last executing test programs: 9.908890596s ago: executing program 0 (id=1918): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, r3, 0xfd39e943ccf1163b, 0x4070bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) 9.761267019s ago: executing program 0 (id=1919): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x3, 0x17b}, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 8.036531503s ago: executing program 0 (id=1932): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0}) personality(0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x224}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002600)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1a53) sched_setattr(r3, &(0x7f0000000140)={0x38, 0x6, 0x3c, 0xe, 0x2, 0x2, 0x3fc0000000000, 0x40, 0x9, 0x8}, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x122) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000400)=@v3={0x3000000, [{0x9, 0x1}, {0x0, 0x3d9b}]}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='permprofile && \r:', @ANYRES64], 0xff) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x5) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r7, 0xc048aec8, &(0x7f00000005c0)={0xffffffff}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffdd5}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) 6.353327573s ago: executing program 0 (id=1938): syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f00000000c0)=[0x4, 0x4]) 5.687803732s ago: executing program 0 (id=1945): prctl$PR_SCHED_CORE(0x3e, 0x6, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000003c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x2, 0x0, 0x41c}}}, 0x7) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x4f, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000001c0)={[{0x4, 0x5, 0x80, 0x4, 0x4, 0x4, 0x9, 0x5, 0xb6, 0x0, 0x40, 0x9}, {0x3bea, 0xfffd, 0x6, 0x4, 0x5, 0x4, 0xf, 0xfe, 0x3, 0x8, 0x5, 0x2, 0x4}, {0x8, 0x8, 0x9, 0x6a, 0xfc, 0x7, 0x6f, 0x6, 0x4, 0x2, 0x6, 0x7, 0x9}], 0xf}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de20102030109021200010000000009040000000206"], 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000440)={0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000400000076003e70"], 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xb, 0x9}, {}, {0x9, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x6}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48848}, 0x20004804) 5.204608685s ago: executing program 2 (id=1950): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x306, @random="0081f88cfea2"}, 0x68, {0x2, 0x4e20, @empty}, 'team_slave_0\x00'}) 5.16007718s ago: executing program 2 (id=1951): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="12", 0x1}], 0x1}, 0x1) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 5.077180337s ago: executing program 2 (id=1952): syz_open_dev$dri(&(0x7f0000000080), 0xb, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) r2 = semget$private(0x0, 0x4000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x6}}, 0x5a}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xc) r4 = userfaultfd(0x80801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x3}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f00000000c0)=@filter={'filter\x00', 0xe, 0x88, 0x90, [0x0, 0x80000580, 0x800005b0, 0x800005e0], 0x0, 0x0, &(0x7f0000000580)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x88}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x8800}]}, 0x108) ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}) semctl$SETVAL(r2, 0x1, 0x10, &(0x7f0000000100)=0xffffd44f) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000740)) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f00000001c0)=[0xd, 0x200, 0xf89]) semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000040)={0x80000000, &(0x7f0000000000), &(0x7f00000001c0)}) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000c80)={0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0), 0x0, 0x0, &(0x7f0000000b00)}) syz_open_procfs(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="cc747748500b4ffe2b1f0000ffff00000000dca6fe2d04707606000ef7686ade758d987dd86798ae4570218553f09252b3fa168a975e01d4ea74442d309a85f954e6310c7243d1b6f9a74d616c4b"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0xa0}, 0x94) 4.637424886s ago: executing program 3 (id=1955): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x88}}, 0x0) 4.574394312s ago: executing program 3 (id=1957): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x12571144d43d7ee5, 0x10008095, 0x0, 0x0) 3.652282594s ago: executing program 2 (id=1960): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x41, 0xdc, 0x32, 0x8, 0xb57, 0x2a8d, 0x3374, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x60, 0x3, 0x1, 0x3, 0x1, 0x2, 0x0, [], [{{0x9, 0x5, 0x88, 0x3, 0x400, 0xfe, 0xfa, 0x1}}]}}]}}]}}, 0x0) syz_usb_control_io$sierra_net(r2, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @string={0x4, 0x3, "7ec2"}}}, 0x0) write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd00", 0x22) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f00000002800000129487", 0x2f}], 0x1}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x48000) 3.533276644s ago: executing program 3 (id=1961): socket(0x2, 0x80805, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000002040)={{0x0, 0x1, 0x3, 0x1, 0x4, 0xf, 0x4, 0x7fffffff, 0x5, 0x6, 0x10000, 0x7, 0xc, 0x2}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4040824}, 0x406c816) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000400)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$kcm(0xa, 0x2, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44) sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @mcast2}, 0x80, 0x0}, 0x0) sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c80000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200e00000010c000280050001000000000008000740000000013c001080080002400000000708000140000046e2080003"], 0xc8}, 0x1, 0x0, 0x0, 0x4000090}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRES8=r3], 0x40}}, 0x4048800) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0) lseek(r7, 0x4a, 0x1) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBTYPE(r8, 0x4b33, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1000000, 0x50, r8, 0x5f456000) 3.25076058s ago: executing program 1 (id=1962): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x280}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1f}) 3.188254525s ago: executing program 1 (id=1963): io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r0 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r1 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0xde5f, 0x10100, 0x2, 0x33a}, &(0x7f0000002bc0)=0x0, &(0x7f0000002900)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}, 0x1, 0x0, 0x0, 0x44054}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 3.056287267s ago: executing program 1 (id=1964): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @multicast1}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0) ioctl$TCSBRKP(r2, 0x5425, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x7, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$netlink(0x10, 0x3, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00') ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000}) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x11}, {0xffe6, 0xb}, {0xfff2, 0xc}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x7, 0x1, 0x7}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x4000804) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r6, &(0x7f0000007700), 0x318, 0xfc0, 0x0) read$FUSE(r5, &(0x7f00000025c0)={0x2020}, 0x2020) 2.58509953s ago: executing program 3 (id=1965): socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x402, 0xc1) getdents(r0, &(0x7f00000000c0)=""/31, 0x1f) getdents(r0, 0x0, 0xbb) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xc, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000180)=0x0) sched_setattr(r3, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) syz_io_uring_setup(0x10015c0, &(0x7f0000000300)={0x0, 0xe3da, 0x1, 0x3, 0x145}, &(0x7f0000000200), &(0x7f00000001c0)) symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file0\x00') rename(&(0x7f00000006c0)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000040)='./file0\x00') r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = landlock_create_ruleset(0x0, 0x0, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000300)={'syz_tun\x00', &(0x7f00000003c0)=@ethtool_rxnfc={0x32, 0xb, 0xe, {0x1, @ether_spec={@random="4aa8a19c78c5", @multicast, 0x6}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, 0x7, 0x7, [0xb1d1, 0x5]}, @sctp_ip6_spec={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4e23, 0x4e20, 0x9}, {0x0, @remote, 0x0, 0x0, [0x4]}, 0x8, 0x101}, 0x3, [0xf, 0x9, 0x3]}}) landlock_restrict_self(r6, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002) 2.558314592s ago: executing program 0 (id=1966): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x1e1802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8005, 0x0, 0xe1, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}]}, 0x34}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000000208010000000000000000000a0000070940010073797aff000000009f55"], 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40001, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, 0x7}, 0x1c) socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$kcm(0x29, 0x5, 0x0) accept4(r6, 0x0, 0x0, 0x80000) syz_usb_connect(0x1, 0x24, 0x0, 0x0) syz_io_uring_setup(0x4cbf, &(0x7f0000000380)={0x0, 0x64bb, 0x1000, 0x1, 0x4}, &(0x7f0000000400), 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000000040)) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800d1}, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@mask_fadd={0x58, 0x114, 0x8, {{0x7f, 0xfffffc01}, 0xffffffffffffffff, 0x0, 0x8, 0x7c0d08aa, 0x2b, 0xffffffffffffff5d, 0x35, 0x9d}}], 0x58, 0x200080c0}, 0x0) lseek(0xffffffffffffffff, 0xfffffffffffffff6, 0x1) 2.437371613s ago: executing program 2 (id=1967): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0cc5605, &(0x7f0000000200)={0x1, @pix={0x6, 0x5, 0x37303250, 0xcfac8efc585e843, 0x7, 0xf8, 0x3, 0x8, 0x0, 0x4, 0x0, 0x3}}) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r4) r5 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x29, 0x1f, 0x0, 0x30) sendmmsg$unix(r2, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x4e30}, 0x4, 0x0}}], 0x2, 0x40008004) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) bind$unix(r6, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r6, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000240)=0x6e, 0x80000) preadv2(0xffffffffffffffff, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/137, 0x89}], 0x1, 0x2, 0xcda, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0xb, &(0x7f00000006c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}, 0x10}, 0x94) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000ac0)=r7, 0x4) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r9 = syz_open_dev$vbi(&(0x7f0000000240), 0x3, 0x2) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r9, 0xc0845658, &(0x7f00000033c0)={0x0, @bt={0x8, 0x36, 0x0, 0x1, 0x3, 0x8000, 0x6, 0x5, 0x8000, 0x0, 0x9, 0x44, 0x3, 0xff, 0x18, 0x4, {0x5, 0x3}, 0x7, 0x9}}) sendmmsg(0xffffffffffffffff, &(0x7f00000029c0), 0x400006d, 0x20000004) 1.246369099s ago: executing program 1 (id=1968): bpf$BPF_PROG_DETACH(0x9, &(0x7f00000008c0)={@cgroup, 0xffffffffffffffff, 0x1b, 0x0, 0x4000}, 0x16) 1.156494267s ago: executing program 1 (id=1969): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, 0x0, 0x0, 0x200, 0x0, 0x0, 0x41100}, 0x94) 1.029516288s ago: executing program 3 (id=1970): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000d80)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c) 1.027390528s ago: executing program 3 (id=1971): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x14}, 0x6}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0xa2cc, @local, 0xf}, 0x1c, &(0x7f0000000880)=[{&(0x7f0000000080)='\\', 0x1}], 0x1}}], 0x2, 0x4000844) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x342, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, 0x0, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="1100140003009565a9999d6d15db16dfa5e838c2d1aa0001000000000000280016800400018105001100060000000000000000000000007ed8c46d6a69980100aa7ab02b4251069cad71054b0f2b9b4fe755e6cb96b68b941a7ea7074bac25667f3306264db6e21fb6212f4c1fe790d3b3a4cf7e0a4810c1fc88540ed0597a83cb0bde1621ea9d2ba9186112e6eb6bad38c86d71108d4b"], 0x44}, 0x1, 0x0, 0x0, 0xc1}, 0x0) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1}, {0x0, 0x4, 0x8, 0x0, 0x0, 0x0, 0x2, 0x10, 0x2, 0x0, 0x0, 0x0, 0x1}]}) r8 = msgget$private(0x0, 0x4a0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="240000006800090000000000000008001000"/28, @ANYRES32=0x0, @ANYBLOB="04000b00"], 0x24}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c000280060001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x3, {[@main=@item_012={0x1, 0x0, 0xc, '?'}, @main=@item_012={0x0, 0x0, 0x9}]}}, 0x0}, 0x0) msgctl$IPC_STAT(r8, 0x2, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x3, 0x4, 0x1000000000000002, 0x102000000000002, 0x8000000d, 0x2004c8, 0xffff, 0x3, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0xd0b, 0xfffffffffffffff9, 0x2000000000000003, 0x5], 0x80a0000, 0x4284}) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000140)={0x0, 0x5}, 0x8) 161.297955ms ago: executing program 2 (id=1972): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'ip6tnl0\x00', 0xa5}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) syz_usb_disconnect(0xffffffffffffffff) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000d80)={"6cdd4237dd245c8404721efdc9c8dc1964125fa900002b761c6ec25b2bec0ba4c8052dc93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d269c438b46485f02baee1ab60ff4758e066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001004000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9d1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a6baa41d614f6ffff1bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff60000adfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c05c41554cef107cd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c17cfc5acb290e8976dcac779ff0100f5620000003d4e1800fe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fdd5599234cb10459e33b5208752726ed9f0c340d494b82d19cc930bb8a5f8b4da8f4603ac0c3b698384e1b4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7ff1f040f00e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc028fd3d972c3eff254297b6bf400009c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f699613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801ffff00002bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba76c1381b1cec6ddaa76e186719d819164300"}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000002c80)={{0x12, 0x1, 0x0, 0x41, 0x7, 0xf5, 0x40, 0xcf3, 0x9375, 0x1a9e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbe, 0xe4, 0xf9}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000700)={0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000980)={"463905a9ed689001bf501f5d06c9bb650ad25e54664908571e4b865252982a7d66d45edaa9069c47ba8a09bbc555499a414202604223a18db9aec38ebb268f6ea2cd8702671daf9c58e5435cfa35ba1cd9ec9dd57a348ddf8dd75371ddba039ce06a12a15f91987cbb0f448ae1e43b1c2f70725135bad6dca096fe40607528bd95dcb884872230c61a72fe00c52255b53c00b983971b030bc7df9dec9efb9b6e9e0552916f288e1e60a6a5d208779d5d6243ede99e9db1faebbee758fb2114839f1c62c503ef34944c75e3fe4c509d7dbf9f66d6a39db8bb3eb0fa0fe1864baf1636e8b9060eb0e1a2f55bbde8871c2abfb3d459877bc94cec2f873205ece3c63e71014786801ac0654159b75730fbd9383f64507e2c887190e05b664822b796179acd5c160ccb210bda8f52ebbe3b84977d26fbff35f1d664aa2c01acabb40ed18bc684a8d9a73ff1fa3cd3e9fd914abb5b4032bb5f28eb41ecffa233e18c40b84f2d9b3e7ed95a1f6199141f51369ff2f00d37b6fc94c5792f136e6c6668a7c7606e67f4715c49b2f34a456a617c759a4a07fc66e9843c716f9f851cdc3f36127b2adc4fc1e642ec7d003618c34bd485864d5103f503d8007ca70d8c2e209f329d5693b3fff6cab97a43f276eb5ab5ab12b2fd39af2e67298cd1c5f7cef01806b82af1ed270a4e346c948ba965a2e092d040af8242ff609e6d3768db0301e66eb234e591371da21298dc4c8efe908a2470ba4542be772a8d6cccc878205256dd4f26bd987e8a7914f690e29b0b03e5e18b4340e611ecabe62868d25a04a6e13fa0b946e773d1a25af0851077dac26c18d690cf2bd715368c9b7bef624346d783c1052d9a4c61e73c604a066cee47971316a393e546d6f8a5a6b4ecac49ce9d7450cbb63d53434e5083ebd9c4b501aae9c9c1b18b95ff15f87581066cfad01f42214d6e191586dd22b5cb99bad7f91923af51a410dca073193fefddf01c5f2c3e9728ace39b72bee7450788f2c74b4f10a5ef8c4e8adc9761b7baa3689ea9f09264963a206a7548d9288d97e84d842d19bf3cc10cf033d12ed159328744d340e6e561afd811606006433f3fdf796163295b9bd38242320960f9f0d76ea2822fa68736bd357652c49f716a1919159e11f64425c95a5139c8290f067269e7bb191bca44494f97f28fa141e6515a762f659413f941c1b1c0bdd2e1228afd5ba100dd1a1d164f46987b78e652d2205d1d7e17e811845a23bdf2c897c7932923855e31e172b9a0b068e1d335f89fabe8ce661a9b4ccaec2e29a8f97c84978478c4d235b04e6a8a32d5f10f35486b03fd458b7b825408ce4201c8ca2258fe7b4618b168504b8f23ea37bfd5b3530e2f27bc521c4ccfdfa97761ebedfbb373ee5b6e12b07e0ce3feaad48e8aacfd2505e513433b9960fc24a5a6e7b778adaa73278396"}) 