last executing test programs: 5.602172958s ago: executing program 2 (id=1534): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6815c"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.351989878s ago: executing program 2 (id=1537): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) keyctl$restrict_keyring(0x5, 0xfffffffffffffffe, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x1}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="40d469"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000180)='dns_resolver\x00', 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) 2.97590264s ago: executing program 4 (id=1557): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0xc000) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) connect$can_bcm(r1, &(0x7f0000000140)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, 0x0, 0x20000000) sendmsg$can_bcm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x180, 0x9, {0x77359400}, {}, {0x2, 0x0, 0x1}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x1, 0x0, 0x0, "c251541693f8cfd1"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4004844) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x0) 2.934097933s ago: executing program 1 (id=1559): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000400)={0x1, 0x0, [{0x40000096, 0x0, 0x1428}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000"]) 2.677779024s ago: executing program 0 (id=1561): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.47044786s ago: executing program 1 (id=1563): socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="d8000000190081054e81f783db4cb9040a1d080006007c02cdfc55a10a0017000600a42603600e12080006ba0474f701a8000100fe80ffff7f6f94007134cf6efb8000a007a290457f01890500277ce06bbaceac3c2fb14c2ee5a7a3aab62f00001fb71b14d6d930dfe1d9d3", 0x6c}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10) sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x14130}], 0x1}, 0x80d1) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)) close(r0) 2.303821344s ago: executing program 0 (id=1565): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) close(r1) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ff0f00000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000e085000000710000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) close_range(r5, 0xffffffffffffffff, 0x0) 2.298254405s ago: executing program 4 (id=1566): socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x14130}], 0x1}, 0x80d1) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) close(r0) 2.197421033s ago: executing program 1 (id=1567): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000001280)="b9354b27b553aeeee8ae0b0000a4df2a9080f3", 0x0, 0x603, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x4d) 2.134971668s ago: executing program 2 (id=1569): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8e3453a7b706369d, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r2, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x58}, 0x20) 2.008220998s ago: executing program 3 (id=1570): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0x4}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r1, 0x400}}, 0x48) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, r1, 0x30, 0x1, @ib={0x1b, 0x8000, 0xfff, {"3f8c0d6cf777eaa6ace6d3ec00ed4771"}, 0x500e, 0x0, 0x5}}}, 0xa0) 1.11677347s ago: executing program 2 (id=1571): bpf$MAP_CREATE(0x0, &(0x7f0000001380)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x3}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xcc, 0xc}, 0x50) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000740)="47ea1334", 0x4}], 0x1}, 0x810) 1.073414824s ago: executing program 3 (id=1581): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8e3453a7b706369d, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r2, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x58}, 0x20) 1.051671835s ago: executing program 4 (id=1572): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x4000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x58, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.004506629s ago: executing program 3 (id=1573): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6815c"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='hug']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 826.569343ms ago: executing program 0 (id=1574): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000400)={0x1, 0x0, [{0x40000096, 0x0, 0x1428}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000"]) 826.315153ms ago: executing program 1 (id=1575): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="89000000120081ae08060cdc016b3f087f03e3520000000000e2ffca1b1f000000000cc00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120800030004010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 669.341056ms ago: executing program 3 (id=1576): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 657.814927ms ago: executing program 4 (id=1577): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) socket$inet6(0xa, 0x80002, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0748cad775fac4daddf988377ce20000040000008000000001008000280000002f5ad814f2aa38937be46ad2b982de16f383c36e07ab5849fc3a9ea129a6f99d7207a93d17b6a48cb0774b7e87910f0e4c8a0a00951fb6ef6ffc7d07e4a326cb6296af43d1e249e64aac53a69c0508c41a2813b41bbaec46d5c90afce7c58889a0332e4a532ad25e29074a8e97c6e3d17eb3e90d7e6f4867c4b171", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fcntl$getown(0xffffffffffffffff, 0x9) r1 = syz_clone(0x20000000, 0x0, 0xf, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000b3af3966897178c700009500000000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet(0x2, 0x3, 0x8d) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20004db0"], 0x0) 598.338212ms ago: executing program 0 (id=1578): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x1ffffffffffffe06, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 555.240635ms ago: executing program 1 (id=1579): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0xfea}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f0000000500)=""/88, &(0x7f0000000480)=""/49}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) 457.340613ms ago: executing program 0 (id=1580): syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)="efdf") 436.136595ms ago: executing program 1 (id=1582): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000004c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000b40)="613b8b36b4d6b96b31099c4887c0", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 429.274465ms ago: executing program 3 (id=1583): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x400, @remote, 0x6}}, 0x80, 0x0}, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x84, &(0x7f0000000000), 0x90) 398.926858ms ago: executing program 4 (id=1584): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8e3453a7b706369d, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r2, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x58}, 0x20) 252.46049ms ago: executing program 0 (id=1585): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) close(r1) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ff0f00000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000e085000000710000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) close_range(r5, 0xffffffffffffffff, 0x0) 252.19669ms ago: executing program 3 (id=1586): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6815c"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 249.83656ms ago: executing program 4 (id=1587): socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806edc3bb4d59a5693b2ef0b76080000000000000014ffffffff2e79075827af5aa534d6815c"], 0x3c}}, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='hug']) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x1fc}, 0x1, 0x0, 0x0, 0x48090}, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) pipe2(&(0x7f0000000140), 0x80800) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 179.533306ms ago: executing program 2 (id=1588): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r1}) 0s ago: executing program 2 (id=1589): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000680)=ANY=[], 0x0, 0x43, 0x0, 0x1, 0x77e4}, 0x28) bpf$ITER_CREATE(0x21, &(0x7f0000000700), 0x42) kernel console output (not intermixed with test programs): [ 96.912201][ T5181] netlink: 68 bytes leftover after parsing attributes in process `syz.3.299'. [ 96.913160][ T5178] usb usb7: usbfs: process 5178 (syz.2.297) did not claim interface 0 before use [ 97.013486][ T5183] loop4: detected capacity change from 0 to 128 [ 97.086406][ T5183] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 97.127272][ T5183] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.218715][ T5196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.302'. [ 97.238876][ T5197] netlink: 108 bytes leftover after parsing attributes in process `syz.0.303'. [ 97.475119][ T5202] netlink: 108 bytes leftover after parsing attributes in process `syz.1.305'. [ 97.522240][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 97.711435][ T5210] netlink: 'syz.2.309': attribute type 10 has an invalid length. [ 97.733579][ T5210] netlink: 40 bytes leftover after parsing attributes in process `syz.2.309'. [ 97.870967][ T5218] usb usb7: usbfs: process 5218 (syz.4.313) did not claim interface 0 before use [ 97.922120][ T5220] netlink: 68 bytes leftover after parsing attributes in process `syz.2.312'. [ 98.211247][ T5229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'. [ 98.452042][ T5240] netlink: 'syz.4.322': attribute type 10 has an invalid length. [ 98.468770][ T5240] netlink: 40 bytes leftover after parsing attributes in process `syz.4.322'. [ 98.550229][ T5240] team0: Port device geneve0 added [ 98.560817][ T5241] device hsr0 entered promiscuous mode [ 98.752343][ T5251] netlink: 68 bytes leftover after parsing attributes in process `syz.1.326'. [ 98.776524][ T5250] netlink: 100 bytes leftover after parsing attributes in process `syz.2.327'. [ 99.173523][ T27] kauditd_printk_skb: 38 callbacks suppressed [ 99.173541][ T27] audit: type=1326 audit(1755755479.942:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.270379][ T27] audit: type=1326 audit(1755755479.942:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.349602][ T27] audit: type=1326 audit(1755755479.942:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.382345][ T27] audit: type=1326 audit(1755755479.942:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.426777][ T5269] IPVS: Error joining to the multicast group [ 99.455731][ T27] audit: type=1326 audit(1755755479.942:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.553243][ T27] audit: type=1326 audit(1755755479.942:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.600641][ T27] audit: type=1326 audit(1755755479.942:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.656146][ T27] audit: type=1326 audit(1755755479.942:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.762373][ T27] audit: type=1326 audit(1755755479.942:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 99.838141][ T27] audit: type=1326 audit(1755755479.942:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5261 comm="syz.4.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x7ffc0000 [ 101.994056][ T5324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 102.017270][ T5326] loop4: detected capacity change from 0 to 1024 [ 102.306884][ T5326] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.696220][ T5326] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 102.883259][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 103.097297][ T5349] __nla_validate_parse: 6 callbacks suppressed [ 103.097311][ T5349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.367'. [ 103.269090][ T5355] netlink: 92 bytes leftover after parsing attributes in process `syz.1.370'. [ 103.287284][ T5349] loop2: detected capacity change from 0 to 512 [ 103.367720][ T5349] EXT4-fs: Ignoring removed i_version option [ 103.375978][ T5358] loop3: detected capacity change from 0 to 512 [ 103.389503][ T5349] EXT4-fs: Ignoring removed nobh option [ 103.410166][ T5349] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 103.424420][ T5356] netlink: 108 bytes leftover after parsing attributes in process `syz.4.369'. [ 103.457644][ T5349] EXT4-fs (loop2): 1 truncate cleaned up [ 103.457680][ T5358] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 103.473151][ T5349] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 103.483043][ T5358] ext4 filesystem being mounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 103.660622][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 103.776208][ T5369] smc: net device bond0 applied user defined pnetid SYZ0 [ 103.783936][ T5369] smc: net device bond0 erased user defined pnetid SYZ0 [ 104.612057][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 104.729514][ T5384] netlink: 100 bytes leftover after parsing attributes in process `syz.4.381'. [ 104.788733][ T27] kauditd_printk_skb: 46 callbacks suppressed [ 104.788748][ T27] audit: type=1326 audit(1755755485.552:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 104.871258][ T27] audit: type=1326 audit(1755755485.552:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 104.969127][ T27] audit: type=1326 audit(1755755485.552:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.000654][ T27] audit: type=1326 audit(1755755485.552:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.031307][ T27] audit: type=1326 audit(1755755485.552:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.067766][ T27] audit: type=1326 audit(1755755485.552:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.130291][ T27] audit: type=1326 audit(1755755485.552:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.201767][ T27] audit: type=1326 audit(1755755485.552:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.260094][ T27] audit: type=1326 audit(1755755485.552:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.292432][ T27] audit: type=1326 audit(1755755485.552:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5382 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 105.567683][ T5391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.383'. [ 105.603623][ T5391] IPVS: Error joining to the multicast