last executing test programs: 4m51.339586129s ago: executing program 1 (id=1111): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000140)={&(0x7f0000000180), 0x0, 0xffa2}) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000000c0)={&(0x7f00000012c0), &(0x7f0000002340)=""/4118, 0x1016}) 4m51.252257527s ago: executing program 1 (id=1112): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x600100a2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getdents(r0, &(0x7f0000000fc0)=""/72, 0x48) 4m50.801379907s ago: executing program 1 (id=1116): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) shutdown(r0, 0x1) write(r0, 0x0, 0x0) 4m50.596093619s ago: executing program 1 (id=1121): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0/../file0/../file0/../file0\x00', 0x14) 4m50.382199407s ago: executing program 1 (id=1127): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680)) socket$packet(0x11, 0x3, 0x300) setresuid(0x0, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4m49.999087065s ago: executing program 1 (id=1135): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000011d80)=@newtfilter={0x43c, 0x2c, 0x400, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff1}, {0x9, 0xfff1}, {0xfff3, 0x7}}, [@f_rsvp6={{0xa}, {0x40c, 0x2, [@TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x0, 0x1, 0x21, 0x6, 0x4, 0x9, 0xa, 0x6, 0x3, 0xe23f, 0x243c, 0x58b, 0x1000, 0x2, 0x5, 0x6, 0x80000000, 0x1, 0x80000000, 0x7, 0x1, 0x7, 0xc7, 0x7, 0x5, 0x7, 0x200, 0x7, 0x7, 0xde7, 0x3, 0x88f00000, 0x30000000, 0x2, 0x6, 0x3, 0x5, 0xd3a, 0x3, 0x5, 0x4, 0x0, 0x0, 0x6, 0x39f0, 0x72, 0x7, 0x0, 0x28, 0x91, 0x4, 0x2, 0xffff, 0x3, 0x7, 0x1, 0xcc9, 0x6, 0x10000, 0x0, 0x1, 0x2, 0x9, 0xfffffffb, 0x7, 0x1, 0x0, 0x9a, 0xe25, 0x5, 0x9, 0x80, 0x200, 0xffff, 0x0, 0x7ff, 0x4027, 0xa, 0x1, 0x4, 0x8, 0x700, 0x0, 0xe97, 0x5, 0x4, 0x4, 0x6, 0x0, 0x10001, 0x4, 0x7, 0xb36, 0xe, 0x6, 0x6, 0x9, 0x7, 0x8000, 0x2, 0x3, 0x20, 0x0, 0x0, 0x101, 0x7, 0x13, 0x10, 0x2, 0xc, 0x5, 0x7, 0x4, 0xfffffffa, 0x9, 0x1, 0x1, 0x8, 0x81, 0x2, 0x0, 0xa, 0xffffffff, 0x6, 0x6, 0x8, 0x8, 0x8, 0x6a0ff34, 0xfffffff8, 0x0, 0x3, 0x7, 0x36, 0x401, 0xfffffff5, 0xac4, 0x5, 0x40, 0x80000000, 0x1, 0x85f, 0x3, 0x8, 0xfffffffc, 0x0, 0x4, 0x3, 0x5, 0x3, 0x300000, 0x1, 0x0, 0x8cb, 0x0, 0x9a89, 0x3, 0x1, 0xd, 0xfffffff8, 0xffff, 0xfffff1b5, 0x94f, 0x7, 0x2, 0x45, 0x8, 0x7, 0x2, 0x7fff, 0x2, 0x401, 0x0, 0x10000, 0x0, 0x4, 0x0, 0x6, 0x3, 0x1, 0x6, 0xffffffff, 0x1ff, 0x9, 0x951e, 0x10000, 0x2, 0x7fffffff, 0x6, 0x3, 0x6, 0x9, 0x1, 0x7, 0x3, 0x9, 0x2, 0x3, 0x4, 0x5, 0xa, 0x7d8, 0xff, 0x6, 0x2, 0x5, 0x11, 0x2e0c, 0x1ff, 0x0, 0x8, 0x6, 0x4, 0x3, 0x80000000, 0x9, 0x4, 0x5, 0xd, 0x6899, 0x2d87, 0x2, 0x8, 0x8, 0x8, 0x5, 0x4, 0x9, 0x1, 0x3, 0x6, 0x9, 0xff, 0x2000, 0x4, 0x75, 0x1, 0x4, 0x4, 0x0, 0xd, 0x5, 0x433, 0x9, 0x4, 0x5, 0x7ff, 0x200, 0x84, 0xfffffffb, 0x6, 0x5, 0x7, 0x7ff, 0x80000001]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x20044010}, 0x81) recvmmsg$unix(r1, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/59, 0x3b}, {&(0x7f0000000440)=""/121, 0x79}], 0x2}}], 0x1, 0x10000, 0x0) 4m49.695097151s ago: executing program 32 (id=1135): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000011d80)=@newtfilter={0x43c, 0x2c, 0x400, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff1}, {0x9, 0xfff1}, {0xfff3, 0x7}}, [@f_rsvp6={{0xa}, {0x40c, 0x2, [@TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x0, 0x1, 0x21, 0x6, 0x4, 0x9, 0xa, 0x6, 0x3, 0xe23f, 0x243c, 0x58b, 0x1000, 0x2, 0x5, 0x6, 0x80000000, 0x1, 0x80000000, 0x7, 0x1, 0x7, 0xc7, 0x7, 0x5, 0x7, 0x200, 0x7, 0x7, 0xde7, 0x3, 0x88f00000, 0x30000000, 0x2, 0x6, 0x3, 0x5, 0xd3a, 0x3, 0x5, 0x4, 0x0, 0x0, 0x6, 0x39f0, 0x72, 0x7, 0x0, 0x28, 0x91, 0x4, 0x2, 0xffff, 0x3, 0x7, 0x1, 0xcc9, 0x6, 0x10000, 0x0, 0x1, 0x2, 0x9, 0xfffffffb, 0x7, 0x1, 0x0, 0x9a, 0xe25, 0x5, 0x9, 0x80, 0x200, 0xffff, 0x0, 0x7ff, 0x4027, 0xa, 0x1, 0x4, 0x8, 0x700, 0x0, 0xe97, 0x5, 0x4, 0x4, 0x6, 0x0, 0x10001, 0x4, 0x7, 0xb36, 0xe, 0x6, 0x6, 0x9, 0x7, 0x8000, 0x2, 0x3, 0x20, 0x0, 0x0, 0x101, 0x7, 0x13, 0x10, 0x2, 0xc, 0x5, 0x7, 0x4, 0xfffffffa, 0x9, 0x1, 0x1, 0x8, 0x81, 0x2, 0x0, 0xa, 0xffffffff, 0x6, 0x6, 0x8, 0x8, 0x8, 0x6a0ff34, 0xfffffff8, 0x0, 0x3, 0x7, 0x36, 0x401, 0xfffffff5, 0xac4, 0x5, 0x40, 0x80000000, 0x1, 0x85f, 0x3, 0x8, 0xfffffffc, 0x0, 0x4, 0x3, 0x5, 0x3, 0x300000, 0x1, 0x0, 0x8cb, 0x0, 0x9a89, 0x3, 0x1, 0xd, 0xfffffff8, 0xffff, 0xfffff1b5, 0x94f, 0x7, 0x2, 0x45, 0x8, 0x7, 0x2, 0x7fff, 0x2, 0x401, 0x0, 0x10000, 0x0, 0x4, 0x0, 0x6, 0x3, 0x1, 0x6, 0xffffffff, 0x1ff, 0x9, 0x951e, 0x10000, 0x2, 0x7fffffff, 0x6, 0x3, 0x6, 0x9, 0x1, 0x7, 0x3, 0x9, 0x2, 0x3, 0x4, 0x5, 0xa, 0x7d8, 0xff, 0x6, 0x2, 0x5, 0x11, 0x2e0c, 0x1ff, 0x0, 0x8, 0x6, 0x4, 0x3, 0x80000000, 0x9, 0x4, 0x5, 0xd, 0x6899, 0x2d87, 0x2, 0x8, 0x8, 0x8, 0x5, 0x4, 0x9, 0x1, 0x3, 0x6, 0x9, 0xff, 0x2000, 0x4, 0x75, 0x1, 0x4, 0x4, 0x0, 0xd, 0x5, 0x433, 0x9, 0x4, 0x5, 0x7ff, 0x200, 0x84, 0xfffffffb, 0x6, 0x5, 0x7, 0x7ff, 0x80000001]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x20044010}, 0x81) recvmmsg$unix(r1, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/59, 0x3b}, {&(0x7f0000000440)=""/121, 0x79}], 0x2}}], 0x1, 0x10000, 0x0) 4m3.219704988s ago: executing program 0 (id=1784): r0 = getpid() setreuid(0xee00, 0x0) r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone3(&(0x7f00000006c0)={0x192142100, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 4m3.219046533s ago: executing program 0 (id=1786): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x7fffffff, 0x6, 0x9}}}}]}, 0x44}}, 0x44080) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0x0, 0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xc}}]}, 0x38}}, 0x4000) 4m2.991345327s ago: executing program 0 (id=1792): r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x54, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}, @in6={0xa, 0x4e21, 0x9, @loopback, 0x7ab}]}, &(0x7f0000000180)=0x10) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1) 4m2.129732168s ago: executing program 0 (id=1810): mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000180)='./file0\x00') 4m2.02980145s ago: executing program 0 (id=1812): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) signalfd(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1e, 0x13, 0xffffffffffffffff, 0x0) 4m0.463013844s ago: executing program 0 (id=1828): rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) tee(r0, r2, 0x3, 0x0) write$FUSE_INIT(r1, &(0x7f00000006c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0x22911c0, 0x1, 0x5, 0x4, 0xffffbe9e, 0x0, 0x0, 0x2, 0xe}}, 0x50) 4m0.24849139s ago: executing program 33 (id=1828): rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) tee(r0, r2, 0x3, 0x0) write$FUSE_INIT(r1, &(0x7f00000006c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0x22911c0, 0x1, 0x5, 0x4, 0xffffbe9e, 0x0, 0x0, 0x2, 0xe}}, 0x50) 3m42.048091544s ago: executing program 2 (id=2112): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000062401, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f00000003c0)={0x1, 0x2, 0xffffffff, 0x10001, 0xcb2, 0xfffffffffffffffe, 0x7, 0x0, 0x1000, 0x9, 0x671, 0x3}) 3m41.08634959s ago: executing program 2 (id=2123): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000200000000000800a00094090000080026009409000008002700000000000800a1"], 0x48}}, 0x0) 3m40.942913969s ago: executing program 2 (id=2126): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x1, 0x2, 0x6, 0x80}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)={0x1, 0x2, 0x1b8, 0x2}) fcntl$lock(r1, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd}) 3m39.971977787s ago: executing program 2 (id=2147): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 3m39.86228455s ago: executing program 2 (id=2149): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000440)={@random="87b5d5ceaa8f", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x16, 0x2, 0x0, 0x0, 0x1000, {[@mptcp=@ack={0x1e, 0x15, 0x8, 0x4, "af0b5c06a8bf463496147203e4f537af28"}, @md5sig={0x13, 0x12, "2313a3101166d6c856214c013c019043"}, @generic={0x13, 0x2}, @sack={0x5, 0xe, [0x5, 0x3, 0x20]}, @sack={0x5, 0xa, [0xfffe, 0x8]}]}}}}}}}, 0x0) 3m39.507201791s ago: executing program 2 (id=2156): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/140, 0x8c}], 0x1) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)) 3m39.223675086s ago: executing program 34 (id=2156): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/140, 0x8c}], 0x1) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)) 4.819203377s ago: executing program 7 (id=5158): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) 3.832231356s ago: executing program 7 (id=5169): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x2) connect$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000400)={0x10000000}) 3.764949822s ago: executing program 5 (id=5171): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_inet_udp_SIOCINQ(r2, 0x5760, 0x0) write(r0, 0x0, 0x0) 3.683856008s ago: executing program 7 (id=5174): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95c, 0x100000000000000, 0x3, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x800000df}) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x181ac1, 0x0) fchown(r1, 0xee01, 0x0) 3.457583207s ago: executing program 5 (id=5177): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f"], 0x48}}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 3.426981999s ago: executing program 7 (id=5178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000006, 0xfffffefc, 0x6}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000160001f47efde4be701161000a"], 0x1c}}, 0x804) 3.3020627s ago: executing program 5 (id=5180): unshare(0x2040600) creat(&(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x125) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) socket$tipc(0x1e, 0x5, 0x0) socket$rds(0x15, 0x5, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x8, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) 3.212950429s ago: executing program 5 (id=5181): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x20048005) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 3.093622232s ago: executing program 7 (id=5184): r0 = fsopen(&(0x7f00000001c0)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r2, 0x2, 0x0) getdents64(r2, 0x0, 0x22) 3.080038986s ago: executing program 5 (id=5185): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)={0x40, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000280)={0x20, 0x9}, 0x0, 0x0}) 2.925086649s ago: executing program 7 (id=5187): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000e40)={0xffffffffffffffff}) r2 = io_uring_setup(0x391d, &(0x7f0000000140)={0x0, 0xfc3, 0x1, 0x0, 0x7}) dup3(r1, r2, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 2.018777955s ago: executing program 4 (id=5196): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x157}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2000}) io_uring_enter(r2, 0x1006367, 0xfffffffc, 0x4, 0x0, 0x0) 1.219989459s ago: executing program 3 (id=5200): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) setreuid(0xee01, 0x0) ioprio_get$uid(0x3, 0xee01) 1.080296724s ago: executing program 4 (id=5202): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x707b, 0x400, 0x2, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) io_uring_enter(r2, 0x154e, 0x0, 0x41, 0x0, 0x0) 1.005767617s ago: executing program 3 (id=5203): r0 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000200)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000313000/0x2000)=nil, 0x800000}) 855.514639ms ago: executing program 6 (id=5204): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x1, "030000000000000023000000debd12ffff00000000000000000020000400", 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0) dup3(r1, r0, 0x0) 855.116226ms ago: executing program 3 (id=5205): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000200)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000340)=0xe) writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000240)="7807c0b7", 0x4}], 0x1) 754.442383ms ago: executing program 3 (id=5206): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000a40)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f00000054b2000093"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x40140) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6}) 731.46727ms ago: executing program 5 (id=5207): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a010400000000000000000100000008000b40000000000900010073797a300000000024000480200001800e000100636f6e6e6c696d69740000000c00028008000140fffffffe14000000110001"], 0xd4}}, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 657.798734ms ago: executing program 4 (id=5208): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7816, 0x2, 0x0, 0x81, 0x801ff, 0x1, 0x1}, 0x1c) r1 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0xfffffffc, 0x10100, 0x8}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 575.276571ms ago: executing program 4 (id=5209): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000240)={@fallback=r1, r1, 0x2f}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) 538.741957ms ago: executing program 6 (id=5210): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x4, 0x8}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x18, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'dvmrp0\x00'}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 439.63386ms ago: executing program 4 (id=5211): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000240)={0xdf, 0x0, 0x10000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 342.037184ms ago: executing program 6 (id=5212): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0) 321.096358ms ago: executing program 4 (id=5213): socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000600)={0x1, &(0x7f00000005c0)=[{0x6, 0x6, 0x8}]}) socket$alg(0x26, 0x5, 0x0) r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4fa0, 0x0, 0x1, 0x10f}, &(0x7f00000006c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 287.634269ms ago: executing program 6 (id=5214): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0xac05, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000001080)=0x200, 0x4) sendto$inet(r0, &(0x7f0000001040)='v', 0x1, 0x4040, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0xde6c}], 0x1, 0x40012002, 0x0) 194.152292ms ago: executing program 6 (id=5215): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0xfffe, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) close_range(r0, 0xffffffffffffffff, 0x0) 75.402591ms ago: executing program 3 (id=5216): fcntl$lock(0xffffffffffffffff, 0x25, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@remote, @in6=@remote, 0x0, 0x33, 0x0, 0x0, 0xa, 0x60, 0x10, 0x0, 0x0, 0xee01}, {0x0, 0x7f, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x23}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60, 0x0, 0x0, 0xee01}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x77, 0x3, 0x0, 0x100000000007fff}, 0x0, 0x6e6bb1, 0x1, 0x0, 0x3}}, 0xb8}}, 0x0) sendto$inet6(r1, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) 54.612692ms ago: executing program 6 (id=5217): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f0000000540)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r2}, 0x18) sendmsg$IPSET_CMD_TYPE(r1, 0x0, 0x200000b0) fcntl$setstatus(r1, 0x4, 0x2400) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 3 (id=5218): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000ad1000/0x1000)=nil, 0x1000}}) kernel console output (not intermixed with test programs): USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 286.374981][ T5977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 286.384139][ T5977] usb 8-1: SerialNumber: syz [ 286.457400][ T5893] hub 6-1:0.0: activate --> -90 [ 286.604518][ T5977] usb 8-1: 0:2 : does not exist [ 286.614137][ T5977] usb 8-1: 5:0: failed to get current value for ch 1 (-22) [ 286.633483][ T5977] usb 8-1: 5:0: failed to get current value for ch 15 (-22) [ 286.669925][ T5977] usb 8-1: USB disconnect, device number 5 [ 286.808879][T12344] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2605'. [ 286.818033][T12344] netlink: 'syz.4.2605': attribute type 18 has an invalid length. [ 286.862337][ T10] usb 6-1: USB disconnect, device number 11 [ 286.955531][ T5820] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 287.118275][ T5820] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 287.135739][ T5820] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 287.149708][ T5820] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 287.159062][ T5820] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.170111][ T5820] usb 7-1: Product: syz [ 287.174418][ T5820] usb 7-1: Manufacturer: syz [ 287.185578][ T5820] usb 7-1: SerialNumber: syz [ 287.198809][ T5820] usb 7-1: config 0 descriptor?? [ 287.205098][T12341] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 287.215610][T12341] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 287.429941][T12341] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 287.442530][T12341] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 287.477631][T12355] netlink: 'syz.5.2610': attribute type 13 has an invalid length. [ 287.518695][T12357] mkiss: ax0: crc mode is auto. [ 287.612842][T12355] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.620850][T12355] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.823968][T12355] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.852943][T12355] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.864879][ T5820] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 