last executing test programs: 5.217787743s ago: executing program 4 (id=2100): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r1}, @flat=@weak_handle={0x77682a85, 0x1115}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000880)="4a8e464b3d4657499ea54e5c7d563ff8776074ae642a55558dbfd1df9462b1259816b613ea02f9c5a2a4cc3bf701b7f4fa887e4ce6d2045a432a7b060f115097ae0e0e07f3f3704a688c03fccef3e273"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000740)="38eef39a9470e520a675d696d62d357d2dff6aa91ce585589f5a86b334887eccd0cf6d8e735499c5da5a4d563ad1b35f80fa0b64a2aff75617b3b1c35b8d3141773af29a42fdf17084264e7834faf8d112fffc49"}) 5.06862951s ago: executing program 2 (id=2102): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000083c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x18}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) getdents64(r2, 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x100000000000, 0x1, 0x2, '\x00', 0x8}}, 0x2a) syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="b00000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000000020000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000c00000", @ANYRES32=0x0], 0x0, 0x0, 0x0}) 5.013359072s ago: executing program 4 (id=2103): sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000200)={0x79, 0x0, 0xc}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0) 4.776983324s ago: executing program 2 (id=2104): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04e04020"], 0x7) 4.337816538s ago: executing program 3 (id=2106): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg$inet(r0, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="e31e193fea5b5840c4db2028b3bd28a97781f6151166b449b313f993d0a9d54c77186442a7eb71780dbc7281a4b1870ebeaa362e9cd878a9273dfb6d193c785648b43518395a744904a63936607ec05eb332df6f0432f23dd39848c8c675d7dcd935c524e2dbce45801ed887c0be6a21f5a8f4ea7f80ca59724edf4500b7b80cf9f686b2de2c269032acabec031899d6a292ed9b91983d321809984808266013bc5948e5cafd18f481164efef3f98d0af420c7", 0xb3}], 0x1}}], 0x1, 0x20000010) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f00000002c0)=""/182, 0xb6}], 0x2}}], 0x1, 0x0, 0x0) 4.250930122s ago: executing program 3 (id=2107): ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00001b4000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x12, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f00000002c0)=ANY=[]) mprotect(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000000)) 3.976928949s ago: executing program 3 (id=2109): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000020042801800018006000600000000000c001c00050000000000000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 3.953520284s ago: executing program 2 (id=2110): ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000100)={0xc400000000000000, 0x1000, 0x9, 0xb, 0x18}) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42}) 3.789110859s ago: executing program 3 (id=2112): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}, 0x2}, 0x1c) connect$inet6(r0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000400)=0x10, 0x4) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[], 0x56c}, 0x1, 0x0, 0x0, 0x40001}, 0x44000) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x33c}, 0x1, 0x0, 0x0, 0x48c4}, 0x44801) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) recvmsg$unix(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x20) 3.652828333s ago: executing program 3 (id=2114): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 3.545895108s ago: executing program 3 (id=2116): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 3.283438487s ago: executing program 1 (id=2119): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000001800)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003c80)="03", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000f00)="98", 0x1}, {0x0}], 0x2}}], 0x2, 0xc011) recvmmsg(r0, &(0x7f000000a400)=[{{0x0, 0x0, 0x0}, 0x40}], 0x1, 0x10120, 0x0) shutdown(r0, 0x1) 3.06610886s ago: executing program 1 (id=2122): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x300, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x640100fe, @local}, {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe}}}}}}, 0x0) 3.009003676s ago: executing program 4 (id=2123): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x4010) sendmsg$nl_generic(r0, 0x0, 0x4010) 2.894652189s ago: executing program 1 (id=2124): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}, 0x2}, 0x1c) connect$inet6(r0, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000400)=0x10, 0x4) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[], 0x56c}, 0x1, 0x0, 0x0, 0x40001}, 0x44000) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x33c}, 0x1, 0x0, 0x0, 0x48c4}, 0x44801) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) recvmsg$unix(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}, 0x20) 2.89237479s ago: executing program 4 (id=2125): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r1}, @flat=@weak_handle={0x77682a85, 0x1115}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000880)="4a8e464b3d4657499ea54e5c7d563ff8776074ae642a55558dbfd1df9462b1259816b613ea02f9c5a2a4cc3bf701b7f4fa887e4ce6d2045a432a7b060f115097ae0e0e07f3f3704a688c03fccef3e273"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000740)="38eef39a9470e520a675d696d62d357d2dff6aa91ce585589f5a86b334887eccd0cf6d8e735499c5da5a4d563ad1b35f80fa0b64a2aff75617b3b1c35b8d3141773af29a42fdf17084264e7834faf8d112fffc49"}) 2.637878348s ago: executing program 1 (id=2127): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000080)={0x0}) syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x3c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x3c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, 0x0, 0x20000001) 2.636917387s ago: executing program 4 (id=2128): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg$inet(r0, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="e31e193fea5b5840c4db2028b3bd28a97781f6151166b449b313f993d0a9d54c77186442a7eb71780dbc7281a4b1870ebeaa362e9cd878a9273dfb6d193c785648b43518395a744904a63936607ec05eb332df6f0432f23dd39848c8c675d7dcd935c524e2dbce45801ed887c0be6a21f5a8f4ea7f80ca59724edf4500b7b80cf9f686b2de2c269032acabec031899d6a292ed9b91983d321809984808266013bc5948e5cafd18f481164efef3f98d0af420c79f4a", 0xb5}], 0x1}}], 0x1, 0x20000010) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f00000002c0)=""/182, 0xb6}], 0x2}}], 0x1, 0x0, 0x0) 2.429145147s ago: executing program 1 (id=2130): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) gettid() setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8) listen(r0, 0x5) accept4(r0, &(0x7f0000000240)=@x25, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) shmat(0x0, &(0x7f0000bdf000/0x4000)=nil, 0x5000) 2.317540606s ago: executing program 0 (id=2131): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x252c, 0xc00}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x9}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) 2.156885368s ago: executing program 0 (id=2132): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000001800)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003c80)="03", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000f00)="98", 0x1}, {0x0}], 0x2}}], 0x2, 0xc011) recvmmsg(r0, &(0x7f000000a400)=[{{0x0, 0x0, &(0x7f0000000180)}, 0x40}], 0x1, 0x10120, 0x0) shutdown(r0, 0x1) 2.101507072s ago: executing program 0 (id=2133): bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) listen(0xffffffffffffffff, 0xfffffffd) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setpgid(0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e0a0300d0f57c0c86d6111ded173e1860d8aa7f000d8086a5f4fe22"], 0xd) 2.055011221s ago: executing program 2 (id=2134): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x300, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x640100fe, @local}, {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe}}}}}}, 0x0) 2.032271478s ago: executing program 0 (id=2135): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x4010) sendmsg$nl_generic(r0, 0x0, 0x4010) 1.937502212s ago: executing program 0 (id=2136): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = socket$netlink(0x10, 0x3, 0x15) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x0, 0x0, 'dh\x00'}, 0x2c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000090001"], 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) sendmsg$nl_xfrm(r1, 0x0, 0x20008000) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000000b148b0a28bd7001fbdbdfa5080001000000"], 0x18}, 0x1, 0x0, 0x0, 0x48010}, 0x20004000) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 1.936295181s ago: executing program 1 (id=2137): r0 = socket(0x22, 0x5, 0xfa) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) r2 = accept4(r1, 0x0, 0x0, 0x0) write(r2, &(0x7f0000000040)="cb", 0xfffffdef) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r4 = syz_open_pts(r3, 0x101) ioctl$TIOCGSOFTCAR(r4, 0x5419, &(0x7f0000000200)) sendmmsg$inet(r0, &(0x7f0000001480), 0x0, 0x0) 1.876137077s ago: executing program 2 (id=2138): syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @local, {[@rr={0x7, 0xf, 0x0, [@empty, @empty, @dev={0xac, 0x14, 0x14, 0x3b}]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@loopback}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}]}}}}}}}, 0x0) 1.719341249s ago: executing program 2 (id=2139): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc6fffffd) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r3, r5, 0x0, 0x10ffff) 1.592778493s ago: executing program 4 (id=2140): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x30, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x2c, 0x28, 0xd27, 0x0, 0x4, {0x0, 0x0, 0x0, r8, {0xa}, {0xd}, {0x1, 0x3d}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}]}, 0x2c}}, 0x40) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x2, 0xfffff038}, {0x20, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10) sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0) 0s ago: executing program 0 (id=2141): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bea100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x1, 0x9, 0x7}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x11, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a603f00000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) kernel console output (not intermixed with test programs): n device lo mtu (65550) ! [ 148.523435][ T7313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.607'. [ 148.542669][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.4.608'. [ 148.640000][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.4.608'. [ 149.387043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 149.408093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.416933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.434725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.444582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.456509][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.518040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.547439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.558577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 150.200795][ T7347] netlink: 72 bytes leftover after parsing attributes in process `syz.4.621'. [ 150.321795][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 150.321816][ T30] audit: type=1326 audit(1754273175.023:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 150.496355][ T30] audit: type=1326 audit(1754273175.023:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 150.615493][ T30] audit: type=1326 audit(1754273175.043:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 150.718239][ T30] audit: type=1326 audit(1754273175.043:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 150.798681][ T30] audit: type=1326 audit(1754273175.043:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=448 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 150.884117][ T30] audit: type=1326 audit(1754273175.043:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 151.049603][ T7372] pim6reg1: entered promiscuous mode [ 151.068147][ T7372] pim6reg1: entered allmulticast mode [ 152.390485][ T7406] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 152.397342][ T7406] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 152.438410][ T7406] vhci_hcd vhci_hcd.0: Device attached [ 152.695870][ T5946] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 152.919061][ T30] audit: type=1326 audit(1754273177.623:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7416 comm="syz.0.652" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 152.942217][ T7417] netlink: 'syz.0.652': attribute type 6 has an invalid length. [ 153.016066][ T7417] netlink: 168 bytes leftover after parsing attributes in process `syz.0.652'. [ 153.025958][ T7419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.653'. [ 153.045880][ T30] audit: type=1326 audit(1754273177.623:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7416 comm="syz.0.652" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 153.105866][ T7407] vhci_hcd: connection reset by peer [ 153.114822][ T59] vhci_hcd: stop threads [ 153.128705][ T59] vhci_hcd: release socket [ 153.149570][ T59] vhci_hcd: disconnect device [ 153.153126][ T30] audit: type=1326 audit(1754273177.623:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7416 comm="syz.0.652" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 153.278623][ T30] audit: type=1326 audit(1754273177.623:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7416 comm="syz.0.652" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 155.402782][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 155.402803][ T30] audit: type=1326 audit(1754273180.083:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 155.533116][ T30] audit: type=1326 audit(1754273180.083:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 155.695928][ T30] audit: type=1326 audit(1754273180.103:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 155.806477][ T30] audit: type=1326 audit(1754273180.103:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 155.890894][ T30] audit: type=1326 audit(1754273180.103:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 156.025932][ T30] audit: type=1326 audit(1754273180.103:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 156.116036][ T30] audit: type=1326 audit(1754273180.103:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 156.255855][ T30] audit: type=1326 audit(1754273180.103:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 156.360171][ T30] audit: type=1326 audit(1754273180.103:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 156.486343][ T30] audit: type=1326 audit(1754273180.103:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7459 comm="syz.1.672" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 157.194863][ T7499] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 157.391357][ T7503] netlink: 4 bytes leftover after parsing attributes in process `syz.4.691'. [ 157.682576][ T7511] netlink: 'syz.3.695': attribute type 1 has an invalid length. [ 157.865041][ T7515] bond1: entered promiscuous mode [ 157.871742][ T5946] vhci_hcd: vhci_device speed not set [ 157.878875][ T7515] bond1: entered allmulticast mode [ 157.884738][ T7515] 8021q: adding VLAN 0 to HW filter on device bond1 [ 158.054908][ T7511] netlink: 7 bytes leftover after parsing