0s ago: executing program 1 (id=1973): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000240)=ANY=[@ANYBLOB='@'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): 38][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.116090][ T5773] bridge_slave_1: entered allmulticast mode [ 78.123274][ T5773] bridge_slave_1: entered promiscuous mode [ 78.145957][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.195891][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.220751][ T5768] team0: Port device team_slave_0 added [ 78.228996][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.238251][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.246247][ T5767] bridge_slave_0: entered allmulticast mode [ 78.253101][ T5767] bridge_slave_0: entered promiscuous mode [ 78.275587][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.286746][ T5768] team0: Port device team_slave_1 added [ 78.308095][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.316451][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.324046][ T5767] bridge_slave_1: entered allmulticast mode [ 78.331617][ T5767] bridge_slave_1: entered promiscuous mode [ 78.352959][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.401200][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.413544][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.426969][ T5763] team0: Port device team_slave_0 added [ 78.462723][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.476825][ T5763] team0: Port device team_slave_1 added [ 78.492747][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.499779][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.526560][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.582001][ T5773] team0: Port device team_slave_0 added [ 78.592480][ T5773] team0: Port device team_slave_1 added [ 78.599196][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.606480][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.635265][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.657122][ T5767] team0: Port device team_slave_0 added [ 78.668423][ T5767] team0: Port device team_slave_1 added [ 78.688586][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.695778][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.722687][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.772326][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.780859][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.808900][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.853253][ T5768] hsr_slave_0: entered promiscuous mode [ 78.860243][ T5768] hsr_slave_1: entered promiscuous mode [ 78.884237][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.891581][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.918585][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.932553][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.940171][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.967158][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.980089][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.987656][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.014137][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.033359][ T5778] Bluetooth: hci0: command tx timeout [ 79.035111][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.046645][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.074413][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.104869][ T5766] Bluetooth: hci2: command tx timeout [ 79.105600][ T5770] Bluetooth: hci1: command tx timeout [ 79.117629][ T5778] Bluetooth: hci3: command tx timeout [ 79.155763][ T5763] hsr_slave_0: entered promiscuous mode [ 79.162888][ T5763] hsr_slave_1: entered promiscuous mode [ 79.169781][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.177982][ T5763] Cannot create hsr debugfs directory [ 79.268285][ T5773] hsr_slave_0: entered promiscuous mode [ 79.275175][ T5773] hsr_slave_1: entered promiscuous mode [ 79.281630][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.289433][ T5773] Cannot create hsr debugfs directory [ 79.305768][ T5767] hsr_slave_0: entered promiscuous mode [ 79.312372][ T5767] hsr_slave_1: entered promiscuous mode [ 79.318878][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.327283][ T5767] Cannot create hsr debugfs directory [ 79.713125][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.731346][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.742254][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.754138][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.830074][ T5763] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.848137][ T5763] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.860330][ T5763] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.889629][ T5763] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.957702][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.972099][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.995143][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.007248][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.102893][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.113116][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.124096][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.148427][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.210601][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.287698][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.310967][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.318880][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.342845][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.350203][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.397284][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.418548][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.472283][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.501071][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.521840][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.529377][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.562608][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.570227][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.622356][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.629886][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.644459][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.652649][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.727045][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.809780][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.856988][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.864255][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.908838][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.916092][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.962637][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.117040][ T5770] Bluetooth: hci0: command tx timeout [ 81.177024][ T5768] veth0_vlan: entered promiscuous mode [ 81.186195][ T5778] Bluetooth: hci1: command tx timeout [ 81.187620][ T5766] Bluetooth: hci3: command tx timeout [ 81.191792][ T5770] Bluetooth: hci2: command tx timeout [ 81.212549][ T5768] veth1_vlan: entered promiscuous mode [ 81.251774][ T5768] veth0_macvtap: entered promiscuous mode [ 81.279440][ T5768] veth1_macvtap: entered promiscuous mode [ 81.306043][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.322077][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.369108][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.384740][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.393624][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.412905][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.488719][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.500573][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.680874][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.690414][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.713188][ T5773] veth0_vlan: entered promiscuous mode [ 81.749750][ T5763] veth0_vlan: entered promiscuous mode [ 81.781069][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.802083][ T5773] veth1_vlan: entered promiscuous mode [ 81.816676][ T2957] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.839675][ T2957] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.861934][ T5763] veth1_vlan: entered promiscuous mode [ 81.890927][ T5767] veth0_vlan: entered promiscuous mode [ 81.942298][ T5767] veth1_vlan: entered promiscuous mode [ 81.959746][ T5773] veth0_macvtap: entered promiscuous mode [ 81.996990][ T5773] veth1_macvtap: entered promiscuous mode [ 82.018488][ T5763] veth0_macvtap: entered promiscuous mode [ 82.057422][ T5763] veth1_macvtap: entered promiscuous mode [ 82.095934][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.122672][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.142284][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.183436][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.200797][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.214301][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.240956][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.259257][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.280331][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.293272][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.314437][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.331622][ T5767] veth0_macvtap: entered promiscuous mode [ 82.400093][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.420066][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.430658][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.567030][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.710659][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.780140][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.890964][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.970804][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.021589][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.050200][ T5767] veth1_macvtap: entered promiscuous mode [ 83.074349][ T5763] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.090652][ T5763] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.100361][ T5763] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.117261][ T5763] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.184930][ T5770] Bluetooth: hci0: command tx timeout [ 83.265036][ T5770] Bluetooth: hci2: command tx timeout [ 83.266930][ T5766] Bluetooth: hci1: command tx timeout [ 83.271095][ T5770] Bluetooth: hci3: command tx timeout [ 83.358963][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.403636][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.426424][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.443807][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.462100][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.473659][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.494595][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.592699][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.607878][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.632219][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.653379][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.664024][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 83.680060][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.690932][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.712073][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.732962][ T2979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.733990][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.748737][ T2979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.752448][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.769864][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.779508][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.853179][ T2979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.867543][ T2979] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.872360][ T8] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 83.892605][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.910639][ T8] usb 2-1: Product: syz [ 83.917380][ T8] usb 2-1: Manufacturer: syz [ 83.922142][ T8] usb 2-1: SerialNumber: syz [ 83.923750][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.952409][ T8] usb 2-1: config 0 descriptor?? [ 83.973020][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.057296][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.090854][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.136022][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.179539][ T8] hso 2-1:0.0: Failed to find INT IN ep [ 84.186372][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.206946][ T8] usb-storage 2-1:0.0: USB Mass Storage device detected [ 84.276630][ T2957] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.285858][ T2957] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.442664][ T787] usb 2-1: USB disconnect, device number 2 [ 85.277446][ T5770] Bluetooth: hci0: command tx timeout [ 85.345044][ T5778] Bluetooth: hci2: command tx timeout [ 85.350644][ T5766] Bluetooth: hci3: command tx timeout [ 85.357337][ T5770] Bluetooth: hci1: command tx timeout [ 86.963933][ T5894] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12'. [ 87.253420][ T9] cfg80211: failed to load regulatory.db [ 88.485060][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.493981][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.502733][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.511664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.492953][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.493558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 90.509982][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.544852][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.553210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.595358][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.595932][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.037537][ T787] libceph: connect (1)[c::]:6789 error -101 [ 95.085444][ T787] libceph: mon0 (1)[c::]:6789 connect error [ 95.123448][ T5951] ceph: No mds server is up or the cluster is laggy [ 105.250482][ T6023] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.420270][ T6030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.54'. [ 105.429766][ T6030] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 107.730203][ T5770] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 107.741454][ T5770] CPU: 0 PID: 5770 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 107.749153][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 107.759422][ T5770] Workqueue: hci2 hci_rx_work [ 107.764266][ T5770] Call Trace: [ 107.767605][ T5770] [ 107.770854][ T5770] dump_stack_lvl+0x16c/0x230 [ 107.775784][ T5770] ? show_regs_print_info+0x20/0x20 [ 107.781212][ T5770] ? load_image+0x3b0/0x3b0 [ 107.786265][ T5770] sysfs_create_dir_ns+0x256/0x280 [ 107.791594][ T5770] ? hci_rx_work+0x43a/0xd80 [ 107.796326][ T5770] ? sysfs_warn_dup+0xa0/0xa0 [ 107.801276][ T5770] ? do_raw_spin_unlock+0x121/0x230 [ 107.806529][ T5770] kobject_add_internal+0x6b8/0xc70 [ 107.811992][ T5770] kobject_add+0x156/0x220 [ 107.816536][ T5770] ? __rwlock_init+0x150/0x150 [ 107.821614][ T5770] ? kobject_init+0x1e0/0x1e0 [ 107.826357][ T5770] ? _raw_spin_unlock+0x28/0x40 [ 107.831386][ T5770] ? get_device_parent+0x366/0x390 [ 107.836516][ T5770] device_add+0x408/0xc20 [ 107.840881][ T5770] hci_conn_add_sysfs+0xd5/0x1e0 [ 107.845851][ T5770] le_conn_complete_evt+0xf36/0x1500 [ 107.851138][ T5770] ? hci_event_packet+0x4a7/0x1210 [ 107.856258][ T5770] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 107.862608][ T5770] ? __copy_skb_header+0xa7/0x550 [ 107.867668][ T5770] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 107.873448][ T5770] ? skb_pull_data+0xfb/0x200 [ 107.878243][ T5770] hci_le_enh_conn_complete_evt+0x189/0x460 [ 107.884602][ T5770] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 107.891048][ T5770] ? hci_remote_host_features_evt+0x160/0x160 [ 107.897123][ T5770] hci_event_packet+0x795/0x1210 [ 107.902262][ T5770] ? bis_list+0x290/0x290 [ 107.906708][ T5770] ? lockdep_hardirqs_on+0x98/0x150 [ 107.911953][ T5770] ? hci_send_to_monitor+0xd7/0x4f0 [ 107.917180][ T5770] hci_rx_work+0x43a/0xd80 [ 107.921717][ T5770] ? process_scheduled_works+0x957/0x15b0 [ 107.927485][ T5770] process_scheduled_works+0xa45/0x15b0 [ 107.933085][ T5770] ? assign_work+0x400/0x400 [ 107.937889][ T5770] ? assign_work+0x39e/0x400 [ 107.942658][ T5770] worker_thread+0xa55/0xfc0 [ 107.947316][ T5770] kthread+0x2fa/0x390 [ 107.951486][ T5770] ? pr_cont_work+0x560/0x560 [ 107.956342][ T5770] ? kthread_blkcg+0xd0/0xd0 [ 107.960930][ T5770] ret_from_fork+0x48/0x80 [ 107.965438][ T5770] ? kthread_blkcg+0xd0/0xd0 [ 107.970124][ T5770] ret_from_fork_asm+0x11/0x20 [ 107.974999][ T5770] [ 107.980517][ T5770] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 108.004782][ T5770] Bluetooth: hci2: failed to register connection device [ 108.548684][ T27] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 