287.993024][T12355] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.028028][T12355] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.046996][T12355] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.056189][T12355] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.473296][ T5820] dm9601 7-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL [ 288.494358][ T5820] usb 7-1: USB disconnect, device number 10 [ 288.594575][T12394] 9pnet: p9_errstr2errno: server reported unknown error @pA;KZ44/@qkp [ 288.594575][T12394] C<+P5"kx [ 289.725519][ T5977] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 289.885574][ T5977] usb 7-1: Using ep0 maxpacket: 32 [ 289.892587][ T5977] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 289.901103][ T5977] usb 7-1: config 0 has no interface number 0 [ 289.909065][ T5977] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 289.918679][ T5977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.926753][ T5977] usb 7-1: Product: syz [ 289.931018][ T5977] usb 7-1: Manufacturer: syz [ 289.935659][ T5977] usb 7-1: SerialNumber: syz [ 289.943327][ T5977] usb 7-1: config 0 descriptor?? [ 289.950005][ T5977] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 289.967835][ T48] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 290.128646][ T48] usb 8-1: config 220 has an invalid interface number: 76 but max is 2 [ 290.141985][ T48] usb 8-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 290.163891][ T48] usb 8-1: config 220 has an invalid descriptor of length 9, skipping remainder of the config [ 290.175955][ T48] usb 8-1: config 220 has no interface number 2 [ 290.182408][ T48] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 290.201806][ T48] usb 8-1: config 220 interface 0 has no altsetting 0 [ 290.209361][ T48] usb 8-1: config 220 interface 76 has no altsetting 0 [ 290.222293][ T48] usb 8-1: config 220 interface 1 has no altsetting 0 [ 290.232207][ T48] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 290.246080][ T48] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.254663][ T48] usb 8-1: Product: syz [ 290.263654][ T48] usb 8-1: Manufacturer: syz [ 290.268854][ T48] usb 8-1: SerialNumber: syz [ 290.291382][ T5977] usb 7-1: qt2_attach - failed to power on unit: -71 [ 290.299262][ T5977] quatech2 7-1:0.51: probe with driver quatech2 failed with error -71 [ 290.310628][ T5977] usb 7-1: USB disconnect, device number 11 [ 290.497580][ T48] usb 8-1: Found UVC 7.01 device syz (8086:0b07) [ 290.503994][ T48] usb 8-1: No valid video chain found. [ 290.517128][ T48] usb 8-1: selecting invalid altsetting 0 [ 290.550054][ T48] usb 8-1: selecting invalid altsetting 0 [ 290.560583][ T48] usbtest 8-1:220.1: probe with driver usbtest failed with error -22 [ 290.580914][ T48] usb 8-1: USB disconnect, device number 6 [ 291.734667][T12495] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.744273][T12495] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.857880][T12495] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.865045][T12495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.873920][T12495] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.881160][T12495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.140407][T12513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2680'. [ 292.255598][ T48] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 292.427956][ T48] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 292.451681][ T48] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 292.482942][ T48] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 292.506479][ T48] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 292.524197][ T48] usb 8-1: SerialNumber: syz [ 292.636295][T12528] netlink: 'syz.6.2686': attribute type 1 has an invalid length. [ 292.761591][ T48] usb 8-1: 0:2 : does not exist [ 292.788600][ T48] usb 8-1: USB disconnect, device number 7 [ 292.801342][T12531] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address [ 292.845927][T12531] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 292.904585][T12531] bond1: (slave wireguard0): making interface the new active one [ 292.913917][T12531] bond1: (slave wireguard0): Enslaving as an active interface with an up link [ 293.737367][T12556] overlayfs: failed to clone upperpath [ 293.865420][ T5977] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 293.879516][T12564] netlink: 'syz.7.2703': attribute type 10 has an invalid length. [ 293.936677][T12564] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.977095][T12564] bond0: (slave team0): Enslaving as an active interface with an up link [ 294.017222][ T5977] usb 7-1: config 0 has an invalid interface number: 230 but max is 0 [ 294.027521][ T5977] usb 7-1: config 0 has no interface number 0 [ 294.033681][ T5977] usb 7-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 294.070699][ T5977] usb 7-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 294.105461][ T5977] usb 7-1: config 0 interface 230 has no altsetting 0 [ 294.139632][ T5977] usb 7-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 294.159158][ T5977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.175564][ T5977] usb 7-1: Product: syz [ 294.180299][ T5977] usb 7-1: Manufacturer: syz [ 294.184930][ T5977] usb 7-1: SerialNumber: syz [ 294.196043][ T5977] usb 7-1: config 0 descriptor?? [ 294.202096][T12551] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 294.209912][T12551] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 294.222519][ T5977] ums-usbat 7-1:0.230: USB Mass Storage device detected [ 294.264668][ T5977] ums-usbat 7-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 294.625473][ T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 294.775442][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 294.790354][ T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 294.809419][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.825500][ T10] usb 6-1: Product: syz [ 294.829856][ T10] usb 6-1: Manufacturer: syz [ 294.834473][ T10] usb 6-1: SerialNumber: syz [ 294.856620][ T10] usb 6-1: config 0 descriptor?? [ 295.070232][ T10] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 295.290607][ T10] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 295.306951][ T10] usb 6-1: USB disconnect, device number 12 [ 295.522650][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2735'. [ 296.247949][T12664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2745'. [ 296.488772][ T5977] ums-usbat 7-1:0.230: probe with driver ums-usbat failed with error -5 [ 296.651115][ T5977] usb 7-1: USB disconnect, device number 12 [ 297.126031][ T1211] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 297.145834][ T5977] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 297.297260][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 297.316900][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.335454][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 297.347873][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.358482][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 297.371116][ T5977] usb 8-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 297.381719][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 297.394819][ T5977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.422239][ T5977] usb 8-1: config 0 descriptor?? [ 297.427726][ T1211] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 297.454588][ T1211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.481195][ T1211] usb 6-1: config 0 descriptor?? [ 297.508996][T12697] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 297.520500][T12697] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.685074][T12697] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 297.710171][T12697] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.818343][T12697] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 297.831946][T12697] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.858275][ T5977] playstation 0003:054C:0DF2.0016: unknown main item tag 0x0 [ 297.866901][ T5977] playstation 0003:054C:0DF2.0016: unknown main item tag 0x0 [ 297.874387][ T5977] playstation 0003:054C:0DF2.0016: unknown main item tag 0x0 [ 297.908581][ T1211] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 297.920629][ T5977] playstation 0003:054C:0DF2.0016: unknown main item tag 0x0 [ 297.938543][ T5977] playstation 0003:054C:0DF2.0016: unknown main item tag 0x0 [ 297.950119][T12697] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 297.956057][ T1211] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 297.974159][T12697] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.009628][ T5977] playstation 0003:054C:0DF2.0016: hidraw1: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.7-1/input0 [ 298.088807][ T5977] playstation 0003:054C:0DF2.0016: Invalid byte count transferred, expected 20 got 0 [ 298.115805][ T5977] playstation 0003:054C:0DF2.0016: Failed to retrieve DualSense pairing info: -22 [ 298.142609][ T5977] playstation 0003:054C:0DF2.0016: Failed to get MAC address from DualSense [ 298.168444][ T5977] playstation 0003:054C:0DF2.0016: Failed to create dualsense. [ 298.190536][ T5977] playstation 0003:054C:0DF2.0016: probe with driver playstation failed with error -22 [ 298.215277][T12697] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.224618][T12697] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.227277][ T5977] usb 6-1: USB disconnect, device number 13 [ 298.268762][T12697] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.278611][T12697] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.305460][ T1211] usb 8-1: USB disconnect, device number 8 [ 298.308375][T12697] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.319673][T12697] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.340604][T12697] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.351997][T12697] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.725710][ T48] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 298.899419][ T48] usb 7-1: Using ep0 maxpacket: 16 [ 298.909350][ T48] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 298.935006][ T48] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 298.974482][ T48] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 299.000767][ T48] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 299.025412][ T48] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.035598][ T48] usb 7-1: Product: syz [ 299.039822][ T48] usb 7-1: Manufacturer: syz [ 299.044457][ T48] usb 7-1: SerialNumber: syz [ 299.535965][ T48] usb 7-1: 0:2 : does not exist [ 300.165774][ T48] usb 7-1: USB disconnect, device number 13 [ 300.635442][ T48] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 300.814844][ T48] usb 8-1: config index 0 descriptor too short (expected 30768, got 18) [ 300.830193][ T48] usb 8-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 300.840798][ T48] usb 8-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 300.855957][ T48] usb 8-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 300.865225][ T48] usb 8-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 300.878458][ T48] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.070929][T12806] overlayfs: failed to clone upperpath [ 301.079951][T12806] overlayfs: failed to clone lowerpath [ 301.304701][ T48] usb 8-1: string descriptor 0 read error: -71 [ 301.325864][ T48] usb 8-1: USB disconnect, device number 9 [ 302.611474][T12866] fuse: Bad value for 'group_id' [ 302.616890][T12866] fuse: Bad value for 'group_id' [ 302.624163][T12866] xt_hashlimit: max too large, truncated to 1048576 [ 303.245617][ T24] page_pool_release_retry() stalled pool shutdown: id 46, 1 inflight 60 sec [ 303.283889][T12889] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 303.563914][T12906] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2846'. [ 303.880849][T12926] 9pnet: p9_errstr2errno: server reported unknown error l [ 304.113698][T12935] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2857'. [ 304.810407][T12971] syz.5.2872 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 305.790722][T13006] overlayfs: failed to clone upperpath [ 305.817599][T13010] overlayfs: failed to clone upperpath [ 307.325541][ T1211] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 307.426352][T13070] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2911'. [ 307.485628][ T1211] usb 6-1: Using ep0 maxpacket: 8 [ 307.506123][ T1211] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 307.538294][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 307.573031][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 307.591445][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 307.635056][ T1211] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 307.732623][ T1211] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 307.742047][ T1211] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 307.765792][ T1211] usb 6-1: Product: syz [ 307.799617][ T1211] usb 6-1: Manufacturer: syz [ 307.817007][ T1211] usb 6-1: SerialNumber: syz [ 307.843909][ T1211] usb 6-1: config 0 descriptor?? [ 307.919466][T13084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2920'. [ 308.061996][ T1211] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 308.081695][ T1211] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 308.182813][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 308.182848][ T30] audit: type=1326 audit(1751243068.086:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.298703][ T1211] radio-si470x 6-1:0.0: software version 0, hardware version 0 [ 308.317975][ T1211] radio-si470x 6-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 308.339809][ T30] audit: type=1326 audit(1751243068.086:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 308.365410][ T30] audit: type=1326 audit(1751243068.086:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.371687][ T1211] radio-si470x 6-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 308.386931][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.392441][ T30] audit: type=1326 audit(1751243068.086:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.428654][ T30] audit: type=1326 audit(1751243068.086:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.469669][ T30] audit: type=1326 audit(1751243068.086:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.480360][ T1211] radio-si470x 6-1:0.0: submitting int urb failed (-90) [ 308.535164][ T30] audit: type=1326 audit(1751243068.086:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.556661][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.572170][ T30] audit: type=1326 audit(1751243068.086:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.597405][ T30] audit: type=1326 audit(1751243068.086:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 308.620383][ T30] audit: type=1326 audit(1751243068.086:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13092 comm="syz.4.2925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 309.014137][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 309.099186][ T1211] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 309.119404][ T1211] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -22 [ 309.144721][ T1211] usb 6-1: USB disconnect, device number 14 [ 310.905444][ T5893] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 311.100056][ T5893] usb 8-1: Using ep0 maxpacket: 32 [ 311.125956][ T5893] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 311.151950][ T5893] usb 8-1: config 0 has no interface number 0 [ 311.167733][ T5893] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 311.191628][T13176] netlink: 'syz.4.2959': attribute type 1 has an invalid length. [ 311.192732][T13179] loop4: detected capacity change from 0 to 7 [ 311.205367][ T5893] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.220030][T13181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2961'. [ 311.224581][ T5893] usb 8-1: Product: syz [ 311.239851][T13182] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap0 [ 311.249675][ T5893] usb 8-1: Manufacturer: syz [ 311.259308][T13179] Dev loop4: unable to read RDB block 7 [ 311.269501][ T5893] usb 8-1: SerialNumber: syz [ 311.275857][T13179] loop4: unable to read partition table [ 311.281742][T13179] loop4: partition table beyond EOD, truncated [ 311.298925][ T5893] usb 8-1: config 0 descriptor?? [ 311.312430][ T5893] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 311.331487][T13179] loop_reread_partitions: partition scan of loop4 (被x ) failed (rc=-5) [ 311.379094][T13176] 8021q: adding VLAN 0 to HW filter on device bond1 [ 311.549375][ T5893] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 311.590314][T13193] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2965'. [ 311.595560][ T5893] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 311.959299][ C1] usb 8-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 311.967924][ T5893] usb 8-1: USB disconnect, device number 10 [ 311.979424][ T5893] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 312.004540][ T5893] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 312.032316][ T5893] quatech2 8-1:0.51: device disconnected [ 312.375444][ T24] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 312.449587][T13233] netlink: 'syz.6.2984': attribute type 29 has an invalid length. [ 312.460689][T13233] netlink: 'syz.6.2984': attribute type 29 has an invalid length. [ 312.534678][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 312.550985][ T24] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 312.569036][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.597219][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 312.619418][ T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 