group [ 105.660905][ T5397] loop4: detected capacity change from 0 to 512 [ 105.668388][ T5395] siw: device registration error -23 [ 105.674983][ T5397] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 105.752696][ T5397] EXT4-fs (loop4): warning: maximal mount count reached, running e2fsck is recommended [ 105.754012][ T5401] loop0: detected capacity change from 0 to 1024 [ 105.787718][ T5401] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.815760][ T5397] EXT4-fs error (device loop4): ext4_orphan_get:1400: comm syz.4.387: inode #15: comm syz.4.387: iget: illegal inode # [ 105.842445][ T5397] EXT4-fs (loop4): Remounting filesystem read-only [ 105.866600][ T5397] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.387: couldn't read orphan inode 15 (err -117) [ 105.932274][ T5397] EXT4-fs (loop4): Remounting filesystem read-only [ 105.943380][ T5401] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 105.978023][ T5397] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 106.169258][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 106.237208][ T5397] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 3: comm syz.4.387: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 106.309717][ T5397] EXT4-fs (loop4): Remounting filesystem read-only [ 106.328463][ T5411] netlink: 108 bytes leftover after parsing attributes in process `syz.3.389'. [ 106.395391][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 106.523982][ T5424] netlink: 27 bytes leftover after parsing attributes in process `syz.4.395'. [ 106.727129][ T5429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.398'. [ 106.792536][ T5431] siw: device registration error -23 [ 106.863035][ T5432] loop4: detected capacity change from 0 to 1024 [ 106.919589][ T5432] EXT4-fs (loop4): can't mount with commit=32768, fs mounted w/o journal [ 107.312155][ T5443] smc: net device bond0 applied user defined pnetid SYZ0 [ 107.322093][ T5446] smc: net device bond0 erased user defined pnetid SYZ0 [ 108.128522][ T5475] loop3: detected capacity change from 0 to 1024 [ 108.158664][ T5477] smc: net device bond0 applied user defined pnetid SYZ0 [ 108.228342][ T5475] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 108.237225][ T5487] smc: net device bond0 erased user defined pnetid SYZ0 [ 108.254356][ T5486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'. [ 108.463549][ T5496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.423'. [ 109.499579][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 109.559382][ T5496] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.658247][ T5502] netlink: 'syz.1.418': attribute type 21 has an invalid length. [ 109.658727][ T5501] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 109.666097][ T5502] netlink: 128 bytes leftover after parsing attributes in process `syz.1.418'. [ 109.666172][ T5502] netlink: 'syz.1.418': attribute type 5 has an invalid length. [ 109.675863][ T5501] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 109.684783][ T5502] netlink: 3 bytes leftover after parsing attributes in process `syz.1.418'. [ 109.711530][ T5501] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 109.868038][ T5509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.424'. [ 110.034022][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 110.034034][ T27] audit: type=1326 audit(1755755490.832:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.154598][ T27] audit: type=1326 audit(1755755490.862:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.197430][ T27] audit: type=1326 audit(1755755490.862:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.227873][ T27] audit: type=1326 audit(1755755490.862:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.399621][ T27] audit: type=1326 audit(1755755490.862:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.422879][ T27] audit: type=1326 audit(1755755490.862:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.445227][ T27] audit: type=1326 audit(1755755490.862:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.472594][ T27] audit: type=1326 audit(1755755490.882:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.495142][ T27] audit: type=1326 audit(1755755490.882:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.517779][ T27] audit: type=1326 audit(1755755490.882:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4886b8ebe9 code=0x7ffc0000 [ 110.643835][ T5532] rdma_rxe: rxe_register_device failed with error -23 [ 110.651172][ T5532] rdma_rxe: failed to add lo [ 110.867132][ T5529] loop2: detected capacity change from 0 to 512 [ 110.924069][ T5529] EXT4-fs: Ignoring removed mblk_io_submit option [ 110.961782][ T5529] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 111.315517][ T5529] EXT4-fs (loop2): 1 truncate cleaned up [ 111.321280][ T5529] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 111.456838][ T5548] smc: net device bond0 applied user defined pnetid SYZ0 [ 111.464697][ T5548] smc: net device bond0 erased user defined pnetid SYZ0 [ 111.465112][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 111.643311][ T5550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.439'. [ 112.005668][ T5559] netlink: 'syz.1.444': attribute type 10 has an invalid length. [ 112.051789][ T5559] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.090816][ T5559] bond0: (slave team0): Enslaving as an active interface with an up link [ 112.112550][ T5561] netlink: 'syz.4.443': attribute type 10 has an invalid length. [ 112.123424][ T5561] netlink: 40 bytes leftover after parsing attributes in process `syz.4.443'. [ 112.151389][ T5563] netlink: 16 bytes leftover after parsing attributes in process `syz.4.443'. [ 112.201719][ T5562] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 112.656156][ T5574] netlink: 60 bytes leftover after parsing attributes in process `syz.1.449'. [ 113.417243][ T5594] usb usb7: usbfs: process 5594 (syz.3.458) did not claim interface 0 before use [ 113.706548][ T5606] device syzkaller1 entered promiscuous mode [ 114.203645][ T5612] loop3: detected capacity change from 0 to 512 [ 114.288089][ T5612] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 114.297856][ T5612] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.643298][ T5629] usb usb7: usbfs: process 5629 (syz.1.470) did not claim interface 0 before use [ 114.844380][ T5636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.472'. [ 114.947378][ T5640] loop1: detected capacity change from 0 to 512 [ 114.972998][ T5640] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 115.025534][ T5640] EXT4-fs (loop1): orphan cleanup on readonly fs [ 115.037109][ T5640] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:511: comm syz.1.474: Block bitmap for bg 0 marked uninitialized [ 115.103891][ T5640] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 115.124130][ T5640] EXT4-fs (loop1): 1 orphan inode deleted [ 115.129936][ T5640] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 115.142041][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 115.231602][ T5640] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 115.312587][ T5640] EXT4-fs (loop1): re-mounted. Quota mode: none. [ 115.417767][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 115.548608][ T5659] loop1: detected capacity change from 0 to 512 [ 115.601728][ T5659] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 115.611822][ T5659] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.774972][ T5554] Set syz1 is full, maxelem 65536 reached [ 115.818979][ T5665] syz.4.481[5665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.819089][ T5665] syz.4.481[5665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.916522][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 116.094338][ T5675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'. [ 116.176609][ T5681] netlink: 68 bytes leftover after parsing attributes in process `syz.3.489'. [ 116.337046][ T5685] netlink: 'syz.1.491': attribute type 10 has an invalid length. [ 116.396253][ T5691] netlink: 'syz.0.493': attribute type 10 has an invalid length. [ 116.449107][ T27] kauditd_printk_skb: 34 callbacks suppressed [ 116.449120][ T27] audit: type=1326 audit(1755755497.242:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5689 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 116.451483][ T5691] device macvlan0 entered promiscuous mode [ 116.477787][ T27] audit: type=1326 audit(1755755497.262:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5689 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 116.552749][ T27] audit: type=1326 audit(1755755497.282:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5689 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 116.572286][ T5697] usb usb7: usbfs: process 5697 (syz.2.496) did not claim interface 0 before use [ 116.602866][ T5699] loop1: detected capacity change from 0 to 512 [ 116.618984][ T5691] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 116.671063][ T5699] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 116.673985][ T27] audit: type=1326 audit(1755755497.412:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5689 comm="syz.0.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 116.720512][ T5699] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.860506][ T5696] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.883998][ T5706] netlink: 108 bytes leftover after parsing attributes in process `syz.3.494'. [ 116.938294][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 117.030900][ T5696] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.098070][ T5714] tipc: Started in network mode [ 117.103466][ T5714] tipc: Node identity ea25bfdb1e52, cluster identity 4711 [ 117.111076][ T5714] tipc: Enabled bearer , priority 0 [ 117.139112][ T27] audit: type=1326 audit(1755755497.932:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.189043][ T27] audit: type=1326 audit(1755755497.932:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.221031][ T5696] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.237535][ T27] audit: type=1326 audit(1755755497.932:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.261879][ T27] audit: type=1326 audit(1755755497.932:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.286974][ T27] audit: type=1326 audit(1755755497.932:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.309897][ T27] audit: type=1326 audit(1755755497.932:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5715 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 117.370379][ T5714] device syzkaller0 entered promiscuous mode [ 117.385730][ T5714] tipc: Resetting bearer [ 117.549600][ T4486] tipc: Resetting bearer [ 117.555376][ T5727] usb usb7: usbfs: process 5727 (syz.1.508) did not claim interface 0 before use [ 117.573690][ T5723] siw: device registration error -23 [ 117.742363][ T5726] netlink: 12 bytes leftover after parsing attributes in process `syz.3.509'. [ 117.775359][ T5696] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.841976][ T5713] tipc: Resetting bearer [ 118.124907][ T26] tipc: Node number set to 4101488603 [ 118.379803][ T5752] usb usb7: usbfs: process 5752 (syz.1.521) did not claim interface 0 before use [ 118.600700][ T5755] netlink: 108 bytes leftover after parsing attributes in process `syz.2.520'. [ 119.393557][ T5767] loop2: detected capacity change from 0 to 2048 [ 119.412340][ T5767] EXT4-fs: Ignoring removed mblk_io_submit option [ 119.477794][ T5767] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 119.540430][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 120.018155][ T5713] tipc: Disabling bearer [ 120.118204][ T5696] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.179227][ T5784] smc: net device bond0 applied user defined pnetid SYZ0 [ 120.186897][ T5784] smc: net device bond0 erased user defined pnetid SYZ0 [ 120.223874][ T5696] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.784348][ T5696] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.818098][ T5696] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.017171][ T5787] usb usb7: usbfs: process 5787 (syz.0.532) did not claim interface 0 before use [ 121.352134][ T5809] device syzkaller1 entered promiscuous mode [ 121.394431][ T5811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.544'. [ 121.472575][ T5818] smc: net device bond0 applied user defined pnetid SYZ0 [ 121.481676][ T5818] smc: net device bond0 erased user defined pnetid SYZ0 [ 122.417166][ T5827] usb usb7: usbfs: process 5827 (syz.0.551) did not claim interface 0 before use [ 122.520929][ T5834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.552'. [ 122.993034][ T5856] usb usb7: usbfs: process 5856 (syz.1.563) did not claim interface 0 before use [ 124.613484][ T5866] rdma_rxe: already configured on lo [ 125.154447][ T5875] netlink: 48 bytes leftover after parsing attributes in process `syz.2.566'. [ 125.180341][ T5878] netlink: 'syz.3.568': attribute type 2 has an invalid length. [ 125.279653][ T5881] smc: net device bond0 applied user defined pnetid SYZ0 [ 125.290686][ T5881] smc: net device bond0 erased user defined pnetid SYZ0 [ 125.599976][ T5896] usb usb7: usbfs: process 5896 (syz.4.576) did not claim interface 0 before use [ 125.649922][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 125.649936][ T27] audit: type=1326 audit(1755755506.442:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.729071][ T5898] loop2: detected capacity change from 0 to 512 [ 125.861738][ T27] audit: type=1326 audit(1755755506.482:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.902363][ T27] audit: type=1326 audit(1755755506.482:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.925389][ T27] audit: type=1326 audit(1755755506.482:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.940455][ T5898] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 125.947701][ T27] audit: type=1326 audit(1755755506.482:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.947739][ T27] audit: type=1326 audit(1755755506.482:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 125.999292][ T5898] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.003980][ T27] audit: type=1326 audit(1755755506.502:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 126.043728][ T27] audit: type=1326 audit(1755755506.502:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 126.144209][ T5914] loop4: detected capacity change from 0 to 512 [ 126.166537][ T27] audit: type=1326 audit(1755755506.502:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 126.196222][ T27] audit: type=1326 audit(1755755506.502:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5897 comm="syz.2.