer: syz [ 744.761850][T11158] usb 2-1: SerialNumber: syz [ 744.781944][T11158] usbhid 2-1:250.0: couldn't find an input interrupt endpoint [ 744.922191][ T5126] usb 3-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 745.001475][ T5126] usb 3-1: language id specifier not provided by device, defaulting to English [ 745.029732][ T5126] usb 3-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 745.045277][ T5126] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.058600][ T5126] usb 3-1: Product: syz [ 745.075070][ T5126] usb 3-1: Manufacturer: syz [ 745.079712][ T5126] usb 3-1: SerialNumber: syz [ 745.097480][ T5126] usbhid 3-1:250.0: couldn't find an input interrupt endpoint [ 745.316678][T15675] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2571'. [ 745.420228][T10720] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 746.911567][T10720] usb 1-1: Using ep0 maxpacket: 32 [ 746.949672][T10720] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 747.005302][T10720] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.028506][T10720] usb 1-1: Product: syz [ 747.053828][T10720] usb 1-1: Manufacturer: syz [ 747.093974][T10720] usb 1-1: SerialNumber: syz [ 747.173077][T10720] usb 1-1: config 0 descriptor?? [ 747.431139][T10720] usb 1-1: bad CDC descriptors [ 747.453491][T10720] usb 1-1: unsupported MDLM descriptors [ 747.524651][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.537879][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.809574][ T5130] usb 2-1: USB disconnect, device number 59 [ 748.974696][T15693] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 749.102513][ T5158] usb 1-1: USB disconnect, device number 61 [ 749.313046][T15702] fuse: Bad value for 'fd' [ 749.506500][ T12] Bluetooth: hci6: Frame reassembly failed (-84) [ 749.659415][T15709] dccp_invalid_packet: invalid packet type [ 749.752389][T15706] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 750.045626][T10720] usb 3-1: USB disconnect, device number 51 [ 750.240322][T11158] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 750.444088][T11158] usb 2-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 750.510557][T11158] usb 2-1: language id specifier not provided by device, defaulting to English [ 750.573847][T11158] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 750.615941][T11158] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.644083][T11158] usb 2-1: Product: syz [ 750.657945][T11158] usb 2-1: Manufacturer: syz [ 750.672382][T11158] usb 2-1: SerialNumber: syz [ 750.716695][T11158] usbhid 2-1:250.0: couldn't find an input interrupt endpoint [ 750.867461][T15726] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2586'. [ 752.220563][ T4476] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 753.548931][T10720] usb 2-1: USB disconnect, device number 60 [ 753.762263][T15738] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 753.851561][T15753] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2594'. [ 754.014495][T11158] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 754.190278][T10720] usb 5-1: new full-speed USB device number 57 using dummy_hcd [ 754.228855][ T5079] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 754.240245][T11158] usb 3-1: Using ep0 maxpacket: 32 [ 754.295854][T11158] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 754.319142][T11158] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.343637][T11158] usb 3-1: Product: syz [ 754.348020][T11158] usb 3-1: Manufacturer: syz [ 754.356647][T11158] usb 3-1: SerialNumber: syz [ 754.369156][T11158] usb 3-1: config 0 descriptor?? [ 754.387993][T11158] usb 3-1: bad CDC descriptors [ 754.401648][T11158] usb 3-1: unsupported MDLM descriptors [ 754.412361][T10720] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 754.450249][T10720] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 754.465965][T10720] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.507888][T10720] usb 5-1: config 0 descriptor?? [ 754.513109][ T5187] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 754.534076][T10720] hub 5-1:0.0: USB hub found [ 754.720778][ T5187] usb 2-1: Using ep0 maxpacket: 32 [ 754.737305][T10720] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 754.838238][ T5187] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 754.848746][ T5187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.865003][ T5187] usb 2-1: Product: syz [ 754.879192][ T5187] usb 2-1: Manufacturer: syz [ 754.884580][ T5187] usb 2-1: SerialNumber: syz [ 754.892748][ T5187] usb 2-1: config 0 descriptor?? [ 754.918609][ T5187] usb 2-1: bad CDC descriptors [ 754.953120][ T5187] usb 2-1: unsupported MDLM descriptors [ 754.993078][T15766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2598'. [ 755.032949][T15766] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 5 - 0 [ 755.046181][T15766] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 5 - 0 [ 755.066745][T15766] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 5 - 0 [ 755.078639][T15766] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 5 - 0 [ 755.139681][T10720] usbhid 5-1:0.0: can't add hid device: -71 [ 755.159940][T10720] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 755.245702][T10720] usb 5-1: USB disconnect, device number 57 [ 755.436114][T15774] netlink: 'syz.0.2599': attribute type 2 has an invalid length. [ 755.458709][T15774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2599'. [ 755.481529][T15774] netlink: 'syz.0.2599': attribute type 1 has an invalid length. [ 755.497340][T15774] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2599'. [ 755.522304][T15774] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2599'. [ 756.036276][T15786] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2601'. [ 756.198271][T15785] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 756.400002][T10720] usb 3-1: USB disconnect, device number 52 [ 756.615972][ T5079] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 757.011182][ T5126] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 757.138924][T10720] usb 2-1: USB disconnect, device number 61 [ 757.226876][ T5126] usb 4-1: Using ep0 maxpacket: 8 [ 757.241942][ T5126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 757.257453][ T5126] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 757.277410][ T5126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.291385][ T2525] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 757.320395][ T5129] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 757.321829][ T5126] usb 4-1: config 0 descriptor?? [ 757.363636][ T5126] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 757.460390][ T2525] usb 5-1: device descriptor read/64, error -71 [ 757.555224][ T5129] usb 3-1: config 0 interface 0 has no altsetting 0 [ 757.577360][ T5129] usb 3-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 757.601453][ T5129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.613938][ T5129] usb 3-1: config 0 descriptor?? [ 757.638174][ T5129] smsusb:smsusb_probe: board id=8, interface number 0 [ 757.650930][ T5129] smsusb:smsusb_probe: Device initialized with return code -19 [ 757.770703][ T2525] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 757.791241][ T5187] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 757.952465][ T2525] usb 5-1: device descriptor read/64, error -71 [ 757.959576][ T5126] gspca_vc032x: reg_r err -32 [ 757.982856][ T5126] vc032x 4-1:0.0: probe with driver vc032x failed with error -32 [ 758.010977][ T5187] usb 2-1: Using ep0 maxpacket: 16 [ 758.031919][ T5126] usb 4-1: USB disconnect, device number 52 [ 758.070238][ T5187] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 758.116522][ T2525] usb usb5-port1: attempt power cycle [ 758.122206][ T5187] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 758.146842][ T5187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.186341][T15800] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2607'. [ 758.187351][ T5187] usb 2-1: config 0 descriptor?? [ 758.206870][T15800] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2607'. [ 758.262715][T11158] usb 3-1: USB disconnect, device number 53 [ 758.387922][T15813] xt_socket: unknown flags 0x50 [ 758.543568][ T2525] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 758.596465][ T2525] usb 5-1: device descriptor read/8, error -71 [ 758.636709][ T29] audit: type=1326 audit(1719481558.659:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.676454][ T29] audit: type=1326 audit(1719481558.669:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.714263][ T29] audit: type=1326 audit(1719481558.669:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.744816][ T29] audit: type=1326 audit(1719481558.669:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.805840][ T29] audit: type=1326 audit(1719481558.669:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.851231][T15805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 758.870571][ T29] audit: type=1326 audit(1719481558.669:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.882441][T15817] netlink: 'syz.3.2611': attribute type 2 has an invalid length. [ 758.910371][ T2525] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 758.922121][T15805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 758.959467][ T29] audit: type=1326 audit(1719481558.669:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 758.959847][T15817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2611'. [ 758.986764][ T2525] usb 5-1: device descriptor read/8, error -71 [ 758.993045][ T5187] hid (null): report_id 0 is invalid [ 759.009110][ T29] audit: type=1326 audit(1719481558.669:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 759.036089][ T29] audit: type=1326 audit(1719481558.669:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 759.055018][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x1 [ 759.065943][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.065986][T15820] netlink: 'syz.3.2611': attribute type 1 has an invalid length. [ 759.075346][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.115943][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x2 [ 759.122179][ T2525] usb usb5-port1: unable to enumerate USB device [ 759.136488][T15820] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2611'. [ 759.144410][ T29] audit: type=1326 audit(1719481558.669:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15804 