312.633445][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.644152][ T24] usb 6-1: Product: syz [ 312.663919][ T24] usb 6-1: Manufacturer: syz [ 312.674030][ T24] usb 6-1: SerialNumber: syz [ 313.097218][ T24] usb 6-1: 0:2 : does not exist [ 313.445586][ T48] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 313.615557][ T48] usb 7-1: Using ep0 maxpacket: 16 [ 313.630125][ T48] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.648705][ T48] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.667180][ T48] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 313.695182][ T48] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.727034][ T48] usb 7-1: config 0 descriptor?? [ 313.954274][ T24] usb 6-1: 1:0: failed to get current value for ch 0 (-22) [ 314.005180][ T24] usb 6-1: USB disconnect, device number 15 [ 314.755247][ T48] letsketch 0003:6161:4D15.0018: Device info: ఁ [ 314.799700][ T1211] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0 [ 314.819634][ T1211] hid-generic 0000:0000:0000.0019: hidraw0: HID v0.00 Device [syz1] on syz0 [ 314.989031][ T48] usb 7-1: Max retries (5) exceeded reading string descriptor 201 [ 315.005618][ T48] letsketch 0003:6161:4D15.0018: probe with driver letsketch failed with error -71 [ 315.027788][ T48] usb 7-1: USB disconnect, device number 14 [ 315.518122][T13347] veth0: entered promiscuous mode [ 315.536718][T13346] veth0: left promiscuous mode [ 315.925435][ T1211] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 315.975454][ T10] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 316.096988][ T1211] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.107360][ T1211] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 316.122681][ T1211] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 316.131894][ T1211] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.140824][ T1211] usb 7-1: Product: syz [ 316.145045][ T1211] usb 7-1: Manufacturer: syz [ 316.149966][ T1211] usb 7-1: SerialNumber: syz [ 316.157084][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.167721][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 316.181727][ T10] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 316.191218][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.201295][ T10] usb 6-1: config 0 descriptor?? [ 316.395020][T13357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 316.404114][T13357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 316.418797][ T1211] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 316.429976][ T1211] usb 7-1: USB disconnect, device number 15 [ 316.625893][ T10] kovaplus 0003:1E7D:2D50.001A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.5-1/input0 [ 316.885518][ T5893] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 317.035576][ T5893] usb 7-1: Using ep0 maxpacket: 8 [ 317.050551][ T5893] usb 7-1: config index 0 descriptor too short (expected 301, got 72) [ 317.081005][ T5893] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 317.097200][ T5893] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 317.107996][ T5893] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 317.125467][ T5893] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 317.137381][ T5893] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.148670][ T5893] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 317.162719][ T5893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.183473][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.190078][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.383973][ T5893] usb 7-1: usb_control_msg returned -32 [ 317.397084][ T5893] usbtmc 7-1:16.0: can't read capabilities [ 317.412386][ T5893] usb 7-1: USB disconnect, device number 16 [ 317.425035][ T10] kovaplus 0003:1E7D:2D50.001A: couldn't init struct kovaplus_device [ 317.444313][ T10] kovaplus 0003:1E7D:2D50.001A: couldn't install mouse [ 317.469000][ T10] kovaplus 0003:1E7D:2D50.001A: probe with driver kovaplus failed with error -71 [ 317.512890][ T10] usb 6-1: USB disconnect, device number 16 [ 318.425416][ T5820] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 318.577244][ T5820] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.595705][ T5820] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 318.617865][ T5820] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 318.635419][ T5820] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.645600][ T5820] usb 6-1: Product: syz [ 318.649785][ T5820] usb 6-1: Manufacturer: syz [ 318.660244][ T5820] usb 6-1: SerialNumber: syz [ 318.828529][ T5893] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 318.885902][T13433] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 318.985548][ T5893] usb 7-1: Using ep0 maxpacket: 16 [ 319.001365][ T5893] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 319.022411][ T5893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.037499][ T5893] usb 7-1: config 0 descriptor?? [ 319.053624][ T5893] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 319.238814][T13470] syzkaller1: entered promiscuous mode [ 319.244511][T13470] syzkaller1: entered allmulticast mode [ 319.513972][T13433] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 319.724356][ T5820] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 319.732512][ T5820] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 319.741753][ T5820] cdc_mbim 6-1:1.0: setting rx_max = 2048 [ 319.934002][ T5820] cdc_mbim 6-1:1.0: setting tx_max = 184 [ 319.942338][ T5820] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device [ 319.966032][ T5820] wwan wwan0: port wwan0mbim0 attached [ 319.986686][ T5820] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 42:42:42:42:42:42 [ 320.009847][ T5820] usb 6-1: USB disconnect, device number 17 [ 320.023551][ T5820] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM [ 320.107344][ T5820] wwan wwan0: port wwan0mbim0 disconnected [ 320.264762][ T5893] gspca_sonixj: reg_w1 err -71 [ 320.295847][ T5893] sonixj 7-1:0.0: probe with driver sonixj failed with error -71 [ 320.319793][ T5893] usb 7-1: USB disconnect, device number 17 [ 321.005874][ T5977] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 321.157493][ T5977] usb 6-1: Using ep0 maxpacket: 32 [ 321.167466][ T5977] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 321.177950][ T5977] usb 6-1: config 0 has no interface number 0 [ 321.188024][ T5977] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 321.197504][ T5977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.208628][ T5977] usb 6-1: Product: syz [ 321.212967][ T5977] usb 6-1: Manufacturer: syz [ 321.218720][ T5977] usb 6-1: SerialNumber: syz [ 321.226225][ T5977] usb 6-1: config 0 descriptor?? [ 321.235621][ T5977] smsc95xx v2.0.0 [ 321.649864][ T5977] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 321.674826][ T5977] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 321.835469][ T24] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 321.894894][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 321.894912][ T30] audit: type=1326 audit(1751243081.796:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13571 comm="syz.3.3132" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3d8118e929 code=0x0 [ 322.007463][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.025613][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.041365][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 322.054955][ T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 322.064363][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.097930][ T24] usb 7-1: config 0 descriptor?? [ 322.292962][ T5977] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 322.315719][ T5977] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 322.330128][ T5977] usb 6-1: USB disconnect, device number 18 [ 322.521648][ T24] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 323.010565][T13591] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3139'. [ 323.339065][ T5820] usb 7-1: USB disconnect, device number 18 [ 324.146247][ T5820] usb 7-1: new full-speed USB device number 19 using dummy_hcd [ 324.345884][ T5820] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.365516][ T5820] usb 7-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 324.375016][ T5820] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.400345][ T5820] usb 7-1: config 0 descriptor?? [ 324.833971][T13661] kernel read not supported for file /!selinu (pid: 13661 comm: syz.7.3170) [ 324.849091][ T30] audit: type=1800 audit(1751243084.756:302): pid=13661 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.3170" name=2173656C696E75FF7F dev="mqueue" ino=44545 res=0 errno=0 [ 324.876632][ T5820] nintendo 0003:057E:200E.001C: unbalanced delimiter at end of report description [ 324.921088][ T5820] nintendo 0003:057E:200E.001C: HID parse failed [ 324.963619][ T5820] nintendo 0003:057E:200E.001C: probe - fail = -22 [ 324.986289][ T5820] nintendo 0003:057E:200E.001C: probe with driver nintendo failed with error -22 [ 325.025169][T13674] netlink: 'syz.4.3176': attribute type 13 has an invalid length. [ 325.035691][ T10] usb 7-1: USB disconnect, device number 19 [ 325.356434][T13674] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.364143][T13674] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.518339][T13694] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3183'. [ 325.759111][T13674] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 325.809615][T13674] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 325.932595][T13707] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 326.115930][T13674] veth0_macvtap: left allmulticast mode [ 326.192831][T13674] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.217291][T13674] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.242507][T13674] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.251159][T13674] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.322861][T13674] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.332104][T13674] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.340879][T13674] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.349835][T13674] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.452464][T13699] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3184'. [ 326.690738][T13730] syzkaller1: entered promiscuous mode [ 326.715477][T13730] syzkaller1: entered allmulticast mode [ 327.110476][T13764] netlink: 'syz.6.3207': attribute type 13 has an invalid length. [ 327.272557][T13764] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.280333][T13764] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.557501][T13764] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.584630][T13764] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.684070][T13764] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.694156][T13764] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.712275][T13764] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.722965][T13764] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.514702][T13812] loop5: detected capacity change from 0 to 7 [ 328.523877][T13812] Dev loop5: unable to read RDB block 7 [ 328.530335][T13812] loop5: AHDI p3 p4 [ 328.534365][T13812] loop5: partition table partially beyond EOD, truncated [ 328.541633][T13812] loop5: p3 start 1886353253 is beyond EOD, truncated [ 328.635953][T13817] netlink: 'syz.7.3229': attribute type 13 has an invalid length. [ 328.860355][T13817] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.868140][T13817] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.140563][T13817] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 329.183671][T13817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 329.482912][T13817] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.521834][T13817] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.555981][T13817] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.600147][T13817] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.685743][T13848] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3243'. [ 329.750770][T13848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 329.786653][T13848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.051214][T13866] netlink: 'syz.3.3258': attribute type 13 has an invalid length. [ 330.495176][T13877] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3252'. [ 330.856921][T13866] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.880749][T13866] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.909321][T13866] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.950875][T13866] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.052667][T13866] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 331.061781][T13866] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 331.071055][T13866] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 331.080295][T13866] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 331.093700][T13883] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3255'. [ 333.068647][T13958] Invalid ELF header magic: != ELF [ 333.215411][T13717] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 333.365375][T13717] usb 7-1: Using ep0 maxpacket: 8 [ 333.401449][T13717] usb 7-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 333.435465][T13717] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.443510][T13717] usb 7-1: Product: syz [ 333.458953][T13717] usb 7-1: Manufacturer: syz [ 333.463598][T13717] usb 7-1: SerialNumber: syz [ 333.497372][T13717] usb 7-1: config 0 descriptor?? [ 333.527689][T13717] gspca_main: sq905-2.14.0 probing 2770:9120 [ 333.562752][T13972] xt_hashlimit: size too large, truncated to 1048576 [ 334.392391][T13995] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3302'. [ 334.514795][T13717] gspca_sq905: bulk read fail (-22) len 0/4 [ 334.521879][T13717] sq905 7-1:0.0: probe with driver sq905 failed with error -5 [ 334.725263][T13717] usb 7-1: USB disconnect, device number 20 [ 335.139114][T14026] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 336.521785][ T30] audit: type=1326 audit(1751243096.426:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14092 comm="syz.4.3348" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1ed758e929 code=0x0 [ 337.045600][ T5900] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 337.195412][ T5900] usb 6-1: Using ep0 maxpacket: 32 [ 337.202206][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.213216][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.223025][ T5900] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 337.232116][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.248002][ T5900] usb 6-1: config 0 descriptor?? [ 337.256763][ T5900] hub 6-1:0.0: USB hub found [ 337.463375][ T5900] hub 6-1:0.0: 1 port detected [ 338.073207][ T5900] hub 6-1:0.0: activate --> -90 [ 338.471888][ T5886] usb 6-1: USB disconnect, device number 19 [ 338.471895][ T5900] usb 6-1-port1: config error [ 338.764829][T14179] loop8: detected capacity change from 0 to 1 [ 338.771733][T14179] loop8: [POWERTEC] p1 p2 p3 p4 p5 [ 338.777219][T14179] loop8: p1 start 7 is beyond EOD, truncated [ 338.783228][T14179] loop8: p2 size 7 extends beyond EOD, truncated [ 338.794858][T14179] loop8: p3 start 65545 is beyond EOD, truncated [ 338.801553][T14179] loop8: p4 start 2814540723 is beyond EOD, truncated [ 338.808434][T14179] loop8: p5 start 3659533425 is beyond EOD, truncated [ 339.652138][T14219] netlink: 'syz.6.3401': attribute type 29 has an invalid length. [ 339.697060][T14219] netlink: 'syz.6.3401': attribute type 29 has an invalid length. [ 339.715038][T14219] netlink: 500 bytes leftover after parsing attributes in process `syz.6.3401'. [ 341.315550][ T5886] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 341.415576][ T5900] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 341.475412][ T5886] usb 7-1: Using ep0 maxpacket: 16 [ 341.491196][ T5886] usb 7-1: config 1 has an invalid interface number: 105 but max is 0 [ 341.515389][ T5886] usb 7-1: config 1 has no interface number 0 [ 341.521571][ T5886] usb 7-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 341.542698][ T5886] usb 7-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 341.562110][ T5886] usb 7-1: config 1 interface 105 has no altsetting 0 [ 341.572279][ T5886] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 341.591692][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.601897][ T5886] usb 7-1: Product: syz [ 341.606166][ T5886] usb 7-1: Manufacturer: syz [ 341.608338][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 341.611106][ T5886] usb 7-1: SerialNumber: syz [ 341.614738][T14268] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 341.629039][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.644103][ T5900] usb 6-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 341.653381][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.658145][T14268] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 341.671003][ T5900] usb 6-1: config 0 descriptor?? [ 342.082047][T14268] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 342.090228][T14268] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 342.105833][ T5900] waltop 0003:172F:0038.001D: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.5-1/input0 [ 342.470610][ T5900] usb 6-1: USB disconnect, device number 20 [ 342.500900][ T5886] aqc111 7-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 342.685485][ T5821] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 342.693413][ T5836] Bluetooth: hci5: command 0xfc11 tx timeout [ 342.730539][ T5886] aqc111 7-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 342.732946][T14250] sp0: Synchronizing with TNC [ 342.795216][ T5886] aqc111 7-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.6-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 342.810824][ T5886] usb 7-1: USB disconnect, device number 21 [ 342.822676][ T5886] aqc111 7-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.6-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 342.887283][ T5886] aqc111 7-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 342.897108][ T5886] aqc111 7-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 342.907089][ T5886] aqc111 7-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 343.150508][T14297] Invalid ELF header magic: != ELF [ 343.599631][T14316] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3440'. [ 343.683289][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 343.689511][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 343.861561][T14333] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3446'. [ 343.876043][T14330] vlan1: entered promiscuous mode [ 343.881138][T14330] gretap0: entered promiscuous mode [ 343.965767][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 343.974717][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 343.980680][T14333] 8021q: adding VLAN 0 to HW filter on device bond2 [ 344.021034][T14339] 8021q: adding VLAN 0 to HW filter on device bond2 [ 344.030797][T14339] bond2: (slave vcan0): The slave device specified does not support setting the MAC address [ 344.062602][T14339] bond2: (slave vcan0): Error -95 calling set_mac_address [ 344.500848][T14320] ceph: No mds server is up or the cluster is laggy [ 344.510460][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 344.527811][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 344.547820][T14368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 344.872961][T14381] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only [ 344.893953][T14381] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 344.909313][T14381] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 344.923926][T14381] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only [ 344.970150][T14384] overlay: filesystem on ./file1 not supported [ 345.088431][T14386] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 345.414889][T14400] netlink: 'syz.3.3472': attribute type 1 has an invalid length. [ 345.455808][T14402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3473'. [ 345.673393][T14409] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3486'. [ 346.862380][T14448] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3487'. [ 347.091072][T14460] lo: entered allmulticast mode [ 347.101291][T14457] lo: left allmulticast mode [ 347.240417][T14466] syzkaller0: entered promiscuous mode [ 347.251300][T14466] syzkaller0: entered allmulticast mode [ 349.905251][ T30] audit: type=1326 audit(1751243109.806:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 349.974638][T14578] overlayfs: failed to decode file handle (len=19, type=248, flags=0, err=-61) [ 349.998124][ T30] audit: type=1326 audit(1751243109.806:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.042219][ T30] audit: type=1326 audit(1751243109.836:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.095553][ T30] audit: type=1326 audit(1751243109.836:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.130369][T14587] all: renamed from lo [ 350.135135][ T30] audit: type=1326 audit(1751243109.836:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.165621][ T30] audit: type=1326 audit(1751243109.836:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.193785][ T30] audit: type=1326 audit(1751243109.836:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 350.220170][ T30] audit: type=1326 audit(1751243109.836:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 350.271871][ T30] audit: type=1326 audit(1751243109.836:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 350.331779][ T30] audit: type=1326 audit(1751243109.836:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14574 comm="syz.4.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ed752ab19 code=0x7ffc0000 [ 350.522077][T14606] overlayfs: failed to clone upperpath [ 350.537998][T14608] loop2: detected capacity change from 0 to 7 [ 350.550190][T14608] Dev loop2: unable to read RDB block 7 [ 350.565415][T14608] loop2: unable to read partition table [ 350.596718][T14608] loop2: partition table beyond EOD, truncated [ 350.603085][T14608] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 351.263402][T14633] batadv_slave_0: entered promiscuous mode [ 351.274070][T14633] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3567'. [ 351.476902][T14633] batadv_slave_0 (unregistering): left promiscuous mode [ 351.916477][T14646] gtp0: entered promiscuous mode [ 351.944419][T14646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3573'. [ 352.268382][T14662] netlink: 'syz.4.3580': attribute type 7 has an invalid length. [ 352.290254][T14662] netlink: 'syz.4.3580': attribute type 8 has an invalid length. [ 352.641466][T14684] netlink: 172 bytes leftover after parsing attributes in process `syz.5.3588'. [ 353.046038][T14697] syzkaller1: entered promiscuous mode [ 353.051598][T14697] syzkaller1: entered allmulticast mode [ 353.085580][ T5821] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 353.092320][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 353.451549][T14725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3606'. [ 353.505410][ T5900] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 353.665400][ T5900] usb 6-1: Using ep0 maxpacket: 32 [ 353.677416][ T5900] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 353.693317][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.711585][ T5900] usb 6-1: config 0 descriptor?? [ 353.720045][ T5900] gspca_main: sunplus-2.14.0 probing 041e:400b [ 354.536851][T14762] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3621'. [ 354.567696][T14762] 8021q: adding VLAN 0 to HW filter on device bond2 [ 354.594424][T14762] 8021q: adding VLAN 0 to HW filter on device bond2 [ 354.601757][T14762] bond2: (slave vti0): The slave device specified does not support setting the MAC address [ 354.612863][T14762] bond2: (slave vti0): Error -95 calling set_mac_address [ 354.761579][T14767] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3623'. [ 354.774329][T14767] netlink: 'syz.3.3623': attribute type 7 has an invalid length. [ 354.782258][T14767] netlink: 'syz.3.3623': attribute type 8 has an invalid length. [ 354.790131][T14767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3623'. [ 355.131775][ T5900] gspca_sunplus: reg_w_riv err -71 [ 355.138487][ T5900] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 355.148998][ T5900] usb 6-1: USB disconnect, device number 21 [ 356.385423][ T5886] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 356.569427][ T5886] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 356.629405][ T5886] usb 6-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 356.639737][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.647850][ T5886] usb 6-1: Product: syz [ 356.652107][ T5886] usb 6-1: Manufacturer: syz [ 356.656920][ T5886] usb 6-1: SerialNumber: syz [ 356.668247][ T5886] usb 6-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 357.088276][T14846] netlink: 1053 bytes leftover after parsing attributes in process `syz.4.3655'. [ 357.103110][ T5886] usb 6-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 357.147008][ T5886] usb 6-1: USB disconnect, device number 22 [ 357.465449][ T5900] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 357.628077][ T5900] usb 7-1: config index 0 descriptor too short (expected 65183, got 72) [ 357.648681][T14876] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 357.649556][ T5900] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 357.680518][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.700663][ T5900] usb 7-1: Product: syz [ 357.709340][ T5900] usb 7-1: Manufacturer: syz [ 357.721114][ T5900] usb 7-1: SerialNumber: syz [ 357.744167][ T5900] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 357.808668][ T24] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 358.034801][T14853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.049832][T14853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.063139][T14853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.073158][T14853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.083746][T14853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.092775][T14853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.106920][ T5886] usb 7-1: USB disconnect, device number 22 [ 358.305622][T13717] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 358.465635][T13717] usb 6-1: Using ep0 maxpacket: 32 [ 358.491393][T13717] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 358.499678][T14900] overlayfs: failed to clone upperpath [ 358.500952][T13717] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.521102][T13717] usb 6-1: config 0 descriptor?? [ 358.661864][T14907] netlink: 'syz.3.3683': attribute type 1 has an invalid length. [ 358.669894][T14907] netlink: 'syz.3.3683': attribute type 4 has an invalid length. [ 358.678938][T14907] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3683'. [ 358.736394][T13717] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 358.759313][T13717] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 358.773078][T13717] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 358.785509][T13717] usb 6-1: media controller created [ 358.814648][T13717] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 358.848179][ T24] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 358.860727][ T24] ath9k_htc: Failed to initialize the device [ 358.875442][ T5886] usb 7-1: ath9k_htc: USB layer deinitialized [ 359.185409][ T5886] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 359.345411][ T5886] usb 7-1: Using ep0 maxpacket: 32 [ 359.352958][ T5886] usb 7-1: config index 0 descriptor too short (expected 241, got 72) [ 359.361525][ T5886] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 359.373625][ T5886] usb 7-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da [ 359.382765][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.394787][ T5886] usb 7-1: config 0 descriptor?? [ 359.404089][ T5886] mos7840 7-1:0.0: Moschip 7840/7820 USB Serial Driver converter detected [ 359.604452][ T5886] mos7840 7-1:0.0: probe with driver mos7840 failed with error -71 [ 359.628739][ T5886] usb 7-1: USB disconnect, device number 23 [ 359.659398][T14927] xt_CT: No such helper "snmp" [ 359.775787][T13717] stb0899_attach: Driver disabled by Kconfig [ 359.792914][T13717] az6027: no front-end attached [ 359.792914][T13717] [ 359.807595][T13717] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 359.833434][T13717] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input29 [ 359.858468][T13717] dvb-usb: schedule remote query interval to 400 msecs. [ 359.876199][T13717] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 359.958382][ T24] libceph: connect (1)[c::]:6789 error -101 [ 359.964708][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 360.015702][T13717] usb 6-1: USB disconnect, device number 23 [ 360.069358][T13717] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 360.215479][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 360.235622][ T24] libceph: connect (1)[c::]:6789 error -101 [ 360.242905][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 360.411410][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 360.411428][ T30] audit: type=1326 audit(1751243120.316:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.443880][ T30] audit: type=1326 audit(1751243120.316:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.470576][ T30] audit: type=1326 audit(1751243120.316:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.504926][T14970] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3710'. [ 360.513716][ T30] audit: type=1326 audit(1751243120.316:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.515061][T14970] netem: unknown loss type 13 [ 360.553762][ T30] audit: type=1326 audit(1751243120.316:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.565508][T14970] netem: change failed [ 360.579021][ T30] audit: type=1326 audit(1751243120.316:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.606825][ T30] audit: type=1326 audit(1751243120.316:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.632010][ T30] audit: type=1326 audit(1751243120.316:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.660403][ T30] audit: type=1326 audit(1751243120.316:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.4.3708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x7ffc0000 [ 360.777982][ T24] libceph: connect (1)[c::]:6789 error -101 [ 360.784045][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 360.790071][T14941] ceph: No mds server is up or the cluster is laggy [ 360.955679][T14985] lo speed is unknown, defaulting to 1000 [ 360.964667][T14985] lo speed is unknown, defaulting to 1000 [ 360.987580][T14985] lo speed is unknown, defaulting to 1000 [ 361.077111][T14990] 0{X: left allmulticast mode [ 361.173561][T14990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 361.183935][T14990] 8021q: adding VLAN 0 to HW filter on device team0 [ 361.199620][T14990] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 361.543857][T14985] infiniband syz0: set active [ 361.551098][T13717] lo speed is unknown, defaulting to 1000 [ 361.557446][T13717] syz0: Port: 1 Link ACTIVE [ 361.576072][T14985] infiniband syz0: added lo [ 361.712391][T15015] bond_slave_1: entered promiscuous mode [ 361.721785][T15015] veth0_to_bridge: entered promiscuous mode [ 361.729182][ T24] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 361.753019][T15013] veth0_to_bridge: left promiscuous mode [ 361.761718][T14985] RDS/IB: syz0: added [ 361.780715][T15013] bond_slave_1: left promiscuous mode [ 361.787028][T14985] smc: adding ib device syz0 with port count 1 [ 361.820528][T14985] smc: ib device syz0 port 1 has pnetid [ 361.842759][ T5900] lo speed is unknown, defaulting to 1000 [ 361.858618][T14985] lo speed is unknown, defaulting to 1000 [ 361.925390][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 361.938835][ T24] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 361.957329][ T24] usb 6-1: config 0 has no interface number 0 [ 361.978737][ T24] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 362.013348][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.021928][ T24] usb 6-1: Product: syz [ 362.036051][ T24] usb 6-1: Manufacturer: syz [ 362.045575][ T24] usb 6-1: SerialNumber: syz [ 362.071435][ T24] usb 6-1: config 0 descriptor?? [ 362.088071][ T24] smsc95xx v2.0.0 [ 362.342841][T14985] lo speed is unknown, defaulting to 1000 [ 362.605201][T14985] lo speed is unknown, defaulting to 1000 [ 362.877179][T14985] lo speed is unknown, defaulting to 1000 [ 362.903376][ T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 363.025766][T15054] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for [ 363.119600][ T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 363.136615][ T24] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 363.151110][ T24] usb 6-1: USB disconnect, device number 24 [ 363.239629][T14985] lo speed is unknown, defaulting to 1000 [ 363.385420][T13717] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 363.563578][T13717] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 363.583482][T13717] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.603756][T13717] usb 7-1: Product: syz [ 363.613893][T13717] usb 7-1: Manufacturer: syz [ 363.618613][T13717] usb 7-1: SerialNumber: syz [ 363.638354][T13717] usb 7-1: config 0 descriptor?? [ 363.673008][T14985] lo speed is unknown, defaulting to 1000 [ 364.054256][T13717] usb 7-1: Firmware version (0.0) predates our first public release. [ 364.073667][T13717] usb 7-1: Please update to version 0.2 or newer [ 364.081830][T13717] usb 7-1: Firmware: build [ 364.309436][T13717] usb 7-1: USB disconnect, device number 24 [ 364.522038][T15089] netlink: 'syz.3.3761': attribute type 1 has an invalid length. [ 364.549396][T15089] 8021q: adding VLAN 0 to HW filter on device bond3 [ 366.224024][T15154] xt_bpf: check failed: parse error [ 366.323325][T15165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3785'. [ 366.639704][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 366.646031][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 366.669089][T15182] ceph: No mds server is up or the cluster is laggy [ 366.947031][T15196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3799'. [ 367.286379][T15204] xt_CT: No such helper "pptp" [ 367.930087][T15237] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 368.348274][T15247] lo speed is unknown, defaulting to 1000 [ 368.681885][T15263] netlink: 'syz.5.3827': attribute type 4 has an invalid length. [ 369.591626][T15295] netlink: 165 bytes leftover after parsing attributes in process `syz.5.3840'. [ 369.624030][T15295] netlink: 277 bytes leftover after parsing attributes in process `syz.5.3840'. [ 370.284812][T15330] fuse: root generation should be zero [ 370.658073][T15349] evm: overlay not supported [ 370.764470][T15353] lo speed is unknown, defaulting to 1000 [ 371.221096][T15369] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3869'. [ 371.899304][T15397] overlayfs: failed to clone upperpath [ 372.052160][T15403] netlink: 'syz.5.3884': attribute type 10 has an invalid length. [ 372.091568][T15403] hsr_slave_0: left promiscuous mode [ 372.125431][T15403] hsr_slave_1: left promiscuous mode [ 