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 126.208127][ T5912] siw: device registration error -23 [ 126.234070][ T5914] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 126.256959][ T5914] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.325182][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 126.519164][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 126.526892][ T5923] smc: net device bond0 applied user defined pnetid SYZ0 [ 126.541339][ T5923] smc: net device bond0 erased user defined pnetid SYZ0 [ 126.731456][ T5926] netlink: 108 bytes leftover after parsing attributes in process `syz.3.587'. [ 126.763082][ T5931] loop1: detected capacity change from 0 to 128 [ 126.842548][ T5934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.592'. [ 126.867508][ T5931] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 126.903449][ T5931] System zones: 1-3, 19-19, 35-36 [ 126.910069][ T5931] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 126.950474][ T5940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.593'. [ 127.002581][ T5931] ext4 filesystem being mounted at /116/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 127.985594][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 128.177533][ T5955] lo speed is unknown, defaulting to 1000 [ 128.664186][ T5955] lo speed is unknown, defaulting to 1000 [ 128.819736][ T5957] loop2: detected capacity change from 0 to 512 [ 128.904958][ T5960] siw: device registration error -23 [ 128.944670][ T5968] capability: warning: `syz.4.602' uses deprecated v2 capabilities in a way that may be insecure [ 128.958199][ T5957] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 129.003017][ T5957] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.082250][ T5974] smc: net device bond0 applied user defined pnetid SYZ0 [ 129.109128][ T5974] smc: net device bond0 erased user defined pnetid SYZ0 [ 129.271639][ T5978] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 129.271639][ T5978] program syz.3.606 not setting count and/or reply_len properly [ 129.310641][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 129.387039][ T5976] netlink: 108 bytes leftover after parsing attributes in process `syz.1.605'. [ 129.572699][ T5991] syz.3.611[5991] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.572793][ T5991] syz.3.611[5991] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.964778][ T6000] 9pnet: Could not find request transport: 0xffffffffffffffff [ 130.218912][ T6016] usb usb7: usbfs: process 6016 (syz.3.620) did not claim interface 0 before use [ 130.398962][ T6027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.625'. [ 130.516453][ T6034] loop3: detected capacity change from 0 to 1756 [ 130.539798][ T6036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.627'. [ 130.789649][ T6042] smc: net device bond0 applied user defined pnetid SYZ0 [ 130.830049][ T6042] smc: net device bond0 erased user defined pnetid SYZ0 [ 130.952623][ T6047] siw: device registration error -23 [ 130.997210][ T6051] loop4: detected capacity change from 0 to 512 [ 131.006995][ T6050] loop3: detected capacity change from 0 to 1024 [ 131.095001][ T6051] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 131.114993][ T6050] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 131.147821][ T6051] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.156446][ T4686] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 131.178094][ T4686] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 131.198362][ T4686] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x3 [ 131.222054][ T4686] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 131.526371][ T6068] fido_id[6068]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 131.693180][ T6080] smc: net device bond0 applied user defined pnetid SYZ0 [ 131.704998][ T6080] smc: net device bond0 erased user defined pnetid SYZ0 [ 131.774784][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 131.784620][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 132.013005][ T6090] siw: device registration error -23 [ 132.097005][ T6096] device pim6reg1 entered promiscuous mode [ 132.284767][ T6098] netlink: 108 bytes leftover after parsing attributes in process `syz.3.651'. [ 132.442556][ T6103] rdma_rxe: rxe_register_device failed with error -23 [ 132.449808][ T6103] rdma_rxe: failed to add lo [ 132.638068][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.851644][ T6115] loop4: detected capacity change from 0 to 512 [ 132.986198][ T6115] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 133.018698][ T6115] ext4 filesystem being mounted at /130/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 133.038863][ T6115] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #2: comm syz.4.657: corrupted inode contents [ 133.056879][ T6115] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #2: comm syz.4.657: mark_inode_dirty error [ 133.073710][ T6121] smc: net device bond0 applied user defined pnetid SYZ0 [ 133.081197][ T6121] smc: net device bond0 erased user defined pnetid SYZ0 [ 133.155737][ T6115] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #2: comm syz.4.657: corrupted inode contents [ 133.218878][ T6122] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #2: comm syz.4.657: corrupted inode contents [ 133.255833][ T6122] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #2: comm syz.4.657: mark_inode_dirty error [ 133.279149][ T6122] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #2: comm syz.4.657: corrupted inode contents [ 133.301967][ T6122] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.657: mark_inode_dirty error [ 133.320522][ T6122] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #2: comm syz.4.657: corrupted inode contents [ 133.333803][ T6122] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #2: comm syz.4.657: mark_inode_dirty error [ 133.441767][ T4264] EXT4-fs (loop4): unmounting filesystem. [ 133.607611][ T6134] device syzkaller0 entered promiscuous mode [ 133.962019][ T6153] syz.4.668[6153] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.962112][ T6153] syz.4.668[6153] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.104827][ T27] kauditd_printk_skb: 50 callbacks suppressed [ 134.104843][ T27] audit: type=1326 audit(1755755514.872:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6152 comm="syz.4.668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f2c9c785ba7 code=0x0 [ 134.202398][ T6161] smc: net device bond0 applied user defined pnetid SYZ0 [ 134.211484][ T6161] smc: net device bond0 erased user defined pnetid SYZ0 [ 134.227619][ T6159] netlink: 108 bytes leftover after parsing attributes in process `syz.1.670'. [ 134.532750][ T6168] usb usb7: usbfs: process 6168 (syz.3.675) did not claim interface 0 before use [ 134.838173][ T6172] smc: net device bond0 applied user defined pnetid SYZ0 [ 134.973716][ T6176] siw: device registration error -23 [ 136.205813][ T6179] loop4: detected capacity change from 0 to 512 [ 136.238726][ T6179] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 136.298286][ T6178] sctp: [Deprecated]: syz.4.678 (pid 6178) Use of struct sctp_assoc_value in delayed_ack socket option. [ 136.298286][ T6178] Use struct sctp_sack_info instead [ 136.341441][ T27] audit: type=1800 audit(1755755517.132:267): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.678" name="file1" dev="loop4" ino=1048597 res=0 errno=0 [ 136.579883][ T6188] loop3: detected capacity change from 0 to 2048 [ 136.617269][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.684'. [ 136.790257][ T6188] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 136.991293][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 137.066644][ T6210] siw: device registration error -23 [ 137.159117][ T6217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.693'. [ 137.301058][ T6220] siw: device registration error -23 [ 137.328528][ T27] audit: type=1326 audit(1755755518.122:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.363093][ T6221] loop3: detected capacity change from 0 to 1024 [ 137.412661][ T6221] EXT4-fs (loop3): can't mount with commit=32768, fs mounted w/o journal [ 137.429156][ T27] audit: type=1326 audit(1755755518.122:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.512765][ T27] audit: type=1326 audit(1755755518.122:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.578236][ T27] audit: type=1326 audit(1755755518.152:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.622909][ T27] audit: type=1326 audit(1755755518.152:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.647784][ T27] audit: type=1326 audit(1755755518.152:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.680871][ T27] audit: type=1326 audit(1755755518.152:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.709592][ T27] audit: type=1326 audit(1755755518.152:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 137.823221][ T6223] netlink: 'syz.4.696': attribute type 10 has an invalid length. [ 137.870532][ T6223] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.880508][ T6223] bond0: (slave team0): Enslaving as an active interface with an up link [ 137.900148][ T6224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.697'. [ 138.688694][ T6264] loop2: detected capacity change from 0 to 2048 [ 138.758759][ T6264] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 138.822382][ T6274] netlink: 4 bytes leftover after parsing attributes in process `syz.4.715'. [ 138.928491][ T6273] netlink: 'syz.0.716': attribute type 10 has an invalid length. [ 138.979979][ T6275] siw: device registration error -23 [ 138.994996][ T6273] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.034185][ T6273] bond0: (slave team0): Enslaving as an active interface with an up link [ 139.182987][ T6278] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 139.390664][ T6287] tipc: Started in network mode [ 139.402388][ T6287] tipc: Node identity 4, cluster identity 4711 [ 139.417452][ T6287] tipc: Node number set to 4 [ 139.774232][ T6300] siw: device registration error -23 [ 139.813151][ T5871] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 139.830302][ T5871] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 139.871893][ T5871] EXT4-fs (loop2): This should not happen!! Data will be lost [ 139.871893][ T5871] [ 139.894965][ T5871] EXT4-fs (loop2): Total free blocks count 0 [ 139.901219][ T5871] EXT4-fs (loop2): Free/Dirty block details [ 139.922797][ T5871] EXT4-fs (loop2): free_blocks=2415919504 [ 139.929374][ T5871] EXT4-fs (loop2): dirty_blocks=4048 [ 139.935000][ T5871] EXT4-fs (loop2): Block reservation details [ 139.947880][ T5871] EXT4-fs (loop2): i_reserved_data_blocks=253 [ 139.968122][ T5871] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 140.035943][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.4.728'. [ 140.131935][ T6311] netlink: 28 bytes leftover after parsing attributes in process `syz.1.731'. [ 140.151225][ T6311] netlink: 32 bytes leftover after parsing attributes in process `syz.1.731'. [ 140.173118][ T6311] netlink: 28 bytes leftover after parsing attributes in process `syz.1.731'. [ 140.196919][ T6311] netlink: 32 bytes leftover after parsing attributes in process `syz.1.731'. [ 140.284286][ T6316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 140.469276][ T6316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 140.556804][ T6327] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'. [ 140.834251][ T6341] loop4: detected capacity change from 0 to 256 [ 141.069087][ T6344] lo speed is unknown, defaulting to 1000 [ 141.118756][ T6358] syz.1.748[6358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.118851][ T6358] syz.1.748[6358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.296317][ T6362] device geneve2 entered promiscuous mode [ 141.497387][ T6344] lo speed is unknown, defaulting to 1000 [ 141.566657][ T6367] loop3: detected capacity change from 0 to 1024 [ 141.707882][ T6367] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 142.221007][ T6367] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 142.630487][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 142.785293][ T6388] rdma_rxe: rxe_register_device failed with error -23 [ 142.792601][ T6388] rdma_rxe: failed to add lo [ 143.330213][ T6390] netlink: 'syz.0.758': attribute type 13 has an invalid length. [ 143.443779][ T6390] netlink: 'syz.0.758': attribute type 17 has an invalid length. [ 143.923248][ T6411] loop1: detected capacity change from 0 to 512 [ 143.978835][ T6411] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 144.078098][ T6411] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c11c, mo2=0102] [ 144.153112][ T6411] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.765: corrupted in-inode xattr [ 144.191148][ T6419] loop3: detected capacity change from 0 to 512 [ 144.202660][ T6411] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.765: couldn't read orphan inode 15 (err -117) [ 144.232302][ T6411] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 144.343956][ T6419] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 144.432746][ T6419] EXT4-fs error (device loop3): ext4_quota_enable:7018: comm syz.3.767: Bad quota inum: 29696, type: 1 [ 144.455515][ T6419] EXT4-fs warning (device loop3): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix. [ 144.952636][ T6419] EXT4-fs (loop3): mount failed [ 145.130768][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 145.240182][ T6435] __nla_validate_parse: 1 callbacks suppressed [ 145.240197][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.772'. [ 145.493495][ T6443] hub 6-0:1.0: USB hub found [ 145.503641][ T6443] hub 6-0:1.0: 1 port detected [ 145.777069][ T6449] smc: net device bond0 erased user defined pnetid SYZ0 [ 146.221756][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.239146][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.262023][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.282932][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.289903][ T6473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.787'. [ 146.300872][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.317983][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.326182][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.333861][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.341627][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.349731][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.369683][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.382882][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.397934][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.412319][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.427272][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.443354][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.457815][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.475063][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.497572][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.513120][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.528864][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.543235][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.558820][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.577327][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.621100][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.675774][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.698161][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.716236][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.731818][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.740942][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.757459][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.769816][ T4999] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 146.788154][ T4999] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 147.205261][ T6499] fido_id[6499]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 147.222548][ T6505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.800'. [ 148.309760][ T6523] loop1: detected capacity change from 0 to 512 [ 148.364771][ T6525] siw: device registration error -23 [ 148.408026][ T6523] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 148.438869][ T6523] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.646346][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 148.710586][ T27] kauditd_printk_skb: 39 callbacks suppressed [ 148.710601][ T27] audit: type=1326 audit(1755755529.492:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 148.814270][ T27] audit: type=1326 audit(1755755529.502:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 148.851555][ T6541] usb usb7: usbfs: process 6541 (syz.1.814) did not claim interface 0 before use [ 148.917241][ T27] audit: type=1326 audit(1755755529.542:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 148.999223][ T27] audit: type=1326 audit(1755755529.542:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.194306][ T27] audit: type=1326 audit(1755755529.542:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.217448][ T27] audit: type=1326 audit(1755755529.542:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.241001][ T27] audit: type=1326 audit(1755755529.542:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.282720][ T27] audit: type=1326 audit(1755755529.542:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.422498][ T27] audit: type=1326 audit(1755755529.542:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 149.893831][ T27] audit: type=1326 audit(1755755529.552:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6536 comm="syz.2.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cac98ebe9 code=0x7ffc0000 [ 150.004900][ T6553] device syzkaller1 entered promiscuous mode [ 150.562574][ T6583] usb usb7: usbfs: process 6583 (syz.4.830) did not claim interface 0 before use [ 150.573793][ T6585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'. [ 150.786555][ T6586] lo speed is unknown, defaulting to 1000 [ 151.811509][ T6586] lo speed is unknown, defaulting to 1000 [ 152.122425][ T6615] netlink: 108 bytes leftover after parsing attributes in process `syz.4.837'. [ 152.489050][ T6630] netlink: 'wg1': attribute type 13 has an invalid length. [ 152.512202][ T6630] netlink: 'wg1': attribute type 17 has an invalid length. [ 152.784255][ T6630] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 152.888461][ T6630] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 154.277428][ T4308] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 154.507251][ T4308] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 154.537871][ T4308] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 154.588483][ T4308] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.640118][ T4308] usb 4-1: config 0 descriptor?? [ 155.026133][ T4323] usb 4-1: USB disconnect, device number 2 [ 155.056132][ T6695] lo speed is unknown, defaulting to 1000 [ 155.169770][ T6695] lo speed is unknown, defaulting to 1000 [ 156.239786][ T6709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.865'. [ 156.283939][ T6709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.865'. [ 156.471755][ T6722] siw: device registration error -23 [ 156.608571][ T6726] loop3: detected capacity change from 0 to 1024 [ 157.032351][ T6730] netlink: 360 bytes leftover after parsing attributes in process `syz.0.874'. [ 157.309747][ T6730] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:e4fd:6eff:fe43:1e49 error=-28 [ 157.402790][ T6726] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 157.674262][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 157.876018][ T6730] infiniband syz!: set active [ 158.100986][ T6730] infiniband syz!: added team_slave_0 [ 158.328628][ T6730] rdma_rxe: unable to create cq [ 158.392087][ T6730] infiniband syz!: Couldn't create ib_mad CQ [ 158.445456][ T6730] infiniband syz!: Couldn't open port 1 [ 158.570548][ T6730] RDS/IB: syz!: added [ 158.578122][ T6730] smc: adding ib device syz! with port count 1 [ 158.598218][ T6753] netlink: 20 bytes leftover after parsing attributes in process `syz.1.878'. [ 158.608216][ T6730] smc: ib device syz! port 1 has pnetid [ 158.628369][ T6753] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 158.636253][ T6753] IPv6: NLM_F_CREATE should be set when creating new route [ 158.732940][ T6741] netlink: 'syz.2.876': attribute type 6 has an invalid length. [ 162.631577][ T6793] rdma_rxe: rxe_register_device failed with error -23 [ 162.631609][ T6782] siw: device registration error -23 [ 162.638913][ T6793] rdma_rxe: failed to add lo [ 164.355624][ T6871] capability: warning: `syz.0.907' uses 32-bit capabilities (legacy support in use) [ 164.473884][ T6875] tipc: Started in network mode [ 164.484471][ T6875] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 164.710782][ T6875] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 164.840963][ T6875] tipc: Enabled bearer , priority 10 [ 165.281167][ T27] kauditd_printk_skb: 39 callbacks suppressed [ 165.281180][ T27] audit: type=1326 audit(1755755546.072:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.339926][ T27] audit: type=1326 audit(1755755546.122:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.391342][ T27] audit: type=1326 audit(1755755546.122:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.435913][ T27] audit: type=1326 audit(1755755546.122:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.536920][ T27] audit: type=1326 audit(1755755546.122:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.564200][ T27] audit: type=1326 audit(1755755546.122:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.609535][ T27] audit: type=1326 audit(1755755546.122:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 165.756742][ T6906] rdma_rxe: already configured on lo [ 165.782825][ T27] audit: type=1326 audit(1755755546.122:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 166.319978][ T27] audit: type=1326 audit(1755755546.122:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 166.374468][ T4320] tipc: Node number set to 1 [ 166.423913][ T27] audit: type=1326 audit(1755755546.122:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f3b8ebe9 code=0x7ffc0000 [ 167.600881][ T6946] siw: device registration error -23 [ 168.165768][ T6979] netlink: 24 bytes leftover after parsing attributes in process `syz.0.941'. [ 168.415955][ T6980] lo speed is unknown, defaulting to 1000 [ 168.784827][ T6980] lo speed is unknown, defaulting to 1000 [ 169.971979][ T14] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 170.163667][ T14] usb 3-1: Using ep0 maxpacket: 32 [ 170.170593][ T14] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.224429][ T14] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.253515][ T14] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 170.269076][ T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.286729][ T14] usb 3-1: config 0 descriptor?? [ 170.787628][ T7068] rdma_rxe: rxe_register_device failed with error -23 [ 170.794871][ T7068] rdma_rxe: failed to add lo [ 171.474674][ T14] koneplus 0003:1E7D:2D51.0003: item fetching failed at offset 2/5 [ 171.484337][ T14] koneplus 0003:1E7D:2D51.0003: parse failed [ 171.490684][ T14] koneplus: probe of 0003:1E7D:2D51.0003 failed with error -22 [ 171.659112][ T954] usb 3-1: USB disconnect, device number 2 [ 172.144096][ T7103] sctp: [Deprecated]: syz.0.962 (pid 7103) Use of struct sctp_assoc_value in delayed_ack socket option. [ 172.144096][ T7103] Use struct sctp_sack_info instead [ 172.832676][ T7116] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 172.980591][ T7116] kvm: pic: non byte write [ 174.503534][ T954] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 174.696362][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.989'. [ 174.800701][ T954] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 174.834757][ T954] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 174.848717][ T954] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 174.872887][ T954] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.416085][ T954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.425639][ T954] usb 4-1: Product: syz [ 175.429883][ T954] usb 4-1: Manufacturer: syz [ 175.435802][ T954] usb 4-1: SerialNumber: syz [ 175.461008][ T7162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 175.847719][ T7162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 175.880114][ T7162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 176.611273][ T7162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 176.649792][ T7162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 176.694686][ T7231] lo speed is unknown, defaulting to 1000 [ 176.857738][ T7231] lo speed is unknown, defaulting to 1000 [ 176.892496][ T954] cdc_ncm 4-1:1.0: failed to get mac address [ 177.101776][ T954] cdc_ncm 4-1:1.0: bind() failure [ 177.122504][ T954] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 177.138371][ T954] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 177.149037][ T954] usbtest: probe of 4-1:1.1 failed with error -71 [ 177.181036][ T954] usb 4-1: USB disconnect, device number 3 [ 177.925321][ T954] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 178.123609][ T954] usb 5-1: Using ep0 maxpacket: 32 [ 178.198869][ T954] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 178.362143][ T954] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 178.526131][ T954] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 178.608196][ T954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 178.635426][ T954] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 178.693737][ T954] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 178.723482][ T954] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 178.732638][ T954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.755856][ T7310] loop3: detected capacity change from 0 to 512 [ 178.760881][ T954] usb 5-1: config 0 descriptor?? [ 178.847403][ T7310] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 178.869500][ T7310] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.036864][ T954] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 179.079847][ T954] usb 5-1: USB disconnect, device number 2 [ 179.110793][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 179.142282][ T954] usblp0: removed [ 179.264978][ T7343] usb usb7: usbfs: process 7343 (syz.2.1009) did not claim interface 0 before use [ 179.319970][ T7345] netlink: 'syz.3.1008': attribute type 10 has an invalid length. [ 179.367260][ T7345] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.395150][ T7352] siw: device registration error -23 [ 179.407414][ T7345] bond0: (slave team0): Enslaving as an active interface with an up link [ 179.683639][ T954] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 179.993580][ T954] usb 5-1: Using ep0 maxpacket: 32 [ 180.000698][ T954] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 180.045555][ T954] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 180.172104][ T954] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 180.680830][ T954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 180.763843][ T954] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 180.800319][ T954] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 180.818304][ T4282] Bluetooth: hci1: command 0x0406 tx timeout [ 180.823643][ T4281] Bluetooth: hci3: command 0x0406 tx timeout [ 180.824353][ T4282] Bluetooth: hci0: command 0x0406 tx timeout [ 180.830322][ T4281] Bluetooth: hci2: command 0x0406 tx timeout [ 180.839547][ T4282] Bluetooth: hci4: command 0x0406 tx timeout [ 180.860443][ T7396] loop2: detected capacity change from 0 to 512 [ 180.934048][ T954] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 180.949100][ T954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.960199][ T7396] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 180.994021][ T954] usb 5-1: config 0 descriptor?? [ 181.000158][ T7396] ext4 filesystem being mounted at /199/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.011990][ T954] usb 5-1: can't set config #0, error -71 [ 181.024765][ T954] usb 5-1: USB disconnect, device number 3 [ 181.160428][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 181.959968][ T7426] device syzkaller1 entered