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 759.150901][T15817] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2611'. [ 759.197692][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.225995][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.259930][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.306214][ T5187] hid-generic 0003:0158:0100.0003: unknown main item tag 0x0 [ 759.339242][ T5187] hid-generic 0003:0158:0100.0003: report_id 0 is invalid [ 759.360159][ T5187] hid-generic 0003:0158:0100.0003: item 0 1 1 8 parsing failed [ 759.403469][ T5187] hid-generic 0003:0158:0100.0003: probe with driver hid-generic failed with error -22 [ 759.459422][ T5187] usb 2-1: USB disconnect, device number 62 [ 759.636453][T15832] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 759.649637][ T2525] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 759.720316][T11158] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 759.840197][ T2525] usb 1-1: Using ep0 maxpacket: 32 [ 759.857032][ T2525] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 759.877797][ T2525] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.916272][ T2525] usb 1-1: Product: syz [ 759.924940][T11158] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 759.951767][ T2525] usb 1-1: Manufacturer: syz [ 759.964168][T11158] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 759.977024][ T2525] usb 1-1: SerialNumber: syz [ 759.992951][ T2525] usb 1-1: config 0 descriptor?? [ 760.005254][T11158] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 760.023089][ T2525] usb 1-1: bad CDC descriptors [ 760.035101][T11158] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.044376][ T2525] usb 1-1: unsupported MDLM descriptors [ 760.336155][ T5079] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 760.337423][T15830] xt_CT: You must specify a L4 protocol and not use inversions on it [ 760.597935][T11158] usb 3-1: USB disconnect, device number 54 [ 760.610223][ T5129] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 760.830282][ T5129] usb 2-1: Using ep0 maxpacket: 32 [ 760.871045][ T5129] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 760.896786][ T5129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.924419][ T5129] usb 2-1: Product: syz [ 760.953183][ T5129] usb 2-1: Manufacturer: syz [ 760.966597][ T5129] usb 2-1: SerialNumber: syz [ 760.998749][ T5129] usb 2-1: config 0 descriptor?? [ 761.028477][ T5129] usb 2-1: bad CDC descriptors [ 761.058408][ T5129] usb 2-1: unsupported MDLM descriptors [ 761.096329][T15852] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2620'. [ 762.384065][ T5158] usb 1-1: USB disconnect, device number 62 [ 762.738418][T15869] netlink: 'syz.0.2625': attribute type 2 has an invalid length. [ 762.787704][T15869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2625'. [ 762.871240][T15873] netlink: 'syz.0.2625': attribute type 1 has an invalid length. [ 762.935359][T15873] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2625'. [ 762.976939][T15867] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2625'. [ 763.230507][ T5129] usb 2-1: USB disconnect, device number 63 [ 763.517786][T15889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2633'. [ 763.532409][T15889] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2633'. [ 763.701391][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 763.701416][ T29] audit: type=1326 audit(1719481563.719:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15886 comm="syz.0.2632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa696175ae9 code=0x0 [ 763.711836][T11158] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 763.916126][T11158] usb 3-1: device descriptor read/64, error -71 [ 763.974314][T15904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2636'. [ 764.220197][T11158] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 764.390395][T11158] usb 3-1: device descriptor read/64, error -71 [ 764.540605][T11158] usb usb3-port1: attempt power cycle [ 764.560708][T15917] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2639'. [ 764.883828][T15923] netlink: 'syz.1.2642': attribute type 2 has an invalid length. [ 764.906279][T15923] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2642'. [ 764.949108][T15923] tunl0: entered promiscuous mode [ 764.954972][ T5187] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 764.970637][T11158] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 764.975899][T15923] netlink: 'syz.1.2642': attribute type 1 has an invalid length. [ 765.024830][T11158] usb 3-1: device descriptor read/8, error -71 [ 765.025057][T15923] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2642'. [ 765.136967][T15925] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 765.185485][ T5187] usb 1-1: Using ep0 maxpacket: 32 [ 765.236771][ T5187] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 765.264229][ T5187] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.282442][ T5187] usb 1-1: Product: syz [ 765.287508][ T5187] usb 1-1: Manufacturer: syz [ 765.300170][ T5187] usb 1-1: SerialNumber: syz [ 765.310354][T11158] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 765.319196][ T5187] usb 1-1: config 0 descriptor?? [ 765.346523][ T5187] usb 1-1: bad CDC descriptors [ 765.361006][T11158] usb 3-1: device descriptor read/8, error -71 [ 765.383892][ T5187] usb 1-1: unsupported MDLM descriptors [ 765.492154][T11158] usb usb3-port1: unable to enumerate USB device [ 766.000228][ T2525] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 766.220839][ T2525] usb 4-1: Using ep0 maxpacket: 8 [ 766.246280][ T2525] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 766.283551][ T2525] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 766.335277][ T2525] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.403021][ T2525] usb 4-1: config 0 descriptor?? [ 766.452087][ T2525] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 767.061949][ T2525] gspca_vc032x: reg_r err -32 [ 767.076026][ T2525] vc032x 4-1:0.0: probe with driver vc032x failed with error -32 [ 767.128980][ T2525] usb 4-1: USB disconnect, device number 53 [ 767.490229][ T5187] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 767.571871][T10720] usb 1-1: USB disconnect, device number 63 [ 767.719471][T15955] netlink: 'syz.1.2654': attribute type 2 has an invalid length. [ 767.732514][ T5187] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 767.744630][T15955] __nla_validate_parse: 2 callbacks suppressed [ 767.744649][T15955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2654'. [ 767.785405][ T5187] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 767.797394][T15958] netlink: 'syz.1.2654': attribute type 1 has an invalid length. [ 767.807775][ T5187] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 767.820178][T15958] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2654'. [ 767.839154][T15955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2654'. [ 767.848452][ T5187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.852671][T15950] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 768.032843][T15966] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2657'. [ 768.189566][T15967] xt_policy: neither incoming nor outgoing policy selected [ 768.302051][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2655'. [ 768.413957][T15972] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2658'. [ 768.764033][T10720] usb 2-1: new full-speed USB device number 64 using dummy_hcd [ 768.825620][ T5126] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 768.982325][T10720] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 768.994223][T10720] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 769.003454][T10720] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.014324][T10720] usb 2-1: config 0 descriptor?? [ 769.022860][T10720] hub 2-1:0.0: USB hub found [ 769.050298][ T5126] usb 5-1: device descriptor read/64, error -71 [ 769.076587][T15983] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2661'. [ 769.175838][ T5187] usb 3-1: USB disconnect, device number 59 [ 769.227982][T10720] hub 2-1:0.0: 1 port detected [ 769.340366][ T5126] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 769.510245][ T5126] usb 5-1: device descriptor read/64, error -71 [ 769.641936][ T5126] usb usb5-port1: attempt power cycle [ 769.820441][ T5187] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 769.849950][T10720] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 769.886347][T10720] usb 2-1: USB disconnect, device number 64 [ 770.065851][ T5187] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 770.075964][ T5126] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 770.111545][ T5126] usb 5-1: device descriptor read/8, error -71 [ 770.122027][ T5187] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 770.156251][ T5187] usb 3-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 770.190137][ T5187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.215280][ T5187] usb 3-1: config 0 descriptor?? [ 770.261605][ T2525] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 770.400234][ T5126] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 770.451102][ T5126] usb 5-1: device descriptor read/8, error -71 [ 770.472934][ T2525] usb 4-1: Using ep0 maxpacket: 32 [ 770.505868][ T2525] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 770.537799][ T2525] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.589638][ T5126] usb usb5-port1: unable to enumerate USB device [ 770.596215][ T2525] usb 4-1: Product: syz [ 770.617481][ T2525] usb 4-1: Manufacturer: syz [ 770.632541][ T2525] usb 4-1: SerialNumber: syz [ 770.665664][ T2525] usb 4-1: config 0 descriptor?? [ 770.694555][ T2525] usb 4-1: bad CDC descriptors [ 770.717211][ T2525] usb 4-1: unsupported MDLM descriptors [ 771.621969][T16006] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2669'. [ 771.633508][T16004] netlink: 'syz.1.2668': attribute type 2 has an invalid length. [ 771.642952][T16004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2668'. [ 771.659261][T16004] netlink: 'syz.1.2668': attribute type 1 has an invalid length. [ 771.723787][T16004] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2668'. [ 771.935491][ T5126] usb 3-1: USB disconnect, device number 60 [ 772.582494][T16018] xt_CT: You must specify a L4 protocol and not use inversions on it [ 772.760295][ T2525] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 772.903625][T10720] usb 4-1: USB disconnect, device number 54 [ 772.984075][ T2525] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 773.016906][ T2525] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 773.053691][ T2525] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 773.063551][T16029] __nla_validate_parse: 3 callbacks suppressed [ 773.063572][T16029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2675'. [ 773.093258][ T2525] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.137066][T16014] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 773.328335][T16043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2680'. [ 773.666409][T16053] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 773.753444][T10720] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 773.930471][T10720] usb 2-1: device descriptor read/64, error -71 [ 774.095843][T16065] xt_policy: neither incoming nor outgoing policy selected [ 774.219090][T10720] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 774.323241][ T5126] usb 5-1: USB disconnect, device number 66 [ 774.420479][T10720] usb 2-1: device descriptor read/64, error -71 [ 774.507465][ T29] audit: type=1326 audit(1719481574.539:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16066 comm="syz.2.2685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16dc375ae9 code=0x0 [ 774.591311][T10720] usb usb2-port1: attempt power cycle [ 775.020403][T10720] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 775.091181][T10720] usb 2-1: device descriptor read/8, error -71 [ 775.193205][ T5079] Bluetooth: hci1: command 0x0406 tx timeout [ 775.410904][T10720] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 775.516077][T10720] usb 2-1: device descriptor read/8, error -71 [ 775.559012][ T29] audit: type=1326 audit(1719481575.589:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16083 comm="syz.3.2690" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52bf775ae9 code=0x0 [ 775.597135][T16094] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2693'. [ 775.647218][T16089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2691'. [ 775.680912][T10720] usb usb2-port1: unable to enumerate USB device [ 775.880360][ T5187] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 776.110267][ T5187] usb 5-1: Using ep0 maxpacket: 16 [ 776.135648][ T5187] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 776.150170][ T5187] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 776.182612][ T5187] usb 5-1: config 0 has no interface number 0 [ 776.205565][ T5187] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 776.262959][ T5187] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 776.287316][ T5187] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 776.320438][ T5187] usb 5-1: Product: syz [ 776.324934][ T5187] usb 5-1: SerialNumber: syz [ 776.361515][ T5187] usb 5-1: config 0 descriptor?? [ 776.497745][ T5126] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 776.504622][T16105] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 776.522273][T16111] tmpfs: Unknown parameter 'usrquotahe_free' [ 776.574765][ T5187] usb 5-1: USB disconnect, device number 67 [ 776.713189][ T5126] usb 1-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 776.731372][ T5126] usb 1-1: language id specifier not provided by device, defaulting to English [ 776.746822][ T5126] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 776.761616][ T5126] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.782312][ T5126] usb 1-1: Product: syz [ 776.789585][ T5126] usb 1-1: Manufacturer: syz [ 776.794652][ T5126] usb 1-1: SerialNumber: syz [ 776.815015][ T5126] usbhid 1-1:250.0: couldn't find an input interrupt endpoint [ 777.025833][T16115] tmpfs: Unknown parameter 'usrquotahe_free' [ 778.506138][T16126] team0: entered promiscuous mode [ 778.518815][T16126] team_slave_0: entered promiscuous mode [ 778.525413][T16126] team_slave_1: entered promiscuous mode [ 778.572044][T16126] netlink: 'syz.2.2701': attribute type 3 has an invalid length. [ 778.633449][T16132] xt_policy: neither incoming nor outgoing policy selected [ 778.696185][T16127] team_slave_0: entered allmulticast mode [ 778.711356][T16126] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2701'. [ 779.221316][T16127] team_slave_0: left promiscuous mode [ 779.352382][ T2525] usb 1-1: USB disconnect, device number 64 [ 779.453162][T16127] team0: Port device team_slave_0 removed [ 779.651188][T16124] team0: left promiscuous mode [ 779.660427][T16124] team_slave_1: left promiscuous mode [ 779.682006][T16140] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2704'. [ 780.000147][T16151] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2706'. [ 780.091499][ T29] audit: type=1326 audit(1719481580.129:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16142 comm="syz.1.2705" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x0 [ 780.175820][T16152] xt_policy: neither incoming nor outgoing policy selected [ 780.410181][ T5187] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 780.500169][ T5129] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 780.631672][ T5187] usb 4-1: Using ep0 maxpacket: 16 [ 780.655569][ T5187] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 780.678431][ T5129] usb 3-1: device descriptor read/64, error -71 [ 780.719226][ T5187] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 780.767560][ T5187] usb 4-1: config 0 has no interface number 0 [ 780.794780][ T5187] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 780.833248][ T5187] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 780.851860][ T5187] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 780.873533][ T5187] usb 4-1: Product: syz [ 780.894101][ T5187] usb 4-1: SerialNumber: syz [ 780.952949][ T5187] usb 4-1: config 0 descriptor?? [ 781.127196][ T5129] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 781.462422][T12341] usb 4-1: USB disconnect, device number 55 [ 781.556188][ T5129] usb 3-1: device descriptor read/64, error -71 [ 781.691005][ T5129] usb usb3-port1: attempt power cycle [ 781.896635][T16164] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 781.933967][T16168] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2713'. [ 782.131841][ T5129] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 782.221729][ T5129] usb 3-1: device descriptor read/8, error -71 [ 782.240264][T10720] usb 2-1: new full-speed USB device number 69 using dummy_hcd [ 782.470007][T10720] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 782.487599][T10720] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 782.504588][T10720] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.530202][ T5129] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 782.544815][T10720] usb 2-1: config 0 descriptor?? [ 782.576989][T10720] hub 2-1:0.0: USB hub found [ 782.604562][ T5129] usb 3-1: device descriptor read/8, error -71 [ 782.754811][ T5129] usb usb3-port1: unable to enumerate USB device [ 782.775354][T10720] hub 2-1:0.0: 1 port detected [ 782.799341][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2718'. [ 782.940647][ T5126] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 783.172898][ T5126] usb 5-1: config 0 interface 0 has no altsetting 0 [ 783.204835][ T5126] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 783.254405][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.282724][T16193] tmpfs: Unknown parameter 'usrquotahe_free' [ 783.301218][ T5126] usb 5-1: config 0 descriptor?? [ 783.337945][ T5126] smsusb:smsusb_probe: board id=8, interface number 0 [ 783.380855][ T5126] smsusb:smsusb_probe: Device initialized with return code -19 [ 783.414588][T10720] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 783.454827][T10720] usb 2-1: USB disconnect, device number 69 [ 783.461116][ T5129] usb 2-1: Failed to suspend device, error -19 [ 783.514812][T16195] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 783.626081][T16197] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 783.636549][T16206] netlink: 'syz.2.2722': attribute type 2 has an invalid length. [ 783.665340][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2722'. [ 783.716142][T16207] netlink: 'syz.2.2722': attribute type 1 has an invalid length. [ 783.730677][T16207] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2722'. [ 783.762375][T16206] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2722'. [ 783.791121][T16180] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2715'. [ 783.810468][T16180] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2715'. [ 783.830149][T16206] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2722'. [ 783.856070][T12341] usb 5-1: USB disconnect, device number 68 [ 784.223909][T16218] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2726'. [ 784.303710][T16219] tmpfs: Unknown parameter 'usrquotahe_free' [ 784.331821][T11158] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 784.542513][T11158] usb 4-1: Using ep0 maxpacket: 16 [ 784.574845][T11158] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 784.613752][T11158] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 784.648984][T11158] usb 4-1: config 0 has no interface number 0 [ 784.662913][T11158] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 784.689768][T11158] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 784.701028][T11158] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 784.729713][T11158] usb 4-1: Product: syz [ 784.748413][T11158] usb 4-1: SerialNumber: syz [ 784.782721][T11158] usb 4-1: config 0 descriptor?? [ 785.025380][T11158] usb 4-1: USB disconnect, device number 56 [ 785.211597][T16232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2731'. [ 785.512936][ T5158] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 785.641099][T16237] tmpfs: Unknown parameter 'usrquotahe_free' [ 785.770760][ T5158] usb 1-1: device descriptor read/64, error -71 [ 786.066004][ T5158] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 786.148008][T16244] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2734'. [ 786.260193][ T5158] usb 1-1: device descriptor read/64, error -71 [ 786.290952][ T29] audit: type=1326 audit(1719481586.329:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16241 comm="syz.1.2734" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x0 [ 786.377368][T16248] netlink: 