372.179517][T15411] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 372.575126][T15435] 9pnet_fd: Insufficient options for proto=fd [ 372.791649][T15455] netlink: 'syz.5.3907': attribute type 2 has an invalid length. [ 372.801203][T15455] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.3907'. [ 372.810935][T15455] nbd: must specify a device to reconfigure [ 372.933235][T15461] netlink: 112 bytes leftover after parsing attributes in process `syz.6.3909'. [ 373.377028][T13717] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 373.557169][T13717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.588907][T13717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.601785][T13717] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 373.630872][T13717] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.642345][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.666155][T13717] usb 7-1: config 0 descriptor?? [ 374.099742][T13717] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 374.120913][T15501] lo speed is unknown, defaulting to 1000 [ 374.634855][ T30] audit: type=1326 audit(1751243134.536:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15500 comm="syz.5.3924" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x0 [ 374.906945][T13717] usb 7-1: USB disconnect, device number 25 [ 375.551050][T15540] netlink: 'syz.5.3941': attribute type 4 has an invalid length. [ 375.576338][T15540] netlink: 'syz.5.3941': attribute type 4 has an invalid length. [ 376.481404][T15572] lo speed is unknown, defaulting to 1000 [ 377.312677][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3966'. [ 377.408117][T15608] lo speed is unknown, defaulting to 1000 [ 378.555421][ T24] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 378.623787][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.630283][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.741665][ T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 378.758754][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.794163][ T24] usb 7-1: config 0 descriptor?? [ 378.814564][ T24] gspca_main: spca508-2.14.0 probing 8086:0110 [ 379.013098][ T24] gspca_spca508: reg_read err -32 [ 379.023008][ T24] gspca_spca508: reg_read err -32 [ 379.030299][ T24] gspca_spca508: reg_read err -32 [ 379.037028][ T24] gspca_spca508: reg_read err -32 [ 379.042978][ T24] gspca_spca508: reg_read err -32 [ 379.181309][ T30] audit: type=1804 audit(1751243139.086:356): pid=15662 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.3988" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="ramfs" ino=51842 res=1 errno=0 [ 379.249862][ T24] gspca_spca508: reg write: error -71 [ 379.259626][ T24] spca508 7-1:0.0: probe with driver spca508 failed with error -71 [ 379.275015][ T24] usb 7-1: USB disconnect, device number 26 [ 379.742419][T15677] lo speed is unknown, defaulting to 1000 [ 380.275460][ T24] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 380.455447][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 380.462486][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.466574][T13717] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 380.485514][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.495801][ T24] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 380.516256][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.539823][ T24] usb 6-1: config 0 descriptor?? [ 380.665649][T13717] usb 7-1: Using ep0 maxpacket: 8 [ 380.677014][T13717] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 380.688913][ T5821] Bluetooth: hci2: command 0x0406 tx timeout [ 380.697398][T13717] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 380.708009][T13717] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 380.719309][T13717] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 380.729572][T13717] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 380.742882][T13717] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 380.755619][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.982420][ T24] ft260 0003:0403:6030.001F: unknown main item tag 0x0 [ 380.984469][T13717] usb 7-1: GET_CAPABILITIES returned 0 [ 380.995021][T13717] usbtmc 7-1:16.0: can't read capabilities [ 381.171990][ T24] ft260 0003:0403:6030.001F: chip code: 6424 8183 [ 381.212147][T15722] 9pnet_fd: Insufficient options for proto=fd [ 381.260789][T13709] usb 7-1: USB disconnect, device number 27 [ 381.303118][T15725] netlink: 136 bytes leftover after parsing attributes in process `syz.7.4022'. [ 381.372522][ T24] ft260 0003:0403:6030.001F: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0 [ 381.584491][ T24] ft260 0003:0403:6030.001F: failed to retrieve status: -32, no wakeup [ 381.803558][ T24] usb 6-1: USB disconnect, device number 25 [ 382.318007][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4024'. [ 383.756200][T15818] Invalid ELF header magic: != ELF [ 384.065491][ T1211] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 384.237482][ T1211] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 384.249507][ T1211] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 384.275761][ T1211] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 384.299401][ T1211] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 384.320265][ T1211] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 384.330952][ T1211] usb 6-1: Product: syz [ 384.339693][ T1211] usb 6-1: Manufacturer: syz [ 384.360210][ T1211] cdc_wdm 6-1:1.0: skipping garbage [ 384.374905][ T1211] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 384.560390][ T24] usb 6-1: USB disconnect, device number 26 [ 384.701917][T15860] loop2: detected capacity change from 0 to 7 [ 384.708897][T15860] Dev loop2: unable to read RDB block 7 [ 384.714586][T15860] loop2: unable to read partition table [ 384.721701][T15860] loop2: partition table beyond EOD, truncated [ 384.728790][T15860] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 385.184728][ T1211] IPVS: starting estimator thread 0... [ 385.285488][T15884] IPVS: using max 27 ests per chain, 64800 per kthread [ 385.780132][T15916] lo speed is unknown, defaulting to 1000 [ 386.075468][ T24] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 386.253230][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 386.272422][ T24] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 386.292399][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.311200][ T24] usb 7-1: Product: syz [ 386.325467][ T24] usb 7-1: Manufacturer: syz [ 386.330335][ T24] usb 7-1: SerialNumber: syz [ 386.344439][ T24] usb 7-1: config 0 descriptor?? [ 386.445638][T13709] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 386.573149][ T24] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 386.613839][T13709] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.638794][T13709] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.655426][T13709] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 386.695802][T13709] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.708049][T13709] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.720896][T13709] usb 6-1: config 0 descriptor?? [ 387.018093][T15950] lo speed is unknown, defaulting to 1000 [ 387.142295][T13709] plantronics 0003:047F:FFFF.0020: reserved main item tag 0xe [ 387.155056][T13709] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0 [ 387.189059][T13709] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 387.402540][ T1211] usb 6-1: USB disconnect, device number 27 [ 387.789047][ T24] gspca_sunplus: reg_w_riv err -71 [ 387.814926][ T24] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 387.882137][ T24] usb 7-1: USB disconnect, device number 28 [ 388.445461][ T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 388.502290][T15976] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 388.515053][T15976] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 388.524000][T15976] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 388.607923][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 388.625676][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 388.665499][ T24] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 388.674605][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 388.703582][ T24] usb 6-1: SerialNumber: syz [ 388.930357][ T24] usb 6-1: 0:2 : does not exist [ 388.971568][ T24] usb 6-1: unit 2 not found! [ 389.040801][ T24] usb 6-1: USB disconnect, device number 28 [ 389.133519][T15993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4121'. [ 389.657010][T16010] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22) [ 389.984129][T16027] 9pnet_fd: Insufficient options for proto=fd [ 390.067236][T16033] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4137'. [ 390.175274][ T30] audit: type=1800 audit(1751243150.076:357): pid=16041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.4141" name="nullb0" dev="tmpfs" ino=1112 res=0 errno=0 [ 390.342983][T16047] lo speed is unknown, defaulting to 1000 [ 390.455912][ T1211] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 390.491057][ T1211] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz1] on syz0 [ 390.926579][ T5821] Bluetooth: hci5: command 0x1003 tx timeout [ 390.926708][ T5836] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 391.087132][ T30] audit: type=1326 audit(1751243150.996:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16046 comm="syz.3.4143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d8118e929 code=0x0 [ 391.601331][T16076] sch_tbf: burst 19872 is lower than device lo mtu (39799) ! [ 392.598870][ T30] audit: type=1800 audit(1751243408.506:359): pid=16110 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.4167" name="nullb0" dev="tmpfs" ino=4195 res=0 errno=0 [ 392.811397][T16117] lo speed is unknown, defaulting to 1000 [ 395.971771][T16201] kvm: emulating exchange as write [ 396.101138][T16207] lo speed is unknown, defaulting to 1000 [ 396.188964][T16210] netlink: 'syz.5.4205': attribute type 4 has an invalid length. [ 396.300880][T16210] netlink: 'syz.5.4205': attribute type 4 has an invalid length. [ 396.788382][T16218] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4208'. [ 397.406724][T16226] overlayfs: failed to clone upperpath [ 397.598286][T16234] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 399.448278][T16306] netlink: 'syz.4.4246': attribute type 1 has an invalid length. [ 399.465915][T16309] netlink: 'syz.7.4247': attribute type 1 has an invalid length. [ 399.515307][T16309] 8021q: adding VLAN 0 to HW filter on device bond1 [ 399.522362][T16310] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4248'. [ 399.542677][T16306] bond3: (slave gretap0): making interface the new active one [ 399.552829][T16306] bond3: (slave gretap0): Enslaving as an active interface with an up link [ 399.568593][T16309] bond1: entered promiscuous mode [ 399.682262][T16319] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4251'. [ 399.695806][T16319] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4251'. [ 399.719313][T16319] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 399.729242][T16319] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 399.738383][T16319] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 399.747601][T16319] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 399.762242][T16322] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4251'. [ 399.781653][T16322] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4251'. [ 399.855174][ T5836] Bluetooth: hci1: unexpected event for opcode 0x2041 [ 400.716135][T16376] sg_read: process 1281 (syz.5.4274) changed security contexts after opening file descriptor, this is not allowed. [ 400.831216][T16378] lo speed is unknown, defaulting to 1000 [ 401.572290][T16408] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4288'. [ 401.954388][ T24] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 402.124632][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 402.142984][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 402.159686][ T24] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 402.179821][ T24] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 402.230275][ T24] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 402.250597][ T24] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 402.299306][ T24] usb 7-1: config 1 interface 0 has no altsetting 0 [ 402.310914][ T24] usb 7-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 402.334812][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.355033][ T24] ums-sddr09 7-1:1.0: USB Mass Storage device detected [ 402.576990][T16439] netlink: 452 bytes leftover after parsing attributes in process `syz.7.4300'. [ 402.600886][ T24] scsi host1: usb-storage 7-1:1.0 [ 402.796122][T13717] usb 7-1: USB disconnect, device number 29 [ 403.525979][ T59] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 404.223385][T16491] lo speed is unknown, defaulting to 1000 [ 404.995082][T16520] overlayfs: failed to clone upperpath [ 405.230460][T16526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4335'. [ 405.683890][T13717] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 405.853737][T13717] usb 7-1: Using ep0 maxpacket: 8 [ 405.872286][T13717] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 405.883788][T13717] usb 7-1: config 179 has no interface number 0 [ 405.904356][T13717] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 405.933761][T13717] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 405.953692][T13717] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 405.991930][T13717] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 406.047159][T13717] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 406.065943][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.082210][T16532] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 406.203259][T16545] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 406.319352][T13717] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input32 [ 406.476459][T16551] pim6reg1: entered allmulticast mode [ 406.517525][ T5900] usb 7-1: USB disconnect, device number 30 [ 406.517581][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 406.534294][ C0] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 406.540886][ T5900] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 406.844674][T16563] lo speed is unknown, defaulting to 1000 [ 407.357267][T16575] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4354'. [ 407.413038][T16577] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 407.499315][ T30] audit: type=1326 audit(1751243423.407:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 407.560932][ T30] audit: type=1326 audit(1751243423.437:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 407.663646][ T30] audit: type=1326 audit(1751243423.437:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 407.727219][ T30] audit: type=1326 audit(1751243423.437:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 407.823941][ T30] audit: type=1326 audit(1751243423.437:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 407.895266][ T30] audit: type=1326 audit(1751243423.437:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 408.015098][ T30] audit: type=1326 audit(1751243423.437:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 408.143834][ T30] audit: type=1326 audit(1751243423.437:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 408.241401][ T30] audit: type=1326 audit(1751243423.437:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 408.333449][ T30] audit: type=1326 audit(1751243423.447:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16578 comm="syz.5.4356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6490d8e929 code=0x7ffc0000 [ 410.342987][T16669] syzkaller1: entered promiscuous mode [ 410.349272][T16669] syzkaller1: entered allmulticast mode [ 411.000043][T16704] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4406'. [ 411.203271][T13717] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 411.353164][T13717] usb 6-1: Using ep0 maxpacket: 32 [ 411.360193][T13717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 411.371689][T13717] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.381855][T13717] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 411.391159][T13717] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.401714][T13717] usb 6-1: config 0 descriptor?? [ 411.408870][T13717] hub 6-1:0.0: USB hub found [ 411.609502][T13717] hub 6-1:0.0: 1 port detected [ 412.097490][T16730] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4429'. [ 412.110461][T16729] netlink: 'syz.3.4419': attribute type 1 has an invalid length. [ 412.161263][T16729] 8021q: adding VLAN 0 to HW filter on device bond4 [ 412.182820][T16734] bond4: entered promiscuous mode [ 412.226884][T13717] hub 6-1:0.0: activate --> -90 [ 412.554801][T16749] lo speed is unknown, defaulting to 1000 [ 412.631080][T16753] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 412.733499][T13717] usb 6-1: USB disconnect, device number 29 [ 413.035984][T16766] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4434'. [ 413.333778][T16769] netlink: 'syz.5.4435': attribute type 1 has an invalid length. [ 413.406118][T16769] 8021q: adding VLAN 0 to HW filter on device bond1 [ 413.822352][T16773] bond1: entered promiscuous mode [ 414.499266][T16811] loop6: detected capacity change from 0 to 7 [ 414.520829][T16811] Dev loop6: unable to read RDB block 7 [ 414.530851][T16811] loop6: AHDI p1 p2 [ 414.534894][T16811] loop6: partition table partially beyond EOD, truncated [ 414.542151][T16811] loop6: p1 start 926365495 is beyond EOD, truncated [ 415.399257][T16852] xt_bpf: check failed: parse error [ 