108.765301][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 108.963760][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.984833][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.995327][ T27] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 109.004599][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.016353][ T27] usb 2-1: config 0 descriptor?? [ 110.102605][ T27] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 110.112851][ T27] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 110.299714][ T27] ft260 0003:0403:6030.0001: chip code: 6424 8183 [ 110.497868][ T27] ft260 0003:0403:6030.0001: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 110.883991][ T27] ft260 0003:0403:6030.0001: failed to retrieve status: -32, no wakeup [ 111.188435][ T6059] i2c i2c-1: adapter quirk: too many messages (addr 0x0006, size 0, read) [ 112.005867][ T27] usb 2-1: USB disconnect, device number 3 [ 112.221525][ T6096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.75'. [ 112.751045][ T6106] syz_tun: entered allmulticast mode [ 112.789325][ T6106] dvmrp6: entered allmulticast mode [ 115.093134][ T27] libceph: connect (1)[c::]:6789 error -101 [ 115.105041][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 115.156948][ T6141] ceph: No mds server is up or the cluster is laggy [ 118.154560][ T6185] usb usb8: usbfs: process 6185 (syz.1.104) did not claim interface 0 before use [ 119.065056][ T6204] netlink: 20 bytes leftover after parsing attributes in process `syz.0.110'. [ 120.184138][ T6221] fuse: Invalid rootmode [ 120.278558][ T6222] 9pnet_virtio: no channels available for device syz [ 122.562071][ T6235] sched: RT throttling activated [ 123.346970][ T6251] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.356410][ T6251] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.366093][ T6251] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.374983][ T6251] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.819136][ T6251] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.828413][ T6251] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.838090][ T6251] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.847245][ T6251] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.173111][ T6252] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.181981][ T6252] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.191302][ T6252] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.200400][ T6252] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.297776][ T6252] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.307094][ T6252] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.316333][ T6252] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.325767][ T6252] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.467744][ T6252] Zero length message leads to an empty skb [ 128.392817][ T6285] netlink: 'syz.2.136': attribute type 1 has an invalid length. [ 128.561613][ T6285] 8021q: adding VLAN 0 to HW filter on device bond1 [ 128.671373][ T6293] macvlan2: entered promiscuous mode [ 129.024796][ T6293] macvlan2: entered allmulticast mode [ 129.052212][ T6293] bond1: entered promiscuous mode [ 129.445046][ T6293] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 129.466718][ T6293] team0: Port device macvlan2 added [ 129.570930][ T6285] bond1: (slave ip6gretap1): making interface the new active one [ 129.624854][ T6285] ip6gretap1: entered promiscuous mode [ 129.656911][ T6285] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 130.204503][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.3.145'. [ 130.362510][ T6318] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.148'. [ 132.198164][ T6338] syz.1.154[6338]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 133.295788][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.302964][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.698395][ T5778] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 133.698465][ T5778] Bluetooth: hci0: Malformed LE Event: 0x0d [ 134.961346][ T9] IPVS: starting estimator thread 0... [ 135.074968][ T6391] IPVS: using max 16 ests per chain, 38400 per kthread [ 136.392754][ T6393] ======================================================= [ 136.392754][ T6393] WARNING: The mand mount option has been deprecated and [ 136.392754][ T6393] and is ignored by this kernel. Remove the mand [ 136.392754][ T6393] option from the mount to silence this warning. [ 136.392754][ T6393] ======================================================= [ 136.435158][ T6392] pim6reg: entered allmulticast mode [ 140.465885][ T6437] program syz.1.187 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.528865][ T8] IPVS: starting estimator thread 0... [ 141.934832][ T6447] IPVS: using max 15 ests per chain, 36000 per kthread [ 143.234877][ T6458] process 'syz.2.194' launched '/dev/fd/9' with NULL argv: empty string added [ 146.933342][ T6476] [U] [ 152.655409][ T787] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 152.854724][ T787] usb 3-1: Using ep0 maxpacket: 8 [ 152.862479][ T787] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 153.124743][ T787] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 153.156427][ T787] usb 3-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 153.943526][ T787] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 154.204758][ T787] usb 3-1: config 250 has no interface number 0 [ 154.277101][ T787] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 154.367598][ T787] usb 3-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 154.466464][ T787] usb 3-1: config 250 interface 228 has no altsetting 0 [ 154.544805][ T787] usb 3-1: string descriptor 0 read error: -71 [ 154.681708][ T787] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 155.404700][ T787] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 156.004108][ T787] usb 3-1: can't set config #250, error -71 [ 156.027383][ T787] usb 3-1: USB disconnect, device number 2 [ 160.969327][ T28] audit: type=1326 audit(1767509377.140:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 161.025060][ T28] audit: type=1326 audit(1767509377.140:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 161.130619][ T28] audit: type=1326 audit(1767509377.170:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 161.154240][ T28] audit: type=1326 audit(1767509377.170:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 161.185629][ T28] audit: type=1326 audit(1767509377.170:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 161.214944][ T5848] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 161.857686][ T6588] ptrace attach of "./syz-executor exec"[5763] was attempted by ""[6588] [ 162.003082][ T6593] loop8: detected capacity change from 0 to 8 [ 162.016760][ T5855] Dev loop8: unable to read RDB block 8 [ 162.022700][ T5855] loop8: unable to read partition table [ 162.071305][ T5855] loop8: partition table beyond EOD, truncated [ 162.074424][ T5848] usb 4-1: Using ep0 maxpacket: 32 [ 162.107001][ T6593] Dev loop8: unable to read RDB block 8 [ 162.123033][ T5848] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 162.144897][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.150382][ T6593] loop8: unable to read partition table [ 162.153021][ T5848] usb 4-1: Product: syz [ 162.153042][ T5848] usb 4-1: Manufacturer: syz [ 162.153056][ T5848] usb 4-1: SerialNumber: syz [ 162.170977][ T6593] loop8: partition table beyond EOD, truncated [ 162.185442][ T5848] usb 4-1: config 0 descriptor?? [ 162.195835][ T5848] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 162.205222][ T5848] dvb-usb: bulk message failed: -22 (2/0) [ 162.221182][ T5848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 162.221812][ T6593] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 162.241571][ T5848] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 162.258197][ T5848] usb 4-1: media controller created [ 162.353281][ T5848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 162.400355][ T6578] cxusb: i2c wr: len=80 is too big! [ 162.400355][ T6578] [ 162.414048][ T5848] usb 4-1: selecting invalid altsetting 7 [ 162.430825][ T5848] cxusb: set interface failed [ 162.445199][ T5848] dvb-usb: bulk message failed: -22 (1/0) [ 162.558664][ T5848] DVB: Unable to find symbol lgdt330x_attach() [ 162.571033][ T5848] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 162.683190][ T5848] rc_core: IR keymap rc-dvico-portable not found [ 162.702737][ T5848] Registered IR keymap rc-empty [ 162.723128][ T5848] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 162.743482][ T5848] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input7 [ 162.760487][ T5848] dvb-usb: schedule remote query interval to 100 msecs. [ 162.772300][ T5848] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 162.808650][ T5848] usb 4-1: USB disconnect, device number 2 [ 163.011114][ T5848] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 166.241292][ T6607] block device autoloading is deprecated and will be removed. [ 166.251357][ T6607] syz.2.242: attempt to access beyond end of device [ 166.251357][ T6607] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 166.438455][ T6631] ip6erspan0: entered promiscuous mode [ 166.446227][ T6633] netlink: 'syz.1.251': attribute type 10 has an invalid length. [ 166.494930][ T6633] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 172.799147][ T6699] syz.2.273 (6699): drop_caches: 2 [ 174.629833][ T5770] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 174.640348][ T5770] Bluetooth: hci3: Injecting HCI hardware error event [ 174.649782][ T5778] Bluetooth: hci3: hardware error 0x00 [ 175.201684][ T6719] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.415796][ T6723] kvm: requested 129904 ns i8254 timer period limited to 200000 ns [ 175.426714][ T6723] kvm: requested 96381 ns i8254 timer period limited to 200000 ns [ 177.776237][ T5778] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 178.165309][ T5848] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 178.410488][ T5848] usb 1-1: New USB device found, idVendor=0830, idProduct=0060, bcdDevice=13.2b [ 178.431111][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.460445][ T5848] usb 1-1: Product: syz [ 178.480133][ T5848] usb 1-1: Manufacturer: syz [ 178.491442][ T5848] usb 1-1: SerialNumber: syz [ 178.835229][ T5848] usb 1-1: palm_os_4_probe - error -110 getting connection info [ 178.843660][ T5848] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 178.884829][ T5848] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 178.913390][ T5848] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 178.968858][ T6740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.056440][ T6740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.108459][ T5848] usb 1-1: USB disconnect, device number 2 [ 179.146761][ T5848] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 179.192894][ T5848] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 179.238694][ T5848] visor 1-1:1.0: device disconnected [ 179.819212][ T5817] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 180.734681][ T5817] usb 3-1: Using ep0 maxpacket: 16 [ 181.429365][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.452997][ T5817] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.474692][ T5817] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 181.483806][ T5817] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.498365][ T5817] usb 3-1: config 0 descriptor?? [ 181.724790][ T5817] usbhid 3-1:0.0: can't add hid device: -71 [ 181.753354][ T5817] usbhid: probe of 3-1:0.0 failed with error -71 [ 181.783203][ T5817] usb 3-1: USB disconnect, device number 3 [ 182.655009][ T6797] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 186.617375][ T28] audit: type=1326 audit(1767509402.780:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.2.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 186.731594][ T28] audit: type=1326 audit(1767509402.780:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.2.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 186.829377][ T28] audit: type=1326 audit(1767509402.820:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.2.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 186.880342][ T28] audit: type=1326 audit(1767509402.820:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.2.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 186.946713][ T28] audit: type=1326 audit(1767509402.820:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.2.315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 186.974696][ T5096] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 187.187272][ T5096] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.198784][ T5096] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.294680][ T5096] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 187.330004][ T5096] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 188.294760][ T5096] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.428501][ T5096] usb 1-1: config 0 descriptor?? [ 188.875341][ T5096] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 189.857144][ T5096] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 189.912124][ T5096] usb 1-1: USB disconnect, device number 3 [ 190.098386][ T6846] fido_id[6846]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 190.214805][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 191.265883][ T8] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 192.484161][ T8] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 192.496201][ T8] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 192.514675][ T8] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 192.544712][ T8] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 192.554226][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.623538][ T8] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 192.672664][ T8] usb 4-1: invalid MIDI out EP 0 [ 193.629970][ T28] audit: type=1326 audit(1767509409.800:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 193.729114][ T28] audit: type=1326 audit(1767509409.800:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 193.750016][ T8] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 193.810966][ T28] audit: type=1326 audit(1767509409.810:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 193.844065][ T8] usb 4-1: USB disconnect, device number 3 [ 193.880247][ T28] audit: type=1326 audit(1767509409.810:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 194.078582][ T28] audit: type=1326 audit(1767509409.850:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 194.667530][ T28] audit: type=1326 audit(1767509409.950:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 194.822684][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.829635][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.915013][ T28] audit: type=1326 audit(1767509409.950:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6e9338f783 code=0x7ffc0000 [ 195.007942][ T28] audit: type=1326 audit(1767509409.950:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f6e9338f807 code=0x7ffc0000 [ 195.054758][ T28] audit: type=1326 audit(1767509409.950:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f6e93346bdd code=0x7ffc0000 [ 195.124746][ T28] audit: type=1326 audit(1767509409.950:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6876 comm="syz.2.