promiscuous mode [ 182.024543][ T7433] smc: net device bond0 applied user defined pnetid SYZ0 [ 182.032152][ T7433] smc: net device bond0 erased user defined pnetid SYZ0 [ 182.063173][ T7439] tipc: Enabling of bearer rejected, failed to enable media [ 182.072026][ T954] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 182.378505][ T954] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 182.393750][ T954] usb 5-1: config 0 has no interface number 0 [ 182.400260][ T954] usb 5-1: config 0 interface 214 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 182.496907][ T954] usb 5-1: config 0 interface 214 has no altsetting 0 [ 182.589262][ T954] usb 5-1: New USB device found, idVendor=07c9, idProduct=000e, bcdDevice=5d.4f [ 182.615079][ T954] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.626788][ T954] usb 5-1: Product: syz [ 182.631250][ T954] usb 5-1: Manufacturer: syz [ 182.638982][ T954] usb 5-1: SerialNumber: syz [ 182.736813][ T954] usb 5-1: config 0 descriptor?? [ 182.787438][ T7394] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 183.024538][ T7468] kvm: MWAIT instruction emulated as NOP! [ 183.119855][ T7394] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 183.427183][ T7493] smc: net device bond0 applied user defined pnetid SYZ0 [ 183.449785][ T7493] smc: net device bond0 erased user defined pnetid SYZ0 [ 183.651148][ T7502] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1041'. [ 183.681480][ T7506] loop3: detected capacity change from 0 to 1024 [ 183.729152][ T7506] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 183.780791][ T7514] loop1: detected capacity change from 0 to 512 [ 183.868599][ T7514] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 183.883997][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 183.888104][ T7514] ext4 filesystem being mounted at /205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.943797][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 184.764364][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -32 [ 184.839446][ T7] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 184.861018][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0006: -32 [ 184.893066][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): invalid MAC address, using random [ 185.056270][ T7552] usb usb7: usbfs: process 7552 (syz.1.1054) did not claim interface 0 before use [ 185.069157][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 185.082365][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.102721][ T7] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 185.151594][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.183271][ T7] usb 4-1: config 0 descriptor?? [ 185.195021][ T7] hub 4-1:0.0: USB hub found [ 185.395458][ T7571] loop1: detected capacity change from 0 to 512 [ 185.404577][ T7] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 185.419642][ T7] usbhid 4-1:0.0: can't add hid device: -71 [ 185.429203][ T7] usbhid: probe of 4-1:0.0 failed with error -71 [ 185.469800][ T7571] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 185.480117][ T7571] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.504629][ T7] usb 4-1: USB disconnect, device number 4 [ 185.560328][ T4263] EXT4-fs (loop1): unmounting filesystem. [ 185.719990][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 185.731325][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 185.742729][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71 [ 185.755360][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 185.766741][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71 [ 185.777917][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71 [ 185.789661][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71 [ 185.813249][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71 [ 185.825258][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71 [ 185.836751][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71 [ 185.863723][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71 [ 185.873420][ T5001] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 185.880098][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 185.942128][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 185.975641][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 185.995209][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71 [ 186.016554][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 186.049118][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 186.075306][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71 [ 186.090939][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71 [ 186.102749][ T5001] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 186.116722][ T5001] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 186.133207][ T5001] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 186.133721][ T954] ax88179_178a 5-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 186.146656][ T5001] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.178429][ T954] ax88179_178a 5-1:0.214 eth1: register 'ax88179_178a' at usb-dummy_hcd.4-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter, 96:bc:40:7c:9d:9d [ 186.213410][ T954] usb 5-1: USB disconnect, device number 4 [ 186.226717][ T5001] usb 2-1: config 0 descriptor?? [ 186.237183][ T954] ax88179_178a 5-1:0.214 eth1: unregister 'ax88179_178a' usb-dummy_hcd.4-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter [ 186.268436][ T5001] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 187.245535][ T7645] loop2: detected capacity change from 0 to 512 [ 187.304558][ T7645] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 187.358737][ T7645] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.397181][ T7654] siw: device registration error -23 [ 187.508720][ T7661] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1071'. [ 187.530086][ T4265] EXT4-fs (loop2): unmounting filesystem. [ 187.711593][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1075'. [ 187.762314][ T7676] usb usb7: usbfs: process 7676 (syz.4.1074) did not claim interface 0 before use [ 188.670710][ T5001] usb 2-1: USB disconnect, device number 2 [ 189.650957][ T7742] binder: 7730:7742 ioctl c0306201 200000000100 returned -14 [ 189.845082][ T7757] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1087'. [ 189.918301][ T7758] smc: net device bond0 applied user defined pnetid SYZ0 [ 189.931403][ T7758] smc: net device bond0 erased user defined pnetid SYZ0 [ 189.994869][ T7763] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1089'. [ 190.253813][ T7774] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1090'. [ 191.413369][ T5001] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 191.511078][ T7820] siw: device registration error -23 [ 191.613399][ T5001] usb 3-1: Using ep0 maxpacket: 32 [ 191.628227][ T5001] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 191.651119][ T5001] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 191.681792][ T5001] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.694285][ T5001] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 191.724811][ T5001] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 191.743562][ T5001] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 191.747361][ T954] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 191.783157][ T5001] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 191.792570][ T7837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1108'. [ 191.822032][ T5001] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.852750][ T5001] usb 3-1: config 0 descriptor?? [ 192.051186][ T7847] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1110'. [ 192.071509][ T5001] usb 3-1: USB disconnect, device number 3 [ 192.143546][ T954] usb 5-1: Using ep0 maxpacket: 8 [ 192.150840][ T954] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 192.160055][ T954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.282105][ T954] usb 5-1: config 0 descriptor?? [ 193.034591][ T7871] siw: device registration error -23 [ 194.082247][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.403720][ T4999] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 194.615004][ T4999] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 194.618756][ T954] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 194.633352][ T4999] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 194.664087][ T4999] usb 1-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00 [ 194.665208][ T954] asix: probe of 5-1:0.0 failed with error -71 [ 194.676023][ T4999] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.699892][ T954] usb 5-1: USB disconnect, device number 5 [ 194.741974][ T4999] usb 1-1: config 0 descriptor?? [ 194.754825][ T7894] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 195.200428][ T4999] holtek_mouse 0003:04D9:A081.0004: hidraw0: USB HID v1.21 Device [HID 04d9:a081] on usb-dummy_hcd.0-1/input0 [ 195.523654][ T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 195.564722][ T5001] usb 1-1: USB disconnect, device number 2 [ 195.740384][ T7] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 195.772436][ T7] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 195.803985][ T7] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 195.844486][ T7] usb 3-1: config 220 has no interface number 2 [ 195.881471][ T7] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 195.929070][ T7] usb 3-1: config 220 interface 0 has no altsetting 0 [ 195.942190][ T7] usb 3-1: config 220 interface 76 has no altsetting 0 [ 195.963222][ T7] usb 3-1: config 220 interface 1 has no altsetting 0 [ 196.001923][ T7] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 196.034784][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.042815][ T7] usb 3-1: Product: syz [ 196.057383][ T7983] fido_id[7983]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 196.088137][ T7] usb 3-1: Manufacturer: syz [ 196.092991][ T7] usb 3-1: SerialNumber: syz [ 196.125294][ T7989] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1138'. [ 196.389680][ T7] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 196.408646][ T7] usb 3-1: No valid video chain found. [ 196.415795][ T7] usb 3-1: selecting invalid altsetting 0 [ 196.469924][ T7] usb 3-1: selecting invalid altsetting 0 [ 196.483999][ T7] usbtest: probe of 3-1:220.1 failed with error -22 [ 196.503499][ T7] usb 3-1: USB disconnect, device number 4 [ 196.657718][ T8028] smc: net device bond0 applied user defined pnetid SYZ0 [ 196.665606][ T8028] smc: net device bond0 erased user defined pnetid SYZ0 [ 196.903075][ T8043] netlink: 'syz.0.1151': attribute type 10 has an invalid length. [ 196.918325][ T8043] siw: device registration error -23 [ 197.177459][ T4686] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 197.244966][ T8058] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1153'. [ 197.363608][ T4686] usb 4-1: Using ep0 maxpacket: 16 [ 197.372610][ T4686] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.415817][ T4686] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 197.419039][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1158'. [ 197.462776][ T4686] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 197.481002][ T4686] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.489519][ T4686] usb 4-1: Product: syz [ 197.494685][ T4686] usb 4-1: Manufacturer: syz [ 197.499455][ T4686] usb 4-1: SerialNumber: syz [ 197.513445][ T7] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 197.697740][ T8089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1159'. [ 197.706818][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 197.719492][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.732596][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.769002][ T7] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 197.779111][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.801728][ T7] usb 2-1: config 0 descriptor?? [ 197.815462][ T7] hub 2-1:0.0: USB hub found [ 197.918755][ T4686] usb 4-1: cannot find UAC_HEADER [ 198.014696][ T7] hub 2-1:0.0: 1 port detected [ 198.060287][ T4686] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 198.120144][ T4271] udevd[4271]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 198.129064][ T4686] usb 4-1: USB disconnect, device number 5 [ 198.305964][ T8130] siw: device registration error -23 [ 198.631732][ T7] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 198.631924][ T4686] usb 2-1: USB disconnect, device number 3 [ 199.003467][ T954] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 199.203795][ T954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 199.222077][ T954] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 199.238200][ T8169] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1172'. [ 199.272686][ T954] usb 1-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00 [ 199.288372][ T954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.385046][ T8172] 9pnet: p9_errstr2errno: server reported unknown error 1844674407 [ 199.395038][ T4335] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 199.407571][ T954] usb 1-1: config 0 descriptor?? [ 199.416385][ T8133] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 199.592927][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1174'. [ 199.623473][ T4335] usb 4-1: Using ep0 maxpacket: 8 [ 199.646906][ T4335] usb 4-1: unable to get BOS descriptor or descriptor too short [ 199.676079][ T4335] usb 4-1: config 7 has an invalid interface number: 204 but max is 0 [ 199.704507][ T4335] usb 4-1: config 7 has no interface number 0 [ 199.720095][ T4335] usb 4-1: config 7 interface 204 has no altsetting 0 [ 199.738757][ T4335] usb 4-1: string descriptor 0 read error: -22 [ 199.758887][ T4335] usb 4-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 199.769832][ T4335] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.986129][ T4335] asix 4-1:7.204 (unnamed net_device) (uninitialized): invalid hw address, using random [ 200.046957][ T954] usb 1-1: string descriptor 0 read error: -71 [ 200.058206][ T954] uclogic 0003:5543:0045.0005: failed retrieving string descriptor #200: -71 [ 200.073102][ T954] uclogic 0003:5543:0045.0005: failed retrieving pen parameters: -71 [ 200.081931][ T954] uclogic 0003:5543:0045.0005: failed probing pen v2 parameters: -71 [ 200.090479][ T954] uclogic 0003:5543:0045.0005: failed probing parameters: -71 [ 200.099910][ T954] uclogic: probe of 0003:5543:0045.0005 failed with error -71 [ 200.246095][ T954] usb 1-1: USB disconnect, device number 3 [ 200.816589][ T4335] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 200.912577][ T4335] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 201.123671][ T4335] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 201.144026][ T4335] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 201.193232][ T8233] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1181'. [ 201.323418][ T8244] netlink: 'syz.0.1184': attribute type 10 has an invalid length. [ 201.342176][ T8244] siw: device registration error -23 [ 201.381224][ T4335] asix 4-1:7.204 eth1: register 'asix' at usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet, c6:03:1f:3f:28:7c [ 201.426981][ T4335] usb 4-1: USB disconnect, device number 6 [ 201.456276][ T4335] asix 4-1:7.204 eth1: unregister 'asix' usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet [ 201.680597][ T8281] siw: device registration error -23 [ 201.833679][ T4330] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 202.048498][ T4330] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.068310][ T4330] usb 1-1: config 0 interface 0 has no altsetting 0 [ 202.078514][ T4330] usb 1-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 202.089230][ T4330] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.159826][ T8306] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1193'. [ 202.701528][ T4330] usb 1-1: config 0 descriptor?? [ 203.114091][ T4330] logitech 0003:046D:C50C.0006: item fetching failed at offset 4/5 [ 203.122505][ T4330] logitech 0003:046D:C50C.0006: parse failed [ 203.153400][ T4323] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 203.162454][ T4330] logitech: probe of 0003:046D:C50C.0006 failed with error -22 [ 203.217451][ T8348] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1201'. [ 203.341389][ T4330] usb 1-1: USB disconnect, device number 4 [ 203.373438][ T4323] usb 5-1: Using ep0 maxpacket: 32 [ 203.380421][ T4323] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 203.406747][ T4323] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 203.418928][ T8362] siw: device registration error -23 [ 203.425760][ T4323] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 203.446619][ T4323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 203.456859][ T4323] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 203.472857][ T4323] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 203.486598][ T4323] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 203.495893][ T4323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.516668][ T4323] usb 5-1: config 0 descriptor?? [ 203.734961][ T4323] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 203.762766][ T4323] usb 5-1: USB disconnect, device number 6 [ 203.787145][ T4323] usblp0: removed [ 204.970069][ T4323] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 204.985809][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1211'. [ 205.053740][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1211'. [ 205.163374][ T4323] usb 5-1: Using ep0 maxpacket: 32 [ 205.173262][ T4323] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 205.196809][ T4323] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 205.229706][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1213'. [ 205.233369][ T4323] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 205.279896][ T4323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 205.315854][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1211'. [ 205.329596][ T4323] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 205.342097][ T4323] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 205.362081][ T4323] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 205.393658][ T4323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.408216][ T4323] usb 5-1: config 0 descriptor?? [ 205.634891][ T4323] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 205.723752][ T4330] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 205.746439][ T8458] device syzkaller0 entered promiscuous mode [ 205.927931][ T4330] usb 4-1: Using ep0 maxpacket: 16 [ 205.948576][ T4330] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 205.963678][ T4330] usb 4-1: config 0 has no interface number 0 [ 205.969958][ T4330] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 206.002285][ T4330] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 206.073729][ T4686] usb 5-1: USB disconnect, device number 7 [ 206.710337][ T4330] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 206.719692][ T4330] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.728501][ T4686] usblp0: removed [ 206.737646][ T4330] usb 4-1: Product: syz [ 206.742183][ T4330] usb 4-1: Manufacturer: syz [ 206.748534][ T4330] usb 4-1: SerialNumber: syz [ 206.761491][ T4330] usb 4-1: config 0 descriptor?? [ 206.767637][ T8443] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 206.775236][ T8443] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 207.079633][ T8498] rdma_rxe: rxe_register_device failed with error -23 [ 207.087041][ T8498] rdma_rxe: failed to add lo [ 207.759826][ T8443] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 207.789940][ T8443] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 208.085919][ T8509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1226'. [ 208.203852][ T4330] asix 4-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 208.215469][ T4330] asix: probe of 4-1:0.251 failed with error -524 [ 208.419194][ T4330] usb 4-1: USB disconnect, device number 7 [ 209.973955][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1230'. [ 210.176858][ T8565] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 210.428303][ T8576] siw: device registration error -23 [ 210.502051][ T4686] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 210.676285][ T8590] netlink: 'syz.3.1241': attribute type 10 has an invalid length. [ 210.683691][ T8589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1240'. [ 210.705842][ T4686] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 210.717086][ T4686] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 210.723831][ T8590] siw: device registration error -23 [ 210.752504][ T4686] usb 1-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 210.772853][ T4686] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.799927][ T4686] usb 1-1: config 0 descriptor?? [ 210.936005][ T4330] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 210.946914][ T8559] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 211.073821][ T8601] rdma_rxe: rxe_register_device failed with error -23 [ 211.081583][ T8601] rdma_rxe: failed to add lo [ 211.703422][ T4330] usb 2-1: Using ep0 maxpacket: 8 [ 211.829059][ T4330] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 211.892127][ T4330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.910552][ T4330] usb 2-1: config 0 descriptor?? [ 212.002072][ T4686] usb 1-1: string descriptor 0 read error: -71 [ 212.018452][ T4686] uclogic 0003:5543:0047.0007: failed retrieving string descriptor #200: -71 [ 212.037913][ T4686] uclogic 0003:5543:0047.0007: failed retrieving pen parameters: -71 [ 212.053389][ T4686] uclogic 0003:5543:0047.0007: failed probing pen v2 parameters: -71 [ 212.061562][ T4686] uclogic 0003:5543:0047.0007: failed probing parameters: -71 [ 212.069235][ T4686] uclogic: probe of 0003:5543:0047.0007 failed with error -71 [ 212.094140][ T4686] usb 1-1: USB disconnect, device number 5 [ 212.619331][ T8636] syz.0.1247[8636] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.619429][ T8636] syz.0.1247[8636] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.632480][ T7] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 212.884723][ T8644] loop3: detected capacity change from 0 to 512 [ 212.953923][ T8644] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 213.086400][ T8644] sctp: [Deprecated]: syz.3.1246 (pid 8644) Use of struct sctp_assoc_value in delayed_ack socket option. [ 213.086400][ T8644] Use struct sctp_sack_info instead [ 213.307798][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 213.307832][ T27] audit: type=1800 audit(1755755594.102:380): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1246" name="file1" dev="loop3" ino=1048599 res=0 errno=0 [ 213.388593][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 213.406672][ T7] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 213.440003][ T7] usb 3-1: New USB device found, idVendor=056a, idProduct=00b9, bcdDevice= 0.00 [ 213.463006][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.492881][ T7] usb 3-1: config 0 descriptor?? [ 213.520908][ T8628] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 213.694498][ T8661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1249'. [ 213.937361][ T7] wacom 0003:056A:00B9.0008: Unknown device_type for 'HID 056a:00b9'. Assuming pen. [ 213.976640][ T7] wacom 0003:056A:00B9.0008: hidraw0: USB HID v1.01 Device [HID 056a:00b9] on usb-dummy_hcd.2-1/input0 [ 213.994698][ T8670] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 214.008974][ T7] input: Wacom Intuos4 6x9 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B9.0008/input/input5 [ 214.129072][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1252'. [ 214.153252][ T7] usb 3-1: USB disconnect, device number 5 [ 214.485061][ T8701] fido_id[8701]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 214.606024][ T8581] binder: 8580:8581 ioctl 80089418 0 returned -22 [ 214.815008][ T4330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 214.825267][ T4330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 214.836735][ T4330] asix: probe of 2-1:0.0 failed with error -71 [ 214.844252][ T4999] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 214.851172][ T4330] usb 2-1: USB disconnect, device number 4 [ 214.858096][ T8719] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1256'. [ 215.063432][ T4999] usb 1-1: Using ep0 maxpacket: 32 [ 215.072281][ T4999] usb 1-1: config 0 interface 0 has no altsetting 0 [ 215.083362][ T4999] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 215.100524][ T4999] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.111576][ T4999] usb 1-1: config 0 descriptor?? [ 215.598604][ T8748] rdma_rxe: rxe_register_device failed with error -23 [ 215.605553][ T8748] rdma_rxe: failed to add lo [ 215.719177][ T8703] kvm: pic: non byte write [ 216.355110][ T8703] kvm: pic: non byte write [ 216.374598][ T4999] usbhid 1-1:0.0: can't add hid device: -71 [ 216.380605][ T4999] usbhid: probe of 1-1:0.0 failed with error -71 [ 216.389455][ T4999] usb 1-1: USB disconnect, device number 6 [ 216.637034][ T8768] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1272'. [ 217.509746][ T8783] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1266'. [ 217.519375][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'. [ 217.678337][ T8789] siw: device registration error -23 [ 218.194499][ T8821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'. [ 218.553109][ T8847] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1283'. [ 218.613510][ T4999] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 218.816225][ T4999] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 218.838606][ T4999] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 218.861110][ T4999] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 218.881066][ T4999] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 218.890658][ T4999] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.907050][ T4999] usb 3-1: config 0 descriptor?? [ 218.919427][ T8827] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 218.940869][ T4999] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 219.117759][ T8868] siw: device registration error -23 [ 219.183471][ T4330] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 219.193552][ T8872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1291'. [ 219.383509][ T4330] usb 2-1: Using ep0 maxpacket: 32 [ 219.390688][ T4330] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 219.399347][ T4330] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 219.408597][ T4330] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 219.435404][ T4330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 219.474503][ T4330] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 219.503382][ T4330] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 219.547033][ T4330] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 219.556720][ T4330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.575705][ T4330] usb 2-1: config 0 descriptor?? [ 219.817090][ T4330] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 219.828150][ T8918] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1298'. [ 219.853757][ T4330] usb 2-1: USB disconnect, device number 5 [ 219.873791][ T4330] usblp0: removed [ 220.181197][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1302'. [ 221.052809][ T4330] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 221.248500][ T8960] smc: net device bond0 applied user defined pnetid SYZ0 [ 221.263400][ T4330] usb 2-1: Using ep0 maxpacket: 32 [ 221.285929][ T4330] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 221.297908][ T8960] smc: net device bond0 erased user defined pnetid SYZ0 [ 221.299748][ T4330] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 221.343384][ T4330] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 221.347458][ T5001] usb 3-1: USB disconnect, device number 6 [ 221.352374][ T4330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 221.352399][ T4330] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 221.449202][ T4330] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 221.513954][ T4330] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 221.535318][ T4330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.559945][ T4330] usb 2-1: config 0 descriptor?? [ 221.671692][ T8988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1312'. [ 222.065974][ T4330] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 222.079002][ T8995] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1315'. [ 222.094632][ T4330] usb 2-1: USB disconnect, device