attributes in process `syz.3.695'. [ 158.156305][ T7511] netlink: 7 bytes leftover after parsing attributes in process `syz.3.695'. [ 158.289786][ T7533] netlink: 16 bytes leftover after parsing attributes in process `syz.2.702'. [ 159.056931][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.716'. [ 159.337713][ T7562] hsr_slave_1 (unregistering): left promiscuous mode [ 159.530702][ T7580] random: crng reseeded on system resumption [ 160.625936][ T5946] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 160.640916][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 160.810673][ T5946] usb 3-1: config 0 has no interfaces? [ 160.831640][ T5946] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 160.892240][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.925597][ T5946] usb 3-1: config 0 descriptor?? [ 161.116064][ T10] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 161.325684][ T7627] netlink: 36 bytes leftover after parsing attributes in process `syz.1.744'. [ 161.338330][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 161.407820][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.438101][ T10] usb 1-1: New USB device found, idVendor=056a, idProduct=0217, bcdDevice= 0.fc [ 161.467865][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.510991][ T10] usb 1-1: config 0 descriptor?? [ 161.942735][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 161.968766][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 162.003593][ T10] usb 1-1: USB disconnect, device number 4 [ 162.678759][ T7656] netlink: 36 bytes leftover after parsing attributes in process `syz.0.757'. [ 163.069897][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 163.069918][ T30] audit: type=1326 audit(1754273187.773:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.149077][ T30] audit: type=1326 audit(1754273187.813:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.251807][ T30] audit: type=1326 audit(1754273187.823:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.412783][ T5946] usb 3-1: USB disconnect, device number 2 [ 163.430475][ T30] audit: type=1326 audit(1754273187.823:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.530853][ T30] audit: type=1326 audit(1754273187.823:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.554458][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.768'. [ 163.588257][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.768'. [ 163.665162][ T30] audit: type=1326 audit(1754273187.823:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.759765][ T30] audit: type=1326 audit(1754273187.823:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.865346][ T30] audit: type=1326 audit(1754273187.823:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 163.993179][ T30] audit: type=1326 audit(1754273187.823:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 164.098424][ T30] audit: type=1326 audit(1754273187.823:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7664 comm="syz.3.763" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x7ffc0000 [ 164.376889][ T7693] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 164.383561][ T7693] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 164.447697][ T7693] vhci_hcd vhci_hcd.0: Device attached [ 164.505143][ T7694] vhci_hcd: connection closed [ 164.516126][ T36] vhci_hcd: stop threads [ 164.558423][ T36] vhci_hcd: release socket [ 164.584399][ T36] vhci_hcd: disconnect device [ 164.636002][ T10] vhci_hcd: vhci_device speed not set [ 165.271567][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.788'. [ 165.335239][ T7722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.789'. [ 165.692905][ T7736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.794'. [ 165.992954][ T7750] input: syz0 as /devices/virtual/input/input6 [ 166.441725][ T7763] netlink: 'syz.1.805': attribute type 10 has an invalid length. [ 166.496991][ T7763] team0: Port device dummy0 added [ 166.989548][ T7781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.798'. [ 168.812282][ T7807] netlink: 'syz.2.820': attribute type 3 has an invalid length. [ 169.659751][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.3.826'. [ 169.716932][ T7823] openvswitch: netlink: Flow key attr not present in new flow. [ 170.062191][ T7833] netlink: 'syz.1.831': attribute type 16 has an invalid length. [ 170.085611][ T7833] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.831'. [ 170.301708][ T7836] process 'memfd:ndRi5ም[@8 9I=\'LҎ)JtTDqρ1 >\LϑM^T*' started with executable stack [ 171.211431][ T7864] netlink: 64 bytes leftover after parsing attributes in process `syz.2.844'. [ 171.691426][ T7873] team0: Port device dummy0 removed [ 171.762074][ T7873] bridge_slave_0: left allmulticast mode [ 171.794862][ T7873] bridge_slave_0: left promiscuous mode [ 171.813386][ T7873] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.952820][ T7873] bridge_slave_1: left allmulticast mode [ 171.976006][ T7873] bridge_slave_1: left promiscuous mode [ 171.983614][ T7873] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.041547][ T7873] bond0: (slave bond_slave_0): Releasing backup interface [ 172.119954][ T7873] bond0: (slave bond_slave_1): Releasing backup interface [ 172.224515][ T7873] team0: Port device team_slave_0 removed [ 172.271985][ T7873] team0: Port device team_slave_1 removed [ 172.407082][ T7874] vlan0: entered promiscuous mode [ 172.526507][ T7874] team0: Port device vlan0 added [ 173.196243][ T5944] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 173.378206][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 173.411905][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.452791][ T5944] usb 4-1: New USB device found, idVendor=056a, idProduct=0217, bcdDevice= 0.fc [ 173.478199][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.500876][ T7919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.870'. [ 173.505930][ T5944] usb 4-1: config 0 descriptor?? [ 173.724071][ T30] kauditd_printk_skb: 273 callbacks suppressed [ 173.724093][ T30] audit: type=1326 audit(1754273198.423:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 173.809202][ T30] audit: type=1326 audit(1754273198.423:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 173.845670][ T30] audit: type=1326 audit(1754273198.473:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 173.876860][ T30] audit: type=1326 audit(1754273198.473:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 173.938686][ T30] audit: type=1326 audit(1754273198.473:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.024777][ T5944] hid_parser_main: 6 callbacks suppressed [ 174.024804][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.064712][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.095895][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.112491][ T7929] netlink: 28 bytes leftover after parsing attributes in process `syz.2.873'. [ 174.133923][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.155158][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.175711][ T30] audit: type=1326 audit(1754273198.493:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.185992][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.286283][ T5944] wacom 0003:056A:0217.0002: unknown main item tag 0x0 [ 174.294016][ T7934] netlink: 12 bytes leftover after parsing attributes in process `syz.0.875'. [ 174.395847][ T30] audit: type=1326 audit(1754273198.493:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.471650][ T5944] usb 4-1: USB disconnect, device number 4 [ 174.478680][ T30] audit: type=1326 audit(1754273198.493:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.562771][ T30] audit: type=1326 audit(1754273198.493:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=330 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.655908][ T30] audit: type=1326 audit(1754273198.493:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.1.872" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 174.937356][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.882'. [ 175.148686][ T7957] input: syz0 as /devices/virtual/input/input7 [ 175.158869][ T7960] netlink: 12 bytes leftover after parsing attributes in process `syz.1.887'. [ 176.733774][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.904'. [ 177.912770][ T8030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.915'. [ 179.175838][ T8057] openvswitch: netlink: Message has 8 unknown bytes. [ 179.452435][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 179.452456][ T30] audit: type=1326 audit(1754273204.153:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.534489][ T30] audit: type=1326 audit(1754273204.193:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.621217][ T30] audit: type=1326 audit(1754273204.193:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.703935][ T30] audit: type=1326 audit(1754273204.193:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.762160][ T30] audit: type=1326 audit(1754273204.193:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.824402][ T30] audit: type=1326 audit(1754273204.193:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=12 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.848893][ T30] audit: type=1326 audit(1754273204.193:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 179.877318][ T30] audit: type=1326 audit(1754273204.193:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8066 comm="syz.4.933" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 180.463834][ T8100] netlink: 12 bytes leftover after parsing attributes in process `syz.1.949'. [ 180.698829][ T5946] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 180.849702][ T8116] netlink: 24 bytes leftover after parsing attributes in process `syz.4.957'. [ 180.872692][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 180.896722][ T5946] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.916408][ T5946] usb 1-1: New USB device found, idVendor=056a, idProduct=0217, bcdDevice= 0.fc [ 180.956057][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.994351][ T5946] usb 1-1: config 0 descriptor?? [ 181.442549][ T5946] wacom 0003:056A:0217.0003: unknown main item tag 0x0 [ 181.452422][ T5946] wacom 0003:056A:0217.0003: unknown main item tag 0x0 [ 181.464064][ T5946] wacom 0003:056A:0217.0003: unknown main item tag 0x0 [ 181.605019][ T8138] netlink: 8 bytes leftover after parsing attributes in process `syz.1.967'. [ 181.660917][ T5944] usb 1-1: USB disconnect, device number 5 [ 181.754749][ T8143] netlink: 24 bytes leftover after parsing attributes in process `syz.2.969'. [ 181.772498][ T8143] netlink: 212 bytes leftover after parsing attributes in process `syz.2.969'. [ 182.032209][ T8155] input: syz0 as /devices/virtual/input/input8 [ 182.149484][ T8160] futex_wake_op: syz.1.977 tries to shift op by 32; fix this program [ 182.635459][ T8174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.983'. [ 182.638724][ T8173] macvlan1: entered promiscuous mode [ 182.673789][ T8174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.983'. [ 182.701939][ T8173] ipvlan0: entered promiscuous mode [ 182.725527][ T8173] ipvlan0: left promiscuous mode [ 182.747911][ T8173] macvlan1: left promiscuous mode [ 183.099477][ T30] audit: type=1326 audit(1754273207.793:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8188 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 183.172902][ T30] audit: type=1326 audit(1754273207.793:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8188 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 184.661109][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 184.661130][ T30] audit: type=1326 audit(1754273209.363:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.778694][ T30] audit: type=1326 audit(1754273209.403:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.885873][ T30] audit: type=1326 audit(1754273209.403:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.885938][ T30] audit: type=1326 audit(1754273209.403:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.885983][ T30] audit: type=1326 audit(1754273209.403:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.886028][ T30] audit: type=1326 audit(1754273209.403:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.886075][ T30] audit: type=1326 audit(1754273209.473:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.886120][ T30] audit: type=1326 audit(1754273209.473:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.886164][ T30] audit: type=1326 audit(1754273209.473:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8236 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 184.886213][ T30] audit: type=1326 audit(1754273209.563:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8226 comm="syz.4.1007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 188.384916][ T8298] loop9: detected capacity change from 0 to 7 [ 188.421293][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.421794][ T8300] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1037'. [ 188.445991][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.455392][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.510482][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.540537][ T8302] bridge0: entered allmulticast mode [ 188.547160][ T8302] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1036'. [ 188.556732][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.567808][ T8302] bridge_slave_1: left allmulticast mode [ 188.601881][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.616129][ T8302] bridge_slave_1: left promiscuous mode [ 188.647097][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.650705][ T8302] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.681545][ T8298] ldm_validate_partition_table(): Disk read failed. [ 188.722459][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.766124][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.797905][ T8302] bridge_slave_0: left allmulticast mode [ 188.803836][ T8302] bridge_slave_0: left promiscuous mode [ 188.820892][ T8302] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.856112][ T8298] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.909639][ T8298] Dev loop9: unable to read RDB block 0 [ 188.933796][ T8302] bridge0 (unregistering): left allmulticast mode [ 188.937899][ T8298] loop9: unable to read partition table [ 189.006304][ T8298] loop9: partition table beyond EOD, truncated [ 189.045905][ T8298] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 189.045905][ T8298] ) failed (rc=-5) [ 189.911108][ T8319] IPVS: Error connecting to the multicast addr [ 190.095960][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 190.095983][ T30] audit: type=1326 audit(1754273214.783:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8324 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.210138][ T30] audit: type=1326 audit(1754273214.783:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8324 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.329369][ T30] audit: type=1326 audit(1754273214.833:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8324 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.424518][ T30] audit: type=1326 audit(1754273214.903:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8324 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.529708][ T30] audit: type=1326 audit(1754273214.913:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8327 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.626114][ T30] audit: type=1326 audit(1754273214.903:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8324 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 190.739009][ T30] audit: type=1326 audit(1754273215.073:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8327 comm="syz.0.1047" exe="/root/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf7f55539 code=0x7ffc0000 [ 192.239042][ T8360] input: syz0 as /devices/virtual/input/input9 [ 192.471955][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807e85f800: rx timeout, send abort [ 192.483766][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807e85f800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 194.001262][ T8368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1062'. [ 194.682424][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.691034][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.935943][ T8380] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1068'. [ 194.966713][ T8380] unsupported nla_type 52263 [ 195.700847][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1074'. [ 195.867243][ T8396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1075'. [ 195.915913][ T8396] bridge_slave_1: left allmulticast mode [ 195.958691][ T8396] bridge_slave_1: left promiscuous mode [ 195.966068][ T8396] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.002741][ T8396] bridge_slave_0: left allmulticast mode [ 196.020301][ T8396] bridge_slave_0: left promiscuous mode [ 196.045382][ T8396] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.268672][ T8283] Set syz1 is full, maxelem 65536 reached [ 196.751181][ T8412] netlink: 'syz.2.1081': attribute type 3 has an invalid length. [ 197.188436][ T8417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1083'. [ 197.648829][ T8427] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1088'. [ 199.326725][ T30] audit: type=1326 audit(1754273224.033:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.352995][ T30] audit: type=1326 audit(1754273224.033:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.379588][ T30] audit: type=1326 audit(1754273224.033:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.443616][ T30] audit: type=1326 audit(1754273224.033:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.481747][ T30] audit: type=1326 audit(1754273224.033:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.508036][ T30] audit: type=1326 audit(1754273224.033:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.573470][ T30] audit: type=1326 audit(1754273224.033:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.639774][ T30] audit: type=1326 audit(1754273224.033:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.711976][ T30] audit: type=1326 audit(1754273224.033:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 199.752889][ T30] audit: type=1326 audit(1754273224.033:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.1.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000 [ 200.184096][ T8511] input: syz0 as /devices/virtual/input/input10 [ 200.186200][ T8512] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 200.924731][ T8538] syzkaller0: entered allmulticast mode [ 200.957191][ T8533] syzkaller0: entered promiscuous mode [ 200.995067][ T8533] syzkaller0 (unregistering): left allmulticast mode [ 201.035324][ T8533] syzkaller0 (unregistering): left promiscuous mode [ 201.137693][ T8544] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1141'. [ 201.172791][ T8544] gretap0: entered promiscuous mode [ 201.643840][ T8560] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1148'. [ 201.678217][ T8560] x_tables: ip_tables: udp match: only valid for protocol 17 [ 202.041709][ T8575] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1156'. [ 203.021369][ T8608] loop9: detected capacity change from 0 to 7 [ 203.036718][ T8608] buffer_io_error: 9 callbacks suppressed [ 203.036739][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.109309][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.122507][ T8610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1170'. [ 203.167047][ T8612] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1173'. [ 203.189976][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.233798][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.289930][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.328070][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.352505][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.397845][ T8608] ldm_validate_partition_table(): Disk read failed. [ 203.417188][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.459297][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.479114][ T8608] Buffer I/O error on dev loop9, logical block 0, async page read [ 203.487997][ T8608] Dev loop9: unable to read RDB block 0 [ 203.502604][ T8608] loop9: unable to read partition table [ 203.523358][ T8608] loop9: partition table beyond EOD, truncated [ 203.536509][ T8608] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 203.536509][ T8608] ) failed (rc=-5) [ 205.815130][ T8672] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.131471][ T8630] warn_alloc: 3 callbacks suppressed [ 206.131494][ T8630] syz.0.1181: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 206.237527][ T8630] CPU: 1 UID: 0 PID: 8630 Comm: syz.0.1181 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 206.237560][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 206.237572][ T8630] Call Trace: [ 206.237581][ T8630] [ 206.237590][ T8630] dump_stack_lvl+0x189/0x250 [ 206.237622][ T8630] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 206.237652][ T8630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.237676][ T8630] ? __pfx__printk+0x10/0x10 [ 206.237705][ T8630] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 206.237729][ T8630] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 206.237760][ T8630] warn_alloc+0x214/0x310 [ 206.237798][ T8630] ? __pfx_warn_alloc+0x10/0x10 [ 206.237837][ T8630] ? __get_vm_area_node+0x28f/0x300 [ 206.237866][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.237900][ T8630] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 206.237964][ T8630] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 206.237992][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238022][ T8630] ? __get_vm_area_node+0x28f/0x300 [ 206.238050][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238079][ T8630] __vmalloc_node_range_noprof+0x56a/0x12f0 [ 206.238108][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238132][ T8630] ? __do_fast_syscall_32+0xb6/0x2b0 [ 206.238189][ T8630] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 206.238225][ T8630] ? rcu_is_watching+0x15/0xb0 [ 206.238246][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238272][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238296][ T8630] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 206.238324][ T8630] ? hash_netiface_create+0x358/0xfe0 [ 206.238352][ T8630] ? hash_netiface_create+0x2fe/0xfe0 [ 206.238384][ T8630] hash_netiface_create+0x358/0xfe0 [ 206.238423][ T8630] ? __nla_parse+0x40/0x60 [ 206.238446][ T8630] ? __pfx_hash_netiface_create+0x10/0x10 [ 206.238475][ T8630] ip_set_create+0xa97/0x1940 [ 206.238687][ T8630] ? ip_set_create+0x4a2/0x1940 [ 206.238730][ T8630] ? __pfx_ip_set_create+0x10/0x10 [ 206.238802][ T8630] nfnetlink_rcv_msg+0xb4a/0x1130 [ 206.238836][ T8630] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 206.238901][ T8630] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 206.238930][ T8630] ? __lock_acquire+0xab9/0xd20 [ 206.238994][ T8630] ? __lock_acquire+0xab9/0xd20 [ 206.239046][ T8630] netlink_rcv_skb+0x205/0x470 [ 206.239073][ T8630] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 206.239107][ T8630] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 206.239142][ T8630] ? bpf_lsm_capable+0x9/0x20 [ 206.239169][ T8630] ? security_capable+0x7e/0x2e0 [ 206.239206][ T8630] nfnetlink_rcv+0x26a/0x2520 [ 206.239237][ T8630] ? is_bpf_text_address+0x26/0x2b0 [ 206.239273][ T8630] ? kernel_text_address+0xa5/0xe0 [ 206.239303][ T8630] ? __kernel_text_address+0xd/0x40 [ 206.239331][ T8630] ? unwind_get_return_address+0x4d/0x90 [ 206.239355][ T8630] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 206.239380][ T8630] ? arch_stack_walk+0xfc/0x150 [ 206.239423][ T8630] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 206.239454][ T8630] ? stack_depot_save_flags+0x40/0x900 [ 206.239495][ T8630] ? __lock_acquire+0xab9/0xd20 [ 206.239571][ T8630] ? __lock_acquire+0xab9/0xd20 [ 206.239610][ T8630] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.239637][ T8630] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.239668][ T8630] netlink_unicast+0x82f/0x9e0 [ 206.239710][ T8630] ? __pfx_netlink_unicast+0x10/0x10 [ 206.239744][ T8630] ? netlink_sendmsg+0x642/0xb30 [ 206.239763][ T8630] ? skb_put+0x11b/0x210 [ 206.239791][ T8630] netlink_sendmsg+0x805/0xb30 [ 206.239825][ T8630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.239851][ T8630] ? __import_iovec+0x5d4/0x7f0 [ 206.239875][ T8630] ? aa_sock_msg_perm+0x94/0x160 [ 206.239902][ T8630] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 206.239922][ T8630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.239943][ T8630] __sock_sendmsg+0x219/0x270 [ 206.239978][ T8630] ____sys_sendmsg+0x505/0x830 [ 206.240008][ T8630] ? __pfx_____sys_sendmsg+0x10/0x10 [ 206.240040][ T8630] ? __pfx_futex_wake_mark+0x10/0x10 [ 206.240076][ T8630] ___sys_sendmsg+0x21f/0x2a0 [ 206.240114][ T8630] ? __pfx____sys_sendmsg+0x10/0x10 [ 206.240183][ T8630] ? __fget_files+0x2a/0x420 [ 206.240213][ T8630] ? __fget_files+0x3a0/0x420 [ 206.240254][ T8630] __sys_sendmsg+0x164/0x220 [ 206.240282][ T8630] ? __pfx___sys_sendmsg+0x10/0x10 [ 206.240323][ T8630] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.240349][ T8630] __do_fast_syscall_32+0xb6/0x2b0 [ 206.240372][ T8630] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.240398][ T8630] do_fast_syscall_32+0x34/0x80 [ 206.240421][ T8630] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.240446][ T8630] RIP: 0023:0xf7f55539 [ 206.240466][ T8630] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 206.240483][ T8630] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 206.240516][ T8630] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 206.240531][ T8630] RDX: 0000000000000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.240543][ T8630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.240554][ T8630] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 206.240566][ T8630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.240599][ T8630] [ 206.240609][ T8630] Mem-Info: [ 206.826298][ T8630] active_anon:6332 inactive_anon:0 isolated_anon:0 [ 206.826298][ T8630] active_file:11917 inactive_file:39858 isolated_file:0 [ 206.826298][ T8630] unevictable:768 dirty:118 writeback:0 [ 206.826298][ T8630] slab_reclaimable:10534 slab_unreclaimable:97284 [ 206.826298][ T8630] mapped:30566 shmem:2446 pagetables:1212 [ 206.826298][ T8630] sec_pagetables:0 bounce:0 [ 206.826298][ T8630] kernel_misc_reclaimable:0 [ 206.826298][ T8630] free:1288560 free_pcp:13941 free_cma:0 [ 206.946376][ T8630] Node 0 active_anon:25328kB inactive_anon:0kB active_file:47668kB inactive_file:159232kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122264kB dirty:472kB writeback:0kB shmem:8248kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11464kB pagetables:4604kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 207.149482][ T8630] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 207.314766][ T8630] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 207.529827][ T8630] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 207.550372][ T8630] Node 0 DMA32 free:1252408kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25356kB inactive_anon:0kB active_file:47668kB inactive_file:157668kB unevictable:1536kB writepending:484kB present:3129332kB managed:2557604kB mlocked:0kB bounce:0kB free_pcp:32140kB local_pcp:13700kB free_cma:0kB [ 207.620420][ T8630] lowmem_reserve[]: 0 0 1 1 1 [ 207.625516][ T8630] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1564kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 207.732735][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 207.740254][ T8630] Node 1 Normal free:3885136kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24224kB local_pcp:12544kB free_cma:0kB [ 207.785583][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 207.791359][ T8630] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 207.813478][ T8630] Node 0 DMA32: 1072*4kB (UME) 663*8kB (UME) 246*16kB (ME) 422*32kB (UME) 174*64kB (UME) 34*128kB (ME) 16*256kB (M) 58*512kB (UME) 44*1024kB (UM) 4*2048kB (UM) 274*4096kB (M) = 1251864kB [ 207.895826][ T8630] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 207.935902][ T8630] Node 1 Normal: 228*4kB (UE) 62*8kB (UME) 43*16kB (UME) 83*32kB (UME) 29*64kB (UME) 7*128kB (UME) 3*256kB (ME) 4*512kB (UME) 4*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3885136kB [ 207.985089][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 208.001735][ T8630] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 208.019607][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 208.032481][ T8630] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 208.053097][ T8630] 54215 total pagecache pages [ 208.059018][ T8630] 0 pages in swap cache [ 208.063523][ T8630] Free swap = 124996kB [ 208.097045][ T8630] Total swap = 124996kB [ 208.104953][ T8630] 2097051 pages RAM [ 208.143106][ T8630] 0 pages HighMem/MovableOnly [ 208.154096][ T8630] 425608 pages reserved [ 208.163693][ T8630] 0 pages cma reserved [ 208.545389][ T8738] loop9: detected capacity change from 0 to 7 [ 208.562506][ T8425] buffer_io_error: 9 callbacks suppressed [ 208.562528][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.577809][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.601208][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.624076][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.633244][ T8739] bridge0: entered allmulticast mode [ 208.633619][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.653227][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.661846][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.664441][ T8739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1229'. [ 208.671337][ T8425] ldm_validate_partition_table(): Disk read failed. [ 208.722388][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.749042][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.759056][ T8739] bridge0 (unregistering): left allmulticast mode [ 208.768488][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 208.786238][ T8425] Dev loop9: unable to read RDB block 0 [ 208.802782][ T8425] loop9: unable to read partition table [ 208.819047][ T8425] loop9: partition table beyond EOD, truncated [ 208.853597][ T8738] ldm_validate_partition_table(): Disk read failed. [ 208.886275][ T8738] Dev loop9: unable to read RDB block 0 [ 208.900045][ T8738] loop9: unable to read partition table [ 208.938658][ T8738] loop9: partition table beyond EOD, truncated [ 208.976107][ T8738] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 208.976107][ T8738] ) failed (rc=-5) [ 209.322559][ T8749] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 209.788883][ T8763] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1240'. [ 211.658756][ T8803] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 211.838116][ T8809] loop9: detected capacity change from 0 to 7 [ 211.859267][ T8809] ldm_validate_partition_table(): Disk read failed. [ 211.861838][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 211.861855][ T30] audit: type=1326 audit(1754273236.563:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8810 comm="syz.3.1263" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x0 [ 211.873204][ T8809] Dev loop9: unable to read RDB block 0 [ 211.873555][ T8809] loop9: unable to read partition table [ 211.873799][ T8809] loop9: partition table beyond EOD, [ 211.903657][ T8812] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1262'. [ 211.936095][ T8809] truncated [ 211.977300][ T8809] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 211.977300][ T8809] ) failed (rc=-5) [ 212.722550][ T8837] loop9: detected capacity change from 0 to 7 [ 212.733518][ T8425] ldm_validate_partition_table(): Disk read failed. [ 212.766420][ T8425] Dev loop9: unable to read RDB block 0 [ 212.784695][ T8425] loop9: unable to read partition table [ 212.793290][ T8840] bridge0: entered allmulticast mode [ 212.814182][ T8425] loop9: partition table beyond EOD, truncated [ 212.821440][ T8840] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1275'. [ 212.846904][ T8840] bridge_slave_1: left allmulticast mode [ 212.859388][ T8837] ldm_validate_partition_table(): Disk read failed. [ 212.867989][ T8840] bridge_slave_1: left promiscuous mode [ 212.874234][ T8840] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.887502][ T8837] Dev loop9: unable to read RDB block 0 [ 212.894581][ T8837] loop9: unable to read partition table [ 212.913222][ T8837] loop9: partition table beyond EOD, truncated [ 212.965175][ T8837] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 212.965175][ T8837] ) failed (rc=-5) [ 213.038553][ T8840] bridge_slave_0: left allmulticast mode [ 213.085969][ T8840] bridge_slave_0: left promiscuous mode [ 213.105505][ T8840] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.251313][ T8840] bridge0 (unregistering): left allmulticast mode [ 213.348205][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1279'. [ 213.431538][ T8857] netlink: 72 bytes leftover after parsing attributes in process `wޣ'. [ 213.658534][ T30] audit: type=1326 audit(1754273238.353:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8863 comm="syz.3.1289" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x0 [ 213.904196][ T8873] netlink: 468 bytes leftover after parsing attributes in process `syz.1.1290'. [ 214.089329][ T8880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.325151][ T8886] netlink: zone id is out of range [ 214.332604][ T8886] netlink: zone id is out of range [ 214.338450][ T8886] netlink: zone id is out of range [ 214.344146][ T8886] netlink: zone id is out of range [ 214.351377][ T8886] netlink: zone id is out of range [ 214.359245][ T8886] netlink: zone id is out of range [ 214.378229][ T8887] netlink: del zone limit has 4 unknown bytes [ 214.397456][ T8886] netlink: set zone limit has 4 unknown bytes [ 214.924198][ T8903] binder_alloc: 8898: binder_alloc_buf, no vma [ 215.126504][ T51] Bluetooth: hci0: unexpected event 0x09 length: 6 > 3 [ 215.868706][ T8931] loop9: detected capacity change from 0 to 7 [ 215.909894][ T8425] buffer_io_error: 75 callbacks suppressed [ 215.909916][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 215.931472][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 215.953830][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 215.967451][ T8934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.981037][ T30] audit: type=1326 audit(1754273240.673:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 215.984187][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.012458][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1316'. [ 216.019592][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.036061][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.046252][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.055186][ T8425] ldm_validate_partition_table(): Disk read failed. [ 216.063378][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.075541][ T8934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.111711][ T8934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.111834][ T30] audit: type=1326 audit(1754273240.673:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.137103][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.186060][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 216.203572][ T8425] Dev loop9: unable to read RDB block 0 [ 216.204866][ T30] audit: type=1326 audit(1754273240.673:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.211086][ T8425] loop9: unable to read partition table [ 216.243527][ T30] audit: type=1326 audit(1754273240.673:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.274344][ T8425] loop9: partition table beyond EOD, truncated [ 216.284330][ T8931] ldm_validate_partition_table(): Disk read failed. [ 216.296149][ T30] audit: type=1326 audit(1754273240.673:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.300765][ T8931] Dev loop9: unable to read RDB block 0 [ 216.322944][ T30] audit: type=1326 audit(1754273240.673:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.339864][ T8931] loop9: unable to read partition table [ 216.358190][ T8931] loop9: partition table beyond EOD, truncated [ 216.359224][ T30] audit: type=1326 audit(1754273240.673:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.368373][ T8931] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 216.368373][ T8931] ) failed (rc=-5) [ 216.402571][ T30] audit: type=1326 audit(1754273240.673:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1315" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 216.404528][ T8943] binder: BINDER_SET_CONTEXT_MGR already set [ 216.426216][ T1212] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 216.437403][ T8943] binder: 8942:8943 ioctl 4018620d 80000040 returned -16 [ 216.552682][ T8945] batman_adv: batadv0: Adding interface: dummy0 [ 216.562175][ T8945] batman_adv: batadv0: Interface activated: dummy0 [ 216.593922][ T8945] batadv0: mtu less than device minimum [ 216.606870][ T1212] usb 1-1: Using ep0 maxpacket: 16 [ 216.615012][ T1212] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.633256][ T1212] usb 1-1: New USB device found, idVendor=1e71, idProduct=2010, bcdDevice= 0.00 [ 216.668112][ T1212] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.703918][ T1212] usb 1-1: config 0 descriptor?? [ 216.934645][ T1212] usbhid 1-1:0.0: can't add hid device: -71 [ 216.964759][ T1212] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 217.019650][ T1212] usb 1-1: USB disconnect, device number 6 [ 217.274416][ T8967] loop9: detected capacity change from 0 to 7 [ 217.294230][ T8967] ldm_validate_partition_table(): Disk read failed. [ 217.310443][ T8967] Dev loop9: unable to read RDB block 0 [ 217.317793][ T8967] loop9: unable to read partition table [ 217.324026][ T8967] loop9: partition table beyond EOD, truncated [ 217.336538][ T43] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 217.357856][ T8967] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 217.357856][ T8967] ) failed (rc=-5) [ 217.379931][ T8970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1330'. [ 217.501545][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 217.527936][ T43] usb 3-1: config 162 has an invalid interface number: 166 but max is 0 [ 217.555824][ T43] usb 3-1: config 162 has no interface number 0 [ 217.563392][ T43] usb 3-1: config 162 interface 166 has no altsetting 0 [ 217.588960][ T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=921d, bcdDevice=d3.ea [ 217.615854][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.641038][ T43] usb 3-1: Product: syz [ 217.645636][ T43] usb 3-1: Manufacturer: syz [ 217.666382][ T43] usb 3-1: SerialNumber: syz [ 217.672951][ T8976] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1334'. [ 217.737331][ T8976] netlink: 296 bytes leftover after parsing attributes in process `syz.0.1334'. [ 217.809983][ T8976] unsupported nlmsg_type 40 [ 217.892805][ T8984] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 217.996786][ T1212] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 218.107385][ T43] appledisplay 3-1:162.166: Could not find int-in endpoint [ 218.123390][ T43] usbhid 3-1:162.166: couldn't find an input interrupt endpoint [ 218.136217][ T43] usb 3-1: USB disconnect, device number 3 [ 218.185893][ T1212] usb 5-1: Using ep0 maxpacket: 16 [ 218.229876][ T1212] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.249191][ T1212] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 218.270287][ T1212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.292651][ T1212] usb 5-1: config 0 descriptor?? [ 218.318659][ T1212] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input11 [ 218.936500][ T9001] loop9: detected capacity change from 0 to 7 [ 218.944757][ T9002] tipc: Started in network mode [ 218.954546][ T9002] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 218.970496][ T9001] ldm_validate_partition_table(): Disk read failed. [ 218.980013][ T9002] tipc: Enabled bearer , priority 0 [ 218.993135][ T9001] Dev loop9: unable to read RDB block 0 [ 219.002094][ T9004] netlink: 'syz.1.1344': attribute type 10 has an invalid length. [ 219.013729][ T5216] bcm5974 5-1:0.0: could not read from device [ 219.014008][ T9001] loop9: unable to read partition table [ 219.037613][ T9001] loop9: partition table beyond EOD, truncated [ 219.045401][ T9001] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 219.045401][ T9001] ) failed (rc=-5) [ 219.077182][ T5216] bcm5974 5-1:0.0: could not read from device [ 219.080370][ T9004] syz_tun: entered promiscuous mode [ 219.098269][ T1212] usb 5-1: USB disconnect, device number 3 [ 219.117640][ T9002] netlink: 'syz.1.1344': attribute type 10 has an invalid length. [ 219.184723][ T9004] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 219.243079][ T9003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1343'. [ 219.324608][ T9002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.351722][ T9002] team0: Port device bond0 added [ 219.708659][ T9027] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 219.948023][ T9036] loop9: detected capacity change from 0 to 7 [ 219.963832][ T9039] [U]  [ 219.966876][ T9039] [U] K{ [ 219.967667][ T9040] net_ratelimit: 20 callbacks suppressed [ 219.967683][ T9040] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 219.972863][ T9036] ldm_validate_partition_table(): Disk read failed. [ 220.000203][ T9039] [U] t 1ŠFfˊ`GJgo/mC [ 220.004448][ T9041] bridge0: entered allmulticast mode [ 220.010060][ T9036] Dev loop9: unable to read RDB block 0 [ 220.025480][ T9039] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 220.033601][ T9041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1357'. [ 220.100891][ T24] tipc: Node number set to 11578026 [ 220.101684][ T9039] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 220.134462][ T9041] bridge_slave_1: left allmulticast mode [ 220.136415][ T9036] loop9: unable to read partition table [ 220.155126][ T9039] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 220.180478][ T9041] bridge_slave_1: left promiscuous mode [ 220.197095][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.213642][ T9036] loop9: partition table beyond EOD, truncated [ 220.243942][ T9039] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 220.261531][ T9041] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.274355][ T9036] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 220.274355][ T9036] ) failed (rc=-5) [ 220.315065][ T9039] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 220.329401][ T9039] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 220.346689][ T9039] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 220.503027][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.515608][ T9039] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 220.532037][ T9039] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 220.604524][ T9039] [U] 22Ʃx?0;3u [ 220.618883][ T9039] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 220.652910][ T9041] bridge0 (unregistering): left allmulticast mode [ 220.664875][ T9039] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 220.681419][ T9039] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 220.692229][ T9039] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 220.699972][ T9039] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 220.722585][ T9039] [U] ec [ 220.726455][ T9039] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 220.764909][ T9037] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 221.432027][ T9085] loop9: detected capacity change from 0 to 7 [ 221.441132][ T8425] buffer_io_error: 80 callbacks suppressed [ 221.441151][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.463521][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.481134][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.491896][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.517268][ T9090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1377'. [ 221.518538][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.539408][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.548364][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.564014][ T8425] ldm_validate_partition_table(): Disk read failed. [ 221.572914][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.591994][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.611434][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 221.666226][ T8425] Dev loop9: unable to read RDB block 0 [ 221.672325][ T8425] loop9: unable to read partition table [ 221.696894][ T8425] loop9: partition table beyond EOD, truncated [ 221.705254][ T9085] ldm_validate_partition_table(): Disk read failed. [ 221.717565][ T9085] Dev loop9: unable to read RDB block 0 [ 221.724012][ T9085] loop9: unable to read partition table [ 221.759393][ T9085] loop9: partition table beyond EOD, truncated [ 221.789249][ T9085] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 221.789249][ T9085] ) failed (rc=-5) [ 222.188236][ T9113] binder: BINDER_SET_CONTEXT_MGR already set [ 222.194750][ T9113] binder: 9112:9113 ioctl 4018620d 800002c0 returned -16 [ 224.682003][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 224.682025][ T30] audit: type=1326 audit(1754273249.383:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9212 comm="syz.3.1423" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff5539 code=0x0 [ 225.147729][ T9232] tipc: Started in network mode [ 225.162391][ T9232] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 225.177951][ T9232] tipc: Enabled bearer , priority 0 [ 226.296208][ T1212] tipc: Node number set to 11578026 [ 226.860573][ T9294] warning: `syz.2.1451' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 227.248227][ T9312] input: syz0 as /devices/virtual/input/input12 [ 227.665015][ T9321] binder: BINDER_SET_CONTEXT_MGR already set [ 227.673905][ T9321] binder: 9318:9321 ioctl 4018620d 80004a80 returned -16 [ 229.305928][ T24] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 229.461835][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 229.489539][ T24] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 229.528236][ T24] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 