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f6e933c3e89 code=0x7ffc0000 [ 196.677598][ T6924] Bluetooth: MGMT ver 1.22 [ 202.320542][ T5774] Bluetooth: hci1: command 0x0406 tx timeout [ 202.320564][ T5766] Bluetooth: hci2: command 0x0406 tx timeout [ 206.066340][ T6999] netlink: 24 bytes leftover after parsing attributes in process `syz.0.373'. [ 207.648219][ T7023] pimreg: entered allmulticast mode [ 207.690139][ T7022] pimreg: left allmulticast mode [ 208.181090][ T23] IPVS: starting estimator thread 0... [ 211.746677][ T7040] IPVS: using max 21 ests per chain, 50400 per kthread [ 212.376164][ T7053] netlink: 68 bytes leftover after parsing attributes in process `syz.2.393'. [ 214.676802][ T7083] netlink: 7 bytes leftover after parsing attributes in process `syz.3.403'. [ 214.901210][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.404'. [ 214.914807][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 214.914825][ T28] audit: type=1326 audit(1767509431.080:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.011686][ T28] audit: type=1326 audit(1767509431.080:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 215.100422][ T28] audit: type=1326 audit(1767509431.090:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 215.207270][ T28] audit: type=1326 audit(1767509431.130:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.319818][ T28] audit: type=1326 audit(1767509431.130:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.388466][ T28] audit: type=1326 audit(1767509431.130:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.461681][ T28] audit: type=1326 audit(1767509431.130:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.519109][ T28] audit: type=1326 audit(1767509431.130:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.622842][ T28] audit: type=1326 audit(1767509431.130:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 215.743448][ T28] audit: type=1326 audit(1767509431.130:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.0.397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabcd92b829 code=0x7ffc0000 [ 217.107192][ T7112] syz.3.413 (7112) used greatest stack depth: 19792 bytes left [ 217.945296][ T7141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.424'. [ 217.954336][ T7141] netlink: 20 bytes leftover after parsing attributes in process `syz.1.424'. [ 220.141323][ T7173] Invalid ELF header len 8 [ 220.854803][ T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 220.874743][ T7187] syz.1.439 uses obsolete (PF_INET,SOCK_PACKET) [ 221.074699][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 221.112770][ T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.154764][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 221.184720][ T8] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 221.225204][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.250993][ T8] usb 4-1: config 0 descriptor?? [ 221.694374][ T8] nzxt-smart2 0003:1E71:2009.0003: unknown main item tag 0x0 [ 221.729946][ T8] nzxt-smart2 0003:1E71:2009.0003: unknown main item tag 0x0 [ 221.739682][ T8] nzxt-smart2 0003:1E71:2009.0003: unknown main item tag 0x0 [ 221.768432][ T8] nzxt-smart2 0003:1E71:2009.0003: unknown main item tag 0x0 [ 221.791657][ T8] nzxt-smart2 0003:1E71:2009.0003: unknown main item tag 0x0 [ 221.818225][ T8] nzxt-smart2 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0 [ 221.936227][ C0] usb 4-1: input irq status -75 received [ 222.193128][ T8] usb 4-1: USB disconnect, device number 4 [ 223.443502][ T7212] input: syz0 as /devices/virtual/input/input8 [ 226.413658][ T7254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.463'. [ 233.710738][ T7335] capability: warning: `syz.2.494' uses deprecated v2 capabilities in a way that may be insecure [ 233.985291][ T5778] Bluetooth: hci2: command 0x0406 tx timeout [ 236.005919][ T7370] sp0: Synchronizing with TNC [ 236.998101][ T7379] netlink: 76 bytes leftover after parsing attributes in process `syz.0.509'. [ 237.244704][ T5810] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 237.331512][ T7387] netlink: 24 bytes leftover after parsing attributes in process `syz.3.513'. [ 237.430927][ T5810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.480297][ T5810] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 237.492611][ T5810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.503042][ T5810] usb 3-1: config 0 descriptor?? [ 238.668926][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.690833][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.715007][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.723564][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.731858][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.743702][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.752173][ T5810] logitech-djreceiver 0003:046D:C71F.0004: unknown main item tag 0x0 [ 238.920102][ T5810] usb 3-1: USB disconnect, device number 4 [ 239.392928][ T7424] 9pnet_fd: Insufficient options for proto=fd [ 243.858578][ T5778] Bluetooth: hci2: unexpected event for opcode 0x2060 [ 245.812455][ T7485] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 251.014931][ T7537] netlink: 76 bytes leftover after parsing attributes in process `syz.1.562'. [ 251.787218][ T7537] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 253.148886][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.571'. [ 253.460140][ T7583] bridge0: entered promiscuous mode [ 256.151865][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.162804][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.482609][ T28] kauditd_printk_skb: 345 callbacks suppressed [ 261.482625][ T28] audit: type=1326 audit(1767509477.650:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7699 comm="syz.3.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 261.575761][ T28] audit: type=1326 audit(1767509477.690:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7699 comm="syz.3.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 261.631301][ T28] audit: type=1326 audit(1767509477.690:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7699 comm="syz.3.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 261.675968][ T28] audit: type=1326 audit(1767509477.690:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7699 comm="syz.3.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 261.699613][ T28] audit: type=1326 audit(1767509477.690:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7699 comm="syz.3.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 264.276381][ T7739] netlink: 16 bytes leftover after parsing attributes in process `syz.3.629'. [ 265.783665][ T7743] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 265.798369][ T7743] overlayfs: failed to set xattr on upper [ 265.808746][ T7743] overlayfs: ...falling back to redirect_dir=nofollow. [ 265.820017][ T7743] overlayfs: ...falling back to index=off. [ 265.827761][ T7743] overlayfs: ...falling back to uuid=null. [ 266.064846][ T5778] Bluetooth: hci2: command 0x0406 tx timeout [ 266.804712][ T28] audit: type=1326 audit(1767509482.970:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7764 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 266.869453][ T28] audit: type=1326 audit(1767509483.010:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7764 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 266.924675][ T28] audit: type=1326 audit(1767509483.010:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7764 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 266.984874][ T28] audit: type=1326 audit(1767509483.010:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7764 comm="syz.3.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 267.322482][ T7773] netlink: 12 bytes leftover after parsing attributes in process `syz.0.632'. [ 267.937178][ T5778] Bluetooth: hci1: unexpected event for opcode 0x041c [ 268.508319][ T8] IPVS: starting estimator thread 0... [ 268.645126][ T7792] IPVS: using max 15 ests per chain, 36000 per kthread [ 269.114751][ T6094] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 270.384922][ T6094] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.402665][ T6094] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.417095][ T6094] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 270.426649][ T6094] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.442388][ T6094] usb 2-1: config 0 descriptor?? [ 270.879642][ T6094] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0 [ 270.935278][ T6094] cp2112 0003:10C4:EA90.0005: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 271.249508][ T6094] cp2112 0003:10C4:EA90.0005: error requesting version [ 271.267041][ T6094] cp2112: probe of 0003:10C4:EA90.0005 failed with error -71 [ 272.045333][ T6094] usb 2-1: USB disconnect, device number 4 [ 272.211571][ T7812] fido_id[7812]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 273.278698][ T7820] NILFS (nullb0): couldn't find nilfs on the device [ 276.213714][ T7831] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 283.307579][ T28] audit: type=1326 audit(283.261:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7882 comm="syz.2.679" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x0 [ 284.186052][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.680'. [ 284.231137][ T7890] netlink: 28 bytes leftover after parsing attributes in process `syz.2.680'. [ 291.215652][ T7954] binder: 7953:7954 ioctl c0306201 200000000680 returned -14 [ 300.114641][ T27] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 300.305275][ T27] usb 4-1: Using ep0 maxpacket: 32 [ 300.347435][ T27] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 255 [ 300.381868][ T27] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 300.393021][ T27] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 300.415605][ T27] usb 4-1: Product: syz [ 300.419848][ T27] usb 4-1: Manufacturer: syz [ 300.432307][ T27] usb 4-1: SerialNumber: syz [ 300.449705][ T27] usb 4-1: config 0 descriptor?? [ 300.457547][ T8043] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 303.417267][ T787] usb 4-1: USB disconnect, device number 5 [ 306.314872][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 306.905466][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 307.050544][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 307.092976][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD7, skipping [ 307.164860][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 307.220052][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 307.234501][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.243054][ T8] usb 4-1: Product: syz [ 307.253162][ T8] usb 4-1: Manufacturer: syz [ 307.259103][ T8] usb 4-1: SerialNumber: syz [ 307.267440][ T8] usb 4-1: config 0 descriptor?? [ 307.287294][ T8] appledisplay 4-1:0.0: Could not find int-in endpoint [ 307.302853][ T8] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 308.550193][ T28] audit: type=1326 audit(308.501:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 308.589053][ T28] audit: type=1326 audit(308.521:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 308.632824][ T28] audit: type=1326 audit(308.541:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 308.662232][ T28] audit: type=1326 audit(308.541:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 308.690958][ T28] audit: type=1326 audit(308.541:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 308.723706][ T28] audit: type=1326 audit(308.541:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc35098df90 code=0x7ffc0000 [ 309.625041][ T8116] netlink: 72 bytes leftover after parsing attributes in process `syz.0.754'. [ 309.659313][ T28] audit: type=1326 audit(308.541:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc350990f77 code=0x7ffc0000 [ 309.796283][ T28] audit: type=1326 audit(308.541:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 309.820821][ T28] audit: type=1326 audit(308.541:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc350990f77 code=0x7ffc0000 [ 309.898483][ T5848] usb 4-1: USB disconnect, device number 6 [ 309.902458][ T28] audit: type=1326 audit(308.541:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc35098e3aa code=0x7ffc0000 [ 315.647712][ T8189] netlink: 12 bytes leftover after parsing attributes in process `syz.0.782'. [ 316.939621][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 316.939637][ T28] audit: type=1326 audit(316.891:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.007516][ T28] audit: type=1326 audit(316.921:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.049809][ T28] audit: type=1326 audit(316.921:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.115164][ T28] audit: type=1326 audit(316.921:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.161741][ T28] audit: type=1326 audit(316.921:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.208880][ T28] audit: type=1326 audit(316.921:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.231233][ T6094] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 317.276898][ T28] audit: type=1326 audit(316.921:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.307909][ T28] audit: type=1326 audit(316.921:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.338842][ T28] audit: type=1326 audit(316.931:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.366702][ T28] audit: type=1326 audit(316.931:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8208 comm="syz.3.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 317.434631][ T6094] usb 3-1: Using ep0 maxpacket: 32 [ 317.442958][ T6094] usb 3-1: config 0 has an invalid descriptor of length 112, skipping remainder of the config [ 317.474130][ T6094] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 317.494933][ T6094] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 317.558346][ T6094] usb 3-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=db.74 [ 317.625315][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.631725][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.105310][ T6094] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.113406][ T6094] usb 3-1: Product: syz [ 319.134719][ T6094] usb 3-1: Manufacturer: syz [ 319.144682][ T6094] usb 3-1: SerialNumber: syz [ 319.162573][ T6094] usb 3-1: config 0 descriptor?? [ 319.190764][ T6094] rndis_wlan 3-1:0.0: skipping garbage [ 319.203763][ T6094] rndis_wlan 3-1:0.0: invalid descriptor buffer length [ 319.221204][ T6094] usb 3-1: bad CDC descriptors [ 319.245963][ T6094] rndis_host 3-1:0.0: skipping garbage [ 319.272209][ T6094] rndis_host 3-1:0.0: invalid descriptor buffer length [ 319.280027][ T6094] usb 3-1: bad CDC descriptors [ 319.295685][ T6094] cdc_acm 3-1:0.0: skipping garbage [ 319.301192][ T6094] cdc_acm 3-1:0.0: invalid descriptor buffer length [ 319.383689][ T6094] usb 3-1: USB disconnect, device number 5 [ 321.714888][ T8243] netlink: 68 bytes leftover after parsing attributes in process `syz.2.800'. [ 325.174652][ T8274] 9pnet_virtio: no channels available for device syz [ 328.360166][ T8314] netlink: 28 bytes leftover after parsing attributes in process `syz.2.822'. [ 328.370840][ T8314] netlink: 52 bytes leftover after parsing attributes in process `syz.2.822'. [ 328.394678][ T8314] netlink: 20 bytes leftover after parsing attributes in process `syz.2.822'. [ 329.459345][ T8342] PKCS8: Unsupported PKCS#8 version [ 330.354679][ T787] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 330.537348][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 330.576188][ T787] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 330.597807][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.621610][ T787] usb 4-1: Product: syz [ 330.639475][ T787] usb 4-1: Manufacturer: syz [ 330.644383][ T787] usb 4-1: SerialNumber: syz [ 330.693159][ T787] usb 4-1: config 0 descriptor?? [ 330.721935][ T787] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 330.758882][ T787] dvb-usb: bulk message failed: -22 (2/0) [ 330.784230][ T787] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 330.799675][ T787] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 330.813843][ T787] usb 4-1: media controller created [ 330.947604][ T8340] dvb-usb: bulk message failed: -22 (7/0) [ 331.857954][ T787] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 331.925144][ T787] usb 4-1: selecting invalid altsetting 7 [ 331.930950][ T787] cxusb: set interface failed [ 333.366748][ T787] dvb-usb: bulk message failed: -22 (1/0) [ 334.345984][ T787] DVB: Unable to find symbol lgdt330x_attach() [ 334.352525][ T787] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 334.784638][ T787] rc_core: IR keymap rc-dvico-portable not found [ 335.554056][ T787] Registered IR keymap rc-empty [ 335.585850][ T787] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 335.626890][ T787] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input12 [ 335.855540][ T787] dvb-usb: schedule remote query interval to 100 msecs. [ 335.862655][ T787] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 335.983619][ T5831] dvb-usb: bulk message failed: -22 (1/0) [ 335.991133][ T787] usb 4-1: USB disconnect, device number 7 [ 336.196725][ T787] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 339.020093][ T5848] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 339.454847][ T5848] usb 3-1: Using ep0 maxpacket: 8 [ 339.485709][ T5848] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 339.527550][ T5848] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 339.615000][ T5848] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 339.753206][ T5848] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 339.984680][ T5848] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 339.994297][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.270345][ T5848] usb 3-1: GET_CAPABILITIES returned 0 [ 340.276541][ T5848] usbtmc 3-1:16.0: can't read capabilities [ 340.497261][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 340.545891][ T27] usb 3-1: USB disconnect, device number 6 [ 342.434621][ T5848] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 342.504719][ T8459] kAFS: unable to lookup cell '' [ 342.624745][ T5848] usb 4-1: Using ep0 maxpacket: 16 [ 342.651207][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 342.679783][ T5848] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 342.708024][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.740771][ T5848] usb 4-1: config 0 descriptor?? [ 343.227268][ T5848] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0 [ 343.240669][ T5848] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0 [ 343.253587][ T5848] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0 [ 343.261278][ T5848] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0 [ 343.278688][ T5848] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0 [ 343.288892][ T5848] mcp2221 0003:04D8:00DD.0006: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 343.433916][ T5848] usb 4-1: USB disconnect, device number 8 [ 344.364668][ T787] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 344.634615][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 344.647027][ T787] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 344.662000][ T787] usb 4-1: config 0 has no interface number 0 [ 344.668813][ T787] usb 4-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 344.686919][ T787] usb 4-1: config 0 interface 1 has no altsetting 0 [ 344.697391][ T787] usb 4-1: New USB device found, idVendor=0572, idProduct=58a2, bcdDevice=27.0a [ 344.710072][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.719024][ T787] usb 4-1: Product: syz [ 344.725841][ T787] usb 4-1: Manufacturer: syz [ 344.730851][ T787] usb 4-1: SerialNumber: syz [ 344.964239][ T787] usb 4-1: config 0 descriptor?? [ 345.818078][ T787] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a2) with 1 interfaces [ 346.495722][ T787] cx231xx 4-1:0.1: Not found matching IAD interface [ 346.505237][ T787] usb 4-1: USB disconnect, device number 9 [ 348.985772][ T28] kauditd_printk_skb: 58 callbacks suppressed [ 348.985791][ T28] audit: type=1326 audit(348.941:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8523 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 349.013820][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.141436][ T28] audit: type=1326 audit(348.941:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8523 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 350.308734][ T28] audit: type=1326 audit(348.981:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8523 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 350.455072][ T28] audit: type=1326 audit(348.981:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8523 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 350.721795][ T28] audit: type=1326 audit(348.981:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8523 comm="syz.3.