'syz.4.2736': attribute type 2 has an invalid length. [ 786.395483][ T5158] usb usb1-port1: attempt power cycle [ 786.418172][T16245] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 786.432403][T16248] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2736'. [ 786.499679][T16248] tunl0: entered promiscuous mode [ 786.536068][T16248] netlink: 'syz.4.2736': attribute type 1 has an invalid length. [ 786.606556][T16248] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2736'. [ 786.860208][ T5158] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 786.920919][ T5158] usb 1-1: device descriptor read/8, error -71 [ 787.063529][ T29] audit: type=1326 audit(1719481587.089:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.129790][ T4476] Bluetooth: hci3: unexpected event for opcode 0x656c [ 787.220952][ T5158] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 787.239542][ T29] audit: type=1326 audit(1719481587.089:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.249976][T16270] xt_policy: neither incoming nor outgoing policy selected [ 787.304919][ T5158] usb 1-1: device descriptor read/8, error -71 [ 787.357062][ T29] audit: type=1326 audit(1719481587.089:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.408019][ T29] audit: type=1326 audit(1719481587.089:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.440306][ T29] audit: type=1326 audit(1719481587.089:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.477047][ T5158] usb usb1-port1: unable to enumerate USB device [ 787.577132][ T29] audit: type=1326 audit(1719481587.099:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.720605][ T29] audit: type=1326 audit(1719481587.099:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.774174][ T29] audit: type=1326 audit(1719481587.099:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.864020][ T29] audit: type=1326 audit(1719481587.099:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16259 comm="syz.1.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79175ae9 code=0x7ffc0000 [ 787.927110][T16276] tmpfs: Unknown parameter 'usrquotahe_free' [ 788.269456][ T9000] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.584970][ T9000] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.652758][T16286] netlink: 'syz.3.2748': attribute type 2 has an invalid length. [ 788.702580][T16287] netlink: 'syz.3.2748': attribute type 1 has an invalid length. [ 788.772987][T16283] __nla_validate_parse: 6 callbacks suppressed [ 788.773012][T16283] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2748'. [ 788.862538][ T9000] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.917830][T16283] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2748'. [ 789.086294][ T9000] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.576653][T16292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2750'. [ 789.645539][ T9000] bridge_slave_1: left allmulticast mode [ 789.652528][ T9000] bridge_slave_1: left promiscuous mode [ 789.664450][ T9000] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.695064][ T9000] bridge_slave_0: left allmulticast mode [ 789.745189][ T9000] bridge_slave_0: left promiscuous mode [ 789.776350][ T5079] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 789.792061][ T5079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 789.801238][ T5079] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 789.815896][ T9000] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.824967][ T5079] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 789.835935][ T5079] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 789.843505][ T5079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 790.342510][T16305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2754'. [ 790.416167][T16306] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2754'. [ 790.592780][T16310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2756'. [ 790.675037][T16312] tmpfs: Unknown parameter 'usrquotahe_free' [ 790.804139][ T9000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 790.822957][ T9000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 790.837254][ T9000] bond0 (unregistering): Released all slaves [ 791.809318][T16328] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2761'. [ 791.885892][T16327] xt_policy: neither incoming nor outgoing policy selected [ 791.910418][ T5079] Bluetooth: hci3: command tx timeout [ 791.921049][T16331] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 792.120470][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 792.120495][ T29] audit: type=1326 audit(1719481592.149:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16318 comm="syz.2.2761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16dc375ae9 code=0x0 [ 792.215858][T16331] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2762'. [ 792.410784][ T9000] hsr_slave_0: left promiscuous mode [ 792.421029][ T9000] hsr_slave_1: left promiscuous mode [ 792.455594][ T9000] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 792.470706][ T9000] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 792.508436][ T9000] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 792.528784][ T9000] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 792.545343][ T5079] Bluetooth: hci1: unexpected event for opcode 0x661c [ 792.632316][ T9000] veth1_macvtap: left promiscuous mode [ 792.639092][ T9000] veth0_macvtap: left promiscuous mode [ 792.653024][ T9000] veth1_vlan: left promiscuous mode [ 792.665271][ T9000] veth0_vlan: left promiscuous mode [ 792.760212][T11158] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 792.831064][ T5126] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 792.960660][T11158] usb 4-1: Using ep0 maxpacket: 32 [ 792.981432][T11158] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 793.022503][ T5126] usb 5-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=79.90 [ 793.037591][T11158] usb 4-1: can't read configurations, error -61 [ 793.060445][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 793.085946][ T5126] usb 5-1: config 0 descriptor?? [ 793.120267][ T5126] usb 5-1: selecting invalid altsetting 3 [ 793.138307][ T5126] comedi comedi0: could not set alternate setting 3 in high speed [ 793.149724][ T5126] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 793.190692][ T5126] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22 [ 793.211712][T11158] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 793.408305][T11158] usb 4-1: Using ep0 maxpacket: 32 [ 793.416362][T11158] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 793.432563][T11158] usb 4-1: can't read configurations, error -61 [ 793.455622][T11158] usb usb4-port1: attempt power cycle [ 793.850420][ T9000] team0 (unregistering): Port device team_slave_1 removed [ 793.871508][T11158] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 793.911349][T11158] usb 4-1: Using ep0 maxpacket: 32 [ 793.921332][T11158] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 793.929233][T11158] usb 4-1: can't read configurations, error -61 [ 793.935575][T16366] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 793.997582][ T5079] Bluetooth: hci3: command tx timeout [ 794.110507][T11158] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 794.158876][T11158] usb 4-1: Using ep0 maxpacket: 32 [ 794.167961][T11158] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 794.180403][T11158] usb 4-1: can't read configurations, error -61 [ 794.195366][T11158] usb usb4-port1: unable to enumerate USB device [ 794.759410][T16338] tipc: Started in network mode [ 794.781801][T16338] tipc: Node identity , cluster identity 4711 [ 794.792793][T16338] tipc: Failed to set node id, please configure manually [ 794.800611][T16338] tipc: Enabling of bearer rejected, failed to enable media [ 794.823930][T10720] usb 5-1: USB disconnect, device number 69 [ 795.041864][T16297] chnl_net:caif_netlink_parms(): no params data found [ 795.218918][T16378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2768'. [ 795.230298][T16297] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.237482][T16297] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.247926][T16297] bridge_slave_0: entered allmulticast mode [ 795.256501][ T29] audit: type=1800 audit(1719481595.279:671): pid=16378 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.2768" name="memory.events" dev="sda1" ino=2066 res=0 errno=0 [ 795.279257][T16297] bridge_slave_0: entered promiscuous mode [ 795.294966][T16297] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.302763][T16297] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.318124][T16297] bridge_slave_1: entered allmulticast mode [ 795.325973][T16297] bridge_slave_1: entered promiscuous mode [ 795.450332][T16382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2769'. [ 795.486560][T16297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 795.520558][T16385] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2769'. [ 795.556112][T16297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 796.031304][T16297] team0: Port device team_slave_0 added [ 796.044009][T16297] team0: Port device team_slave_1 added [ 796.080368][ T5079] Bluetooth: hci3: command tx timeout [ 796.190147][T10720] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 796.240499][T16297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 796.265862][T16297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 796.334680][T16297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 796.396366][T16297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 796.434545][T16297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 796.460638][T10720] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 796.460679][T10720] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 796.460724][T10720] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 796.460751][T10720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.505271][T16394] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 796.720467][T16297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 797.015394][T16297] hsr_slave_0: entered promiscuous mode [ 797.074151][T16297] hsr_slave_1: entered promiscuous mode [ 797.089991][T16297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 797.103389][T12341] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 797.116381][T16297] Cannot create hsr debugfs directory [ 