415.400727][T16853] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4466'. [ 417.097843][T16881] overlayfs: failed to clone upperpath [ 417.354420][T16893] lo speed is unknown, defaulting to 1000 [ 418.041110][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 418.041129][ T30] audit: type=1326 audit(1751243433.949:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16892 comm="syz.6.4481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f936178e929 code=0x0 [ 418.382877][T13717] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 418.592226][T13717] usb 6-1: Using ep0 maxpacket: 16 [ 418.603421][T13717] usb 6-1: config 0 interface 0 has no altsetting 0 [ 418.619464][T13717] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 418.633833][T16933] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4497'. [ 418.634514][T13717] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.672048][T13717] usb 6-1: config 0 descriptor?? [ 418.891408][T13717] usbhid 6-1:0.0: can't add hid device: -71 [ 418.905315][T13717] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 418.939020][T13717] usb 6-1: USB disconnect, device number 30 [ 419.243817][T16961] tipc: Failed to remove unknown binding: 66,1,1/0:2670724251/2670724253 [ 419.262394][T16961] tipc: Failed to remove unknown binding: 66,1,1/0:2670724251/2670724253 [ 419.369383][T16965] lo speed is unknown, defaulting to 1000 [ 419.449621][T16969] kvm: MWAIT instruction emulated as NOP! [ 421.083401][ T30] audit: type=1326 audit(1751243436.999:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17035 comm="syz.5.4539" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6490d8e929 code=0x0 [ 422.213089][ T30] audit: type=1326 audit(1751243438.129:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17093 comm="syz.6.4563" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f936178e929 code=0x0 [ 422.427682][T13717] libceph: connect (1)[c::]:6789 error -101 [ 422.442323][T13717] libceph: mon0 (1)[c::]:6789 connect error [ 422.702217][T13717] libceph: connect (1)[c::]:6789 error -101 [ 422.708452][T13717] libceph: mon0 (1)[c::]:6789 connect error [ 422.807867][T17134] xt_hashlimit: size too large, truncated to 1048576 [ 422.930381][T17139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4579'. [ 423.191774][T17106] ceph: No mds server is up or the cluster is laggy [ 423.235953][T13717] libceph: connect (1)[c::]:6789 error -101 [ 423.242601][T13717] libceph: mon0 (1)[c::]:6789 connect error [ 424.882036][T17200] lo speed is unknown, defaulting to 1000 [ 425.322198][ T5900] usb 7-1: new full-speed USB device number 31 using dummy_hcd [ 425.484316][ T5900] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 425.507506][ T5900] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 425.522790][ T24] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 425.554173][ T5900] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 425.564414][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.713145][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.741794][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.771010][ T24] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 425.795197][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.834911][ T5900] usb 7-1: GET_CAPABILITIES returned 0 [ 425.840453][ T5900] usbtmc 7-1:16.0: can't read capabilities [ 425.854013][ T24] usb 6-1: config 0 descriptor?? [ 426.478627][T13717] usb 7-1: USB disconnect, device number 31 [ 427.096312][ T24] uclogic 0003:256C:006D.0022: v1 frame probing failed: -71 [ 427.117324][ T24] uclogic 0003:256C:006D.0022: failed probing parameters: -71 [ 427.146171][ T24] uclogic 0003:256C:006D.0022: probe with driver uclogic failed with error -71 [ 427.184850][ T24] usb 6-1: USB disconnect, device number 31 [ 428.195855][T17290] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4642'. [ 428.425366][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.473322][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.511288][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.541023][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.548500][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.611720][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.665379][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.711610][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.740194][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.778202][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.830988][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.848620][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.866401][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.904047][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.924343][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.950933][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 428.987174][ T24] hid-generic 0002:0004:0009.0023: unknown main item tag 0x0 [ 429.019575][ T24] hid-generic 0002:0004:0009.0023: hidraw0: HID v0.04 Device [syz0] on syz0 [ 430.275091][ T30] audit: type=1326 audit(1751243446.180:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.380802][ T30] audit: type=1326 audit(1751243446.180:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.485392][ T30] audit: type=1326 audit(1751243446.230:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.572713][ T30] audit: type=1326 audit(1751243446.230:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.673829][ T30] audit: type=1326 audit(1751243446.230:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.696773][T17367] overlayfs: failed to clone upperpath [ 430.702859][T13717] usb 7-1: new full-speed USB device number 32 using dummy_hcd [ 430.727517][ T30] audit: type=1326 audit(1751243446.240:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.769735][ T30] audit: type=1326 audit(1751243446.240:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.800728][ T30] audit: type=1326 audit(1751243446.240:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.846141][ T30] audit: type=1326 audit(1751243446.240:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.904084][T13717] usb 7-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 430.937198][ T30] audit: type=1326 audit(1751243446.240:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17349 comm="syz.7.4668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fab7598e929 code=0x7ffc0000 [ 430.959258][T13717] usb 7-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 430.991002][T13717] usb 7-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 431.022178][T13717] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 431.036015][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 431.056595][T13717] usb 7-1: SerialNumber: syz [ 431.245454][T17392] loop2: detected capacity change from 0 to 7 [ 431.258241][T17392] Dev loop2: unable to read RDB block 7 [ 431.265771][T17392] loop2: unable to read partition table [ 431.285242][T13717] rndis_host 7-1:253.0: RNDIS init failed, -71 [ 431.294135][T13717] rndis_host 7-1:253.0: probe with driver rndis_host failed with error -71 [ 431.303109][T17392] loop2: partition table beyond EOD, truncated [ 431.314899][T17392] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 431.330109][T13717] usb 7-1: USB disconnect, device number 32 [ 431.810850][T13717] usb 7-1: new full-speed USB device number 33 using dummy_hcd [ 431.975275][T13717] usb 7-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 431.994409][T13717] usb 7-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 432.006129][T13717] usb 7-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 432.024843][T13717] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 432.035741][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 432.064993][T13717] usb 7-1: SerialNumber: syz [ 432.118695][T17415] Bluetooth: MGMT ver 1.23 [ 432.324990][T13717] rndis_host 7-1:253.0: RNDIS init failed, -71 [ 432.341630][T13717] rndis_host 7-1:253.0: probe with driver rndis_host failed with error -71 [ 432.405683][T13717] usb 7-1: USB disconnect, device number 33 [ 433.089765][T17440] vlan2: entered promiscuous mode [ 433.095447][T17440] bridge0: entered promiscuous mode [ 433.102382][T17440] vlan2: entered allmulticast mode [ 433.107617][T17440] bridge0: entered allmulticast mode [ 433.136142][T17440] bridge_slave_0: left allmulticast mode [ 433.150701][T17440] bridge_slave_0: left promiscuous mode [ 433.156593][T17440] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.174266][T17440] bridge_slave_1: left allmulticast mode [ 433.195020][T17440] bridge_slave_1: left promiscuous mode [ 433.205014][T17440] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.235219][T17440] bond0: (slave bond_slave_0): Releasing backup interface [ 433.251120][T17440] bond_slave_0: left promiscuous mode [ 433.258689][T17440] bond0: (slave bond_slave_1): Releasing backup interface [ 433.278036][T17440] bond_slave_1: left promiscuous mode [ 433.303334][T17440] team0: Port device team_slave_0 removed [ 433.326105][T17440] team0: Port device team_slave_1 removed [ 433.336943][T17440] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 433.350089][T17440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.398007][T17440] bond0: (slave wlan1): Releasing backup interface [ 433.409088][T17440] mac80211_hwsim hwsim9 wlan1: left promiscuous mode [ 433.423310][T17440] bond3: (slave gretap0): Releasing active interface [ 433.444186][ T24] lo speed is unknown, defaulting to 1000 [ 433.650431][T13717] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 433.820804][T13717] usb 6-1: Using ep0 maxpacket: 16 [ 433.827227][T13717] usb 6-1: too many configurations: 123, using maximum allowed: 8 [ 433.836667][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.847742][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.859162][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.870601][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.884154][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.897410][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.908531][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.920075][T13717] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.931545][T13717] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 433.940853][T13717] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 433.948949][T13717] usb 6-1: SerialNumber: syz [ 433.956140][T13717] usb 6-1: config 0 descriptor?? [ 433.965313][T13717] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input33 [ 434.186401][T17453] input: syz1 as /devices/virtual/input/input34 [ 434.203546][ T24] usb 6-1: USB disconnect, device number 32 [ 434.209654][ T5175] bcm5974 6-1:0.0: could not read from device [ 435.185649][T17502] netlink: 51 bytes leftover after parsing attributes in process `syz.7.4726'. [ 435.396492][T17506] loop9: detected capacity change from 0 to 7 [ 435.440575][T17506] Dev loop9: unable to read RDB block 7 [ 435.464133][T17506] loop9: unable to read partition table [ 435.491381][T17506] loop9: partition table beyond EOD, truncated [ 435.497677][T17506] loop_reread_partitions: partition scan of loop9 (x ) failed (rc=-5) [ 435.906107][T17520] netlink: 'syz.4.4733': attribute type 4 has an invalid length. [ 436.034986][ T5900] lo speed is unknown, defaulting to 1000 [ 436.042653][ T5900] syz0: Port: 1 Link DOWN [ 436.087578][ T5900] lo speed is unknown, defaulting to 1000 [ 437.179968][ T5900] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 437.340179][ T5900] usb 7-1: Using ep0 maxpacket: 32 [ 437.357433][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.379104][ T5900] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.390444][ T5900] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 437.410810][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.440206][ T5900] usb 7-1: config 0 descriptor?? [ 437.568462][T17570] dlm: non-version read from control device 211 [ 437.576717][T17570] dlm: non-version read from control device 211 [ 437.583062][T17570] dlm: non-version read from control device 211 [ 437.589418][T17570] dlm: non-version read from control device 211 [ 437.596023][T17570] dlm: non-version read from control device 211 [ 437.602345][T17570] dlm: non-version read from control device 211 [ 437.608622][T17570] dlm: non-version read from control device 211 [ 437.614963][T17570] dlm: non-version read from control device 211 [ 437.621270][T17570] dlm: non-version read from control device 211 [ 437.627549][T17570] dlm: non-version read from control device 211 [ 437.633857][T17570] dlm: non-version read from control device 211 [ 437.640328][T17570] dlm: non-version read from control device 211 [ 437.646613][T17570] dlm: non-version read from control device 211 [ 437.653009][T17570] dlm: non-version read from control device 211 [ 437.659291][T17570] dlm: non-version read from control device 211 [ 437.669420][T17570] dlm: non-version read from control device 211 [ 437.676142][T17570] dlm: non-version read from control device 211 [ 437.684830][T17570] dlm: non-version read from control device 211 [ 437.688511][T17572] overlayfs: failed to clone upperpath [ 437.691126][T17570] dlm: non-version read from control device 211 [ 437.691276][T17570] dlm: non-version read from control device 211 [ 437.691302][T17570] dlm: non-version read from control device 211 [ 437.691325][T17570] dlm: non-version read from control device 211 [ 437.691348][T17570] dlm: non-version read from control device 211 [ 437.691399][T17570] dlm: non-version read from control device 211 [ 437.691422][T17570] dlm: non-version read from control device 211 [ 437.691445][T17570] dlm: non-version read from control device 211 [ 437.691468][T17570] dlm: non-version read from control device 211 [ 437.691552][T17570] dlm: non-version read from control device 211 [ 437.760421][T17570] dlm: non-version read from control device 211 [ 437.766709][T17570] dlm: non-version read from control device 211 [ 437.773057][T17570] dlm: non-version read from control device 211 [ 437.779343][T17570] dlm: non-version read from control device 211 [ 437.785685][T17570] dlm: non-version read from control device 211 [ 437.792185][T17570] dlm: non-version read from control device 211 [ 437.798466][T17570] dlm: non-version read from control device 211 [ 437.804937][T17570] dlm: non-version read from control device 211 [ 437.811279][T17570] dlm: non-version read from control device 211 [ 437.817554][T17570] dlm: non-version read from control device 211 [ 437.823879][T17570] dlm: non-version read from control device 211 [ 437.830226][T17570] dlm: non-version read from control device 211 [ 437.836941][T17570] dlm: non-version read from control device 211 [ 437.843639][T17570] dlm: non-version read from control device 211 [ 437.849949][T17570] dlm: non-version read from control device 211 [ 437.856313][T17570] dlm: non-version read from control device 211 [ 437.863047][T17570] dlm: non-version read from control device 211 [ 437.869653][T17570] dlm: non-version read from control device 211 [ 437.875997][T17570] dlm: non-version read from control device 211 [ 437.877208][ T5900] ft260 0003:0403:6030.0024: unknown main item tag 0x0 [ 437.882286][T17570] dlm: non-version read from control device 211 [ 437.882313][T17570] dlm: non-version read from control device 211 [ 437.882334][T17570] dlm: non-version read from control device 211 [ 437.882355][T17570] dlm: non-version read from control device 211 [ 437.882453][T17570] dlm: non-version read from control device 211 [ 437.921087][T17570] dlm: non-version read from control device 211 [ 437.927375][T17570] dlm: non-version read from control device 211 [ 437.933739][T17570] dlm: non-version read from control device 211 [ 437.940508][T17570] dlm: non-version read from control device 211 [ 437.947145][T17570] dlm: non-version read from control device 211 [ 437.953481][T17570] dlm: non-version read from control device 211 [ 437.959848][T17570] dlm: non-version read from control device 211 [ 437.966206][T17570] dlm: non-version read from control device 211 [ 437.972649][T17570] dlm: non-version read from control device 211 [ 437.978939][T17570] dlm: non-version read from control device 211 [ 437.985289][T17570] dlm: non-version read from control device 211 [ 437.991612][T17570] dlm: non-version read from control device 211 [ 437.997898][T17570] dlm: non-version read from control device 211 [ 438.004847][T17570] dlm: non-version read from control device 211 [ 438.011575][T17570] dlm: non-version read from control device 211 [ 438.017962][T17570] dlm: non-version read from control device 211 [ 438.024330][T17570] dlm: non-version read from control device 211 [ 438.030674][T17570] dlm: non-version read from control device 211 [ 438.036961][T17570] dlm: non-version read from control device 211 [ 438.043520][T17570] dlm: non-version read from control device 211 [ 438.049852][T17570] dlm: non-version read from control device 211 [ 438.056188][T17570] dlm: non-version read from control device 211 [ 438.062545][T17570] dlm: non-version read from control device 211 [ 438.068911][T17570] dlm: non-version read from control device 211 [ 438.074444][ T5900] ft260 0003:0403:6030.0024: chip code: 6424 8183 [ 438.075254][T17570] dlm: non-version read from control device 211 [ 438.088519][T17570] dlm: non-version read from control device 211 [ 438.094877][T17570] dlm: non-version read from control device 211 [ 438.101214][T17570] dlm: non-version read from control device 211 [ 438.107509][T17570] dlm: non-version read from control device 211 [ 438.113877][T17570] dlm: non-version read from control device 211 [ 438.120250][T17570] dlm: non-version read from control device 211 [ 438.126620][T17570] dlm: non-version read from control device 211 [ 438.133187][T17570] dlm: non-version read from control device 211 [ 438.139450][T17570] dlm: non-version read from control device 211 [ 438.145760][T17570] dlm: non-version read from control device 211 [ 438.152103][T17570] dlm: non-version read from control device 211 [ 438.158381][T17570] dlm: non-version read from control device 211 [ 438.164696][T17570] dlm: non-version read from control device 211 [ 438.171027][T17570] dlm: non-version read from control device 211 [ 438.177375][T17570] dlm: non-version read from control device 211 [ 438.183684][T17570] dlm: non-version read from control device 211 [ 438.190060][T17570] dlm: non-version read from control device 211 [ 438.196329][T17570] dlm: non-version read from control device 211 [ 438.202627][T17570] dlm: non-version read from control device 211 [ 438.208874][T17570] dlm: non-version read from control device 211 [ 438.215180][T17570] dlm: non-version read from control device 211 [ 438.221520][T17570] dlm: non-version read from control device 211 [ 438.290163][ T5900] ft260 0003:0403:6030.0024: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0 [ 438.495127][ T5900] ft260 0003:0403:6030.0024: failed to retrieve status: -32, no wakeup [ 438.634692][T17608] netlink: 'syz.5.4769': attribute type 30 has an invalid length. [ 438.655092][T17608] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.664258][T17608] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.673451][T17608] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.682274][T17608] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.706500][T17608] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.715694][T17608] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.716367][ T5900] ft260 0003:0403:6030.0024: failed to reset I2C controller: -71 [ 438.724639][T17608] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.724723][T17608] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 438.807760][ T5900] usb 7-1: USB disconnect, device number 34 [ 439.365454][T17636] tipc: Failed to remove unknown binding: 66,1,1/2886997007:113576281/113576283 [ 439.375562][T17636] tipc: Failed to remove unknown binding: 66,1,1/2886997007:113576281/113576283 [ 439.420946][ T5900] kernel write not supported for file /1139/clear_refs (pid: 5900 comm: kworker/1:6) [ 439.939658][ T5900] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 440.050293][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.056656][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.103588][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.121363][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.146725][ T5900] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 440.167253][ T5900] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 440.177031][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.196229][ T5900] usb 6-1: config 0 descriptor?? [ 440.625041][ T5900] plantronics 0003:047F:FFFF.0025: reserved main item tag 0xd [ 440.665636][ T5900] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 440.837727][T17654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.855680][T17654] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 440.921730][ T5900] usb 6-1: USB disconnect, device number 33 [ 442.142318][T17725] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.4819'. [ 443.175433][T17757] 9pnet_fd: Insufficient options for proto=fd [ 443.256532][T17766] loop6: detected capacity change from 0 to 7 [ 443.273893][T17766] Dev loop6: unable to read RDB block 7 [ 443.283069][T17766] loop6: AHDI p1 p2 p3 [ 443.295409][T17766] loop6: partition table partially beyond EOD, truncated [ 443.307836][T17766] loop6: p1 start 926365495 is beyond EOD, truncated [ 443.326426][T17766] loop6: p2 size 116 extends beyond EOD, truncated [ 443.429492][T17770] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4839'. [ 443.438841][T17770] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4839'. [ 443.491450][ T5900] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 443.671278][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.682461][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.693440][ T5900] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 443.710387][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.722541][ T5900] usb 6-1: config 0 descriptor?? [ 443.734304][T17786] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 443.866807][T17792] lo speed is unknown, defaulting to 1000 [ 444.137465][ T5900] hid-thrustmaster 0003:044F:B65D.0026: unknown main item tag 0x0 [ 444.163793][ T5900] hid-thrustmaster 0003:044F:B65D.0026: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.5-1/input0 [ 444.178935][ T5900] hid-thrustmaster 0003:044F:B65D.0026: Wrong number of endpoints? [ 444.452782][ C1] hid-thrustmaster 0003:044F:B65D.0026: URB to get model id failed with error -71 [ 444.454651][T13717] usb 6-1: USB disconnect, device number 34 [ 445.000078][T17817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4860'. [ 445.099018][T17817] erspan0: entered promiscuous mode [ 445.131786][T17817] macvtap1: entered promiscuous mode [ 445.137297][T17817] macvtap1: entered allmulticast mode [ 445.193140][T17817] erspan0: entered allmulticast mode [ 445.255648][T17829] input: syz1 as /devices/virtual/input/input36 [ 445.286727][T17821] erspan0: left allmulticast mode [ 445.332680][T17821] erspan0: left promiscuous mode [ 445.809246][ T5900] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 445.892834][T17854] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4871'. [ 446.027563][ T5900] usb 7-1: Using ep0 maxpacket: 8 [ 446.044599][ T5900] usb 7-1: config index 0 descriptor too short (expected 74, got 45) [ 446.063790][ T5900] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 446.100668][ T5900] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 446.122849][T17865] 9pnet_fd: Insufficient options for proto=fd [ 446.129116][ T5900] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 446.168784][ T5900] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 446.183516][T17868] lo speed is unknown, defaulting to 1000 [ 446.197747][ T5900] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 446.222222][ T5900] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 446.231392][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.288468][T17873] netlink: 80 bytes leftover after parsing attributes in process `syz.5.4879'. [ 446.470087][ T5900] usb 7-1: GET_CAPABILITIES returned 0 [ 446.490508][ T5900] usbtmc 7-1:16.0: can't read capabilities [ 446.747900][ T5900] usb 7-1: USB disconnect, device number 35 [ 448.428644][ T5900] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 448.610349][ T5900] usb 7-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.625911][ T5900] usb 7-1: config 0 interface 0 has no altsetting 0 [ 448.638562][ T5900] usb 7-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 448.660484][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.672680][ T5900] usb 7-1: config 0 descriptor?? [ 449.011644][ T5900] usbhid 7-1:0.0: can't add hid device: -71 [ 449.036673][ T5900] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 449.067607][ T5900] usb 7-1: USB disconnect, device number 36 [ 449.487512][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 449.487531][ T30] audit: type=1800 audit(1751243465.393:412): pid=18001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.4932" name="nullb0" dev="tmpfs" ino=1112 res=0 errno=0 [ 449.748020][T18012] netlink: 'syz.3.4936': attribute type 10 has an invalid length. [ 452.138737][T18070] syz_tun: entered allmulticast mode [ 452.167179][T18070] syz_tun: left allmulticast mode [ 453.046972][T18090] vlan2: entered promiscuous mode [ 453.068762][T18090] bridge0: entered promiscuous mode [ 453.074206][T18090] vlan2: entered allmulticast mode [ 453.095582][T18090] bridge0: entered allmulticast mode [ 453.117765][T18093] bond0: (slave team0): Releasing backup interface [ 453.139988][T18093] bridge_slave_0: left allmulticast mode [ 453.146484][T18093] bridge_slave_0: left promiscuous mode [ 453.171815][T18093] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.265335][T18093] bridge_slave_1: left allmulticast mode [ 453.271329][T18093] bridge_slave_1: left promiscuous mode [ 453.285744][T18093] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.395078][T18093] bond0: (slave bond_slave_0): Releasing backup interface [ 453.405957][T18105] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4972'. [ 453.488975][T18093] bond0: (slave bond_slave_1): Releasing backup interface [ 453.603855][T18093] team0: Port device team_slave_0 removed [ 453.636717][T18093] team0: Port device team_slave_1 removed [ 453.664022][T18093] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 453.725120][T18093] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 453.762709][T18101] netlink: 'syz.6.4982': attribute type 5 has an invalid length. [ 454.074086][ T5820] IPVS: starting estimator thread 0... [ 454.102748][T18120] lo speed is unknown, defaulting to 1000 [ 454.177944][T18124] IPVS: using max 34 ests per chain, 81600 per kthread [ 454.234465][T18128] netlink: 'syz.5.4978': attribute type 1 has an invalid length. [ 454.384195][T18132] bond2: (slave gretap2): making interface the new active one [ 454.392949][T18132] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 454.566520][T18147] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 454.813767][T18157] lo: entered allmulticast mode [ 454.836219][T18157] lo: left allmulticast mode [ 455.406598][T18169] rdma_rxe: rxe_newlink: failed to add lo [ 455.447081][T18169] syz_tun: left promiscuous mode [ 455.464417][T18169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 455.475441][T18169] 8021q: adding VLAN 0 to HW filter on device team0 [ 455.494423][T18169] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 456.527467][T18206] lo speed is unknown, defaulting to 1000 [ 458.283307][T18254] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5035'. [ 459.142239][T18273] input: syz1 as /devices/virtual/input/input37 [ 459.221408][T18280] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5041'. [ 461.949325][T18332] xt_hashlimit: size too large, truncated to 1048576 [ 462.635380][T18351] bridge0: port 1(syz_tun) entered blocking state [ 462.647946][T18351] bridge0: port 1(syz_tun) entered disabled state [ 462.660661][T18351] syz_tun: entered allmulticast mode [ 462.677519][T18351] syz_tun: entered promiscuous mode [ 463.472841][T18376] lo speed is unknown, defaulting to 1000 [ 463.627785][ T5820] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 463.859551][ T5820] usb 6-1: config 0 has no interfaces? [ 463.916342][ T5820] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 463.946598][ T5820] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.987701][ T5820] usb 6-1: Product: syz [ 463.991924][ T5820] usb 6-1: Manufacturer: syz [ 463.996538][ T5820] usb 6-1: SerialNumber: syz [ 464.090702][ T5820] usb 6-1: config 0 descriptor?? [ 464.570461][T18403] vlan0: entered promiscuous mode [ 464.608709][T18403] bridge0: entered promiscuous mode [ 464.614352][T18403] vlan0: entered allmulticast mode [ 464.620444][T18403] bridge0: entered allmulticast mode [ 464.749712][ T5820] usb 6-1: USB disconnect, device number 35 [ 467.323185][T18483] netlink: 'syz.7.5127': attribute type 1 has an invalid length. [ 467.382736][T18485] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5127'. [ 467.397091][T18483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 467.415121][T18487] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5128'. [ 467.424237][T13717] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 467.589531][T13717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.601017][T13717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.611123][T13717] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 467.639826][T18485] bond2 (unregistering): Released all slaves [ 467.646633][T13717] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 467.661248][T13717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.678097][T13717] usb 7-1: config 0 descriptor?? [ 468.014789][ T30] audit: type=1326 audit(1751243739.921:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18505 comm="syz.7.5137" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab7598e929 code=0x0 [ 468.104180][T13717] plantronics 0003:047F:FFFF.0027: reserved main item tag 0xd [ 468.133875][T13717] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 468.143115][T18509] overlayfs: failed to clone upperpath [ 468.334162][T18478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 468.351927][T18478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 468.420787][ T5820] usb 7-1: USB disconnect, device number 37 [ 468.530759][T18521] macsec0: entered promiscuous mode [ 468.536156][T18521] macsec0: entered allmulticast mode [ 468.546438][T18521] veth1_macvtap: entered allmulticast mode [ 468.552612][T18521] macsec0: left promiscuous mode [ 468.561472][T18521] macsec0: left allmulticast mode [ 468.567859][T18521] veth1_macvtap: left allmulticast mode [ 468.721788][T18530] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5147'. [ 468.733748][T18531] lo speed is unknown, defaulting to 1000 [ 469.075572][T18540] overlayfs: failed to clone upperpath [ 469.524310][T18564] lo: entered allmulticast mode [ 469.886399][T18573] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 470.724886][T18608] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5177'. [ 470.762244][T18608] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5177'. [ 471.547732][T13717] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 471.968403][T13717] usb 6-1: Using ep0 maxpacket: 8 [ 471.981416][T13717] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 471.990985][T13717] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.999170][T13717] usb 6-1: Product: syz [ 472.003555][T13717] usb 6-1: Manufacturer: syz [ 472.008305][T13717] usb 6-1: SerialNumber: syz [ 472.016022][T13717] usb 6-1: config 0 descriptor?? [ 472.226519][T13717] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 472.792877][T13717] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 472.874929][T13717] usb 6-1: USB disconnect, device number 36 [ 472.992011][ T30] audit: type=1326 audit(1751243744.901:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18660 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d8118e929 code=0x7ffc0000 [ 473.058619][ T30] audit: type=1326 audit(1751243744.931:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18660 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f3d8118e929 code=0x7ffc0000 [ 473.103744][ T30] audit: type=1326 audit(1751243744.931:416): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=18660 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d8118e929 code=0x7ffc0000 [ 473.127812][ T30] audit: type=1326 audit(1751243744.931:417): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=18660 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f3d8118e929 code=0x7ffc0000 [ 473.153628][ T30] audit: type=1326 audit(1751243744.931:418): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=_ pid=18660 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d8118e929 code=0x7ffc0000 [ 473.846924][ T30] audit: type=1326 audit(1751243745.751:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18689 comm="syz.4.5213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1ed758e929 code=0x0 [ 474.108091][T18700] [ 474.110462][T18700] ===================================================== [ 474.117377][T18700] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 474.124837][T18700] 6.16.0-rc4-syzkaller #0 Not tainted [ 474.130231][T18700] ----------------------------------------------------- [ 474.137143][T18700] syz.6.5217/18700 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 474.144845][T18700] ffff888032532948 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 474.153538][T18700] [ 474.153538][T18700] and this task is already holding: [ 474.160888][T18700] ffff88803155d028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 474.170622][T18700] which would create a new lock dependency: [ 474.176495][T18700] (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 474.184591][T18700] [ 474.184591][T18700] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 474.194021][T18700] (&client->buffer_lock){..-.}-{3:3} [ 474.194043][T18700] [ 474.194043][T18700] ... which became SOFTIRQ-irq-safe at: [ 474.207127][T18700] lock_acquire+0x120/0x360 [ 474.211736][T18700] _raw_spin_lock+0x2e/0x40 [ 474.216335][T18700] evdev_pass_values+0xb9/0xbd0 [ 474.221288][T18700] evdev_events+0x1e6/0x340 [ 474.225890][T18700] input_pass_values+0x288/0x890 [ 474.230914][T18700] input_event_dispose+0x3e5/0x6b0 [ 474.236110][T18700] input_event+0x8c/0xc0 [ 474.240432][T18700] hidinput_hid_event+0x132c/0x1c90 [ 474.245702][T18700] hid_process_event+0x4be/0x620 [ 474.250712][T18700] hid_report_raw_event+0xe91/0x16d0 [ 474.256075][T18700] hid_input_report+0x43e/0x520 [ 474.261007][T18700] hid_irq_in+0x47e/0x6d0 [ 474.265412][T18700] __usb_hcd_giveback_urb+0x417/0x690 [ 474.270855][T18700] dummy_timer+0x862/0x4550 [ 474.275431][T18700] __hrtimer_run_queues+0x52c/0xc60 [ 474.280709][T18700] hrtimer_run_softirq+0x187/0x2b0 [ 474.285901][T18700] handle_softirqs+0x283/0x870 [ 474.290745][T18700] __irq_exit_rcu+0xca/0x1f0 [ 474.295409][T18700] irq_exit_rcu+0x9/0x30 [ 474.299731][T18700] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 474.305444][T18700] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 474.311500][T18700] __sanitizer_cov_trace_cmp4+0x37/0x90 [ 474.317122][T18700] sys_imageblit+0x14ae/0x1e50 [ 474.321965][T18700] drm_fbdev_shmem_defio_imageblit+0x2c/0x110 [ 474.328112][T18700] bit_putcs+0x1760/0x1a50 [ 474.332613][T18700] fbcon_putcs+0x3e5/0x5f0 [ 474.337106][T18700] do_update_region+0x38b/0x440 [ 474.342029][T18700] redraw_screen+0x91a/0xe90 [ 474.346697][T18700] vc_do_resize+0x122d/0x1770 [ 474.351450][T18700] fbcon_do_set_font+0xa56/0x1120 [ 474.356554][T18700] con_font_op+0xcac/0x1070 [ 474.361133][T18700] vt_ioctl+0x1a8a/0x1f00 [ 474.365539][T18700] tty_ioctl+0x929/0xde0 [ 474.369859][T18700] __se_sys_ioctl+0xfc/0x170 [ 474.374521][T18700] do_syscall_64+0xfa/0x3b0 [ 474.379104][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.385072][T18700] [ 474.385072][T18700] to a SOFTIRQ-irq-unsafe lock: [ 474.392078][T18700] (tasklist_lock){.