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 351.647727][ T8548] netlink: 24 bytes leftover after parsing attributes in process `syz.2.906'. [ 351.811131][ T8554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.906'. [ 351.835379][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.906'. [ 357.164084][ T8615] netlink: 20 bytes leftover after parsing attributes in process `syz.0.928'. [ 357.460724][ T8617] overlayfs: overlapping lowerdir path [ 357.592508][ T8618] overlayfs: overlapping lowerdir path [ 358.813363][ T8628] kvm: pic: level sensitive irq not supported [ 358.814472][ T8628] kvm: pic: single mode not supported [ 358.821527][ T8628] kvm: pic: level sensitive irq not supported [ 358.834637][ T8628] kvm: pic: single mode not supported [ 358.840895][ T8628] kvm: pic: level sensitive irq not supported [ 358.856224][ T8628] kvm: pic: single mode not supported [ 358.863287][ T8628] kvm: pic: level sensitive irq not supported [ 358.870049][ T8628] kvm: pic: single mode not supported [ 358.876562][ T8628] kvm: pic: level sensitive irq not supported [ 358.931120][ T8628] kvm: pic: single mode not supported [ 358.937510][ T8628] kvm: pic: level sensitive irq not supported [ 358.960394][ T8628] kvm: pic: single mode not supported [ 358.966648][ T8628] kvm: pic: level sensitive irq not supported [ 358.972933][ T8628] kvm: pic: level sensitive irq not supported [ 358.981007][ T8628] kvm: pic: single mode not supported [ 358.987772][ T8628] kvm: pic: level sensitive irq not supported [ 358.997513][ T8628] kvm: pic: single mode not supported [ 359.003856][ T8628] kvm: pic: level sensitive irq not supported [ 359.013048][ T8628] kvm: pic: single mode not supported [ 359.019741][ T8628] kvm: pic: single mode not supported [ 360.532794][ T8657] netlink: 40 bytes leftover after parsing attributes in process `syz.1.945'. [ 365.516467][ T8695] netlink: 664 bytes leftover after parsing attributes in process `syz.0.959'. [ 366.656517][ T28] audit: type=1326 audit(366.611:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 366.721319][ T28] audit: type=1326 audit(366.611:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 366.785842][ T28] audit: type=1326 audit(366.661:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 366.854288][ T28] audit: type=1326 audit(366.661:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 366.959740][ T28] audit: type=1326 audit(366.661:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 367.016472][ T28] audit: type=1326 audit(366.661:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 367.069928][ T28] audit: type=1326 audit(366.661:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 367.125725][ T28] audit: type=1326 audit(366.661:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 367.189955][ T28] audit: type=1326 audit(366.661:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 367.252794][ T28] audit: type=1326 audit(366.681:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8702 comm="syz.2.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 368.773210][ T8733] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 375.044868][ T8790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.985'. [ 376.821155][ T8784] syz.1.986 (8784) used greatest stack depth: 17232 bytes left [ 377.747950][ T8808] tap0: tun_chr_ioctl cmd 1074025672 [ 377.770821][ T8808] tap0: ignored: set checksum disabled [ 378.190546][ T8818] netlink: 12 bytes leftover after parsing attributes in process `syz.0.995'. [ 379.175269][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.181851][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.145732][ T8848] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 382.155207][ T8848] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 382.753027][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 382.753044][ T28] audit: type=1326 audit(382.651:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 382.878757][ T28] audit: type=1326 audit(382.651:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 382.938501][ T28] audit: type=1326 audit(382.651:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.050634][ T28] audit: type=1326 audit(382.651:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.123630][ T28] audit: type=1326 audit(382.651:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.334779][ T28] audit: type=1326 audit(382.651:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.420366][ T28] audit: type=1326 audit(382.651:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.443047][ T28] audit: type=1326 audit(382.651:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 383.467462][ T28] audit: type=1326 audit(382.661:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8853 comm="syz.0.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 389.153657][ T8926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1031'. [ 389.189213][ T8926] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1031'. [ 401.276007][ T28] audit: type=1326 audit(401.231:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 401.434731][ T28] audit: type=1326 audit(401.231:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 401.503803][ T28] audit: type=1326 audit(401.231:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 401.554755][ T28] audit: type=1326 audit(401.231:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 401.624714][ T28] audit: type=1326 audit(401.231:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 401.781251][ T28] audit: type=1326 audit(401.731:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.0.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 401.850227][ T28] audit: type=1326 audit(401.781:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.0.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7ffc0000 [ 403.179396][ T5778] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 403.188393][ T5778] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 403.219732][ T6094] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 403.414784][ T6094] usb 4-1: Using ep0 maxpacket: 32 [ 403.422184][ T6094] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.438290][ T6094] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.449032][ T6094] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 403.460332][ T6094] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.472044][ T6094] usb 4-1: config 0 descriptor?? [ 404.112424][ T6094] ft260 0003:0403:6030.0007: unknown main item tag 0x0 [ 404.267382][ T6094] ft260 0003:0403:6030.0007: unknown main item tag 0x0 [ 404.426515][ T6094] ft260 0003:0403:6030.0007: chip code: 6424 8183 [ 404.514768][ T6094] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0 [ 404.868534][ T6094] ft260 0003:0403:6030.0007: failed to retrieve status: -32, no wakeup [ 406.032685][ T9072] i2c i2c-1: adapter quirk: too many messages (addr 0x0006, size 0, read) [ 406.085197][ T5848] usb 4-1: reset high-speed USB device number 10 using dummy_hcd [ 407.232488][ T6094] usb 4-1: USB disconnect, device number 10 [ 407.266884][ T5778] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 407.267297][ T5778] Bluetooth: hci1: Injecting HCI hardware error event [ 407.269733][ T5778] Bluetooth: hci1: hardware error 0x00 [ 410.007440][ T5778] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 411.451466][ T9175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1123'. [ 411.866748][ T9175] 8021q: adding VLAN 0 to HW filter on device bond2 [ 416.354675][ T5770] Bluetooth: hci4: command 0x1003 tx timeout [ 416.363249][ T5778] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 417.119158][ T9206] program syz.1.1131 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 417.388886][ T28] audit: type=1326 audit(417.341:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.485212][ T28] audit: type=1326 audit(417.341:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.634564][ T28] audit: type=1326 audit(417.371:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.700855][ T28] audit: type=1326 audit(417.371:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.724697][ T28] audit: type=1326 audit(417.371:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.776070][ T28] audit: type=1326 audit(417.371:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.829483][ T28] audit: type=1326 audit(417.371:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 417.883478][ T28] audit: type=1326 audit(417.371:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.3.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 420.171375][ T9231] capability: warning: `syz.2.1134' uses 32-bit capabilities (legacy support in use) [ 420.713568][ T28] audit: type=1800 audit(420.641:544): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1147" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 425.119331][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1154'. [ 426.185225][ T9271] overlayfs: missing 'lowerdir' [ 426.311283][ T28] audit: type=1326 audit(426.261:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9276 comm="syz.1.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 426.584588][ T28] audit: type=1326 audit(426.281:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9276 comm="syz.1.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 426.631984][ T28] audit: type=1326 audit(426.301:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9276 comm="syz.1.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 426.686506][ T28] audit: type=1326 audit(426.581:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9276 comm="syz.1.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 427.450344][ T9287] tmpfs: Bad value for 'mpol' [ 427.472948][ T28] audit: type=1326 audit(426.581:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9276 comm="syz.1.1158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc35098f749 code=0x7ffc0000 [ 437.508079][ T9396] trusted_key: encrypted_key: key user:syz not found [ 440.470163][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.494658][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.758392][ T9441] netlink: 'syz.1.1208': attribute type 10 has an invalid length. [ 440.843704][ T9441] bond0: (slave dummy0): Releasing backup interface [ 440.907921][ T9441] team0: Port device dummy0 added [ 443.607871][ T9466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1219'. [ 446.057576][ T9488] Illegal XDP return value 4294967274 on prog (id 195) dev syz_tun, expect packet loss! [ 449.896678][ T9530] fuse: Invalid rootmode [ 450.046013][ T9530] 9pnet_virtio: no channels available for device syz [ 451.824873][ T9557] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1247'. [ 453.437857][ T9563] netlink: 'syz.1.1252': attribute type 10 has an invalid length. [ 467.961816][ T9691] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1292'. [ 475.315140][ T9769] netem: change failed [ 475.561948][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 476.667059][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 476.698313][ T9] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 476.745141][ T9] usb 2-1: config 0 has no interface number 0 [ 476.783178][ T9] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 476.824632][ T9] usb 2-1: config 0 interface 85 has no altsetting 0 [ 476.835123][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 476.850404][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.874166][ T9] usb 2-1: Product: syz [ 476.882757][ T9] usb 2-1: Manufacturer: syz [ 476.892152][ T9] usb 2-1: SerialNumber: syz [ 476.918621][ T9] usb 2-1: config 0 descriptor?? [ 477.276923][ T28] audit: type=1326 audit(477.231:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9796 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 477.324646][ T28] audit: type=1326 audit(477.231:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9796 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 477.375655][ T28] audit: type=1326 audit(477.261:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9796 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 477.406088][ T28] audit: type=1326 audit(477.261:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9796 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 477.454588][ T28] audit: type=1326 audit(477.261:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9796 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 477.484950][ T9801] sctp: [Deprecated]: syz.2.1332 (pid 9801) Use of struct sctp_assoc_value in delayed_ack socket option. [ 477.484950][ T9801] Use struct sctp_sack_info instead [ 477.553126][ T9] appletouch 2-1:0.85: Geyser mode initialized. [ 477.574146][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input13 [ 477.761721][ T5810] usb 2-1: USB disconnect, device number 5 [ 477.806108][ T5810] appletouch 2-1:0.85: input: appletouch disconnected [ 478.288015][ T9817] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1337'. [ 490.963212][ T9950] overlayfs: failed to clone upperpath [ 496.056377][ T9979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1395'. [ 497.378952][ T28] audit: type=1326 audit(497.331:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 497.464107][ T28] audit: type=1326 audit(497.331:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 497.535007][ T28] audit: type=1326 audit(497.331:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 497.595922][ T28] audit: type=1326 audit(497.331:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 497.682391][ T28] audit: type=1326 audit(497.331:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 497.854658][ T28] audit: type=1326 audit(497.401:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 498.581751][ T28] audit: type=1326 audit(497.401:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 498.615091][ T28] audit: type=1326 audit(497.401:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 498.748850][ T28] audit: type=1326 audit(497.401:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 498.879888][ T28] audit: type=1326 audit(497.401:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9996 comm="syz.2.