797.168615][T16415] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2776'. [ 797.293614][T12341] usb 5-1: config 250 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 797.333794][T12341] usb 5-1: language id specifier not provided by device, defaulting to English [ 797.372639][T12341] usb 5-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40 [ 797.384837][T12341] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.440792][T12341] usb 5-1: Product: syz [ 797.445027][T12341] usb 5-1: Manufacturer: syz [ 797.449733][T12341] usb 5-1: SerialNumber: syz [ 797.485965][T12341] usbhid 5-1:250.0: couldn't find an input interrupt endpoint [ 797.550229][T10720] usb 1-1: new full-speed USB device number 69 using dummy_hcd [ 797.762357][T10720] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 797.788908][T10720] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 797.840257][T10720] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.891575][T10720] usb 1-1: config 0 descriptor?? [ 797.930086][T10720] hub 1-1:0.0: USB hub found [ 798.525411][ T5079] Bluetooth: hci3: command tx timeout [ 798.945327][T10720] hub 1-1:0.0: 1 port detected [ 798.977727][T12341] usb 4-1: USB disconnect, device number 61 [ 799.078826][T16430] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2777'. [ 799.209036][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2778'. [ 799.226279][ T29] audit: type=1800 audit(1719481599.259:672): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.2778" name="memory.events" dev="sda1" ino=2066 res=0 errno=0 [ 799.400315][ T5129] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 799.404850][T12341] usb 1-1: USB disconnect, device number 69 [ 799.568894][T16297] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 799.611937][T16297] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 799.665428][T16450] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 799.683964][T16297] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 799.716340][T16297] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 799.781114][T16452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2783'. [ 799.839318][T16452] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2783'. [ 800.094522][T16297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 800.138827][T12341] usb 5-1: USB disconnect, device number 70 [ 800.263155][T16297] 8021q: adding VLAN 0 to HW filter on device team0 [ 800.346833][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.354057][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 800.394127][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.401312][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 800.412947][T16466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2786'. [ 800.808843][T16464] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 801.050997][T16482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2789'. [ 801.080865][T16474] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 801.121288][ T29] audit: type=1800 audit(1719481601.149:673): pid=16482 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.2789" name="memory.events" dev="sda1" ino=2085 res=0 errno=0 [ 801.489245][T16297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 801.564887][ T4476] Bluetooth: hci6: sending frame failed (-49) [ 801.574198][ T5079] Bluetooth: hci6: Opcode 0x1003 failed: -49 [ 801.577010][ T4476] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 801.812899][T16297] veth0_vlan: entered promiscuous mode [ 801.892923][T16297] veth1_vlan: entered promiscuous mode [ 802.085289][T16297] veth0_macvtap: entered promiscuous mode [ 802.093546][ T5079] Bluetooth: hci1: unexpected event for opcode 0x0c1c [ 802.123555][T16502] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2794'. [ 802.155448][T10720] usb 1-1: new full-speed USB device number 70 using dummy_hcd [ 802.200779][T16297] veth1_macvtap: entered promiscuous mode [ 802.209705][T16502] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2794'. [ 802.302053][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 802.321721][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.332057][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 802.342789][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.352998][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 802.374310][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.421213][T10720] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 802.452013][T10720] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 802.493235][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 802.523675][T10720] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 802.546324][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.587145][T10720] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 802.599670][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 802.619957][T10720] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.630130][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.648499][T10720] hub 1-1:1.0: bad descriptor, ignoring hub [ 802.662287][T16297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 802.669873][T10720] hub 1-1:1.0: probe with driver hub failed with error -5 [ 802.719924][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 802.750944][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 802.766710][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 802.772035][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.772062][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 802.772086][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.772103][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 802.772121][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.772136][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 802.772153][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.772167][T16297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 802.772183][T16297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.776704][T16297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 802.908246][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 802.927692][T10720] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 803.021275][T10720] usb 1-1: USB disconnect, device number 70 [ 803.045602][T16297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.170489][T16297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.281929][T16297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.378549][T16297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.500210][T10720] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 803.558169][T16517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2797'. [ 803.733272][T10720] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 803.747208][T10720] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 803.775534][ T9000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.803405][ T9000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 803.816795][T10720] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 803.895747][T10720] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 803.956892][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.959512][T10720] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.989512][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.039886][T10720] hub 1-1:1.0: bad descriptor, ignoring hub [ 804.052350][T10720] hub 1-1:1.0: probe with driver hub failed with error -5 [ 804.077183][T16525] tipc: Enabling of bearer rejected, failed to enable media [ 804.091957][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 804.106115][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 804.119579][T10720] cdc_wdm 1-1:1.0: skipping garbage [ 804.140606][T10720] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 804.740493][T10720] usb 1-1: USB disconnect, device number 71 [ 805.570427][T12341] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 805.810288][T12341] usb 4-1: Using ep0 maxpacket: 32 [ 805.853029][T12341] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 805.880966][T12341] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.914217][T12341] usb 4-1: Product: syz [ 805.918645][T12341] usb 4-1: Manufacturer: syz [ 805.943677][T12341] usb 4-1: SerialNumber: syz [ 805.961359][T12341] usb 4-1: config 0 descriptor?? [ 805.974071][T12341] usb 4-1: bad CDC descriptors [ 805.979507][T12341] usb 4-1: unsupported MDLM descriptors [ 806.179027][ T8] usb 4-1: USB disconnect, device number 62 [ 806.370661][ T5129] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 806.548484][ T4476] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 806.564510][ T11] Bluetooth: hci6: Frame reassembly failed (-84) [ 806.593470][T16575] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2805'. [ 806.602998][ T5129] usb 2-1: Using ep0 maxpacket: 32 [ 806.620849][ T5129] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 806.670176][ T5129] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 806.743683][ T5129] usb 2-1: New USB device found, idVendor=10c4, idProduct=81aa, bcdDevice=99.d3 [ 806.781186][ T5129] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.781931][T16584] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2805'. [ 806.817752][ T5129] usb 2-1: Product: syz [ 806.842227][ T5129] usb 2-1: Manufacturer: syz [ 806.846913][ T5129] usb 2-1: SerialNumber: syz [ 806.905685][ T5129] usb 2-1: config 0 descriptor?? [ 807.418238][T10720] usb 2-1: USB disconnect, device number 70 [ 807.722107][T16608] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 808.100345][T11158] usb 4-1: new full-speed USB device number 63 using dummy_hcd [ 808.110144][ T5129] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 808.295815][T16616] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2812'. [ 808.305066][ T5129] usb 1-1: Using ep0 maxpacket: 8 [ 808.319745][T11158] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 808.321945][ T5129] usb 1-1: config 6 has an invalid interface number: 3 but max is 2 [ 808.339539][T11158] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 808.340171][ T5129] usb 1-1: config 6 has an invalid interface number: 243 but max is 2 [ 808.361409][ T5129] usb 1-1: config 6 has an invalid interface number: 251 but max is 2 [ 808.390681][ T5129] usb 1-1: config 6 has no interface number 0 [ 808.397067][ T5129] usb 1-1: config 6 has no interface number 1 [ 