229.545790][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.575515][ T24] usb 5-1: config 0 descriptor?? [ 229.607760][ T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 229.623736][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 229.655565][ T24] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 229.671402][ T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 229.680893][ T24] usb 5-1: media controller created [ 229.725667][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 229.784079][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 229.841903][ T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 229.890553][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13 [ 229.959937][ T24] dvb-usb: schedule remote query interval to 150 msecs. [ 230.022495][ T9382] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 230.031777][ T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 230.196918][ T24] dvb-usb: bulk message failed: -22 (1/0) [ 230.233322][ T24] dvb-usb: error while querying for an remote control event. [ 230.276120][ T5864] Bluetooth: hci1: command 0x0c1a tx timeout [ 230.415842][ T24] dvb-usb: bulk message failed: -22 (1/0) [ 230.426531][ T24] dvb-usb: error while querying for an remote control event. [ 230.586961][ T43] dvb-usb: bulk message failed: -22 (1/0) [ 230.600029][ T43] dvb-usb: error while querying for an remote control event. [ 230.616668][ T5944] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 230.777552][ T43] usb 5-1: USB disconnect, device number 4 [ 230.789566][ T5944] usb 2-1: Using ep0 maxpacket: 16 [ 230.816237][ T5944] usb 2-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 230.843996][ T5944] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 230.874701][ T5944] usb 2-1: config 0 interface 0 has no altsetting 0 [ 230.906693][ T5944] usb 2-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 230.924787][ T43] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 230.956010][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.000587][ T5944] usb 2-1: config 0 descriptor?? [ 231.395257][ T9426] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 231.496538][ T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 231.498809][ T5944] hid-u2fzero 0003:20A0:4287.0004: hidraw0: USB HID v0.00 Device [HID 20a0:4287] on usb-dummy_hcd.1-1/input0 [ 231.598907][ T5944] hid-u2fzero 0003:20A0:4287.0004: NitroKey U2F LED initialised [ 231.641488][ T5944] hid-u2fzero 0003:20A0:4287.0004: NitroKey U2F RNG initialised [ 231.708182][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.753135][ T24] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 231.786625][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.847000][ T24] usb 4-1: config 0 descriptor?? [ 231.874308][ T9439] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1496'. [ 231.960221][ T5945] usb 2-1: USB disconnect, device number 4 [ 232.202881][ T24] usb 4-1: string descriptor 0 read error: -32 [ 232.214986][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 232.434392][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 232.443010][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 232.451343][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 232.459035][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 232.466775][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 232.474682][ T24] pwc: recv_control_msg error -32 req 04 val 1400 [ 232.688861][ T24] pwc: recv_control_msg error -71 req 02 val 2100 [ 232.707363][ T24] pwc: recv_control_msg error -71 req 04 val 1500 [ 232.727619][ T24] pwc: recv_control_msg error -71 req 02 val 2500 [ 232.746266][ T24] pwc: recv_control_msg error -71 req 02 val 2400 [ 232.807749][ T24] pwc: recv_control_msg error -71 req 02 val 2600 [ 232.826701][ T24] pwc: recv_control_msg error -71 req 02 val 2900 [ 232.859501][ T24] pwc: recv_control_msg error -71 req 02 val 2800 [ 232.889833][ T24] pwc: recv_control_msg error -71 req 04 val 1100 [ 232.912328][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 232.956130][ T24] pwc: Registered as video103. [ 232.988950][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14 [ 233.096395][ T24] usb 4-1: USB disconnect, device number 5 [ 235.185962][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 235.385891][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 235.397377][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.435250][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.474678][ T24] usb 2-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=aa.6a [ 235.497041][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.517272][ T24] usb 2-1: Product: syz [ 235.535355][ T24] usb 2-1: Manufacturer: syz [ 235.552271][ T5864] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 235.565610][ T24] usb 2-1: SerialNumber: syz [ 235.594874][ T24] ti_usb_3410_5052 2-1:1.0: required endpoints missing [ 235.794541][ T24] usb 2-1: USB disconnect, device number 5 [ 237.060731][ T9526] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 238.675825][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 239.776385][ T5946] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 239.936495][ T5946] usb 2-1: Using ep0 maxpacket: 8 [ 239.967623][ T5946] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.981735][ T5946] usb 2-1: config 0 has no interfaces? [ 239.998444][ T5946] usb 2-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 240.010727][ T9627] loop9: detected capacity change from 0 to 7 [ 240.024993][ T8425] buffer_io_error: 23 callbacks suppressed [ 240.025015][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.048116][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.048348][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.070648][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.082219][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.091227][ T5946] usb 2-1: config 0 descriptor?? [ 240.097370][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.113196][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.141576][ T9628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1578'. [ 240.229343][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.239082][ T8425] ldm_validate_partition_table(): Disk read failed. [ 240.249466][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.258330][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.266868][ T8425] Buffer I/O error on dev loop9, logical block 0, async page read [ 240.278245][ T8425] Dev loop9: unable to read RDB block 0 [ 240.284727][ T8425] loop9: unable to read partition table [ 240.296750][ T8425] loop9: partition table beyond EOD, truncated [ 240.322947][ T9627] ldm_validate_partition_table(): Disk read failed. [ 240.336482][ T9627] Dev loop9: unable to read RDB block 0 [ 240.345582][ T10] usb 2-1: USB disconnect, device number 6 [ 240.358632][ T9627] loop9: unable to read partition table [ 240.370616][ T9627] loop9: partition table beyond EOD, truncated [ 240.384346][ T9627] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 240.384346][ T9627] ) failed (rc=-5) [ 241.702613][ T5944] IPVS: starting estimator thread 0... [ 241.708334][ T9662] IPVS: lblc: SCTP 172.20.20.187:0 - no destination available [ 241.825916][ T9663] IPVS: using max 28 ests per chain, 67200 per kthread [ 241.886565][ T9665] loop9: detected capacity change from 0 to 7 [ 241.925088][ T8425] ldm_validate_partition_table(): Disk read failed. [ 241.943652][ T8425] Dev loop9: unable to read RDB block 0 [ 241.956552][ T8425] loop9: unable to read partition table [ 241.969701][ T8425] loop9: partition table beyond EOD, truncated [ 241.977733][ T9666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1594'. [ 242.028400][ T9665] ldm_validate_partition_table(): Disk read failed. [ 242.045643][ T9665] Dev loop9: unable to read RDB block 0 [ 242.063704][ T9665] loop9: unable to read partition table [ 242.071349][ T9665] loop9: partition table beyond EOD, truncated [ 242.082589][ T9665] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 242.082589][ T9665] ) failed (rc=-5) [ 242.486175][ T9679] syzkaller1: entered promiscuous mode [ 242.492266][ T9679] syzkaller1: entered allmulticast mode [ 244.282690][ T51] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 245.199143][ T9710] loop9: detected capacity change from 0 to 7 [ 245.236982][ T9710] buffer_io_error: 56 callbacks suppressed [ 245.237003][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.263528][ T9711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'. [ 245.282067][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.321779][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.361919][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.396545][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.426211][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.436391][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.482051][ T9710] ldm_validate_partition_table(): Disk read failed. [ 245.538275][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.571444][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.604664][ T9710] Buffer I/O error on dev loop9, logical block 0, async page read [ 245.633312][ T9710] Dev loop9: unable to read RDB block 0 [ 245.644503][ T9710] loop9: unable to read partition table [ 245.673769][ T9710] loop9: partition table beyond EOD, truncated [ 245.702063][ T9710] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 245.702063][ T9710] ) failed (rc=-5) [ 245.776727][ T5945] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 245.939060][ T9731] tipc: Enabling of bearer rejected, already enabled [ 245.958611][ T5945] usb 1-1: not running at top speed; connect to a high speed hub [ 245.977996][ T5945] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 245.991921][ T5945] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 6 [ 246.003511][ T5945] usb 1-1: config 1 has no interface number 1 [ 246.024017][ T5945] usb 1-1: config 1 interface 2 has no altsetting 0 [ 246.035511][ T5945] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 246.047616][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.058374][ T5945] usb 1-1: Product: syz [ 246.063388][ T5945] usb 1-1: Manufacturer: syz [ 246.070459][ T5945] usb 1-1: SerialNumber: syz [ 246.106136][ T5946] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 246.265900][ T5946] usb 3-1: Using ep0 maxpacket: 32 [ 246.275269][ T5946] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 246.288965][ T5946] usb 3-1: config 0 has no interface number 0 [ 246.304453][ T5946] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 246.331509][ T5946] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.347046][ T5946] usb 3-1: Product: syz [ 246.352062][ T5946] usb 3-1: Manufacturer: syz [ 246.357625][ T5945] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 246.370421][ T5945] usb 1-1: selecting invalid altsetting 0 [ 246.377151][ T5946] usb 3-1: SerialNumber: syz [ 246.385206][ T5945] usb 1-1: selecting invalid altsetting 0 [ 246.393358][ T5946] usb 3-1: config 0 descriptor?? [ 246.402319][ T5946] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 246.420397][ T5946] usb 3-1: selecting invalid altsetting 1 [ 246.432591][ T5946] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 246.461347][ T5946] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 246.486277][ T5945] usb 1-1: USB disconnect, device number 7 [ 246.498361][ T5946] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 246.513770][ T5946] usb 3-1: media controller created [ 246.616976][ T5946] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 246.729612][ T9739] udevd[9739]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 246.995319][ T5946] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 247.112593][ T5946] usb 3-1: USB disconnect, device number 4 [ 249.561100][ T9789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1644'. [ 250.102350][ T9768] syz.2.1633 (9768): drop_caches: 2 [ 251.368174][ T5946] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 251.555971][ T5946] usb 2-1: Using ep0 maxpacket: 16 [ 251.563755][ T5946] usb 2-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 251.573600][ T9820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1656'. [ 251.592292][ T5946] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 251.606611][ T5946] usb 2-1: config 0 interface 0 has no altsetting 0 [ 251.615317][ T5946] usb 2-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 251.625996][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.637311][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 251.651151][ T5946] usb 2-1: config 0 descriptor?? [ 252.094518][ T5946] usbhid 2-1:0.0: can't add hid device: -71 [ 252.112107][ T5946] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 252.147044][ T5946] usb 2-1: USB disconnect, device number 7 [ 252.697264][ T9851] netlink: 'syz.0.1669': attribute type 13 has an invalid length. [ 252.755968][ T9851] netlink: 'syz.0.1669': attribute type 17 has an invalid length. [ 252.789837][ T30] audit: type=1326 audit(1754273277.493:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9853 comm="syz.1.1670" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x0 [ 252.834893][ T9851] gretap0: left promiscuous mode [ 252.909280][ T9851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.921205][ T9851] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.930083][ T9851] tipc: Resetting bearer [ 253.024562][ T9851] tipc: Resetting bearer [ 253.046997][ T9851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 253.170963][ T5944] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 253.368002][ T5944] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 253.385931][ T5944] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 253.396151][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.419410][ T9867] netlink: 'syz.2.1675': attribute type 1 has an invalid length. [ 253.431979][ T5944] usb 4-1: config 0 descriptor?? [ 253.640401][ T9867] 8021q: adding VLAN 0 to HW filter on device bond1 [ 253.651921][ T5944] usb 4-1: string descriptor 0 read error: -32 [ 253.672489][ T5944] pwc: Askey VC010 type 2 USB webcam detected. [ 253.760205][ T9870] bond1: (slave gretap1): making interface the new active one [ 253.791800][ T5864] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 253.827755][ T9870] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 253.876246][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 253.897761][ T5944] pwc: recv_control_msg error -32 req 02 val 2b00 [ 253.911464][ T5944] pwc: recv_control_msg error -32 req 02 val 2700 [ 253.920650][ T5944] pwc: recv_control_msg error -32 req 02 val 2c00 [ 253.929718][ T5944] pwc: recv_control_msg error -32 req 04 val 1000 [ 253.938522][ T5944] pwc: recv_control_msg error -32 req 04 val 1300 [ 253.950843][ T5944] pwc: recv_control_msg error -32 req 04 val 1400 [ 253.965058][ T5944] pwc: recv_control_msg error -71 req 02 val 2000 [ 253.974158][ T5944] pwc: recv_control_msg error -71 req 02 val 2100 [ 253.992396][ T5944] pwc: recv_control_msg error -71 req 04 val 1500 [ 254.000986][ T5944] pwc: recv_control_msg error -71 req 02 val 2500 [ 254.016247][ T5944] pwc: recv_control_msg error -71 req 02 val 2400 [ 254.032822][ T5944] pwc: recv_control_msg error -71 req 02 val 2600 [ 254.033331][ T9870] syz.2.1675 (9870) used greatest stack depth: 19496 bytes left [ 254.055932][ T5944] pwc: recv_control_msg error -71 req 02 val 2900 [ 254.063427][ T5944] pwc: recv_control_msg error -71 req 02 val 2800 [ 254.076528][ T5944] pwc: recv_control_msg error -71 req 04 val 1100 [ 254.093106][ T5944] pwc: recv_control_msg error -71 req 04 val 1200 [ 254.120282][ T5944] pwc: Registered as video103. [ 254.141564][ T5944] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input15 [ 254.194208][ T5944] usb 4-1: USB disconnect, device number 6 [ 254.336067][ T5945] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 254.517016][ T5945] usb 3-1: Using ep0 maxpacket: 16 [ 254.534963][ T5945] usb 3-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 254.567642][ T5945] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 254.596051][ T5945] usb 3-1: config 0 interface 0 has no altsetting 0 [ 254.602884][ T5945] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 254.632878][ T5945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.658974][ T5945] usb 3-1: config 0 descriptor?? [ 255.102697][ T5945] usbhid 3-1:0.0: can't add hid device: -71 [ 255.114851][ T5945] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 255.144072][ T5945] usb 3-1: USB disconnect, device number 5 [ 255.310425][ T30] audit: type=1326 audit(1754273280.013:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9905 comm="syz.1.1689" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x0 [ 255.776351][ T51] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 256.125601][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.135173][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.204875][ T9921] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1694'. [ 256.329920][ T5864] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 256.403807][ T9931] openvswitch: netlink: EtherType 0 is less than min 600 [ 257.029954][ T9949] fuse: Bad value for 'fd' [ 257.430941][ T9962] syzkaller1: entered promiscuous mode [ 257.437067][ T9962] syzkaller1: entered allmulticast mode [ 258.985237][ T9985] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 258.990885][ T9990] fuse: Bad value for 'fd' [ 259.176358][ T9998] netlink: zone id is out of range [ 259.190199][ T9998] netlink: zone id is out of range [ 259.206112][ T9998] netlink: zone id is out of range [ 259.212026][ T9998] netlink: zone id is out of range [ 259.235860][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 259.239592][ T9998] netlink: zone id is out of range [ 259.279449][ T9998] netlink: zone id is out of range [ 259.309418][T10001] netlink: del zone limit has 4 unknown bytes [ 259.404573][ T9998] netlink: set zone limit has 4 unknown bytes [ 259.419478][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.430143][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 259.439660][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.452142][ T10] usb 2-1: config 0 descriptor?? [ 259.676963][ T10] usb 2-1: string descriptor 0 read error: -32 [ 259.692250][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 259.755950][ T5944] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 259.903494][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 259.913677][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 259.924202][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 259.935062][ T5944] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 259.945802][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 259.952546][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.963495][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 259.970410][ T5944] usb 4-1: Product: syz [ 259.975070][ T5944] usb 4-1: Manufacturer: syz [ 259.984097][ T5944] usb 4-1: SerialNumber: syz [ 259.996630][ T5944] usb 4-1: config 0 descriptor?? [ 260.182202][ T10] pwc: recv_control_msg error -71 req 02 val 2000 [ 260.198064][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 260.214535][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 260.223259][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 260.232487][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 260.241529][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 260.250202][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 260.259046][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 260.276367][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 260.296384][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 260.316771][ T10] pwc: Registered as video103. [ 260.341507][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input16 [ 260.357974][ T5864] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 260.367763][ T5864] Bluetooth: hci4: Injecting HCI hardware error event [ 260.376735][ T5864] Bluetooth: hci4: hardware error 0x00 [ 260.381847][ T10] usb 2-1: USB disconnect, device number 8 [ 260.584673][T10045] binder: BINDER_SET_CONTEXT_MGR already set [ 260.591339][T10045] binder: 10044:10045 ioctl 4018620d 800002c0 returned -16 [ 260.675884][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 260.846012][ T5945] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 261.016391][ T5945] usb 1-1: Using ep0 maxpacket: 8 [ 261.021718][T10057] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1751'. [ 261.041263][ T5945] usb 1-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 261.066239][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.083317][ T5945] usb 1-1: Product: syz [ 261.094800][ T5945] usb 1-1: Manufacturer: syz [ 261.104694][ T5945] usb 1-1: SerialNumber: syz [ 261.119624][ T5945] usb 1-1: config 0 descriptor?? [ 261.132557][ T5945] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 261.233145][ T5944] usb 4-1: f81604_read: reg: 100e failed: -EPROTO [ 261.264662][ T5944] usb 4-1: f81604_read: reg: 200f failed: -EPROTO [ 261.287015][ T5944] usb 4-1: USB disconnect, device number 7 [ 261.320481][ T5944] usb 4-1: f81604_read: reg: 100f failed: -ENODEV [ 261.390594][ T5526] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 261.408139][ T5944] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 261.452975][T10072] binder: BINDER_SET_CONTEXT_MGR already set [ 261.459479][T10072] binder: 10071:10072 ioctl 4018620d 800002c0 returned -16 [ 261.598935][T10076] input: syz0 as /devices/virtual/input/input17 [ 262.081431][T10087] netlink: 'syz.1.1763': attribute type 64 has an invalid length. [ 262.168410][T10087] netlink: 'syz.1.1763': attribute type 4 has an invalid length. [ 262.193370][T10087] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1763'. [ 262.377175][T10098] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 262.516056][ T5864] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 262.958885][ T5945] gspca_zc3xx: reg_r err -71 [ 263.566180][ T5945] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 263.577260][ T5945] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 263.597852][ T5945] usb 1-1: USB disconnect, device number 8 [ 264.212094][T10139] netlink: 'syz.0.1783': attribute type 10 has an invalid length. [ 264.223545][T10139] syz_tun: entered promiscuous mode [ 264.259570][T10139] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 265.054550][T10160] binder: BINDER_SET_CONTEXT_MGR already set [ 265.060968][T10160] binder: 10158:10160 ioctl 4018620d 800002c0 returned -16 [ 265.366215][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 265.384155][T10168] netlink: 'syz.2.1796': attribute type 10 has an invalid length. [ 265.393201][T10168] syz_tun: entered promiscuous mode [ 265.416261][T10168] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 265.519218][ T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 265.528014][ T10] usb 4-1: config 0 has no interface number 0 [ 265.544858][ T10] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 265.555090][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.571587][ T10] usb 4-1: Product: syz [ 265.577455][ T10] usb 4-1: Manufacturer: syz [ 265.582762][ T10] usb 4-1: SerialNumber: syz [ 265.593895][ T10] usb 4-1: config 0 descriptor?? [ 265.841902][ T10] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 265.872217][ T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 265.906247][ T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 265.930045][ T10] usb 4-1: media controller created [ 265.972012][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 266.115552][ T10] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 266.365894][ T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 266.545849][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 266.572167][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.579030][T10192] netlink: 'syz.4.1807': attribute type 10 has an invalid length. [ 266.600298][T10192] syz_tun: entered promiscuous mode [ 266.601129][ T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 266.613399][T10192] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 266.648051][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.668583][ T24] usb 1-1: config 0 descriptor?? [ 267.172442][ T10] usb 4-1: USB disconnect, device number 8 [ 267.176390][ T24] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 267.511132][T10203] fuse: Bad value for 'fd' [ 267.629243][ T10] usb 1-1: USB disconnect, device number 9 [ 267.771959][T10210] binder: BINDER_SET_CONTEXT_MGR already set [ 267.780694][T10210] binder: 10209:10210 ioctl 4018620d 800002c0 returned -16 [ 267.984936][T10220] netlink: 'syz.4.1819': attribute type 10 has an invalid length. [ 268.085876][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 268.286298][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 268.307014][ T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 268.325861][ T24] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 268.342431][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 268.802371][ T24] usb 2-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 268.828885][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.874372][ T24] usb 2-1: config 0 descriptor?? [ 268.884222][T10232] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 269.248381][T10237] binder: BINDER_SET_CONTEXT_MGR already set [ 269.255237][T10237] binder: 10235:10237 ioctl 4018620d 800002c0 returned -16 [ 269.321741][ T24] usbhid 2-1:0.0: can't add hid device: -71 [ 269.333761][ T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 269.387504][ T24] usb 2-1: USB disconnect, device number 9 [ 269.721709][ T30] audit: type=1326 audit(1754273294.423:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10245 comm="syz.4.1829" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x0 [ 270.035652][T10250] netlink: 'syz.1.1830': attribute type 10 has an invalid length. [ 270.559353][T10263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1836'. [ 270.727726][T10267] binder: BINDER_SET_CONTEXT_MGR already set [ 270.774446][T10267] binder: 10266:10267 ioctl 4018620d 800002c0 returned -16 [ 270.974772][T10275] netlink: 'syz.3.1843': attribute type 10 has an invalid length. [ 270.989880][T10275] syz_tun: entered promiscuous mode [ 271.053561][T10275] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 272.262272][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1850'. [ 273.279755][T10314] netlink: 'syz.2.1855': attribute type 10 has an invalid length. [ 273.766230][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 273.986586][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 274.005023][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.044461][ T10] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 274.070040][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.107136][ T10] usb 2-1: config 0 descriptor?? [ 274.578440][ T10] mcp2221 0003:04D8:00DD.0006: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 274.805080][ T10] usb 2-1: USB disconnect, device number 10 [ 275.618108][T10370] netlink: del zone limit has 4 unknown bytes [ 275.717143][T10367] netlink: set zone limit has 4 unknown bytes [ 275.941406][T10389] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1885'. [ 275.970405][T10389] openvswitch: netlink: Flow actions attr not present in new flow. [ 277.698993][T10412] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3045695589 (97462258848 ns) > initial count (89605043936 ns). Using initial count to start timer. [ 277.944652][T10420] netlink: del zone limit has 4 unknown bytes [ 278.019937][T10419] netlink: set zone limit has 4 unknown bytes [ 278.753318][T10436] openvswitch: netlink: EtherType 0 is less than min 600 [ 278.962923][T10443] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1904'. [ 279.018571][T10443] openvswitch: netlink: Flow actions attr not present in new flow. [ 279.488213][T10454] tipc: Enabling of bearer rejected, already enabled [ 279.529206][T10452] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 279.972743][T10466] kvm: requested 5028 ns i8254 timer period limited to 200000 ns [ 279.999283][T10466] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 280.012188][T10466] kvm: requested 5028 ns i8254 timer period limited to 200000 ns [ 280.021403][T10466] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 280.034693][T10466] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 280.043291][T10466] kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 280.051889][T10466] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 280.060661][T10466] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 280.069167][T10466] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 280.077840][T10466] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 280.725890][ T5946] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 280.805213][ T5864] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 280.895810][ T5946] usb 3-1: Using ep0 maxpacket: 32 [ 280.908271][ T5946] usb 3-1: config 8 has no interfaces? [ 280.923012][ T5946] usb 3-1: string descriptor 0 read error: -71 [ 280.942224][ T5946] usb 3-1: New USB device found, idVendor=1b3d, idProduct=01de, bcdDevice=ce.c0 [ 280.960290][ T5946] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.989978][ T5946] usb 3-1: rejected 1 configuration due to insufficient available bus power [ 280.999655][ C1] vcan0: j1939_tp_rxtimer: 0xffff888055365400: rx timeout, send abort [ 281.010079][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888055365400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 281.032426][ T5946] usb 3-1: no configuration chosen from 1 choice [ 281.047284][ T5946] usb 3-1: USB disconnect, device number 6 [ 281.284244][T10491] netlink: zone id is out of range [ 281.291961][T10491] netlink: zone id is out of range [ 281.337173][T10491] netlink: set zone limit has 4 unknown bytes [ 281.762141][T10505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1927'. [ 282.439496][T10510] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1929'. [ 282.775853][T10514] openvswitch: netlink: EtherType 0 is less than min 600 [ 282.901210][T10518] netlink: zone id is out of range [ 282.933286][T10518] netlink: zone id is out of range [ 283.009195][T10518] netlink: set zone limit has 4 unknown bytes [ 283.386586][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 283.486487][ T5946] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 283.540169][ T24] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 283.550363][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.559131][ T24] usb 3-1: Product: syz [ 283.563763][ T24] usb 3-1: Manufacturer: syz [ 283.569251][ T24] usb 3-1: SerialNumber: syz [ 283.576380][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 283.588361][ T24] usb 3-1: config 0 descriptor?? [ 