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 499.026185][T10015] can: request_module (can-proto-3) failed. [ 500.228062][ T6094] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 500.474675][ T6094] usb 2-1: Using ep0 maxpacket: 32 [ 500.532516][ T6094] usb 2-1: unable to get BOS descriptor or descriptor too short [ 500.593211][ T6094] usb 2-1: config 4 has an invalid interface number: 225 but max is 2 [ 500.683165][ T6094] usb 2-1: config 4 has an invalid interface number: 124 but max is 2 [ 500.752556][ T6094] usb 2-1: config 4 contains an unexpected descriptor of type 0x1, skipping [ 500.789936][ T6094] usb 2-1: config 4 has an invalid interface number: 196 but max is 2 [ 500.830557][ T6094] usb 2-1: config 4 has no interface number 0 [ 500.847149][ T6094] usb 2-1: config 4 has no interface number 1 [ 500.869012][ T6094] usb 2-1: config 4 has no interface number 2 [ 500.892809][ T6094] usb 2-1: config 4 interface 225 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 500.929108][ T6094] usb 2-1: config 4 interface 225 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 500.967066][ T6094] usb 2-1: config 4 interface 124 altsetting 3 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 501.029721][ T6094] usb 2-1: config 4 interface 124 altsetting 3 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 501.069113][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 501.102413][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0x83, skipping [ 501.178324][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0xB, skipping [ 501.364654][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 501.468010][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x0, skipping [ 501.640926][ T6094] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0x8F, skipping [ 501.749971][ T6094] usb 2-1: config 4 interface 225 has no altsetting 0 [ 501.777319][ T6094] usb 2-1: config 4 interface 124 has no altsetting 0 [ 501.834652][ T6094] usb 2-1: config 4 interface 196 has no altsetting 0 [ 501.869182][ T6094] usb 2-1: string descriptor 0 read error: -22 [ 501.889212][ T6094] usb 2-1: New USB device found, idVendor=1199, idProduct=683c, bcdDevice=fb.51 [ 501.914155][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.924806][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.974668][ T6094] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.994215][ T6094] sierra 2-1:4.225: Sierra USB modem converter detected [ 502.081403][T10059] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.983003][ T6094] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 502.995553][ T6094] sierra 2-1:4.124: Sierra USB modem converter detected [ 503.025858][ T6094] usb 2-1: Sierra USB modem converter now attached to ttyUSB1 [ 503.045840][ T6094] usb 2-1: Sierra USB modem converter now attached to ttyUSB2 [ 503.060063][ T6094] sierra 2-1:4.196: Sierra USB modem converter detected [ 503.072298][ T6094] usb 2-1: Sierra USB modem converter now attached to ttyUSB3 [ 503.087139][ T6094] usb 2-1: USB disconnect, device number 6 [ 503.116443][ T6094] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 503.140840][ T6094] sierra 2-1:4.225: device disconnected [ 503.232239][ T6094] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 503.303590][ T6094] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2 [ 503.345522][ T6094] sierra 2-1:4.124: device disconnected [ 503.382400][ T6094] sierra ttyUSB3: Sierra USB modem converter now disconnected from ttyUSB3 [ 503.485264][ T6094] sierra 2-1:4.196: device disconnected [ 504.276388][T10103] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1435'. [ 505.476302][T10126] kernel profiling enabled (shift: 63) [ 505.483419][T10126] profiling shift: 63 too large [ 505.623197][T10130] IPv6: addrconf: prefix option has invalid lifetime [ 505.843506][T10134] tipc: Started in network mode [ 505.867803][T10134] tipc: Node identity 4, cluster identity 4711 [ 505.892115][T10134] tipc: Node number set to 4 [ 505.971771][T10137] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1448'. [ 505.982816][T10137] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1448'. [ 510.404574][ T787] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 510.589614][ T787] usb 2-1: Using ep0 maxpacket: 32 [ 510.598568][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.616325][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.629262][ T787] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 510.643247][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.665995][ T787] usb 2-1: config 0 descriptor?? [ 511.096424][ T787] ft260 0003:0403:6030.0008: unknown main item tag 0x7 [ 511.285678][ T787] ft260 0003:0403:6030.0008: chip code: 6424 8183 [ 511.488126][ T787] ft260 0003:0403:6030.0008: failed to retrieve system status [ 511.496502][ T787] ft260: probe of 0003:0403:6030.0008 failed with error -5 [ 513.514801][ T5817] usb 2-1: USB disconnect, device number 7 [ 513.798780][T10239] fuse: Bad value for 'fd' [ 514.094750][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 514.094768][ T28] audit: type=1326 audit(514.041:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.180002][ T28] audit: type=1326 audit(514.041:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.213513][ T28] audit: type=1326 audit(514.041:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.245685][ T28] audit: type=1326 audit(514.041:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.284871][ T28] audit: type=1326 audit(514.041:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.311008][ T28] audit: type=1326 audit(514.081:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.346146][ T28] audit: type=1326 audit(514.091:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.446788][ T28] audit: type=1326 audit(514.091:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.474628][ T5810] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 514.516017][ T28] audit: type=1326 audit(514.091:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 514.678288][T10268] vlan0: entered promiscuous mode [ 514.710425][ T5810] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 514.744324][ T5810] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 514.757740][ T5810] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 514.776502][ T5810] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.827707][T10259] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 514.854690][T10259] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 514.877434][ T5810] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 515.117311][ T5810] usb 2-1: USB disconnect, device number 8 [ 516.174829][T10304] tipc: Enabling of bearer rejected, failed to enable media [ 517.006506][T10319] fuse: Bad value for 'fd' [ 517.185494][T10321] fuse: Unknown parameter '' [ 517.861179][T10339] sctp: [Deprecated]: syz.0.1527 (pid 10339) Use of int in maxseg socket option. [ 517.861179][T10339] Use struct sctp_assoc_value instead [ 519.094103][T10353] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 519.638067][T10363] fuse: Unknown parameter '' [ 519.953922][T10372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1541'. [ 519.978701][T10372] netlink: 'syz.3.1541': attribute type 5 has an invalid length. [ 519.987141][T10372] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1541'. [ 520.018790][T10372] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 520.049904][T10372] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 520.079000][T10372] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 520.111766][T10372] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 520.127779][T10372] geneve3: entered promiscuous mode [ 520.188927][T10372] geneve3: entered allmulticast mode [ 520.949981][T10380] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1544'. [ 521.035090][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1544'. [ 521.068225][T10380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 521.129108][T10380] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 522.503122][T10398] fuse: Unknown parameter '' [ 523.751024][T10419] fuse: Unknown parameter '' [ 523.929170][T10434] fuse: Unknown parameter '' [ 524.943077][T10445] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1566'. [ 524.954632][T10445] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1566'. [ 525.294114][T10437] batman_adv: batadv0: Adding interface: dummy0 [ 525.342232][T10437] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 525.368611][ C0] vkms_vblank_simulate: vblank timer overrun [ 525.387216][T10437] batman_adv: batadv0: Interface activated: dummy0 [ 525.400119][ T28] audit: type=1326 audit(525.351:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10447 comm="syz.3.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 525.419419][T10438] batadv0: mtu less than device minimum [ 525.429934][ T28] audit: type=1326 audit(525.351:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10447 comm="syz.3.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 525.442625][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.465615][ T28] audit: type=1326 audit(525.391:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10447 comm="syz.3.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 525.465659][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.489414][ T28] audit: type=1326 audit(525.391:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10447 comm="syz.3.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 525.500385][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.533287][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.546234][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.555000][ T28] audit: type=1326 audit(525.391:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10447 comm="syz.3.1569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea3a58f749 code=0x7ffc0000 [ 525.558966][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.591564][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.604407][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.617258][T10438] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 525.841146][T10463] tipc: Failed to remove unknown binding: 66,0,0/0:1912650331/1912650332 [ 525.853521][T10463] tipc: Failed to remove unknown binding: 66,0,0/0:1912650331/1912650332 [ 527.121604][T10481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1576'. [ 527.163266][T10481] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1576'. [ 527.899867][T10492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1581'. [ 528.852190][T10502] tipc: Enabling of bearer rejected, failed to enable media [ 529.469439][ T28] audit: type=1326 audit(529.421:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10512 comm="syz.2.1585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x0 [ 529.492344][ T5810] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 529.685088][ T5810] usb 2-1: Using ep0 maxpacket: 16 [ 529.699570][ T5810] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 529.722341][ T5810] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 529.739986][ T5810] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 529.774756][ T5810] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 529.785063][ T5810] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 529.800450][ T5810] usb 2-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40 [ 529.809894][ T5810] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 529.819796][ T5810] usb 2-1: SerialNumber: syz [ 529.836559][T10509] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 529.855841][ T5810] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 529.885669][ T5810] cdc_acm: probe of 2-1:1.0 failed with error -12 [ 530.091107][T10507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1584'. [ 532.216350][ T9] usb 2-1: USB disconnect, device number 9 [ 534.622259][T10570] netlink: 'syz.0.1602': attribute type 1 has an invalid length. [ 534.645374][T10566] fuse: Bad value for 'fd' [ 536.015838][T10596] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1609'. [ 539.697543][T10704] mmap: syz.0.1649 (10704) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 540.051593][T10709] netdevsim netdevsim0: Direct firmware load for .. failed with error -2 [ 540.086568][T10709] netdevsim netdevsim0: Falling back to sysfs fallback for: .. [ 543.044628][T10765] netdevsim netdevsim1: Direct firmware load for .. failed with error -2 [ 543.063087][T10765] netdevsim netdevsim1: Falling back to sysfs fallback for: .. [ 543.235007][T10769] "syz.3.1673" (10769) uses obsolete ecb(arc4) skcipher [ 544.926444][T10783] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.935143][T10783] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.039893][T10783] batman_adv: batadv0: Interface deactivated: dummy0 [ 546.026462][T10783] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 546.077415][T10783] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 547.280950][T10783] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.284733][ T9] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 547.290688][T10783] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.309002][T10783] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.335580][T10783] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 547.443579][T10783] ip6erspan0: left promiscuous mode [ 547.491866][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 547.533348][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x94, skipping [ 547.554543][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 547.587835][ T9] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 547.597469][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.614311][ T9] usb 2-1: Product: syz [ 547.623469][ T9] usb 2-1: Manufacturer: syz [ 547.635954][ T9] usb 2-1: SerialNumber: syz [ 547.645980][ T9] usb 2-1: config 0 descriptor?? [ 547.660254][T10805] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 547.911670][ T787] usb 2-1: USB disconnect, device number 10 [ 548.778111][T10838] sit0: entered promiscuous mode [ 548.783442][T10838] netlink: 'syz.0.1696': attribute type 1 has an invalid length. [ 548.824246][T10838] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1696'. [ 551.562242][T10895] netlink: 87 bytes leftover after parsing attributes in process `syz.3.1717'. [ 551.928759][T10908] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1718'. [ 553.107466][T10924] net_ratelimit: 10 callbacks suppressed [ 553.107479][T10924] netlink: set zone limit has 8 unknown bytes [ 553.143788][T10925] netlink: 'syz.1.1723': attribute type 13 has an invalid length. [ 553.824896][T10925] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.832640][T10925] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.772874][T10925] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 554.837911][T10925] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.575994][T10925] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.585719][T10925] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.596490][T10925] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.605589][T10925] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.776974][T10927] netdevsim netdevsim3: Direct firmware load for .. failed with error -2 [ 555.801966][T10927] netdevsim netdevsim3: Falling back to sysfs fallback for: .. [ 555.976206][T10955] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1732'. [ 556.169170][T10965] Set syz1 is full, maxelem 0 reached [ 556.350990][T10973] @: renamed from vlan0 [ 556.944215][T10985] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1743'. [ 558.197870][T11005] IPv6: NLM_F_CREATE should be specified when creating new route [ 559.636115][T11015] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1751'. [ 561.216672][T11060] netdevsim netdevsim1: Direct firmware load for / [ 561.216672][T11060] failed with error -2 [ 561.264779][T11060] netdevsim netdevsim1: Falling back to sysfs fallback for: / [ 561.264779][T11060] [ 561.811426][T11047] delete_channel: no stack [ 561.983050][T11052] delete_channel: no stack [ 563.273121][T11105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1784'. [ 563.288636][T11105] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1784'. [ 563.348040][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.355203][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.103121][T11125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 564.444671][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 564.644734][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 564.656793][ T9] usb 2-1: config 4 has an invalid interface number: 225 but max is 2 [ 564.666169][ T9] usb 2-1: config 4 has an invalid interface number: 124 but max is 2 [ 564.682822][ T9] usb 2-1: config 4 contains an unexpected descriptor of type 0x1, skipping [ 564.713232][ T9] usb 2-1: config 4 has an invalid interface number: 196 but max is 2 [ 564.737380][ T9] usb 2-1: config 4 has no interface number 0 [ 564.761884][ T9] usb 2-1: config 4 has no interface number 1 [ 564.783449][ T9] usb 2-1: config 4 has no interface number 2 [ 564.809092][ T9] usb 2-1: config 4 interface 225 altsetting 9 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 564.840627][ T9] usb 2-1: config 4 interface 225 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 564.854040][ T9] usb 2-1: config 4 interface 225 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 564.869513][ T9] usb 2-1: config 4 interface 124 altsetting 3 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 564.881102][ T9] usb 2-1: config 4 interface 124 altsetting 3 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 564.896197][ T9] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 564.912102][ T9] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0x83, skipping [ 564.923696][ T9] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0xB, skipping [ 564.941131][ T9] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 564.957321][ T9] usb 2-1: config 4 interface 124 altsetting 3 has an invalid endpoint with address 0x0, skipping [ 564.969953][ T9] usb 2-1: config 4 interface 124 altsetting 3 has a duplicate endpoint with address 0x8F, skipping [ 564.983659][ T9] usb 2-1: config 4 interface 225 has no altsetting 0 [ 564.990947][ T9] usb 2-1: config 4 interface 124 has no altsetting 0 [ 565.002655][ T9] usb 2-1: config 