808.401401][T11158] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 808.404194][ T5129] usb 1-1: config 6 has no interface number 2 [ 808.430665][ T5129] usb 1-1: config 6 interface 243 altsetting 0 bulk endpoint 0xD has invalid maxpacket 1024 [ 808.440146][T11158] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 808.456644][T11158] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.457225][ T5129] usb 1-1: config 6 interface 243 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 16 [ 808.478718][ T5129] usb 1-1: config 6 interface 243 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 808.488119][T11158] hub 4-1:1.0: bad descriptor, ignoring hub [ 808.492072][ T5129] usb 1-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 808.506962][ T5129] usb 1-1: config 6 interface 243 altsetting 0 endpoint 0xB8 has an invalid bInterval 247, changing to 7 [ 808.507525][T11158] hub 4-1:1.0: probe with driver hub failed with error -5 [ 808.519664][ T5129] usb 1-1: config 6 interface 243 altsetting 0 endpoint 0xB8 has invalid maxpacket 8638, setting to 1024 [ 808.539872][T11158] cdc_wdm 4-1:1.0: skipping garbage [ 808.546571][T11158] cdc_wdm 4-1:1.0: skipping garbage [ 808.552446][ T4476] Bluetooth: hci6: command 0x1003 tx timeout [ 808.559767][ T5079] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 808.572225][T11158] cdc_wdm 4-1:1.0: skipping garbage [ 808.597326][T11158] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 808.602923][ T5129] usb 1-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 808.641080][T10720] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 808.674267][ T5129] usb 1-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 808.700986][ T5129] usb 1-1: config 6 interface 243 altsetting 0 has a duplicate endpoint with address 0x64, skipping [ 808.717992][ T5129] usb 1-1: config 6 interface 243 altsetting 0 has 13 endpoint descriptors, different from the interface descriptor's value: 11 [ 808.736449][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 808.777983][ T5129] usb 1-1: config 6 interface 251 altsetting 147 endpoint 0x6 has an invalid bInterval 31, changing to 7 [ 808.793127][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x6, skipping [ 808.808129][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x9, skipping [ 808.820225][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x4, skipping [ 808.823611][ T5126] usb 4-1: USB disconnect, device number 63 [ 808.831512][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 808.870934][T10720] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 64 [ 808.888669][T10720] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 808.921169][T10720] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 808.945431][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has an invalid descriptor for endpoint zero, skipping [ 808.962692][T10720] usb 2-1: config 0 descriptor?? [ 808.978098][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.986581][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.997288][T10720] hub 2-1:0.0: USB hub found [ 809.004077][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xD, skipping [ 809.015521][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0x3, skipping [ 809.028411][ T5129] usb 1-1: config 6 interface 251 altsetting 147 endpoint 0x8A has an invalid bInterval 128, changing to 7 [ 809.045500][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xF, skipping [ 809.057702][ T5129] usb 1-1: config 6 interface 251 altsetting 147 has a duplicate endpoint with address 0xE, skipping [ 809.076869][ T5129] usb 1-1: config 6 interface 3 has no altsetting 0 [ 809.084245][ T5129] usb 1-1: config 6 interface 251 has no altsetting 0 [ 809.116549][ T5129] usb 1-1: New USB device found, idVendor=19d2, idProduct=0176, bcdDevice=dc.28 [ 809.126041][ T5129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.135631][ T5129] usb 1-1: Product: ࠌ [ 809.140256][ T8] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 809.152393][ T5129] usb 1-1: Manufacturer: 〉 [ 809.157666][ T5129] usb 1-1: SerialNumber: 屉쿮峭Ⳇ옜타撅ꨱ鹒驹끤⌒꘤팽뗌嗝㕰㮚撫⤸쨵袉잹鴂樓牧쎸럜ቍ閹ധ乸愊뭘皔㪯㹖✸켮䠈웧 [ 809.184040][T10720] hub 2-1:0.0: 1 port detected [ 809.270510][ T5126] usb 4-1: new full-speed USB device number 64 using dummy_hcd [ 809.333462][ T8] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 809.344821][ T8] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 809.361450][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 809.373015][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.427618][T16624] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 809.482686][ T5126] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 809.508393][ T5126] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 809.526441][ T5126] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 809.539353][ T5129] usb 1-1: USB disconnect, device number 72 [ 809.578112][ T5126] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 809.640204][ T5126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.779583][ T5126] hub 4-1:1.0: bad descriptor, ignoring hub [ 809.817391][ T5126] hub 4-1:1.0: probe with driver hub failed with error -5 [ 809.840649][ T5126] cdc_wdm 4-1:1.0: skipping garbage [ 809.849514][ T5126] cdc_wdm 4-1:1.0: skipping garbage [ 809.850608][ T8] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 809.867744][T10720] usb 2-1: USB disconnect, device number 71 [ 809.883731][ T5126] cdc_wdm 4-1:1.0: skipping garbage [ 809.904450][ T5126] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 809.978977][T16627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2817'. [ 809.998177][T16627] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2817'. [ 810.144363][T10720] usb 3-1: USB disconnect, device number 65 [ 810.362782][ T8] usb 4-1: USB disconnect, device number 64 [ 810.620194][ T5129] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 811.100733][ T5129] usb 5-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=79.90 [ 811.109847][ T5129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.203917][ T5129] usb 5-1: config 0 descriptor?? [ 811.219436][ T5129] usb 5-1: selecting invalid altsetting 3 [ 811.228109][ T5129] comedi comedi0: could not set alternate setting 3 in high speed [ 811.237567][ T5129] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 811.251018][ T5129] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22 [ 811.416006][T10720] usb 5-1: USB disconnect, device number 71 [ 811.559190][ T4476] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 811.572521][ T12] Bluetooth: hci6: Frame reassembly failed (-84) [ 811.613966][ T5129] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 811.820264][ T5129] usb 4-1: Using ep0 maxpacket: 32 [ 811.847417][ T5129] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 811.857973][ T5129] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 811.869499][ T5129] usb 4-1: New USB device found, idVendor=10c4, idProduct=81aa, bcdDevice=99.d3 [ 811.878669][ T5129] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.886779][ T5129] usb 4-1: Product: syz [ 811.891035][ T5129] usb 4-1: Manufacturer: syz [ 811.895664][ T5129] usb 4-1: SerialNumber: syz [ 811.900403][ T8] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 811.911047][ T5129] usb 4-1: config 0 descriptor?? [ 811.911077][T12341] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 812.089641][ T8] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 812.099487][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.107972][ T8] usb 2-1: Product: syz [ 812.123508][ T8] usb 2-1: Manufacturer: syz [ 812.129566][T12341] usb 1-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=79.90 [ 812.138844][ T8] usb 2-1: SerialNumber: syz [ 812.145063][T16661] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 812.164651][ T8] usb 2-1: config 0 descriptor?? [ 812.167860][T12341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.194360][T12341] usb 1-1: config 0 descriptor?? [ 812.209403][T12341] usb 1-1: selecting invalid altsetting 3 [ 812.221274][T12341] comedi comedi0: could not set alternate setting 3 in high speed [ 812.229742][T12341] usbduxsigma 1-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 812.250947][T12341] usbduxsigma 1-1:0.0: probe with driver usbduxsigma failed with error -22 [ 812.332549][T12341] usb 4-1: USB disconnect, device number 65 [ 812.426464][T11158] usb 1-1: USB disconnect, device number 73 [ 812.488268][ T5126] usb 2-1: USB disconnect, device number 72 [ 813.325900][T16674] xt_policy: neither incoming nor outgoing policy selected [ 813.600666][ T5079] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 813.607570][ T4476] Bluetooth: hci6: command 0x1003 tx timeout [ 813.905460][T16677] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 814.464434][T16521] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 814.673093][T16521] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 814.722399][T16521] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 814.741535][T16521] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 814.762583][T16521] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.784007][T16683] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 815.593160][ T5126] usb 1-1: USB disconnect, device number 74 [ 815.764736][T16709] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 815.876232][T16711] netlink: 'syz.1.2843': attribute type 2 has an invalid length. [ 815.886293][T16711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2843'. [ 815.927100][T16711] tunl0: entered promiscuous mode [ 815.984433][T16711] netlink: 'syz.1.2843': attribute type 1 has an invalid length. [ 816.049188][T16711] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2843'. [ 816.078061][T16712] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2843'. [ 816.099618][T16711] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2843'. [ 816.133637][ T5088] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 816.154259][ T51] Bluetooth: hci6: Frame reassembly failed (-84) [ 816.312256][ T29] audit: type=1800 audit(1719481616.349:674): pid=16718 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2845" name="bus" dev="sda1" ino=2079 res=0 errno=0 [ 816.356363][ T29] audit: type=1800 audit(1719481616.359:675): pid=16718 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2845" name="bus" dev="sda1" ino=2079 res=0 errno=0 [ 