283.645849][ T5946] usb 4-1: Using ep0 maxpacket: 16 [ 283.654582][ T5946] usb 4-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 283.665979][ T5946] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 283.679336][ T5946] usb 4-1: config 0 interface 0 has no altsetting 0 [ 283.686514][ T5946] usb 4-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 283.695767][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.707574][ T5946] usb 4-1: config 0 descriptor?? [ 283.746222][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 283.755583][ T10] usb 2-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 283.765923][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.774139][ T10] usb 2-1: Product: syz [ 283.779834][ T10] usb 2-1: Manufacturer: syz [ 283.784595][ T10] usb 2-1: SerialNumber: syz [ 283.792787][ T10] usb 2-1: config 0 descriptor?? [ 283.811041][ T10] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 284.128101][ T5946] usbhid 4-1:0.0: can't add hid device: -71 [ 284.134367][ T5946] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 284.157177][ T5946] usb 4-1: USB disconnect, device number 9 [ 284.433171][ T5945] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 284.605987][ T5945] usb 1-1: Using ep0 maxpacket: 16 [ 284.614304][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.626516][ T5945] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 284.637101][ T24] usb 3-1: f81604_read: reg: 100f failed: -EPROTO [ 284.660323][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.688012][ T24] usb 3-1: f81604_read: reg: 200f failed: -EPROTO [ 284.696545][ T5945] usb 1-1: config 0 descriptor?? [ 284.724674][ T24] usb 3-1: USB disconnect, device number 7 [ 284.747966][ T24] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 284.759775][T10552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1947'. [ 284.807238][ T5526] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 284.825090][ T5526] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 284.838262][ T24] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 284.846111][ T5864] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 284.855527][ T5864] Bluetooth: hci0: Injecting HCI hardware error event [ 284.864618][ T51] Bluetooth: hci0: hardware error 0x00 [ 284.921209][T10554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1948'. [ 285.046897][T10556] netlink: set zone limit has 4 unknown bytes [ 285.056532][T10556] netlink: del zone limit has 4 unknown bytes [ 285.325294][ T5945] usbhid 1-1:0.0: can't add hid device: -71 [ 285.344012][ T5945] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 285.387251][ T5945] usb 1-1: USB disconnect, device number 10 [ 285.445898][T10568] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1953'. [ 285.480965][T10566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1955'. [ 285.621303][ T10] gspca_zc3xx: reg_r err -71 [ 286.233913][ T10] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 286.285293][ T10] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 286.634594][ T10] usb 2-1: USB disconnect, device number 11 [ 286.935844][ T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 287.126082][T10596] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1964'. [ 287.241106][T10603] binder: 10598:10603 ioctl 4018620d 0 returned -22 [ 287.775828][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 287.936005][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 287.946588][ T24] usb 1-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 287.978484][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.013792][ T24] usb 1-1: Product: syz [ 288.055859][ T24] usb 1-1: Manufacturer: syz [ 288.070808][ T24] usb 1-1: SerialNumber: syz [ 288.109214][ T24] usb 1-1: config 0 descriptor?? [ 288.140823][ T24] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 289.071440][T10621] netlink: del zone limit has 4 unknown bytes [ 289.324038][T10619] netlink: set zone limit has 4 unknown bytes [ 289.958478][ T24] gspca_zc3xx: reg_r err -71 [ 290.362706][T10637] binder: 10636:10637 ioctl 4018620d 0 returned -22 [ 290.555837][ T24] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 290.566567][ T24] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 290.605970][ T24] usb 1-1: USB disconnect, device number 11 [ 290.637934][T10641] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1984'. [ 291.585902][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 291.768489][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.784718][ T10] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 291.819395][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.847785][ T10] usb 1-1: config 0 descriptor?? [ 292.065382][ T10] usb 1-1: string descriptor 0 read error: -32 [ 292.078621][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 292.198271][ T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 292.294571][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 292.312231][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 292.322105][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 292.330341][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 292.339246][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 292.557633][ T10] pwc: recv_control_msg error -71 req 02 val 2000 [ 292.568073][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 292.583626][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 292.614780][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 292.635856][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 292.648086][ T24] usb 4-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 292.661777][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.662266][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 292.685657][ T24] usb 4-1: Product: syz [ 292.692603][ T24] usb 4-1: Manufacturer: syz [ 292.696315][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 292.705405][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 292.707416][ T24] usb 4-1: SerialNumber: syz [ 292.725474][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 292.744108][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 292.798481][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 292.807321][T10680] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2000'. [ 292.823532][ T10] pwc: Registered as video103. [ 292.837018][ T24] usb 4-1: config 0 descriptor?? [ 292.838532][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18 [ 292.919462][ T24] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 292.968381][ T10] usb 1-1: USB disconnect, device number 12 [ 293.187958][T10686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2001'. [ 294.025792][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 294.196373][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 294.214963][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 294.263439][ T10] usb 1-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 294.326215][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 294.337895][ T10] usb 1-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 294.366001][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.393273][ T10] usb 1-1: config 0 descriptor?? [ 294.544895][ T24] gspca_zc3xx: reg_w_i err -71 [ 294.561404][T10706] batman_adv: batadv0: Interface deactivated: dummy0 [ 294.585936][T10706] batman_adv: batadv0: Removing interface: dummy0 [ 294.634917][T10706] openvswitch: netlink: EtherType 0 is less than min 600 [ 294.664691][T10710] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2011'. [ 294.836778][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 294.843130][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 294.907121][ T10] usb 1-1: USB disconnect, device number 13 [ 295.166434][ T24] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 295.190908][ T24] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 295.349241][ T24] usb 4-1: USB disconnect, device number 10 [ 295.825909][ T24] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 296.284623][ T24] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 296.294471][ T24] usb 4-1: config 0 has no interface number 0 [ 296.312471][ T24] usb 4-1: config 0 interface 35 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 296.324172][ T30] audit: type=1326 audit(1754273321.033:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10733 comm="syz.0.2019" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f55539 code=0x0 [ 296.365634][ T24] usb 4-1: config 0 interface 35 altsetting 0 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 296.411687][ T24] usb 4-1: config 0 interface 35 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 296.454159][ T24] usb 4-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice= e.8c [ 296.464215][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.536013][ T24] usb 4-1: Product: syz [ 296.544861][ T24] usb 4-1: Manufacturer: syz [ 296.570475][ T24] usb 4-1: SerialNumber: syz [ 296.597115][ T24] usb 4-1: config 0 descriptor?? [ 296.633980][ T24] hub 4-1:0.35: bad descriptor, ignoring hub [ 296.664533][ T24] hub 4-1:0.35: probe with driver hub failed with error -5 [ 296.936113][ T24] usb 4-1: USB disconnect, device number 11 [ 297.080962][T10743] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2024'. [ 297.255228][T10747] binder: BINDER_SET_CONTEXT_MGR already set [ 297.275600][T10747] binder: 10746:10747 ioctl 4018620d 800002c0 returned -16 [ 297.386146][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 297.606118][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 297.713191][ T10] usb 2-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 297.723131][ T5944] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 297.767874][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.778894][ T10] usb 2-1: Product: syz [ 297.783137][ T10] usb 2-1: Manufacturer: syz [ 297.791352][ T10] usb 2-1: SerialNumber: syz [ 297.806328][ T10] usb 2-1: config 0 descriptor?? [ 297.830546][ T10] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 297.928404][ T5944] usb 1-1: config 253 has an invalid interface number: 151 but max is 0 [ 297.945829][ T5944] usb 1-1: config 253 has no interface number 0 [ 297.958803][ T5944] usb 1-1: config 253 interface 151 has no altsetting 0 [ 297.982806][ T5944] usb 1-1: New USB device found, idVendor=8086, idProduct=0b03, bcdDevice=65.29 [ 298.000524][ T5944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.018960][ T5944] usb 1-1: Product: syz [ 298.035930][ T5944] usb 1-1: Manufacturer: syz [ 298.040966][ T5944] usb 1-1: SerialNumber: syz [ 298.357362][ T5944] usb 1-1: Found UVC 0.00 device syz (8086:0b03) [ 298.394554][ T5944] usb 1-1: No valid video chain found. [ 298.415209][ T5944] usb 1-1: USB disconnect, device number 14 [ 298.548370][ T30] audit: type=1326 audit(1754273323.253:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10769 comm="syz.4.2036" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x0 [ 298.825463][T10777] binder: BINDER_SET_CONTEXT_MGR already set [ 298.835120][T10777] binder: 10776:10777 ioctl 4018620d 800002c0 returned -16 [ 299.405857][ T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 299.443739][ T10] gspca_zc3xx: reg_w_i err -71 [ 299.455870][ T5945] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 299.538940][T10797] netlink: 'syz.4.2048': attribute type 9 has an invalid length. [ 299.562500][T10797] netlink: 'syz.4.2048': attribute type 9 has an invalid length. [ 299.576053][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 299.583663][ T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 299.614446][ T24] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 299.650296][ T5945] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 299.670360][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.679865][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 299.696396][ T24] usb 4-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 299.706036][ T5945] usb 1-1: Product: syz [ 299.710493][ T5945] usb 1-1: Manufacturer: syz [ 299.715400][ T5945] usb 1-1: SerialNumber: syz [ 299.724751][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.746969][ T5945] usb 1-1: config 0 descriptor?? [ 299.761630][ T24] usb 4-1: config 0 descriptor?? [ 299.815464][T10801] binder: 10800:10801 ioctl c0306201 0 returned -14 [ 300.065916][ T10] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 300.075038][ T10] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 300.116710][ T10] usb 2-1: USB disconnect, device number 12 [ 300.221848][T10807] netlink: zone id is out of range [ 300.240102][T10807] netlink: zone id is out of range [ 300.297207][T10812] netlink: del zone limit has 4 unknown bytes [ 300.319465][T10807] netlink: set zone limit has 4 unknown bytes [ 300.410563][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 300.432262][ T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 300.496272][ T24] usb 4-1: USB disconnect, device number 12 [ 300.603436][ T30] audit: type=1326 audit(1754273325.303:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10815 comm="syz.4.2057" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x0 [ 300.799748][ T5945] usb 1-1: f81604_read: reg: 100f failed: -EPROTO [ 300.822933][ T5945] usb 1-1: f81604_read: reg: 200f failed: -EPROTO [ 300.837369][ T5945] usb 1-1: USB disconnect, device number 15 [ 300.866927][ T5945] usb 1-1: f81604_read: reg: 100f failed: -ENODEV [ 300.941359][ T5526] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 301.050608][ T5945] usb 1-1: f81604_read: reg: 200f failed: -ENODEV [ 301.192507][T10829] binder: 10828:10829 ioctl c0306201 0 returned -14 [ 301.435332][T10831] openvswitch: netlink: EtherType 0 is less than min 600 [ 302.896723][T10864] openvswitch: netlink: EtherType 0 is less than min 600 [ 302.983636][T10867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2078'. [ 303.036668][ T5944] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 303.145809][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 303.214910][ T5944] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 303.225518][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.243042][T10870] netlink: 'syz.0.2079': attribute type 64 has an invalid length. [ 303.252200][ T5944] usb 4-1: Product: syz [ 303.256613][ T5944] usb 4-1: Manufacturer: syz [ 303.261489][ T5944] usb 4-1: SerialNumber: syz [ 303.277943][T10870] netlink: 'syz.0.2079': attribute type 4 has an invalid length. [ 303.291435][T10870] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2079'. [ 303.316281][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 303.678840][ T5944] usb 4-1: config 0 descriptor?? [ 303.711965][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 303.722694][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.741023][ T10] usb 3-1: config 0 descriptor?? [ 303.973773][ T10] usb 3-1: string descriptor 0 read error: -32 [ 303.992270][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 304.205948][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 304.214684][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 304.223808][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 304.232447][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 304.241662][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 304.303946][ T5944] usb 4-1: f81604_read: reg: 105 failed: -EPIPE [ 304.313183][ T5944] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPIPE [ 304.324566][ T5944] f81604 