4 interface 196 has no altsetting 0 [ 565.035940][ T9] usb 2-1: New USB device found, idVendor=1199, idProduct=683c, bcdDevice=fb.51 [ 565.061672][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.093257][ T9] usb 2-1: Product: 䀕 [ 565.098043][ T9] usb 2-1: Manufacturer: чꅢﶎ걄胰澸爄陿嫑㯤鹼뱚備즐䠢綞㹷⍞࠸⩉掺똥쨋譅翿膙炘搓ꉄ룳焢簊ᰘ䫓⥣䳐Ი팦銏⁽糨㆚誜ѩ咽囋譒녠鮹⺼Ꮣ⬮ᜈ鮟ળ拺騢ꍪ톜䉟蠤⤣㏦꾾ෂ骿絀♨ꔻ䗗붾齱녁䴠肼琠䱶靱컜ㆯ䙥т䜯綿㐘旖纪瓃왕斃秙ᴍ稥瘭鉸雉踁 [ 565.934243][T11139] netlink: 'syz.3.1796': attribute type 10 has an invalid length. [ 565.945801][T11139] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1796'. [ 565.968761][T11139] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 565.979772][T11139] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 566.011054][T11139] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 566.376553][ T9] sierra 2-1:4.225: Sierra USB modem converter detected [ 566.405496][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 566.425146][T11159] delete_channel: no stack [ 566.433884][ T9] sierra 2-1:4.124: Sierra USB modem converter detected [ 566.448836][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB1 [ 566.485403][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB2 [ 566.496331][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB3 [ 566.515959][ T9] sierra 2-1:4.196: Sierra USB modem converter detected [ 566.534254][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB4 [ 566.552451][ T9] usb 2-1: USB disconnect, device number 11 [ 566.583600][ T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 566.609291][ T9] sierra 2-1:4.225: device disconnected [ 566.644318][ T9] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 566.696171][ T9] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2 [ 566.737021][ T9] sierra ttyUSB3: Sierra USB modem converter now disconnected from ttyUSB3 [ 566.765621][ T9] sierra 2-1:4.124: device disconnected [ 566.777379][ T9] sierra ttyUSB4: Sierra USB modem converter now disconnected from ttyUSB4 [ 566.800598][ T9] sierra 2-1:4.196: device disconnected [ 567.736219][T11180] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 567.975871][T11186] program syz.1.1808 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 569.151890][T11194] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1812'. [ 569.188595][T11194] 8021q: VLANs not supported on vcan0 [ 569.646528][T11202] warning: `syz.2.1814' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 570.000150][T11192] netlink: 'syz.0.1811': attribute type 10 has an invalid length. [ 570.018110][T11192] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1811'. [ 570.044799][T11192] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 570.063156][T11192] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 570.086186][T11192] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 570.153133][ T28] audit: type=1326 audit(570.101:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.228564][ T28] audit: type=1326 audit(570.101:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.276884][ T28] audit: type=1326 audit(570.111:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.334184][ T28] audit: type=1326 audit(570.111:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.361660][ T28] audit: type=1326 audit(570.111:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.391949][ T28] audit: type=1326 audit(570.121:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.418767][ T28] audit: type=1326 audit(570.121:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 570.457086][ T28] audit: type=1326 audit(570.121:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9338f749 code=0x7ffc0000 [ 572.999732][T11263] netlink: 'syz.2.1828': attribute type 10 has an invalid length. [ 573.039709][T11263] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1828'. [ 573.079697][T11263] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 573.123787][T11263] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 573.169531][T11263] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 573.747035][T11274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1838'. [ 574.039407][T11278] netlink: 'syz.2.1840': attribute type 10 has an invalid length. [ 574.206093][T11278] 8021q: adding VLAN 0 to HW filter on device bond3 [ 574.362237][T11281] bond_slave_0: entered promiscuous mode [ 574.368634][T11281] bond_slave_1: entered promiscuous mode [ 574.375888][T11281] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 574.389370][T11281] bond3: (slave macvlan3): Enslaving as a backup interface with an up link [ 576.501405][T11314] sctp: [Deprecated]: syz.2.1847 (pid 11314) Use of struct sctp_assoc_value in delayed_ack socket option. [ 576.501405][T11314] Use struct sctp_sack_info instead [ 576.958990][T11308] input: syz0 as /devices/virtual/input/input14 [ 577.443058][T11308] netlink: 'syz.1.1846': attribute type 10 has an invalid length. [ 577.456545][T11308] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1846'. [ 577.570785][T11308] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 577.598791][T11308] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 577.625082][T11308] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 577.908517][T11331] tipc: Enabling of bearer rejected, failed to enable media [ 577.981203][T11333] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1853'. [ 578.532418][T11360] ptrace attach of "./syz-executor exec"[5768] was attempted by "./syz-executor exec"[11360] [ 578.731092][T11370] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1867'. [ 579.781820][ T28] audit: type=1326 audit(579.701:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 579.822455][ T28] audit: type=1326 audit(579.701:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 579.873026][ T28] audit: type=1326 audit(579.701:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 579.932335][ T28] audit: type=1326 audit(579.701:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 579.994611][ T28] audit: type=1326 audit(579.701:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 580.074564][ T28] audit: type=1326 audit(579.701:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 580.124644][ T28] audit: type=1326 audit(579.701:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 580.198336][ T28] audit: type=1326 audit(579.701:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 580.255814][ T28] audit: type=1326 audit(579.701:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 580.284901][ T28] audit: type=1326 audit(579.701:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11375 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcd98f749 code=0x7fc00000 [ 584.814538][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 584.814557][ T28] audit: type=1800 audit(584.761:627): pid=11453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1893" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 585.939208][T11492] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1907'. [ 585.952524][T11492] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1907'. [ 587.282492][T11517] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1917'. [ 587.989937][T11527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1921'. [ 588.148860][T11529] trusted_key: syz.3.1922 sent an empty control message without MSG_MORE. [ 589.867062][T11572] fuse: Bad value for 'fd' [ 591.669858][T11604] Invalid option length (64987) for dns_resolver key [ 593.803003][T11643] netlink: 'syz.2.1960': attribute type 10 has an invalid length. [ 593.869920][T11646] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1961'. [ 593.895935][T11643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 593.908059][T11646] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1961'. [ 593.933347][T11643] batadv0: entered promiscuous mode [ 593.947502][T11643] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 593.963285][T11647] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 593.973336][T11647] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.006347][T11647] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.019864][T11647] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.096547][T11647] bond0: (slave batadv0): Releasing backup interface [ 594.357386][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 594.368366][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 594.380148][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 594.393567][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 594.406501][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 594.853514][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1966'. [ 596.501129][T11681] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1971'. [ 597.286626][T11687] [ 597.289015][T11687] ===================================================== [ 597.295943][T11687] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 597.303387][T11687] syzkaller #0 Not tainted [ 597.307806][T11687] ----------------------------------------------------- [ 597.314912][T11687] syz.1.1973/11687 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 597.322640][T11687] ffff88802eb3e210 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 597.331435][T11687] [ 597.331435][T11687] and this task is already holding: [ 597.338990][T11687] ffff888026666028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 597.348869][T11687] which would create a new lock dependency: [ 597.354774][T11687] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){...-}-{2:2} [ 597.362901][T11687] [ 597.362901][T11687] but this new dependency connects a HARDIRQ-irq-safe lock: [ 597.372349][T11687] (&dev->event_lock#2){-.-.}-{2:2} [ 597.372376][T11687] [ 597.372376][T11687] ... which became HARDIRQ-irq-safe at: [ 597.385369][T11687] lock_acquire+0x197/0x410 [ 597.390010][T11687] _raw_spin_lock_irqsave+0xa8/0xf0 [ 597.395305][T11687] input_event+0x7a/0xc0 [ 597.399811][T11687] psmouse_report_standard_packet+0x53/0x200 [ 597.405887][T11687] psmouse_process_byte+0x478/0x670 [ 597.411178][T11687] psmouse_handle_byte+0x43/0x490 [ 597.416286][T11687] ps2_interrupt+0x164/0x980 [ 597.421064][T11687] serio_interrupt+0x8b/0x130 [ 597.425856][T11687] i8042_interrupt+0x394/0x730 [ 597.430714][T11687] __handle_irq_event_percpu+0x276/0x930 [ 597.436522][T11687] handle_irq_event+0x8b/0x1e0 [ 597.441471][T11687] handle_edge_irq+0x247/0xb30 [ 597.446772][T11687] __common_interrupt+0x13b/0x230 [ 597.451898][T11687] common_interrupt+0xb4/0xd0 [ 597.456655][T11687] asm_common_interrupt+0x26/0x40 [ 597.461766][T11687] lock_acquire+0x1f2/0x410 [ 597.466440][T11687] debug_objects_fill_pool+0x92/0x6b0 [ 597.472163][T11687] __debug_object_init+0x27/0x430 [ 597.477357][T11687] debug_init+0x23/0x1d0 [ 597.481679][T11687] hrtimer_init+0x20/0x30 [ 597.486276][T11687] init_dl_entity+0x42/0x140 [ 597.490983][T11687] __sched_fork+0x162/0x4e0 [ 597.495657][T11687] sched_fork+0x24/0x580 [ 597.500005][T11687] copy_process+0x13e5/0x3d70 [ 597.504861][T11687] kernel_clone+0x21b/0x840 [ 597.509465][T11687] user_mode_thread+0xde/0x130 [ 597.514478][T11687] call_usermodehelper_exec_work+0x5c/0x220 [ 597.520597][T11687] process_scheduled_works+0xa45/0x15b0 [ 597.526421][T11687] worker_thread+0xa55/0xfc0 [ 597.531097][T11687] kthread+0x2fa/0x390 [ 597.535245][T11687] ret_from_fork+0x48/0x80 [ 597.539916][T11687] ret_from_fork_asm+0x11/0x20 [ 597.544761][T11687] [ 597.544761][T11687] to a HARDIRQ-irq-unsafe lock: [ 597.551766][T11687] (tasklist_lock){.+.+}-{2:2} [ 597.551787][T11687] [ 597.551787][T11687] ... which became HARDIRQ-irq-unsafe at: [ 597.564575][T11687] ... [ 597.564582][T11687] lock_acquire+0x197/0x410 [ 597.571732][T11687] _raw_read_lock+0x36/0x50 [ 597.576311][T11687] do_wait+0x294/0xaf0 [ 597.580641][T11687] kernel_wait+0xac/0x170 [ 597.585086][T11687] call_usermodehelper_exec_work+0xb9/0x220 [ 597.591168][T11687] process_scheduled_works+0xa45/0x15b0 [ 597.596890][T11687] worker_thread+0xa55/0xfc0 [ 597.601625][T11687] kthread+0x2fa/0x390 [ 597.605772][T11687] ret_from_fork+0x48/0x80 [ 597.610350][T11687] ret_from_fork_asm+0x11/0x20 [ 597.615196][T11687] [ 597.615196][T11687] other info that might help us debug this: [ 597.615196][T11687] [ 597.625503][T11687] Chain exists of: [ 597.625503][T11687] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 597.625503][T11687] [ 597.639063][T11687] Possible interrupt unsafe locking scenario: [ 597.639063][T11687] [ 597.647980][T11687] CPU0 CPU1 [ 597.653427][T11687] ---- ---- [ 597.658948][T11687] lock(tasklist_lock); [ 597.663191][T11687] local_irq_disable(); [ 597.669933][T11687] lock(&dev->event_lock#2); [ 597.677140][T11687] lock(&client->buffer_lock); [ 597.684700][T11687] [ 597.688148][T11687] lock(&dev->event_lock#2); [ 597.693091][T11687] [ 597.693091][T11687] *** DEADLOCK *** [ 597.693091][T11687] [ 597.701310][T11687] 7 locks held by syz.1.1973/11687: [ 597.706495][T11687] #0: ffff88823bcb2910 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17b/0x470 [ 597.715643][T11687] #1: ffff888018736230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0xab/0x320 [ 597.726245][T11687] #2: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 597.736100][T11687] #3: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x1300 [ 597.746045][T11687] #4: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x79/0x330 [ 597.755445][T11687] #5: ffff888026666028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 597.765703][T11687] #6: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 597.775351][T11687] [ 597.775351][T11687] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 597.786099][T11687] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 597.791832][T11687] IN-HARDIRQ-W at: [ 597.796202][T11687] lock_acquire+0x197/0x410 [ 597.802725][T11687] _raw_spin_lock_irqsave+0xa8/0xf0 [ 597.810018][T11687] input_event+0x7a/0xc0 [ 597.816102][T11687] psmouse_report_standard_packet+0x53/0x200 [ 597.824080][T11687] psmouse_process_byte+0x478/0x670 [ 597.831280][T11687] psmouse_handle_byte+0x43/0x490 [ 597.838128][T11687] ps2_interrupt+0x164/0x980 [ 597.844632][T11687] serio_interrupt+0x8b/0x130 [ 597.851412][T11687] i8042_interrupt+0x394/0x730 [ 597.858002][T11687] __handle_irq_event_percpu+0x276/0x930 [ 597.865477][T11687] handle_irq_event+0x8b/0x1e0 [ 597.872159][T11687] handle_edge_irq+0x247/0xb30 [ 597.878913][T11687] __common_interrupt+0x13b/0x230 [ 597.885920][T11687] common_interrupt+0xb4/0xd0 [ 597.892531][T11687] asm_common_interrupt+0x26/0x40 [ 597.899393][T11687] lock_acquire+0x1f2/0x410 [ 597.905733][T11687] debug_objects_fill_pool+0x92/0x6b0 [ 597.912929][T11687] __debug_object_init+0x27/0x430 [ 597.920012][T11687] debug_init+0x23/0x1d0 [ 597.926106][T11687] hrtimer_init+0x20/0x30 [ 597.932353][T11687] init_dl_entity+0x42/0x140 [ 597.938768][T11687] __sched_fork+0x162/0x4e0 [ 597.945103][T11687] sched_fork+0x24/0x580 [ 597.951359][T11687] copy_process+0x13e5/0x3d70 [ 597.957889][T11687] kernel_clone+0x21b/0x840 [ 597.964256][T11687] user_mode_thread+0xde/0x130 [ 597.971065][T11687] call_usermodehelper_exec_work+0x5c/0x220 [ 597.978876][T11687] process_scheduled_works+0xa45/0x15b0 [ 597.986262][T11687] worker_thread+0xa55/0xfc0 [ 597.992842][T11687] kthread+0x2fa/0x390 [ 597.998743][T11687] ret_from_fork+0x48/0x80 [ 598.005188][T11687] ret_from_fork_asm+0x11/0x20 [ 598.011781][T11687] IN-SOFTIRQ-W at: [ 598.015931][T11687] lock_acquire+0x197/0x410 [ 598.022716][T11687] _raw_spin_lock_irqsave+0xa8/0xf0 [ 598.029863][T11687] input_event+0x7a/0xc0 [ 598.035935][T11687] atp_complete_geyser_3_4+0x11ea/0x1e70 [ 598.043505][T11687] __usb_hcd_giveback_urb+0x35f/0x520 [ 598.050783][T11687] dummy_timer+0x88a/0x3140 [ 598.057198][T11687] __hrtimer_run_queues+0x51e/0xc40 [ 598.064216][T11687] hrtimer_run_softirq+0x187/0x2b0 [ 598.071228][T11687] handle_softirqs+0x280/0x820 [ 598.077829][T11687] __irq_exit_rcu+0xc7/0x190 [ 598.084441][T11687] irq_exit_rcu+0x9/0x20 [ 598.090527][T11687] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 598.098086][T11687] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 598.105906][T11687] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 598.113694][T11687] dummy_urb_enqueue+0x58a/0x780 [ 598.120648][T11687] usb_hcd_submit_urb+0x313/0x1a90 [ 598.127687][T11687] atp_open+0x63/0xc0 [ 598.133583][T11687] input_open_device+0x170/0x2e0 [ 598.140425][T11687] mousedev_open_device+0xc7/0x150 [ 598.147469][T11687] mousedev_open+0x2e9/0x4a0 [ 598.153983][T11687] chrdev_open+0x59e/0x670 [ 598.160243][T11687] do_dentry_open+0x8c6/0x1500 [ 598.166846][T11687] path_openat+0x274b/0x3190 [ 598.173364][T11687] do_filp_open+0x1c5/0x3d0 [ 598.179971][T11687] do_sys_openat2+0x12c/0x1c0 [ 598.186511][T11687] __x64_sys_openat+0x139/0x160 [ 598.193288][T11687] do_syscall_64+0x55/0xb0 [ 598.199533][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 598.207427][T11687] INITIAL USE at: [ 598.211662][T11687] lock_acquire+0x197/0x410 [ 598.218007][T11687] _raw_spin_lock_irqsave+0xa8/0xf0 [ 598.225023][T11687] input_inject_event+0xab/0x320 [ 598.231692][T11687] led_trigger_event+0x133/0x210 [ 598.238457][T11687] kbd_led_trigger_activate+0xbd/0x100 [ 598.245731][T11687] led_trigger_set+0x524/0x940 [ 598.252316][T11687] led_trigger_set_default+0x1a0/0x1e0 [ 598.259596][T11687] led_classdev_register_ext+0x6e9/0x940 [ 598.266964][T11687] input_leds_connect+0x4eb/0x6b0 [ 598.273733][T11687] input_register_device+0xcdc/0x1070 [ 598.280928][T11687] atkbd_connect+0x6fb/0x9a0 [ 598.287262][T11687] serio_driver_probe+0x7a/0xa0 [ 598.293931][T11687] really_probe+0x25b/0xb40 [ 598.300186][T11687] __driver_probe_device+0x18c/0x330 [ 598.307241][T11687] driver_probe_device+0x4f/0x420 [ 598.314003][T11687] __driver_attach+0x44e/0x6f0 [ 598.320502][T11687] bus_for_each_dev+0x22d/0x2a0 [ 598.327130][T11687] serio_handle_event+0x1a2/0x860 [ 598.333903][T11687] process_scheduled_works+0xa45/0x15b0 [ 598.341390][T11687] worker_thread+0xa55/0xfc0 [ 598.347804][T11687] kthread+0x2fa/0x390 [ 598.354132][T11687] ret_from_fork+0x48/0x80 [ 598.360372][T11687] ret_from_fork_asm+0x11/0x20 [ 598.366962][T11687] } [ 598.369540][T11687] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 598.378648][T11687] -> (&client->buffer_lock){....