816.872339][T16735] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 817.610298][T16745] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 818.150575][ T5079] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 818.978333][T16790] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2866'. [ 819.049025][T16790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2866'. [ 819.664593][T16804] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2870'. [ 820.541728][T16792] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 820.873692][T16824] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 821.338931][ T5088] Bluetooth: hci2: command 0x0406 tx timeout [ 822.692649][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 823.352047][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 823.760864][T16872] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 824.872195][T16886] netlink: 'syz.1.2893': attribute type 7 has an invalid length. [ 824.892688][T16886] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2893'. [ 830.467435][T16933] ptrace attach of "./syz-executor exec"[15109] was attempted by "./syz-executor exec"[16933] [ 830.472225][T16934] ptrace attach of "./syz-executor exec"[14407] was attempted by "./syz-executor exec"[16934] [ 830.528425][T16933] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 830.745796][T16934] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 831.279961][T16953] netlink: 'syz.4.2906': attribute type 7 has an invalid length. [ 831.303738][T16953] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2906'. [ 834.438498][T16987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2918'. [ 834.652141][T16990] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 835.406260][ T29] audit: type=1804 audit(1719481635.438:676): pid=17009 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2927" name="/root/syzkaller.547kqN/70/file0" dev="sda1" ino=2055 res=1 errno=0 [ 835.602812][T17016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2930'. [ 836.752293][T17054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2944'. [ 837.138858][T17066] netlink: 'syz.2.2949': attribute type 4 has an invalid length. [ 837.302256][T17070] netlink: 'syz.2.2949': attribute type 4 has an invalid length. [ 837.460160][T16521] usb 5-1: new full-speed USB device number 72 using dummy_hcd [ 837.644726][T17082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2955'. [ 837.661189][T12341] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 837.682504][T16521] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 837.712355][T16521] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 837.723499][T17082] team0: entered promiscuous mode [ 837.728590][T17082] team_slave_0: entered promiscuous mode [ 837.740375][T16521] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 837.741020][T17082] team_slave_1: entered promiscuous mode [ 837.838323][T16521] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 837.847651][T16521] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.851427][ T29] audit: type=1326 audit(1719481637.786:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm="syz.1.2956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 837.872203][T17067] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 838.080645][ T29] audit: type=1326 audit(1719481637.786:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm="syz.1.2956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.193513][T16521] hub 5-1:1.0: bad descriptor, ignoring hub [ 838.211430][ T29] audit: type=1326 audit(1719481637.786:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm="syz.1.2956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.215570][T16521] hub 5-1:1.0: probe with driver hub failed with error -5 [ 838.265369][T16521] cdc_wdm 5-1:1.0: skipping garbage [ 838.292409][T16521] cdc_wdm 5-1:1.0: skipping garbage [ 838.307645][T16521] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 838.330186][T12341] usb 1-1: Using ep0 maxpacket: 16 [ 838.336828][T11158] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 838.337227][T16521] cdc_wdm 5-1:1.0: Unknown control protocol [ 838.534722][T12341] usb 1-1: unable to get BOS descriptor or descriptor too short [ 838.550777][T17082] team_slave_0: entered allmulticast mode [ 838.551544][ T29] audit: type=1326 audit(1719481637.786:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.561983][T12341] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 838.597342][ T29] audit: type=1326 audit(1719481637.796:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.635161][ T29] audit: type=1326 audit(1719481637.796:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.641178][T12341] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 838.672043][ T29] audit: type=1326 audit(1719481637.796:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.703814][T17082] team0: Port device team_slave_0 removed [ 838.704900][ T29] audit: type=1326 audit(1719481637.796:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cef175ae9 code=0x7ffc0000 [ 838.720783][T12341] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 838.744673][T16521] usb 5-1: USB disconnect, device number 72 [ 838.752548][T11158] usb 3-1: Using ep0 maxpacket: 32 [ 838.759964][T17081] team0: left promiscuous mode [ 838.762757][T11158] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 838.781051][T17081] team_slave_1: left promiscuous mode [ 838.790757][ T29] audit: type=1326 audit(1719481637.796:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17083 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1cef174550 code=0x7ffc0000 [ 838.821204][T12341] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 838.843699][T11158] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 838.867917][T12341] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 838.900229][T11158] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 838.933795][T11158] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 838.954115][T12341] usb 1-1: string descriptor 0 read error: -22 [ 838.966973][T12341] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 838.979664][T11158] usb 3-1: config 0 descriptor?? [ 838.985158][T12341] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 838.995315][T17086] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 839.014461][T11158] hub 3-1:0.0: USB hub found [ 839.046363][T12341] usb 1-1: 0:2 : does not exist [ 839.100194][T16521] usb 5-1: new full-speed USB device number 73 using dummy_hcd [ 839.336034][T16521] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 839.396109][T16521] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 839.434012][ T8] usb 1-1: USB disconnect, device number 75 [ 944.319987][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 944.327040][ C0] rcu: 1-...!: (5 ticks this GP) idle=e644/1/0x4000000000000000 softirq=79719/79719 fqs=7 [ 944.338519][ C0] rcu: (detected by 0, t=10502 jiffies, g=120085, q=195 ncpus=2) [ 944.346366][ C0] Sending NMI from CPU 0 to CPUs 1: [ 944.351608][ C1] NMI backtrace for cpu 1 [ 944.351631][ C1] CPU: 1 PID: 17097 Comm: syz.1.2960 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0 [ 944.351651][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 944.351663][ C1] RIP: 0010:lock_release+0x61b/0x9f0 [ 944.351691][ C1] Code: c7 84 24 90 00 00 00 00 00 00 00 9c 8f 84 24 90 00 00 00 42 80 3c 3b 00 74 08 4c 89 f7 e8 6d f7 85 00 f6 84 24 91 00 00 00 02 <75> 77 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 4b [ 944.351707][ C1] RSP: 0018:ffffc90000a18a20 EFLAGS: 00000046 [ 944.351727][ C1] RAX: 0000000000000001 RBX: 1ffff92000143156 RCX: ffffc90000a18a03 [ 944.351740][ C1] RDX: 0000000000000006 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1f1780 [ 944.351754][ C1] RBP: ffffc90000a18b50 R08: ffffffff8fac212f R09: 1ffffffff1f58425 [ 944.351768][ C1] R10: dffffc0000000000 R11: fffffbfff1f58426 R12: 1ffff92000143150 [ 944.351782][ C1] R13: 0000000000000046 R14: ffffc90000a18ab0 R15: dffffc0000000000 [ 944.351795][ C1] FS: 00007f1cefe936c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 944.351811][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 944.351824][ C1] CR2: 0000001b31013ff8 CR3: 000000007b294000 CR4: 00000000003506f0 [ 944.351840][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 944.351851][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 944.351862][ C1] Call Trace: [ 944.351872][ C1] [ 944.351882][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 944.351905][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 944.351926][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 944.351945][ C1] ? nmi_handle+0x2a/0x5a0 [ 944.351983][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 944.352003][ C1] ? nmi_handle+0x14f/0x5a0 [ 944.352029][ C1] ? nmi_handle+0x2a/0x5a0 [ 944.352056][ C1] ? lock_release+0x61b/0x9f0 [ 944.352074][ C1] ? default_do_nmi+0x63/0x160 [ 944.352095][ C1] ? exc_nmi+0x123/0x1f0 [ 944.352114][ C1] ? end_repeat_nmi+0xf/0x53 [ 944.352148][ C1] ? lock_release+0x61b/0x9f0 [ 944.352168][ C1] ? lock_release+0x61b/0x9f0 [ 944.352188][ C1] ? lock_release+0x61b/0x9f0 [ 944.352208][ C1] [ 944.352214][ C1] [ 944.352225][ C1] ? debug_object_activate+0x3e4/0x510 [ 944.352251][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 944.352278][ C1] ? __pfx_lock_release+0x10/0x10 [ 944.352302][ C1] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 944.352334][ C1] _raw_spin_unlock_irqrestore+0x79/0x140 [ 944.352363][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 944.352400][ C1] debug_object_activate+0x3e4/0x510 [ 944.352437][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 944.352462][ C1] ? advance_sched+0xa02/0xca0 [ 944.352495][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 944.352521][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 944.352552][ C1] enqueue_hrtimer+0x30/0x3c0 [ 944.352582][ C1] __hrtimer_run_queues+0x6cb/0xd50 [ 944.352608][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 944.352640][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 944.352666][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 944.352691][ C1] hrtimer_interrupt+0x396/0x990 [ 944.352732][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 944.352761][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 944.352786][ C1] [ 944.352792][ C1] [ 944.352799][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 944.352825][ C1] RIP: 0010:filemap_map_pages+0xbe2/0x1e70 [ 944.352846][ C1] Code: 00 44 8b 64 24 34 48 8b 5c 24 20 74 08 48 89 df e8 d3 2e 2b 00 48 8b 1b 48 89 de 48 83 e6 01 31 ff e8 22 d0 c8 ff 48 83 e3 01 <4c> 8d b4 24 40 01 00 00 0f 85 07 0f 00 00 0f 1f 44 00 00 e8 26 cb [ 944.352861][ C1] RSP: 0018:ffffc90002fbf300 EFLAGS: 00000246 [ 944.352877][ C1] RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffff88806ceeda00 [ 944.352889][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 944.352900][ C1] RBP: ffffc90002fbf510 R08: ffffffff81cd5b3e R09: 1ffffd40002f1910 [ 944.352914][ C1] R10: dffffc0000000000 R11: fffff940002f1911 R12: 0000000000000000 [ 944.352927][ C1] R13: 00000000000006fa R14: 1ffffd40002f1914 R15: ffffc90002fbf460 [ 944.352945][ C1] ? filemap_map_pages+0xbde/0x1e70 [ 944.352975][ C1] ? filemap_map_pages+0x24f/0x1e70 [ 944.353006][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 944.353025][ C1] ? handle_pte_fault+0x348/0x7090 [ 944.353051][ C1] ? __pfx_lock_release+0x10/0x10 [ 944.353069][ C1] ? pte_offset_map_nolock+0x137/0x1f0 [ 944.353100][ C1] ? handle_pte_fault+0x222c/0x7090 [ 944.353124][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 944.353142][ C1] ? handle_pte_fault+0x222c/0x7090 [ 944.353169][ C1] handle_pte_fault+0x3b9b/0x7090 [ 944.353206][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 944.353228][ C1] ? __pfx_handle_pte_fault+0x10/0x10 [ 944.353253][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 944.353292][ C1] ? follow_page_pte+0x292/0x1d90 [ 944.353316][ C1] ? follow_page_pte+0x859/0x1d90 [ 944.353340][ C1] ? __pfx_lock_release+0x10/0x10 [ 944.353360][ C1] ? count_memcg_event_mm+0x3c2/0x420 [ 944.353383][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 944.353409][ C1] ? folio_mark_accessed+0x6f6/0x11b0 [ 944.353448][ C1] handle_mm_fault+0xfb0/0x19d0 [ 944.353487][ C1] ? __pfx_handle_mm_fault+0x10/0x10 [ 944.353511][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 944.353547][ C1] ? __sanitizer_cov_trace_switch+0x90/0x120 [ 944.353572][ C1] __get_user_pages+0x6ef/0x1590 [ 944.353602][ C1] ? mt_find+0x62d/0x850 [ 944.353633][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 944.353667][ C1] populate_vma_page_range+0x264/0x330 [ 944.353692][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 944.353714][ C1] ? userfaultfd_unmap_complete+0x30c/0x360 [ 944.353735][ C1] ? do_mmap+0x915/0xfa0 [ 944.353761][ C1] __mm_populate+0x27a/0x460 [ 944.353787][ C1] ? __pfx___mm_populate+0x10/0x10 [ 944.353817][ C1] vm_mmap_pgoff+0x2c3/0x3d0 [ 944.353845][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 944.353869][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 944.353890][ C1] ? do_syscall_64+0x100/0x230 [ 944.353915][ C1] ? ksys_mmap_pgoff+0xdf/0x720 [ 944.353937][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 944.353965][ C1] do_syscall_64+0xf3/0x230 [ 944.353992][ C1] ? clear_bhb_loop+0x35/0x90 [ 944.354019][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.354044][ C1] RIP: 0033:0x7f1cef175ae9 [ 944.354066][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.354081][ C1] RSP: 002b:00007f1cefe93048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 944.354098][ C1] RAX: ffffffffffffffda RBX: 00007f1cef303fa0 RCX: 00007f1cef175ae9 [ 944.354112][ C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000 [ 944.354124][ C1] RBP: 00007f1cef1f6756 R08: ffffffffffffffff R09: 0000000000000000 [ 944.354137][ C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 944.354148][ C1] R13: 000000000000000b R14: 00007f1cef303fa0 R15: 00007ffc59ef26f8 [ 944.354173][ C1] [ 944.354599][ C0] rcu: rcu_preempt kthread starved for 10488 jiffies! g120085 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 945.056051][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 945.066047][ C0] rcu: RCU grace-period kthread stack dump: [ 945.071954][ C0] task:rcu_preempt state:R running task stack:24720 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 945.083728][ C0] Call Trace: [ 945.087033][ C0] [ 945.089990][ C0] __schedule+0x1796/0x49d0 [ 945.094573][ C0] ? __pfx___schedule+0x10/0x10 [ 945.099455][ C0] ? __pfx_lock_release+0x10/0x10 [ 945.104502][ C0] ? __asan_memset+0x23/0x50 [ 945.109133][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 945.114964][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 945.121333][ C0] ? schedule+0x90/0x320 [ 945.125596][ C0] schedule+0x14b/0x320 [ 945.129779][ C0] schedule_timeout+0x1be/0x310 [ 945.134664][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 945.140105][ C0] ? __pfx_process_timeout+0x10/0x10 [ 945.145430][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 945.151022][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 945.155920][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 945.162030][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 945.167371][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 945.173497][ C0] ? finish_swait+0xd4/0x1e0 [ 945.178205][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 945.182825][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 945.188044][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 945.193981][ C0] ? __kthread_parkme+0x169/0x1d0 [ 945.199047][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 945.204279][ C0] kthread+0x2f0/0x390 [ 945.208460][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 945.213678][ C0] ? __pfx_kthread+0x10/0x10 [ 945.218332][ C0] ret_from_fork+0x4b/0x80 [ 945.222779][ C0] ? __pfx_kthread+0x10/0x10 [ 945.227409][ C0] ret_from_fork_asm+0x1a/0x30 [ 945.232235][ C0] [ 945.235277][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 945.241612][ C0] CPU: 0 PID: 14029 Comm: kworker/u8:4 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0 [ 945.252058][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 945.262135][ C0] Workqueue: events_unbound toggle_allocation_gate [ 945.268670][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 945.275461][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 f9 09 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 a4 05 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 88 05 [ 945.295091][ C0] RSP: 0018:ffffc900091b7700 EFLAGS: 00000293 [ 945.301207][ C0] RAX: ffffffff818a20f8 RBX: 1ffff110172a8891 RCX: ffff888021a99e00 [ 945.309201][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 945.317366][ C0] RBP: ffffc900091b78e0 R08: ffffffff818a20c7 R09: 1ffffffff25ee2b0 [ 945.325357][ C0] R10: dffffc0000000000 R11: fffffbfff25ee2b1 R12: dffffc0000000000 [ 945.333368][ C0] R13: ffff8880b9544488 R14: ffff8880b943f880 R15: 0000000000000001 [ 945.341360][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 945.350307][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 945.356908][ C0] CR2: 0000000000000000 CR3: 000000000e132000 CR4: 00000000003506f0 [ 945.364901][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 945.372988][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 945.380982][ C0] Call Trace: [ 945.384369][ C0] [ 945.387229][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 945.393594][ C0] ? print_other_cpu_stall+0x1470/0x15a0 [ 945.399354][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 945.405196][ C0] ? seqcount_lockdep_reader_access+0x1c6/0x220 [ 945.411488][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 945.417758][ C0] ? rcu_sched_clock_irq+0x9f4/0x10a0 [ 945.423251][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 945.428910][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 945.434137][ C0] ? acct_account_cputime+0x207/0x210 [ 945.439534][ C0] ? update_process_times+0x1ce/0x230 [ 945.444933][ C0] ? tick_nohz_handler+0x37c/0x500 [ 945.450088][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 945.455607][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 945.461018][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 945.467135][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 945.473150][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 945.479281][ C0] ? hrtimer_interrupt+0x396/0x990 [ 945.484470][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 945.490668][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 945.496507][ C0] [ 945.499456][ C0] [ 945.502407][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 945.508601][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 945.514784][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 945.520982][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 945.527175][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 945.533279][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 945.538326][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 945.544440][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 945.550793][ C0] ? __pfx___might_resched+0x10/0x10 [ 945.556106][ C0] ? __mutex_trylock_common+0x183/0x2e0 [ 945.561679][ C0] ? __pfx___might_resched+0x10/0x10 [ 945.566991][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 945.572038][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 945.577185][ C0] text_poke_bp_batch+0x352/0xb30 [ 945.582249][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 945.587815][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 945.592866][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 945.599141][ C0] text_poke_finish+0x30/0x50 [ 945.603858][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 945.609889][ C0] static_key_enable_cpuslocked+0x136/0x260 [ 945.615832][ C0] static_key_enable+0x1a/0x20 [ 945.620625][ C0] toggle_allocation_gate+0xb5/0x250 [ 945.625932][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 945.631845][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 945.638205][ C0] ? process_scheduled_works+0x945/0x1830 [ 945.643946][ C0] process_scheduled_works+0xa2c/0x1830 [ 945.649544][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 945.655572][ C0] ? assign_work+0x364/0x3d0 [ 945.660193][ C0] worker_thread+0x86d/0xd50 [ 945.664816][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 945.670744][ C0] ? __kthread_parkme+0x169/0x1d0 [ 945.675798][ C0] ? __pfx_worker_thread+0x10/0x10 [ 945.680933][ C0] kthread+0x2f0/0x390 [ 945.685034][ C0] ? __pfx_worker_thread+0x10/0x10 [ 945.690205][ C0] ? __pfx_kthread+0x10/0x10 [ 945.694819][ C0] ret_from_fork+0x4b/0x80 [ 945.699260][ C0] ? __pfx_kthread+0x10/0x10 [ 945.704167][ C0] ret_from_fork_asm+0x1a/0x30 [ 945.708985][ C0]