number 6 [ 222.132525][ T4330] usblp0: removed [ 222.600035][ T9034] user requested TSC rate below hardware speed [ 222.643371][ T4686] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 222.833345][ T4686] usb 2-1: Using ep0 maxpacket: 32 [ 222.840740][ T4686] usb 2-1: config 0 interface 0 has no altsetting 0 [ 222.861579][ T4686] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 222.866169][ T9042] smc: net device bond0 applied user defined pnetid SYZ0 [ 222.899342][ T9042] smc: net device bond0 erased user defined pnetid SYZ0 [ 222.905484][ T4686] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.939629][ T4686] usb 2-1: config 0 descriptor?? [ 223.264782][ T5001] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 223.395297][ T9021] kvm: pic: non byte write [ 223.415009][ T9021] kvm: pic: non byte write [ 223.441527][ T4686] usbhid 2-1:0.0: can't add hid device: -71 [ 223.451542][ T4686] usbhid: probe of 2-1:0.0 failed with error -71 [ 223.471421][ T4686] usb 2-1: USB disconnect, device number 7 [ 223.477133][ T5001] usb 3-1: Using ep0 maxpacket: 8 [ 223.488340][ T5001] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 223.512067][ T5001] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.544240][ T5001] usb 3-1: config 0 descriptor?? [ 223.683626][ T4323] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 223.863358][ T4323] usb 1-1: Using ep0 maxpacket: 32 [ 223.870099][ T4323] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 223.880246][ T4323] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 223.888986][ T4323] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 223.898086][ T4323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 223.907986][ T4323] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 223.917835][ T4323] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 223.930913][ T4323] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 223.940231][ T4323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.951608][ T4323] usb 1-1: config 0 descriptor?? [ 224.166812][ T4323] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 224.186865][ T4323] usb 1-1: USB disconnect, device number 7 [ 224.202520][ T4323] usblp0: removed [ 224.308432][ T9090] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.323484][ T9090] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 224.330113][ T9090] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 224.339654][ T9090] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 224.346835][ T9090] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 224.353045][ T9090] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 224.360568][ T9090] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.371683][ T9090] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 224.379415][ T9090] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 224.387882][ T9090] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 224.394943][ T9090] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 224.401023][ T9090] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 224.410565][ T9090] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 224.416617][ T9090] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 224.427741][ T9090] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 224.751077][ T9129] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1333'. [ 224.807290][ T9132] kvm: pic: non byte write [ 224.833488][ T4686] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 224.915023][ T9138] smc: net device bond0 applied user defined pnetid SYZ0 [ 224.922478][ T9138] smc: net device bond0 erased user defined pnetid SYZ0 [ 225.013493][ T4686] usb 1-1: Using ep0 maxpacket: 32 [ 225.020409][ T4686] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 225.029077][ T4686] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 225.043212][ T4686] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 225.055394][ T4686] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 225.065472][ T4686] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 225.075636][ T4686] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 225.089082][ T4686] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 225.098339][ T4686] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.116505][ T4686] usb 1-1: config 0 descriptor?? [ 225.335637][ T4686] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 225.623555][ T4323] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 225.647682][ T9052] binder: 9051:9052 ioctl 80089418 0 returned -22 [ 225.665400][ T9170] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 225.676119][ T4278] Bluetooth: hci1: command 0x0c1a tx timeout [ 225.684771][ T5001] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 225.725969][ T5001] asix: probe of 3-1:0.0 failed with error -71 [ 225.734338][ T5001] usb 3-1: USB disconnect, device number 7 [ 225.741737][ T4999] usb 1-1: USB disconnect, device number 8 [ 225.753167][ T4999] usblp0: removed [ 225.884502][ T9192] loop1: detected capacity change from 0 to 512 [ 225.936736][ T9192] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 225.999972][ T9192] sctp: [Deprecated]: syz.1.1341 (pid 9192) Use of struct sctp_assoc_value in delayed_ack socket option. [ 225.999972][ T9192] Use struct sctp_sack_info instead [ 226.246642][ T27] audit: type=1800 audit(1755755607.002:381): pid=9192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1341" name="file1" dev="loop1" ino=1048600 res=0 errno=0 [ 226.393542][ T4278] Bluetooth: hci0: command 0x0c1a tx timeout [ 226.401047][ T4282] Bluetooth: hci3: command 0x0c1a tx timeout [ 226.401059][ T4281] Bluetooth: hci2: command 0x0c1a tx timeout [ 226.453870][ T4323] usb 5-1: Using ep0 maxpacket: 16 [ 226.467880][ T4323] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 226.476706][ T4278] Bluetooth: hci4: command 0x0c1a tx timeout [ 226.489971][ T4323] usb 5-1: config 1 has no interface number 0 [ 226.496569][ T4323] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 226.511565][ T4323] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 226.522082][ T4323] usb 5-1: config 1 interface 105 has no altsetting 0 [ 226.538009][ T4323] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 226.550612][ T4323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.643770][ T4323] usb 5-1: Product: syz [ 226.648069][ T4323] usb 5-1: Manufacturer: syz [ 226.653856][ T4323] usb 5-1: SerialNumber: syz [ 226.661188][ T9158] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 226.698737][ T9158] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 226.724056][ T4686] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 226.924387][ T4686] usb 4-1: Using ep0 maxpacket: 16 [ 226.931592][ T4686] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 226.954638][ T4686] usb 4-1: config 0 has no interface number 0 [ 226.961438][ T4686] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 226.972031][ T4686] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 226.982455][ T4686] usb 4-1: config 0 interface 41 has no altsetting 0 [ 227.000793][ T4686] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 227.018950][ T4686] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.033427][ T4686] usb 4-1: Product: syz [ 227.043556][ T4686] usb 4-1: Manufacturer: syz [ 227.053620][ T4686] usb 4-1: SerialNumber: syz [ 227.065235][ T4686] usb 4-1: config 0 descriptor?? [ 227.082085][ T9196] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 227.090398][ T9196] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 227.127063][ T9158] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 227.140208][ T9158] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 227.303488][ T9196] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 227.317026][ T9196] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 227.773510][ T4278] Bluetooth: hci1: command 0x0406 tx timeout [ 228.228535][ T4323] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 228.241473][ T4323] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 228.262625][ T4323] aqc111 5-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 76:30:b9:76:42:90 [ 228.277890][ T4323] usb 5-1: USB disconnect, device number 8 [ 228.289099][ T4323] aqc111 5-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 228.424549][ T4323] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 228.434747][ T4686] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 228.464617][ T4323] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 228.474397][ T4277] Bluetooth: hci0: command 0x0406 tx timeout [ 228.480576][ T4277] Bluetooth: hci2: command 0x0406 tx timeout [ 228.495756][ T4278] Bluetooth: hci3: command 0x0406 tx timeout [ 228.507551][ T4323] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 228.556166][ T4277] Bluetooth: hci4: command 0x0406 tx timeout [ 229.162478][ T9297] kvm: pic: non byte write [ 230.023378][ T4686] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 230.034540][ T4686] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71 [ 230.057506][ T4686] CoreChips: probe of 4-1:0.41 failed with error -71 [ 230.089312][ T4686] usb 4-1: USB disconnect, device number 8 [ 230.425142][ T9342] user requested TSC rate below hardware speed [ 230.529143][ T9348] rdma_rxe: rxe_register_device failed with error -23 [ 230.536866][ T9348] rdma_rxe: failed to add lo [ 231.133641][ T9330] kvm: pic: non byte write [ 233.526723][ T9440] siw: device registration error -23 [ 233.634807][ T4320] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 233.839007][ T4320] usb 3-1: Using ep0 maxpacket: 8 [ 233.847906][ T4320] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 233.859087][ T4320] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.868970][ T4320] usb 3-1: config 0 descriptor?? [ 235.357225][ T9472] kvm: pic: non byte read [ 235.361926][ T9472] kvm: pic: non byte read [ 235.367051][ T9472] kvm: pic: single mode not supported [ 235.367218][ T9472] kvm: pic: level sensitive irq not supported [ 235.373614][ T9472] kvm: pic: non byte read [ 235.392703][ T9472] kvm: pic: non byte read [ 235.409379][ T9472] kvm: pic: non byte read [ 235.420864][ T9472] kvm: pic: single mode not supported [ 235.420882][ T9472] kvm: pic: level sensitive irq not supported [ 235.439430][ T9472] kvm: pic: non byte read [ 235.477950][ T9472] kvm: pic: non byte read [ 235.482603][ T9472] kvm: pic: non byte read [ 235.501347][ T9472] kvm: pic: single mode not supported [ 235.501365][ T9472] kvm: pic: level sensitive irq not supported [ 235.524533][ T9472] kvm: pic: non byte read [ 236.115523][ T9496] rdma_rxe: already configured on lo [ 236.233709][ T9429] binder: 9428:9429 ioctl 80089418 0 returned -22 [ 236.723158][ T4320] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 236.742578][ T4320] asix: probe of 3-1:0.0 failed with error -71 [ 236.752629][ T4320] usb 3-1: USB disconnect, device number 8 [ 237.050898][ T9517] siw: device registration error -23 [ 237.123860][ T9522] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1401'. [ 237.271356][ T9533] usb usb7: usbfs: process 9533 (syz.0.1406) did not claim interface 0 before use [ 237.597192][ T9544] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1408'. [ 238.278366][ T27] audit: type=1326 audit(1755755619.072:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.1413" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c78ebe9 code=0x0 [ 238.903339][ T4335] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 239.001572][ T9583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1417'. [ 239.093358][ T4335] usb 3-1: Using ep0 maxpacket: 8 [ 239.100368][ T4335] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 239.132415][ T4335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.160351][ T4335] usb 3-1: config 0 descriptor?? [ 239.653542][ T4323] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 239.843456][ T4323] usb 2-1: Using ep0 maxpacket: 32 [ 239.856254][ T4323] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 239.893482][ T4323] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 239.902254][ T4323] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 239.916290][ T4323] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 239.927560][ T4323] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 239.940988][ T9611] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1425'. [ 239.950563][ T4323] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 239.970803][ T4323] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 239.981175][ T4323] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.008922][ T4323] usb 2-1: config 0 descriptor?? [ 240.241771][ T4323] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 240.287069][ T4323] usb 2-1: USB disconnect, device number 8 [ 240.324680][ T4323] usblp0: removed [ 241.202019][ T9644] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1428'. [ 241.212065][ T9644] rdma_rxe: already configured on team_slave_0 [ 241.333414][ T4686] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 241.439264][ T9655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1431'. [ 241.483527][ T4323] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 241.555728][ T4686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.567743][ T4686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.577959][ T4686] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 241.591167][ T4686] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 241.602115][ T4686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.613793][ T4686] usb 4-1: config 0 descriptor?? [ 241.621958][ T4686] hub 4-1:0.0: USB hub found [ 241.674522][ T4323] usb 2-1: Using ep0 maxpacket: 32 [ 241.688059][ T4323] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 241.697398][ T4323] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 241.707350][ T4323] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 241.716940][ T4323] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 241.726640][ T4323] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 241.736328][ T4323] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 241.749384][ T4323] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 241.758557][ T4323] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.775539][ T4323] usb 2-1: config 0 descriptor?? [ 