4-1:0.0: probe with driver f81604 failed with error -32 [ 304.455180][ T10] pwc: recv_control_msg error -71 req 02 val 2000 [ 304.468833][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 304.478828][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 304.488442][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 304.503233][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 304.513469][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 304.524254][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 304.533929][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 304.545402][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 304.554215][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 304.568286][ T10] pwc: Registered as video103. [ 304.581181][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input19 [ 304.605094][ T10] usb 3-1: USB disconnect, device number 8 [ 305.819652][ T10] usb 4-1: USB disconnect, device number 13 [ 306.244771][T10899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2089'. [ 306.258011][T10897] netlink: 'syz.3.2090': attribute type 1 has an invalid length. [ 306.547875][T10897] 8021q: adding VLAN 0 to HW filter on device bond2 [ 306.601427][T10907] netlink: del zone limit has 4 unknown bytes [ 306.638536][T10903] bond2: (slave geneve2): making interface the new active one [ 306.657099][T10905] netlink: set zone limit has 4 unknown bytes [ 306.740950][T10903] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 307.063182][T10915] openvswitch: netlink: EtherType 0 is less than min 600 [ 307.425929][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 307.466435][ T5945] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 307.569813][ T51] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 307.595820][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 307.603921][ T10] usb 4-1: too many endpoints for config 0 interface 0 altsetting 4: 255, using maximum allowed: 30 [ 307.627721][ T10] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 307.650401][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 307.668140][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 307.685862][ T10] usb 4-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 307.690583][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 307.725871][ T5945] usb 1-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00 [ 307.745343][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.748653][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.789281][ T5945] usb 1-1: config 0 descriptor?? [ 307.796398][T10919] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 307.842303][ T10] usb 4-1: config 0 descriptor?? [ 308.252848][ T5945] uclogic 0003:28BD:0055.0007: interface is invalid, ignoring [ 308.465040][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 308.481573][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 308.502083][ T10] usb 4-1: USB disconnect, device number 14 [ 308.565634][ T5944] usb 1-1: USB disconnect, device number 16 [ 308.967756][ T51] Bluetooth: hci1: unexpected event for opcode 0x2040 [ 309.066151][T10945] netlink: 'syz.1.2105': attribute type 1 has an invalid length. [ 309.217329][T10945] 8021q: adding VLAN 0 to HW filter on device bond1 [ 309.418409][T10956] openvswitch: netlink: EtherType 0 is less than min 600 [ 309.453664][T10949] bond1: (slave geneve2): making interface the new active one [ 309.488578][T10949] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 309.640116][T10949] syz.1.2105 (10949) used greatest stack depth: 19280 bytes left [ 309.705799][ T5945] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 309.724535][T10966] netlink: 'syz.3.2114': attribute type 8 has an invalid length. [ 309.907500][ T5945] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.935761][ T5945] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.946418][ T5945] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 309.975783][ T5945] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 310.005882][ T5945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.054063][ T5945] usb 3-1: config 0 descriptor?? [ 310.603831][ T5945] plantronics 0003:047F:FFFF.0008: reserved main item tag 0xd [ 310.796285][ T5945] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 310.846875][ T5945] usb 3-1: USB disconnect, device number 9 [ 311.029508][T10997] fido_id[10997]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 312.008764][T11020] futex_wake_op: syz.2.2139 tries to shift op by -1; fix this program [ 312.368445][T11028] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2136'. [ 312.702075][T11031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2140'. [ 313.406393][T11034] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 313.414094][T11034] IPv6: NLM_F_CREATE should be set when creating new route [ 313.421579][T11034] IPv6: NLM_F_CREATE should be set when creating new route [ 313.450110][T11034] ------------[ cut here ]------------ [ 313.456338][T11034] WARNING: CPU: 0 PID: 11034 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0xed8/0x1080 [ 313.467553][T11034] Modules linked in: [ 313.471653][T11034] CPU: 0 UID: 0 PID: 11034 Comm: syz.0.2141 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 313.484295][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 313.495245][T11034] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080 [ 313.501628][T11034] Code: fa be 02 00 00 00 eb 0a e8 85 41 aa fa be 01 00 00 00 4c 89 f7 e8 38 a0 b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 69 41 aa fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35 [ 313.521676][T11034] RSP: 0018:ffffc9001bba7008 EFLAGS: 00010283 [ 313.528448][T11034] RAX: ffffffff87155d87 RBX: 0000000000000001 RCX: 0000000000080000 [ 313.537296][T11034] RDX: ffffc9000be7b000 RSI: 00000000000055e2 RDI: 00000000000055e3 [ 313.546935][T11034] RBP: dffffc0000000000 R08: ffff8880554f6c2f R09: 1ffff1100aa9ed85 [ 313.555347][T11034] R10: dffffc0000000000 R11: ffffed100aa9ed86 R12: ffff88807e461000 [ 313.564195][T11034] R13: ffffc9001bba7180 R14: 0000000000000000 R15: ffffc9001bba7198 [ 313.572374][T11034] FS: 0000000000000000(0000) GS:ffff888125c2a000(0063) knlGS:00000000f5076b40 [ 313.581777][T11034] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 313.588572][T11034] CR2: 000000000c2ee09a CR3: 000000004985c000 CR4: 00000000003526f0 [ 313.596904][T11034] Call Trace: [ 313.600269][T11034] [ 313.603322][T11034] notifier_call_chain+0x1b3/0x3e0 [ 313.608642][T11034] ? atomic_notifier_call_chain+0x26/0x180 [ 313.614683][T11034] atomic_notifier_call_chain+0xda/0x180 [ 313.620878][T11034] call_fib_notifiers+0x31/0x60 [ 313.626206][T11034] call_fib6_multipath_entry_notifiers+0xe6/0x150 [ 313.633221][T11034] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10 [ 313.641094][T11034] ? inet6_rtm_newroute+0xe8b/0x18c0 [ 313.646866][T11034] inet6_rtm_newroute+0x12f5/0x18c0 [ 313.652206][T11034] ? nlmon_xmit+0xb0/0x100 [ 313.657105][T11034] ? kmem_cache_free+0x18f/0x400 [ 313.662547][T11034] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 313.668569][T11034] ? __local_bh_enable_ip+0x12d/0x1c0 [ 313.674401][T11034] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 313.680176][T11034] rtnetlink_rcv_msg+0x7cc/0xb70 [ 313.685604][T11034] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 313.691059][T11034] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 313.697033][T11034] ? ref_tracker_free+0x63a/0x7d0 [ 313.702170][T11034] ? __asan_memcpy+0x40/0x70 [ 313.707015][T11034] ? __pfx_ref_tracker_free+0x10/0x10 [ 313.712866][T11034] ? __skb_clone+0x63/0x7a0 [ 313.717891][T11034] netlink_rcv_skb+0x205/0x470 [ 313.723033][T11034] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 313.729209][T11034] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 313.734799][T11034] ? netlink_deliver_tap+0x2e/0x1b0 [ 313.740389][T11034] netlink_unicast+0x82f/0x9e0 [ 313.745336][T11034] ? __pfx_netlink_unicast+0x10/0x10 [ 313.750877][T11034] ? netlink_sendmsg+0x642/0xb30 [ 313.756049][T11034] ? skb_put+0x11b/0x210 [ 313.760567][T11034] netlink_sendmsg+0x805/0xb30 [ 313.765500][T11034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.771260][T11034] ? __import_iovec+0x5d4/0x7f0 [ 313.776327][T11034] ? aa_sock_msg_perm+0x94/0x160 [ 313.781622][T11034] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 313.787344][T11034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.792951][T11034] __sock_sendmsg+0x219/0x270 [ 313.798438][T11034] ____sys_sendmsg+0x505/0x830 [ 313.803590][T11034] ? __pfx_____sys_sendmsg+0x10/0x10 [ 313.809206][T11034] ? __pfx_futex_wake_mark+0x10/0x10 [ 313.814713][T11034] ___sys_sendmsg+0x21f/0x2a0 [ 313.819568][T11034] ? __pfx____sys_sendmsg+0x10/0x10 [ 313.825024][T11034] ? __fget_files+0x2a/0x420 [ 313.829790][T11034] ? __fget_files+0x3a0/0x420 [ 313.834694][T11034] __sys_sendmsg+0x164/0x220 [ 313.839471][T11034] ? __pfx___sys_sendmsg+0x10/0x10 [ 313.844724][T11034] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.850192][T11034] __do_fast_syscall_32+0xb6/0x2b0 [ 313.855449][T11034] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.860951][T11034] do_fast_syscall_32+0x34/0x80 [ 313.866131][T11034] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 313.872860][T11034] RIP: 0023:0xf7f55539 [ 313.877224][T11034] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 313.897773][T11034] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 313.906515][T11034] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 313.914715][T11034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 313.923207][T11034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 313.931471][T11034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 313.940069][T11034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 313.948474][T11034] [ 313.951706][T11034] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 313.959677][T11034] CPU: 0 UID: 0 PID: 11034 Comm: syz.0.2141 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 313.971728][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 313.982360][T11034] Call Trace: [ 313.985674][T11034] [ 313.988623][T11034] dump_stack_lvl+0x99/0x250 [ 313.993555][T11034] ? __asan_memcpy+0x40/0x70 [ 313.998268][T11034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 314.003564][T11034] ? __pfx__printk+0x10/0x10 [ 314.008268][T11034] vpanic+0x27a/0x730 [ 314.012530][T11034] ? __pfx__printk+0x10/0x10 [ 314.017262][T11034] ? __pfx_vpanic+0x10/0x10 [ 314.021875][T11034] ? is_bpf_text_address+0x26/0x2b0 [ 314.027136][T11034] panic+0xb9/0xc0 [ 314.031064][T11034] ? __pfx_panic+0x10/0x10 [ 314.035537][T11034] __warn+0x31b/0x4b0 [ 314.039560][T11034] ? nsim_fib_event_nb+0xed8/0x1080 [ 314.044940][T11034] ? nsim_fib_event_nb+0xed8/0x1080 [ 314.050206][T11034] report_bug+0x2be/0x4f0 [ 314.054594][T11034] ? nsim_fib_event_nb+0xed8/0x1080 [ 314.059976][T11034] ? nsim_fib_event_nb+0xed8/0x1080 [ 314.065209][T11034] ? nsim_fib_event_nb+0xeda/0x1080 [ 314.070629][T11034] handle_bug+0x84/0x160 [ 314.074985][T11034] exc_invalid_op+0x1a/0x50 [ 314.079610][T11034] asm_exc_invalid_op+0x1a/0x20 [ 314.084512][T11034] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080 [ 314.090553][T11034] Code: fa be 02 00 00 00 eb 0a e8 85 41 aa fa be 01 00 00 00 4c 89 f7 e8 38 a0 b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 69 41 aa fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35 [ 314.110266][T11034] RSP: 0018:ffffc9001bba7008 EFLAGS: 00010283 [ 314.116630][T11034] RAX: ffffffff87155d87 RBX: 0000000000000001 RCX: 0000000000080000 [ 314.124817][T11034] RDX: ffffc9000be7b000 RSI: 00000000000055e2 RDI: 00000000000055e3 [ 314.133069][T11034] RBP: dffffc0000000000 R08: ffff8880554f6c2f R09: 1ffff1100aa9ed85 [ 314.141138][T11034] R10: dffffc0000000000 R11: ffffed100aa9ed86 R12: ffff88807e461000 [ 314.149400][T11034] R13: ffffc9001bba7180 R14: 0000000000000000 R15: ffffc9001bba7198 [ 314.157563][T11034] ? nsim_fib_event_nb+0xed7/0x1080 [ 314.163142][T11034] ? nsim_fib_event_nb+0xed7/0x1080 [ 314.168619][T11034] notifier_call_chain+0x1b3/0x3e0 [ 314.174463][T11034] ? atomic_notifier_call_chain+0x26/0x180 [ 314.180616][T11034] atomic_notifier_call_chain+0xda/0x180 [ 314.186559][T11034] call_fib_notifiers+0x31/0x60 [ 314.191651][T11034] call_fib6_multipath_entry_notifiers+0xe6/0x150 [ 314.198888][T11034] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10 [ 314.206115][T11034] ? inet6_rtm_newroute+0xe8b/0x18c0 [ 314.211518][T11034] inet6_rtm_newroute+0x12f5/0x18c0 [ 314.217012][T11034] ? nlmon_xmit+0xb0/0x100 [ 314.221625][T11034] ? kmem_cache_free+0x18f/0x400 [ 314.226575][T11034] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 314.232218][T11034] ? __local_bh_enable_ip+0x12d/0x1c0 [ 314.237931][T11034] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 314.243731][T11034] rtnetlink_rcv_msg+0x7cc/0xb70 [ 314.248858][T11034] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 314.254070][T11034] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 314.259851][T11034] ? ref_tracker_free+0x63a/0x7d0 [ 314.265094][T11034] ? __asan_memcpy+0x40/0x70 [ 314.269830][T11034] ? __pfx_ref_tracker_free+0x10/0x10 [ 314.275211][T11034] ? __skb_clone+0x63/0x7a0 [ 314.279826][T11034] netlink_rcv_skb+0x205/0x470 [ 314.284953][T11034] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 314.290520][T11034] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 314.295837][T11034] ? netlink_deliver_tap+0x2e/0x1b0 [ 314.301048][T11034] netlink_unicast+0x82f/0x9e0 [ 314.305920][T11034] ? __pfx_netlink_unicast+0x10/0x10 [ 314.311410][T11034] ? netlink_sendmsg+0x642/0xb30 [ 314.316523][T11034] ? skb_put+0x11b/0x210 [ 314.320785][T11034] netlink_sendmsg+0x805/0xb30 [ 314.325647][T11034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.331117][T11034] ? __import_iovec+0x5d4/0x7f0 [ 314.335978][T11034] ? aa_sock_msg_perm+0x94/0x160 [ 314.340954][T11034] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 314.346455][T11034] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.351855][T11034] __sock_sendmsg+0x219/0x270 [ 314.356665][T11034] ____sys_sendmsg+0x505/0x830 [ 314.361506][T11034] ? __pfx_____sys_sendmsg+0x10/0x10 [ 314.366962][T11034] ? __pfx_futex_wake_mark+0x10/0x10 [ 314.372391][T11034] ___sys_sendmsg+0x21f/0x2a0 [ 314.377089][T11034] ? __pfx____sys_sendmsg+0x10/0x10 [ 314.382681][T11034] ? __fget_files+0x2a/0x420 [ 314.387317][T11034] ? __fget_files+0x3a0/0x420 [ 314.392045][T11034] __sys_sendmsg+0x164/0x220 [ 314.396714][T11034] ? __pfx___sys_sendmsg+0x10/0x10 [ 314.401873][T11034] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.407083][T11034] __do_fast_syscall_32+0xb6/0x2b0 [ 314.412296][T11034] ? lockdep_hardirqs_on+0x9c/0x150 [ 314.417548][T11034] do_fast_syscall_32+0x34/0x80 [ 314.422492][T11034] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.428852][T11034] RIP: 0023:0xf7f55539 [ 314.432928][T11034] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 314.453242][T11034] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 314.461735][T11034] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 314.469733][T11034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.477906][T11034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.486000][T11034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 314.493999][T11034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.502014][T11034] [ 314.505472][T11034] Kernel Offset: disabled [ 314.510060][T11034] Rebooting in 86400 seconds..