+.+}-{3:3} [ 474.392102][T18700] [ 474.392102][T18700] ... which became SOFTIRQ-irq-unsafe at: [ 474.404714][T18700] ... [ 474.404721][T18700] lock_acquire+0x120/0x360 [ 474.411867][T18700] _raw_read_lock+0x36/0x50 [ 474.416449][T18700] __do_wait+0xde/0x740 [ 474.420678][T18700] do_wait+0x1f8/0x520 [ 474.424827][T18700] kernel_wait+0xab/0x170 [ 474.429232][T18700] call_usermodehelper_exec_work+0xbe/0x230 [ 474.435200][T18700] process_scheduled_works+0xae1/0x17b0 [ 474.440822][T18700] worker_thread+0x8a0/0xda0 [ 474.445487][T18700] kthread+0x711/0x8a0 [ 474.449629][T18700] ret_from_fork+0x3fc/0x770 [ 474.454298][T18700] ret_from_fork_asm+0x1a/0x30 [ 474.459142][T18700] [ 474.459142][T18700] other info that might help us debug this: [ 474.459142][T18700] [ 474.469362][T18700] Chain exists of: [ 474.469362][T18700] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 474.469362][T18700] [ 474.482484][T18700] Possible interrupt unsafe locking scenario: [ 474.482484][T18700] [ 474.490795][T18700] CPU0 CPU1 [ 474.496143][T18700] ---- ---- [ 474.501492][T18700] lock(tasklist_lock); [ 474.505727][T18700] local_irq_disable(); [ 474.512469][T18700] lock(&client->buffer_lock); [ 474.519830][T18700] lock(&new->fa_lock); [ 474.526669][T18700] [ 474.530106][T18700] lock(&client->buffer_lock); [ 474.535121][T18700] [ 474.535121][T18700] *** DEADLOCK *** [ 474.535121][T18700] [ 474.543269][T18700] 7 locks held by syz.6.5217/18700: [ 474.548449][T18700] #0: ffff888145f4d118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 474.557583][T18700] #1: ffff888145b3c230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 474.567706][T18700] #2: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 474.577537][T18700] #3: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 474.587100][T18700] #4: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 474.596229][T18700] #5: ffff88803155d028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 474.606395][T18700] #6: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 474.615439][T18700] [ 474.615439][T18700] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 474.625830][T18700] -> (&client->buffer_lock){..-.}-{3:3} { [ 474.631558][T18700] IN-SOFTIRQ-W at: [ 474.635527][T18700] lock_acquire+0x120/0x360 [ 474.641671][T18700] _raw_spin_lock+0x2e/0x40 [ 474.647812][T18700] evdev_pass_values+0xb9/0xbd0 [ 474.654296][T18700] evdev_events+0x1e6/0x340 [ 474.660434][T18700] input_pass_values+0x288/0x890 [ 474.667009][T18700] input_event_dispose+0x3e5/0x6b0 [ 474.673761][T18700] input_event+0x8c/0xc0 [ 474.679645][T18700] hidinput_hid_event+0x132c/0x1c90 [ 474.686485][T18700] hid_process_event+0x4be/0x620 [ 474.693058][T18700] hid_report_raw_event+0xe91/0x16d0 [ 474.699986][T18700] hid_input_report+0x43e/0x520 [ 474.706478][T18700] hid_irq_in+0x47e/0x6d0 [ 474.712452][T18700] __usb_hcd_giveback_urb+0x417/0x690 [ 474.719469][T18700] dummy_timer+0x862/0x4550 [ 474.725610][T18700] __hrtimer_run_queues+0x52c/0xc60 [ 474.732450][T18700] hrtimer_run_softirq+0x187/0x2b0 [ 474.739204][T18700] handle_softirqs+0x283/0x870 [ 474.745614][T18700] __irq_exit_rcu+0xca/0x1f0 [ 474.751847][T18700] irq_exit_rcu+0x9/0x30 [ 474.757728][T18700] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 474.764999][T18700] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 474.772618][T18700] __sanitizer_cov_trace_cmp4+0x37/0x90 [ 474.779803][T18700] sys_imageblit+0x14ae/0x1e50 [ 474.786205][T18700] drm_fbdev_shmem_defio_imageblit+0x2c/0x110 [ 474.793913][T18700] bit_putcs+0x1760/0x1a50 [ 474.799967][T18700] fbcon_putcs+0x3e5/0x5f0 [ 474.806021][T18700] do_update_region+0x38b/0x440 [ 474.812508][T18700] redraw_screen+0x91a/0xe90 [ 474.818734][T18700] vc_do_resize+0x122d/0x1770 [ 474.825045][T18700] fbcon_do_set_font+0xa56/0x1120 [ 474.831709][T18700] con_font_op+0xcac/0x1070 [ 474.837853][T18700] vt_ioctl+0x1a8a/0x1f00 [ 474.843820][T18700] tty_ioctl+0x929/0xde0 [ 474.849704][T18700] __se_sys_ioctl+0xfc/0x170 [ 474.855928][T18700] do_syscall_64+0xfa/0x3b0 [ 474.862073][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.869606][T18700] INITIAL USE at: [ 474.873487][T18700] lock_acquire+0x120/0x360 [ 474.879543][T18700] _raw_spin_lock+0x2e/0x40 [ 474.885597][T18700] evdev_pass_values+0xb9/0xbd0 [ 474.891998][T18700] evdev_events+0x1e6/0x340 [ 474.898065][T18700] input_pass_values+0x288/0x890 [ 474.904578][T18700] input_event_dispose+0x3e5/0x6b0 [ 474.911251][T18700] input_event+0x8c/0xc0 [ 474.917044][T18700] hidinput_hid_event+0x132c/0x1c90 [ 474.923791][T18700] hid_process_event+0x4be/0x620 [ 474.930278][T18700] hid_report_raw_event+0xe91/0x16d0 [ 474.937126][T18700] hid_input_report+0x43e/0x520 [ 474.943530][T18700] hid_irq_in+0x47e/0x6d0 [ 474.949409][T18700] __usb_hcd_giveback_urb+0x417/0x690 [ 474.956329][T18700] dummy_timer+0x862/0x4550 [ 474.962387][T18700] __hrtimer_run_queues+0x52c/0xc60 [ 474.969141][T18700] hrtimer_run_softirq+0x187/0x2b0 [ 474.975809][T18700] handle_softirqs+0x283/0x870 [ 474.982128][T18700] __irq_exit_rcu+0xca/0x1f0 [ 474.988279][T18700] irq_exit_rcu+0x9/0x30 [ 474.994226][T18700] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 475.001433][T18700] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 475.008966][T18700] __sanitizer_cov_trace_cmp4+0x37/0x90 [ 475.016066][T18700] sys_imageblit+0x14ae/0x1e50 [ 475.022383][T18700] drm_fbdev_shmem_defio_imageblit+0x2c/0x110 [ 475.030026][T18700] bit_putcs+0x1760/0x1a50 [ 475.035996][T18700] fbcon_putcs+0x3e5/0x5f0 [ 475.041972][T18700] do_update_region+0x38b/0x440 [ 475.048396][T18700] redraw_screen+0x91a/0xe90 [ 475.054539][T18700] vc_do_resize+0x122d/0x1770 [ 475.060768][T18700] fbcon_do_set_font+0xa56/0x1120 [ 475.067347][T18700] con_font_op+0xcac/0x1070 [ 475.073401][T18700] vt_ioctl+0x1a8a/0x1f00 [ 475.079282][T18700] tty_ioctl+0x929/0xde0 [ 475.085081][T18700] __se_sys_ioctl+0xfc/0x170 [ 475.091237][T18700] do_syscall_64+0xfa/0x3b0 [ 475.097296][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.104751][T18700] } [ 475.107235][T18700] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 475.115385][T18700] [ 475.115385][T18700] the dependencies between the lock to be acquired [ 475.115394][T18700] and SOFTIRQ-irq-unsafe lock: [ 475.128888][T18700] -> (tasklist_lock){.+.+}-{3:3} { [ 475.134187][T18700] HARDIRQ-ON-R at: [ 475.138332][T18700] lock_acquire+0x120/0x360 [ 475.144826][T18700] _raw_read_lock+0x36/0x50 [ 475.151314][T18700] __do_wait+0xde/0x740 [ 475.157469][T18700] do_wait+0x1f8/0x520 [ 475.163524][T18700] kernel_wait+0xab/0x170 [ 475.169841][T18700] call_usermodehelper_exec_work+0xbe/0x230 [ 475.177721][T18700] process_scheduled_works+0xae1/0x17b0 [ 475.185259][T18700] worker_thread+0x8a0/0xda0 [ 475.191834][T18700] kthread+0x711/0x8a0 [ 475.197885][T18700] ret_from_fork+0x3fc/0x770 [ 475.204460][T18700] ret_from_fork_asm+0x1a/0x30 [ 475.211207][T18700] SOFTIRQ-ON-R at: [ 475.215360][T18700] lock_acquire+0x120/0x360 [ 475.221853][T18700] _raw_read_lock+0x36/0x50 [ 475.228342][T18700] __do_wait+0xde/0x740 [ 475.234483][T18700] do_wait+0x1f8/0x520 [ 475.240547][T18700] kernel_wait+0xab/0x170 [ 475.246861][T18700] call_usermodehelper_exec_work+0xbe/0x230 [ 475.254742][T18700] process_scheduled_works+0xae1/0x17b0 [ 475.262279][T18700] worker_thread+0x8a0/0xda0 [ 475.268868][T18700] kthread+0x711/0x8a0 [ 475.274928][T18700] ret_from_fork+0x3fc/0x770 [ 475.281522][T18700] ret_from_fork_asm+0x1a/0x30 [ 475.288274][T18700] INITIAL USE at: [ 475.292334][T18700] lock_acquire+0x120/0x360 [ 475.298734][T18700] _raw_write_lock_irq+0xa2/0xf0 [ 475.305571][T18700] copy_process+0x224f/0x3c00 [ 475.312151][T18700] kernel_clone+0x224/0x7f0 [ 475.318551][T18700] user_mode_thread+0xdd/0x140 [ 475.325211][T18700] rest_init+0x23/0x300 [ 475.331261][T18700] start_kernel+0x47d/0x500 [ 475.337663][T18700] x86_64_start_reservations+0x24/0x30 [ 475.345022][T18700] x86_64_start_kernel+0x143/0x1c0 [ 475.352030][T18700] common_startup_64+0x13e/0x147 [ 475.358873][T18700] INITIAL READ USE at: [ 475.363363][T18700] lock_acquire+0x120/0x360 [ 475.370200][T18700] _raw_read_lock+0x36/0x50 [ 475.377038][T18700] __do_wait+0xde/0x740 [ 475.383526][T18700] do_wait+0x1f8/0x520 [ 475.389928][T18700] kernel_wait+0xab/0x170 [ 475.396592][T18700] call_usermodehelper_exec_work+0xbe/0x230 [ 475.404823][T18700] process_scheduled_works+0xae1/0x17b0 [ 475.412707][T18700] worker_thread+0x8a0/0xda0 [ 475.419635][T18700] kthread+0x711/0x8a0 [ 475.426034][T18700] ret_from_fork+0x3fc/0x770 [ 475.432963][T18700] ret_from_fork_asm+0x1a/0x30 [ 475.440234][T18700] } [ 475.442897][T18700] ... key at: [] tasklist_lock+0x18/0x40 [ 475.450782][T18700] ... acquired at: [ 475.454747][T18700] lock_acquire+0x120/0x360 [ 475.459413][T18700] _raw_read_lock+0x36/0x50 [ 475.464088][T18700] send_sigurg+0x12b/0x420 [ 475.468671][T18700] sk_send_sigurg+0x6c/0x2e0 [ 475.473428][T18700] queue_oob+0x490/0x5a0 [ 475.477833][T18700] unix_stream_sendmsg+0xaf9/0xc90 [ 475.483104][T18700] __sock_sendmsg+0x219/0x270 [ 475.487949][T18700] ____sys_sendmsg+0x52d/0x830 [ 475.492922][T18700] ___sys_sendmsg+0x21f/0x2a0 [ 475.497755][T18700] __sys_sendmmsg+0x227/0x430 [ 475.502590][T18700] __x64_sys_sendmmsg+0xa0/0xc0 [ 475.507601][T18700] do_syscall_64+0xfa/0x3b0 [ 475.512274][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.518327][T18700] [ 475.520634][T18700] -> (&f_owner->lock){....}-{3:3} { [ 475.525927][T18700] INITIAL USE at: [ 475.529901][T18700] lock_acquire+0x120/0x360 [ 475.536129][T18700] _raw_write_lock_irq+0xa2/0xf0 [ 475.542795][T18700] __f_setown+0x67/0x370 [ 475.548763][T18700] do_fcntl+0x15ff/0x1910 [ 475.554901][T18700] __se_sys_fcntl+0xc8/0x150 [ 475.561215][T18700] do_syscall_64+0xfa/0x3b0 [ 475.567447][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.575063][T18700] INITIAL READ USE at: [ 475.579466][T18700] lock_acquire+0x120/0x360 [ 475.586128][T18700] _raw_read_lock_irqsave+0xaf/0x100 [ 475.593658][T18700] send_sigurg+0x55/0x420 [ 475.600150][T18700] sk_send_sigurg+0x6c/0x2e0 [ 475.606903][T18700] queue_oob+0x490/0x5a0 [ 475.613302][T18700] unix_stream_sendmsg+0xaf9/0xc90 [ 475.620568][T18700] __sock_sendmsg+0x219/0x270 [ 475.627405][T18700] ____sys_sendmsg+0x52d/0x830 [ 475.634324][T18700] ___sys_sendmsg+0x21f/0x2a0 [ 475.641186][T18700] __sys_sendmmsg+0x227/0x430 [ 475.648019][T18700] __x64_sys_sendmmsg+0xa0/0xc0 [ 475.655025][T18700] do_syscall_64+0xfa/0x3b0 [ 475.661696][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.669745][T18700] } [ 475.672313][T18700] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 475.681238][T18700] ... acquired at: [ 475.685113][T18700] lock_acquire+0x120/0x360 [ 475.689777][T18700] _raw_read_lock_irqsave+0xaf/0x100 [ 475.695222][T18700] send_sigio+0x38/0x370 [ 475.699727][T18700] kill_fasync+0x24d/0x4d0 [ 475.704300][T18700] sock_wake_async+0x137/0x160 [ 475.709223][T18700] sock_def_readable+0x3bb/0x550 [ 475.714322][T18700] queue_oob+0x4c4/0x5a0 [ 475.718726][T18700] unix_stream_sendmsg+0xaf9/0xc90 [ 475.724079][T18700] __sock_sendmsg+0x219/0x270 [ 475.728916][T18700] ____sys_sendmsg+0x52d/0x830 [ 475.733837][T18700] ___sys_sendmsg+0x21f/0x2a0 [ 475.738676][T18700] __sys_sendmmsg+0x227/0x430 [ 475.743509][T18700] __x64_sys_sendmmsg+0xa0/0xc0 [ 475.748518][T18700] do_syscall_64+0xfa/0x3b0 [ 475.753182][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.759237][T18700] [ 475.761545][T18700] -> (&new->fa_lock){....}-{3:3} { [ 475.766664][T18700] INITIAL USE at: [ 475.770542][T18700] lock_acquire+0x120/0x360 [ 475.776595][T18700] _raw_write_lock_irq+0xa2/0xf0 [ 475.783085][T18700] fasync_remove_entry+0xf1/0x1c0 [ 475.789655][T18700] sock_fasync+0x85/0xf0 [ 475.795452][T18700] __fput+0x89f/0xa70 [ 475.800990][T18700] task_work_run+0x1d4/0x260 [ 475.807132][T18700] exit_to_user_mode_loop+0xec/0x110 [ 475.813967][T18700] do_syscall_64+0x2bd/0x3b0 [ 475.820111][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.827552][T18700] INITIAL READ USE at: [ 475.831867][T18700] lock_acquire+0x120/0x360 [ 475.838357][T18700] _raw_read_lock_irqsave+0xaf/0x100 [ 475.845629][T18700] kill_fasync+0x199/0x4d0 [ 475.852031][T18700] sock_wake_async+0x137/0x160 [ 475.858792][T18700] sock_def_readable+0x3bb/0x550 [ 475.865733][T18700] mptcp_release_cb+0x6a7/0x960 [ 475.872586][T18700] release_sock+0x1a3/0x1f0 [ 475.879084][T18700] sk_stream_wait_memory+0x724/0xf70 [ 475.886356][T18700] mptcp_sendmsg+0x1061/0x1970 [ 475.893106][T18700] __sock_sendmsg+0x19c/0x270 [ 475.899770][T18700] sock_write_iter+0x258/0x330 [ 475.906524][T18700] do_iter_readv_writev+0x56e/0x7f0 [ 475.913791][T18700] vfs_writev+0x31a/0x960 [ 475.920110][T18700] do_writev+0x14d/0x2d0 [ 475.926352][T18700] do_syscall_64+0xfa/0x3b0 [ 475.932847][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.940722][T18700] } [ 475.943204][T18700] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 475.951868][T18700] ... acquired at: [ 475.955657][T18700] lock_acquire+0x120/0x360 [ 475.960326][T18700] _raw_read_lock_irqsave+0xaf/0x100 [ 475.965775][T18700] kill_fasync+0x199/0x4d0 [ 475.970352][T18700] evdev_pass_values+0x627/0xbd0 [ 475.975447][T18700] evdev_events+0x1e6/0x340 [ 475.980109][T18700] input_pass_values+0x288/0x890 [ 475.985222][T18700] input_event_dispose+0x330/0x6b0 [ 475.990495][T18700] input_inject_event+0x1fe/0x320 [ 475.995684][T18700] evdev_write+0x2fc/0x480 [ 476.000261][T18700] vfs_write+0x27b/0xa90 [ 476.004664][T18700] ksys_write+0x145/0x250 [ 476.009153][T18700] do_syscall_64+0xfa/0x3b0 [ 476.013820][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.019873][T18700] [ 476.022180][T18700] [ 476.022180][T18700] stack backtrace: [ 476.028066][T18700] CPU: 0 UID: 0 PID: 18700 Comm: syz.6.5217 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 476.028083][T18700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 476.028098][T18700] Call Trace: [ 476.028108][T18700] [ 476.028117][T18700] dump_stack_lvl+0x189/0x250 [ 476.028139][T18700] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.028156][T18700] ? __pfx__printk+0x10/0x10 [ 476.028173][T18700] validate_chain+0x1f05/0x2140 [ 476.028200][T18700] __lock_acquire+0xab9/0xd20 [ 476.028218][T18700] ? kill_fasync+0x199/0x4d0 [ 476.028229][T18700] lock_acquire+0x120/0x360 [ 476.028244][T18700] ? kill_fasync+0x199/0x4d0 [ 476.028261][T18700] _raw_read_lock_irqsave+0xaf/0x100 [ 476.028278][T18700] ? kill_fasync+0x199/0x4d0 [ 476.028289][T18700] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 476.028304][T18700] ? do_raw_spin_lock+0x121/0x290 [ 476.028320][T18700] kill_fasync+0x199/0x4d0 [ 476.028331][T18700] ? kill_fasync+0x53/0x4d0 [ 476.028343][T18700] evdev_pass_values+0x627/0xbd0 [ 476.028358][T18700] ? evdev_pass_values+0x641/0xbd0 [ 476.028373][T18700] evdev_events+0x1e6/0x340 [ 476.028385][T18700] ? evdev_events+0x79/0x340 [ 476.028397][T18700] ? input_pass_values+0x8d/0x890 [ 476.028408][T18700] input_pass_values+0x288/0x890 [ 476.028423][T18700] ? input_handle_event+0x70c/0xf30 [ 476.028440][T18700] input_event_dispose+0x330/0x6b0 [ 476.028458][T18700] input_inject_event+0x1fe/0x320 [ 476.028474][T18700] ? input_inject_event+0xbc/0x320 [ 476.028492][T18700] evdev_write+0x2fc/0x480 [ 476.028512][T18700] ? __pfx_evdev_write+0x10/0x10 [ 476.028525][T18700] ? bpf_lsm_file_permission+0x9/0x20 [ 476.028542][T18700] ? security_file_permission+0x75/0x290 [ 476.028558][T18700] ? rw_verify_area+0x258/0x650 [ 476.028572][T18700] ? __pfx_evdev_write+0x10/0x10 [ 476.028585][T18700] vfs_write+0x27b/0xa90 [ 476.028601][T18700] ? __pfx_vfs_write+0x10/0x10 [ 476.028615][T18700] ? __fget_files+0x2a/0x420 [ 476.028632][T18700] ? __fget_files+0x2a/0x420 [ 476.028646][T18700] ? __fget_files+0x3a0/0x420 [ 476.028661][T18700] ? __fget_files+0x2a/0x420 [ 476.028680][T18700] ksys_write+0x145/0x250 [ 476.028694][T18700] ? __pfx_ksys_write+0x10/0x10 [ 476.028707][T18700] ? rcu_is_watching+0x15/0xb0 [ 476.028726][T18700] ? do_syscall_64+0xbe/0x3b0 [ 476.028745][T18700] do_syscall_64+0xfa/0x3b0 [ 476.028761][T18700] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.028778][T18700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.028790][T18700] ? clear_bhb_loop+0x60/0xb0 [ 476.028805][T18700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.028818][T18700] RIP: 0033:0x7f936178e929 [ 476.028831][T18700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.028843][T18700] RSP: 002b:00007f935f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 476.028858][T18700] RAX: ffffffffffffffda RBX: 00007f93619b5fa0 RCX: 00007f936178e929 [ 476.028868][T18700] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 476.028877][T18700] RBP: 00007f9361810b39 R08: 0000000000000000 R09: 0000000000000000 [ 476.028886][T18700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 476.028894][T18700] R13: 0000000000000000 R14: 00007f93619b5fa0 R15: 00007ffc8c2001e8 [ 476.028909][T18700] [ 476.363191][T18702] overlayfs: failed to clone upperpath