}-{2:2} { [ 598.384373][T11687] INITIAL USE at: [ 598.388267][T11687] lock_acquire+0x197/0x410 [ 598.394345][T11687] _raw_spin_lock+0x2e/0x40 [ 598.400508][T11687] evdev_pass_values+0xcb/0xab0 [ 598.406935][T11687] evdev_events+0x1d8/0x330 [ 598.413030][T11687] input_pass_values+0x907/0x1300 [ 598.419743][T11687] input_event_dispose+0x346/0x6c0 [ 598.426513][T11687] input_inject_event+0x1f9/0x320 [ 598.433205][T11687] evdev_write+0x32a/0x470 [ 598.439197][T11687] vfs_write+0x288/0x940 [ 598.445031][T11687] ksys_write+0x147/0x250 [ 598.450931][T11687] do_syscall_64+0x55/0xb0 [ 598.457096][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 598.464998][T11687] } [ 598.467591][T11687] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 598.475922][T11687] ... acquired at: [ 598.479812][T11687] _raw_spin_lock+0x2e/0x40 [ 598.484498][T11687] evdev_pass_values+0xcb/0xab0 [ 598.489540][T11687] evdev_events+0x1d8/0x330 [ 598.494421][T11687] input_pass_values+0x907/0x1300 [ 598.499780][T11687] input_event_dispose+0x346/0x6c0 [ 598.505284][T11687] input_inject_event+0x1f9/0x320 [ 598.510578][T11687] evdev_write+0x32a/0x470 [ 598.515163][T11687] vfs_write+0x288/0x940 [ 598.519593][T11687] ksys_write+0x147/0x250 [ 598.524119][T11687] do_syscall_64+0x55/0xb0 [ 598.528729][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 598.534798][T11687] [ 598.537144][T11687] [ 598.537144][T11687] the dependencies between the lock to be acquired [ 598.537152][T11687] and HARDIRQ-irq-unsafe lock: [ 598.550812][T11687] -> (tasklist_lock){.+.+}-{2:2} { [ 598.556156][T11687] HARDIRQ-ON-R at: [ 598.560397][T11687] lock_acquire+0x197/0x410 [ 598.567236][T11687] _raw_read_lock+0x36/0x50 [ 598.573969][T11687] do_wait+0x294/0xaf0 [ 598.580153][T11687] kernel_wait+0xac/0x170 [ 598.586576][T11687] call_usermodehelper_exec_work+0xb9/0x220 [ 598.594648][T11687] process_scheduled_works+0xa45/0x15b0 [ 598.602275][T11687] worker_thread+0xa55/0xfc0 [ 598.608902][T11687] kthread+0x2fa/0x390 [ 598.615117][T11687] ret_from_fork+0x48/0x80 [ 598.621622][T11687] ret_from_fork_asm+0x11/0x20 [ 598.628483][T11687] SOFTIRQ-ON-R at: [ 598.632645][T11687] lock_acquire+0x197/0x410 [ 598.639242][T11687] _raw_read_lock+0x36/0x50 [ 598.645776][T11687] do_wait+0x294/0xaf0 [ 598.651851][T11687] kernel_wait+0xac/0x170 [ 598.658190][T11687] call_usermodehelper_exec_work+0xb9/0x220 [ 598.666187][T11687] process_scheduled_works+0xa45/0x15b0 [ 598.673726][T11687] worker_thread+0xa55/0xfc0 [ 598.680405][T11687] kthread+0x2fa/0x390 [ 598.686478][T11687] ret_from_fork+0x48/0x80 [ 598.692923][T11687] ret_from_fork_asm+0x11/0x20 [ 598.699677][T11687] INITIAL USE at: [ 598.703760][T11687] lock_acquire+0x197/0x410 [ 598.710195][T11687] _raw_write_lock_irq+0xa3/0xe0 [ 598.717128][T11687] copy_process+0x225d/0x3d70 [ 598.723802][T11687] kernel_clone+0x21b/0x840 [ 598.730382][T11687] user_mode_thread+0xde/0x130 [ 598.737161][T11687] rest_init+0x27/0x300 [ 598.743236][T11687] arch_call_rest_init+0xe/0x10 [ 598.750011][T11687] start_kernel+0x459/0x4e0 [ 598.756424][T11687] x86_64_start_reservations+0x2a/0x30 [ 598.764317][T11687] copy_bootdata+0x0/0xe0 [ 598.770727][T11687] secondary_startup_64_no_verify+0x179/0x17b [ 598.778786][T11687] INITIAL READ USE at: [ 598.783277][T11687] lock_acquire+0x197/0x410 [ 598.790290][T11687] _raw_read_lock+0x36/0x50 [ 598.797145][T11687] do_wait+0x294/0xaf0 [ 598.803686][T11687] kernel_wait+0xac/0x170 [ 598.810382][T11687] call_usermodehelper_exec_work+0xb9/0x220 [ 598.818710][T11687] process_scheduled_works+0xa45/0x15b0 [ 598.826593][T11687] worker_thread+0xa55/0xfc0 [ 598.833624][T11687] kthread+0x2fa/0x390 [ 598.840203][T11687] ret_from_fork+0x48/0x80 [ 598.846969][T11687] ret_from_fork_asm+0x11/0x20 [ 598.854075][T11687] } [ 598.856832][T11687] ... key at: [] tasklist_lock+0x18/0x40 [ 598.864735][T11687] ... acquired at: [ 598.868879][T11687] _raw_read_lock+0x36/0x50 [ 598.873555][T11687] send_sigurg+0xf0/0x3c0 [ 598.878152][T11687] sk_send_sigurg+0x6f/0xc0 [ 598.882825][T11687] tcp_check_urg+0x200/0x750 [ 598.887616][T11687] tcp_urg+0x161/0x3f0 [ 598.891882][T11687] tcp_rcv_established+0xa2e/0x1cf0 [ 598.897248][T11687] tcp_v4_do_rcv+0x4ed/0xb80 [ 598.902083][T11687] __release_sock+0x1e5/0x460 [ 598.906943][T11687] release_sock+0x5f/0x1c0 [ 598.911583][T11687] tcp_sendmsg+0x39/0x50 [ 598.916093][T11687] ____sys_sendmsg+0x5bf/0x950 [ 598.921121][T11687] ___sys_sendmsg+0x220/0x290 [ 598.925969][T11687] __se_sys_sendmsg+0x1a5/0x270 [ 598.931005][T11687] do_syscall_64+0x55/0xb0 [ 598.935612][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 598.941763][T11687] [ 598.944077][T11687] -> (&f->f_owner.lock){...-}-{2:2} { [ 598.949641][T11687] IN-SOFTIRQ-R at: [ 598.953698][T11687] lock_acquire+0x197/0x410 [ 598.960021][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 598.967127][T11687] send_sigio+0x33/0x360 [ 598.973448][T11687] kill_fasync+0x228/0x4b0 [ 598.979786][T11687] sock_wake_async+0x137/0x160 [ 598.986369][T11687] sk_wake_async+0x184/0x280 [ 598.992782][T11687] sock_def_readable+0x22d/0x430 [ 598.999801][T11687] tcp_data_queue+0x21b2/0x5a80 [ 599.006561][T11687] tcp_rcv_established+0xa39/0x1cf0 [ 599.013603][T11687] tcp_v6_do_rcv+0x5e7/0x12d0 [ 599.020194][T11687] tcp_v6_rcv+0x1fd4/0x26a0 [ 599.026602][T11687] ip6_protocol_deliver_rcu+0xb7a/0x13c0 [ 599.034056][T11687] ip6_input_finish+0x184/0x2c0 [ 599.040730][T11687] NF_HOOK+0x303/0x390 [ 599.046825][T11687] NF_HOOK+0x303/0x390 [ 599.052822][T11687] __netif_receive_skb+0xcc/0x290 [ 599.059673][T11687] process_backlog+0x380/0x6e0 [ 599.066459][T11687] __napi_poll+0xc0/0x460 [ 599.072608][T11687] net_rx_action+0x5ea/0xbf0 [ 599.079029][T11687] handle_softirqs+0x280/0x820 [ 599.085844][T11687] __irq_exit_rcu+0xc7/0x190 [ 599.092264][T11687] irq_exit_rcu+0x9/0x20 [ 599.098604][T11687] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 599.106077][T11687] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 599.113896][T11687] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 599.121544][T11687] __wake_up_sync_key+0x11f/0x190 [ 599.128388][T11687] __unix_dgram_recvmsg+0x49c/0xd60 [ 599.135409][T11687] sock_recvmsg_nosec+0x82/0xd0 [ 599.142096][T11687] ____sys_recvmsg+0x49b/0x5b0 [ 599.148708][T11687] ___sys_recvmsg+0x1b6/0x510 [ 599.155217][T11687] do_recvmmsg+0x360/0x7d0 [ 599.161628][T11687] __x64_sys_recvmmsg+0x191/0x240 [ 599.168475][T11687] do_syscall_64+0x55/0xb0 [ 599.174839][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.182576][T11687] INITIAL USE at: [ 599.186665][T11687] lock_acquire+0x197/0x410 [ 599.192954][T11687] _raw_write_lock_irq+0xa3/0xe0 [ 599.199680][T11687] __f_setown+0x3b/0x330 [ 599.205754][T11687] generic_setlease+0xe32/0x1270 [ 599.212921][T11687] fcntl_setlease+0x268/0x340 [ 599.219346][T11687] do_fcntl+0x1cb/0x1380 [ 599.225416][T11687] __se_sys_fcntl+0xc9/0x1a0 [ 599.231740][T11687] do_syscall_64+0x55/0xb0 [ 599.238063][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.245871][T11687] INITIAL READ USE at: [ 599.250290][T11687] lock_acquire+0x197/0x410 [ 599.256976][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 599.264515][T11687] send_sigio+0x33/0x360 [ 599.271007][T11687] kill_fasync+0x228/0x4b0 [ 599.277598][T11687] sock_wake_async+0x137/0x160 [ 599.284538][T11687] sk_wake_async+0x184/0x280 [ 599.291489][T11687] sock_def_readable+0x22d/0x430 [ 599.298592][T11687] tcp_rcv_established+0x1318/0x1cf0 [ 599.306465][T11687] tcp_v6_do_rcv+0x5e7/0x12d0 [ 599.313409][T11687] __release_sock+0x1e5/0x460 [ 599.320438][T11687] __sk_flush_backlog+0x26/0x40 [ 599.327470][T11687] tcp_sendmsg_locked+0x3c5b/0x4af0 [ 599.334945][T11687] tcp_sendmsg+0x2f/0x50 [ 599.341388][T11687] sock_write_iter+0x2bb/0x3f0 [ 599.348327][T11687] vfs_write+0x43b/0x940 [ 599.354836][T11687] ksys_write+0x147/0x250 [ 599.361333][T11687] do_syscall_64+0x55/0xb0 [ 599.367915][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.375978][T11687] } [ 599.378576][T11687] ... key at: [] init_file.__key+0x0/0x20 [ 599.386555][T11687] ... acquired at: [ 599.390435][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 599.395890][T11687] send_sigio+0x33/0x360 [ 599.400320][T11687] kill_fasync+0x228/0x4b0 [ 599.404924][T11687] sock_wake_async+0x137/0x160 [ 599.409851][T11687] sk_wake_async+0x184/0x280 [ 599.414631][T11687] sock_def_readable+0x22d/0x430 [ 599.419754][T11687] tcp_rcv_established+0x1318/0x1cf0 [ 599.425214][T11687] tcp_v6_do_rcv+0x5e7/0x12d0 [ 599.430062][T11687] __release_sock+0x1e5/0x460 [ 599.434913][T11687] __sk_flush_backlog+0x26/0x40 [ 599.440016][T11687] tcp_sendmsg_locked+0x3c5b/0x4af0 [ 599.445477][T11687] tcp_sendmsg+0x2f/0x50 [ 599.449900][T11687] sock_write_iter+0x2bb/0x3f0 [ 599.454833][T11687] vfs_write+0x43b/0x940 [ 599.459244][T11687] ksys_write+0x147/0x250 [ 599.463736][T11687] do_syscall_64+0x55/0xb0 [ 599.468312][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.474466][T11687] [ 599.476799][T11687] -> (&new->fa_lock){...-}-{2:2} { [ 599.482207][T11687] IN-SOFTIRQ-R at: [ 599.486190][T11687] lock_acquire+0x197/0x410 [ 599.492686][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 599.499703][T11687] kill_fasync+0x192/0x4b0 [ 599.505796][T11687] sock_wake_async+0x137/0x160 [ 599.512223][T11687] sk_wake_async+0x184/0x280 [ 599.518457][T11687] sock_def_readable+0x22d/0x430 [ 599.525262][T11687] tcp_data_queue+0x21b2/0x5a80 [ 599.531773][T11687] tcp_rcv_established+0xa39/0x1cf0 [ 599.538718][T11687] tcp_v6_do_rcv+0x5e7/0x12d0 [ 599.545040][T11687] tcp_v6_rcv+0x1fd4/0x26a0 [ 599.551181][T11687] ip6_protocol_deliver_rcu+0xb7a/0x13c0 [ 599.558575][T11687] ip6_input_finish+0x184/0x2c0 [ 599.565085][T11687] NF_HOOK+0x303/0x390 [ 599.570819][T11687] NF_HOOK+0x303/0x390 [ 599.576537][T11687] __netif_receive_skb+0xcc/0x290 [ 599.583222][T11687] process_backlog+0x380/0x6e0 [ 599.589657][T11687] __napi_poll+0xc0/0x460 [ 599.595751][T11687] net_rx_action+0x5ea/0xbf0 [ 599.602074][T11687] handle_softirqs+0x280/0x820 [ 599.608484][T11687] __irq_exit_rcu+0xc7/0x190 [ 599.614803][T11687] irq_exit_rcu+0x9/0x20 [ 599.620865][T11687] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 599.628155][T11687] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 599.635971][T11687] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 599.643864][T11687] __wake_up_sync_key+0x11f/0x190 [ 599.650640][T11687] __unix_dgram_recvmsg+0x49c/0xd60 [ 599.657665][T11687] sock_recvmsg_nosec+0x82/0xd0 [ 599.664181][T11687] ____sys_recvmsg+0x49b/0x5b0 [ 599.670604][T11687] ___sys_recvmsg+0x1b6/0x510 [ 599.676928][T11687] do_recvmmsg+0x360/0x7d0 [ 599.683001][T11687] __x64_sys_recvmmsg+0x191/0x240 [ 599.689699][T11687] do_syscall_64+0x55/0xb0 [ 599.695771][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.703330][T11687] INITIAL USE at: [ 599.707302][T11687] lock_acquire+0x197/0x410 [ 599.713363][T11687] _raw_write_lock_irq+0xa3/0xe0 [ 599.719948][T11687] fasync_remove_entry+0xf4/0x1c0 [ 599.726532][T11687] sock_fasync+0x88/0xf0 [ 599.732348][T11687] __fput+0x7f3/0x970 [ 599.738064][T11687] task_work_run+0x1ce/0x250 [ 599.744213][T11687] exit_to_user_mode_loop+0xe6/0x110 [ 599.751159][T11687] exit_to_user_mode_prepare+0xf6/0x180 [ 599.758348][T11687] syscall_exit_to_user_mode+0x1a/0x50 [ 599.765549][T11687] do_syscall_64+0x61/0xb0 [ 599.771652][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.779563][T11687] INITIAL READ USE at: [ 599.783887][T11687] lock_acquire+0x197/0x410 [ 599.790395][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 599.797867][T11687] kill_fasync+0x192/0x4b0 [ 599.804276][T11687] sock_wake_async+0x137/0x160 [ 599.811120][T11687] sk_wake_async+0x184/0x280 [ 599.817763][T11687] sock_def_readable+0x22d/0x430 [ 599.824962][T11687] tcp_rcv_established+0x1318/0x1cf0 [ 599.832243][T11687] tcp_v6_do_rcv+0x5e7/0x12d0 [ 599.838920][T11687] __release_sock+0x1e5/0x460 [ 599.845618][T11687] __sk_flush_backlog+0x26/0x40 [ 599.852569][T11687] tcp_sendmsg_locked+0x3c5b/0x4af0 [ 599.859880][T11687] tcp_sendmsg+0x2f/0x50 [ 599.866126][T11687] sock_write_iter+0x2bb/0x3f0 [ 599.872912][T11687] vfs_write+0x43b/0x940 [ 599.879167][T11687] ksys_write+0x147/0x250 [ 599.885496][T11687] do_syscall_64+0x55/0xb0 [ 599.891907][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.899808][T11687] } [ 599.902318][T11687] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 599.911092][T11687] ... acquired at: [ 599.914891][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 599.920351][T11687] kill_fasync+0x192/0x4b0 [ 599.925032][T11687] evdev_pass_values+0x54b/0xab0 [ 599.930138][T11687] evdev_events+0x1d8/0x330 [ 599.934809][T11687] input_pass_values+0x907/0x1300 [ 599.940010][T11687] input_event_dispose+0x346/0x6c0 [ 599.945292][T11687] input_inject_event+0x1f9/0x320 [ 599.950486][T11687] evdev_write+0x32a/0x470 [ 599.955091][T11687] vfs_write+0x288/0x940 [ 599.959506][T11687] ksys_write+0x147/0x250 [ 599.964014][T11687] do_syscall_64+0x55/0xb0 [ 599.968595][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 599.974838][T11687] [ 599.977257][T11687] [ 599.977257][T11687] stack backtrace: [ 599.983222][T11687] CPU: 0 PID: 11687 Comm: syz.1.1973 Not tainted syzkaller #0 [ 599.990675][T11687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 600.000830][T11687] Call Trace: [ 600.004111][T11687] [ 600.007137][T11687] dump_stack_lvl+0x16c/0x230 [ 600.011828][T11687] ? load_image+0x3b0/0x3b0 [ 600.016333][T11687] ? show_regs_print_info+0x20/0x20 [ 600.021530][T11687] ? load_image+0x3b0/0x3b0 [ 600.026043][T11687] ? print_shortest_lock_dependencies+0xf4/0x160 [ 600.032537][T11687] __lock_acquire+0x678f/0x7c80 [ 600.037508][T11687] ? verify_lock_unused+0x140/0x140 [ 600.042712][T11687] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 600.048777][T11687] ? verify_lock_unused+0x140/0x140 [ 600.054076][T11687] lock_acquire+0x197/0x410 [ 600.058861][T11687] ? kill_fasync+0x192/0x4b0 [ 600.063501][T11687] ? read_lock_is_recursive+0x20/0x20 [ 600.068923][T11687] _raw_read_lock_irqsave+0xb0/0x100 [ 600.074231][T11687] ? kill_fasync+0x192/0x4b0 [ 600.078818][T11687] ? _raw_read_lock+0x50/0x50 [ 600.083633][T11687] kill_fasync+0x192/0x4b0 [ 600.088186][T11687] ? kill_fasync+0x53/0x4b0 [ 600.092788][T11687] evdev_pass_values+0x54b/0xab0 [ 600.097775][T11687] ? evdev_pass_values+0x501/0xab0 [ 600.102901][T11687] evdev_events+0x1d8/0x330 [ 600.107423][T11687] ? evdev_events+0x79/0x330 [ 600.112022][T11687] ? evdev_event+0xe0/0xe0 [ 600.116533][T11687] input_pass_values+0x907/0x1300 [ 600.121586][T11687] ? input_pass_values+0xa3/0x1300 [ 600.126697][T11687] input_event_dispose+0x346/0x6c0 [ 600.131892][T11687] input_inject_event+0x1f9/0x320 [ 600.136917][T11687] ? input_inject_event+0xbc/0x320 [ 600.142206][T11687] evdev_write+0x32a/0x470 [ 600.146657][T11687] ? evdev_read+0xb50/0xb50 [ 600.151243][T11687] ? common_file_perm+0x198/0x1f0 [ 600.156353][T11687] ? fsnotify_perm+0x5d/0x5e0 [ 600.161113][T11687] ? security_file_permission+0x79/0xa0 [ 600.166681][T11687] ? evdev_read+0xb50/0xb50 [ 600.171191][T11687] vfs_write+0x288/0x940 [ 600.175519][T11687] ? file_end_write+0x250/0x250 [ 600.180364][T11687] ? __fget_files+0x28/0x4d0 [ 600.184965][T11687] ? __fget_files+0x44a/0x4d0 [ 600.189643][T11687] ? __fdget_pos+0x1d8/0x330 [ 600.194248][T11687] ? ksys_write+0x75/0x250 [ 600.198660][T11687] ksys_write+0x147/0x250 [ 600.202993][T11687] ? __ia32_sys_read+0x90/0x90 [ 600.207755][T11687] ? lockdep_hardirqs_on+0x98/0x150 [ 600.212948][T11687] do_syscall_64+0x55/0xb0 [ 600.217359][T11687] ? clear_bhb_loop+0x40/0x90 [ 600.222117][T11687] ? clear_bhb_loop+0x40/0x90 [ 600.226815][T11687] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 600.232795][T11687] RIP: 0033:0x7fc35098f749 [ 600.237208][T11687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.256904][T11687] RSP: 002b:00007fc3517e9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 600.265321][T11687] RAX: ffffffffffffffda RBX: 00007fc350be5fa0 RCX: 00007fc35098f749 [ 600.273372][T11687] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 600.281357][T11687] RBP: 00007fc350a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 600.289584][T11687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.297637][T11687] R13: 00007fc350be6038 R14: 00007fc350be5fa0 R15: 00007ffd59919b78 [ 600.305606][T11687]