241.824383][ T4686] hub 4-1:0.0: 14 ports detected [ 241.829858][ T4686] hub 4-1:0.0: insufficient power available to use all downstream ports [ 241.960939][ T4335] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 241.971872][ T4335] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 241.993226][ T4323] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 242.007772][ T4335] asix: probe of 3-1:0.0 failed with error -71 [ 242.041021][ T4335] usb 3-1: USB disconnect, device number 9 [ 242.233923][ T4686] usb 4-1: USB disconnect, device number 9 [ 242.284220][ C0] usblp0: nonzero read bulk status received: -71 [ 242.292964][ T5001] usb 2-1: USB disconnect, device number 9 [ 242.293444][ T9596] usblp0: error -71 reading from printer [ 242.517982][ T9594] usblp0: removed [ 242.525837][ T9722] siw: device registration error -23 [ 242.667764][ T9726] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1440'. [ 242.679353][ T9726] rdma_rxe: rxe_register_device failed with error -23 [ 242.686522][ T9726] rdma_rxe: failed to add team_slave_0 [ 242.703870][ T4335] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 242.883365][ T4335] usb 5-1: Using ep0 maxpacket: 32 [ 242.890259][ T4335] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 242.919331][ T4335] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 242.931081][ T4335] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 242.940605][ T4335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 242.951151][ T4335] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 242.962069][ T4335] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 242.975506][ T4335] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 242.984996][ T4335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.001778][ T4335] usb 5-1: config 0 descriptor?? [ 243.225536][ T4335] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 243.285381][ T4335] usb 5-1: USB disconnect, device number 9 [ 243.303719][ T4335] usblp0: removed [ 243.652896][ T9782] siw: device registration error -23 [ 243.765766][ T9793] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1452'. [ 243.806648][ T9793] rdma_rxe: rxe_register_device failed with error -23 [ 243.821586][ T9793] rdma_rxe: failed to add team_slave_0 [ 243.827863][ T4335] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 243.965613][ T9808] usb usb7: usbfs: process 9808 (syz.1.1456) did not claim interface 0 before use [ 244.003368][ T5001] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 244.013638][ T4335] usb 5-1: Using ep0 maxpacket: 32 [ 244.022320][ T4335] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 244.035492][ T4335] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 244.048630][ T4335] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 244.061405][ T4335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 244.075696][ T4335] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 244.087140][ T4335] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 244.104437][ T4335] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 244.116006][ T4335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.129491][ T4335] usb 5-1: config 0 descriptor?? [ 244.203347][ T5001] usb 4-1: Using ep0 maxpacket: 8 [ 244.210168][ T5001] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 244.229928][ T5001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.250804][ T5001] usb 4-1: config 0 descriptor?? [ 244.273410][ T4330] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 244.348773][ T4335] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 244.463411][ T4330] usb 3-1: Using ep0 maxpacket: 32 [ 244.485197][ T4330] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 244.497290][ T4330] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 244.506592][ T4330] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 244.515818][ T4330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 244.525558][ T4330] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 244.541252][ T4330] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 244.554480][ T4330] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 244.564028][ T4330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.582264][ T4330] usb 3-1: config 0 descriptor?? [ 244.584704][ C0] usblp0: nonzero read bulk status received: -71 [ 244.597539][ T4323] usb 5-1: USB disconnect, device number 10 [ 244.741457][ T9853] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1462'. [ 244.810404][ T4330] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 244.822745][ T9716] usblp0: removed [ 244.853110][ T4330] usb 3-1: USB disconnect, device number 10 [ 244.867602][ T4330] usblp0: removed [ 245.423519][ T4330] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 245.633396][ T4330] usb 3-1: Using ep0 maxpacket: 32 [ 245.648499][ T4330] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 245.667163][ T4330] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 245.687239][ T4330] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 245.713394][ T4330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 245.723081][ T4330] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 245.739581][ T4330] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 245.757831][ T4330] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 245.767305][ T4330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.806890][ T4330] usb 3-1: config 0 descriptor?? [ 246.018675][ T4330] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 246.156739][ T9894] usb usb7: usbfs: process 9894 (syz.1.1467) did not claim interface 0 before use [ 246.298507][ C0] usblp0: nonzero read bulk status received: -71 [ 246.300318][ T4330] usb 3-1: USB disconnect, device number 11 [ 246.308686][ T9801] usblp0: error -71 reading from printer [ 246.476759][ T5001] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 246.488112][ T5001] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 246.499523][ T5001] asix: probe of 4-1:0.0 failed with error -71 [ 246.508344][ T9800] usblp0: removed [ 246.508933][ T5001] usb 4-1: USB disconnect, device number 10 [ 246.898544][ T9951] netlink: 'syz.0.1476': attribute type 29 has an invalid length. [ 246.914278][ T9951] netlink: 'syz.0.1476': attribute type 29 has an invalid length. [ 246.929747][ T9951] netlink: 'syz.0.1476': attribute type 29 has an invalid length. [ 247.074427][ T9958] usb usb7: usbfs: process 9958 (syz.3.1478) did not claim interface 0 before use [ 248.442251][ T9991] siw: device registration error -23 [ 248.482289][ T9994] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1487'. [ 248.492603][ T9994] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 248.652363][T10008] usb usb7: usbfs: process 10008 (syz.3.1491) did not claim interface 0 before use [ 248.729966][T10013] netlink: 'syz.3.1493': attribute type 10 has an invalid length. [ 248.738562][T10013] siw: device registration error -23 [ 248.975715][ T4330] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 249.182067][T10032] rdma_rxe: rxe_register_device failed with error -23 [ 249.189428][T10032] rdma_rxe: failed to add lo [ 249.198815][ T4330] usb 2-1: Using ep0 maxpacket: 8 [ 249.214980][ T4330] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 249.798638][ T4330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.817645][ T4330] usb 2-1: config 0 descriptor?? [ 249.912909][T10044] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1499'. [ 249.932569][T10044] rdma_rxe: rxe_register_device failed with error -23 [ 249.941098][T10044] rdma_rxe: failed to add team_slave_0 [ 249.982355][T10047] syz.0.1500[10047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 249.982455][T10047] syz.0.1500[10047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 250.162040][T10054] usb usb7: usbfs: process 10054 (syz.0.1503) did not claim interface 0 before use [ 251.481256][T10100] usb usb7: usbfs: process 10100 (syz.0.1516) did not claim interface 0 before use [ 251.889888][ T4330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 251.914270][ T4330] asix: probe of 2-1:0.0 failed with error -71 [ 251.931414][ T4330] usb 2-1: USB disconnect, device number 10 [ 252.808897][T10163] siw: device registration error -23 [ 253.975720][ T4686] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 254.167468][ T4686] usb 3-1: Using ep0 maxpacket: 8 [ 254.196791][ T4686] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 254.206016][ T4686] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.223915][ T4686] usb 3-1: config 0 descriptor?? [ 254.683130][T10229] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1539'. [ 255.523648][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.561387][T10258] syz.0.1552[10258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 255.561480][T10258] syz.0.1552[10258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.184770][T10291] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1557'. [ 256.247549][ T4686] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 256.270373][ T4686] asix: probe of 3-1:0.0 failed with error -71 [ 256.302692][ T4686] usb 3-1: USB disconnect, device number 12 [ 364.103222][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 364.109930][ C0] rcu: 0-...!: (1 GPs behind) idle=f16c/1/0x4000000000000000 softirq=29199/29247 fqs=2 [ 364.121141][ C0] (t=10501 jiffies g=33009 q=239 ncpus=2) [ 364.126959][ C0] rcu: rcu_preempt kthread starved for 10498 jiffies! g33009 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 364.138161][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 364.148133][ C0] rcu: RCU grace-period kthread stack dump: [ 364.154030][ C0] task:rcu_preempt state:R running task stack:27840 pid:16 ppid:2 flags:0x00004000 [ 364.164849][ C0] Call Trace: [ 364.168150][ C0] [ 364.171097][ C0] __schedule+0x10ec/0x40b0 [ 364.175741][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 364.180958][ C0] ? _raw_spin_unlock+0x40/0x40 [ 364.185848][ C0] ? release_firmware_map_entry+0x18a/0x18a [ 364.191762][ C0] schedule+0xb9/0x180 [ 364.195844][ C0] schedule_timeout+0x15c/0x280 [ 364.200706][ C0] ? console_conditional_schedule+0x40/0x40 [ 364.206614][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 364.212523][ C0] ? update_process_times+0x1b0/0x1b0 [ 364.217913][ C0] ? prepare_to_swait_event+0x335/0x350 [ 364.223476][ C0] rcu_gp_fqs_loop+0x2f2/0x1310 [ 364.228353][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 364.234518][ C0] ? rcu_gp_init+0x14b0/0x14b0 [ 364.239296][ C0] ? rcu_gp_cleanup+0xb4c/0xca0 [ 364.244159][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 364.249383][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 364.254607][ C0] rcu_gp_kthread+0x95/0x380 [ 364.259210][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 364.264343][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 364.270261][ C0] ? __kthread_parkme+0x162/0x1c0 [ 364.275312][ C0] kthread+0x29d/0x330 [ 364.279407][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 364.284526][ C0] ? kthread_blkcg+0xd0/0xd0 [ 364.289130][ C0] ret_from_fork+0x1f/0x30 [ 364.293575][ C0] [ 364.296595][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 364.302932][ C0] Sending NMI from CPU 0 to CPUs 1: [ 364.308163][ C1] NMI backtrace for cpu 1 [ 364.308183][ C1] CPU: 1 PID: 10414 Comm: syz.0.1585 Not tainted 6.1.148-syzkaller #0 [ 364.308197][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 364.308205][ C1] RIP: 0010:__lock_acquire+0x440/0x7c50 [ 364.308229][ C1] Code: 74 12 48 89 df e8 e0 f0 6d 00 49 b8 00 00 00 00 00 fc ff df 48 89 9c 24 98 00 00 00 48 8b 45 10 48 89 03 65 8b 05 b4 8b 9f 7e <31> db 85 c0 0f 95 c3 01 db 48 8b 84 24 88 00 00 00 4c 8d b0 c4 0a [ 364.308244][ C1] RSP: 0018:ffffc9000cfefa60 EFLAGS: 00000046 [ 364.308257][ C1] RAX: 0000000000000000 RBX: ffff888029ad4678 RCX: 1ffff1100535a8d0 [ 364.308267][ C1] RDX: 000000000000002c RSI: 0000000000000000 RDI: ffff888029ad4670 [ 364.308276][ C1] RBP: ffffc9000cfefcb0 R08: dffffc0000000000 R09: 0000000000000000 [ 364.308286][ C1] R10: fffffbfff1c3ea96 R11: 1ffffffff1c3ea95 R12: ffff888029ad4660 [ 364.308297][ C1] R13: 0000000000000000 R14: ffff888029ad4660 R15: 000000000000002c [ 364.308307][ C1] FS: 00007f89f49776c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 364.308319][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.308329][ C1] CR2: ffffffffe0000000 CR3: 0000000059185000 CR4: 00000000003526e0 [ 364.308342][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 364.308350][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 364.308359][ C1] Call Trace: [ 364.308363][ C1] [ 364.308376][ C1] ? _raw_spin_unlock_irq+0x2a/0x40 [ 364.308395][ C1] ? signal_setup_done+0x33b/0x440 [ 364.308415][ C1] ? verify_lock_unused+0x140/0x140 [ 364.308434][ C1] ? __local_bh_enable_ip+0x12a/0x1b0 [ 364.308454][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 364.308472][ C1] ? __local_bh_enable_ip+0x12a/0x1b0 [ 364.308491][ C1] ? _local_bh_enable+0xa0/0xa0 [ 364.308510][ C1] ? fpregs_activate+0xb0/0x230 [ 364.308523][ C1] ? fpu__clear_user_states+0x36/0x260 [ 364.308544][ C1] ? fpu__clear_user_states+0x19e/0x260 [ 364.308564][ C1] lock_acquire+0x1b4/0x490 [ 364.308581][ C1] ? bpf_trace_run2+0xda/0x3b0 [ 364.308604][ C1] ? read_lock_is_recursive+0x10/0x10 [ 364.308623][ C1] ? get_sigframe_size+0x10/0x10 [ 364.308641][ C1] bpf_trace_run2+0xfb/0x3b0 [ 364.308659][ C1] ? bpf_trace_run2+0xda/0x3b0 [ 364.308676][ C1] ? bpf_trace_run2+0xda/0x3b0 [ 364.308695][ C1] ? bpf_trace_run1+0x3b0/0x3b0 [ 364.308712][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 364.308731][ C1] ? lock_chain_count+0x20/0x20 [ 364.308749][ C1] __bpf_trace_sys_enter+0x60/0x70 [ 364.308767][ C1] trace_sys_enter+0x6b/0x80 [ 364.308784][ C1] syscall_trace_enter+0xf0/0x150 [ 364.308802][ C1] do_syscall_64+0x24/0xa0 [ 364.308815][ C1] ? clear_bhb_loop+0x60/0xb0 [ 364.308827][ C1] ? clear_bhb_loop+0x60/0xb0 [ 364.308840][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 364.308860][ C1] RIP: 0033:0x7f89f3b2add9 [ 364.308875][ C1] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 364.308887][ C1] RSP: 002b:00007f89f4976b40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 364.308900][ C1] RAX: ffffffffffffffda RBX: 00007f89f3db5fa8 RCX: 00007f89f3b2add9 [ 364.308910][ C1] RDX: 00007f89f4976b40 RSI: 00007f89f4976c70 RDI: 0000000000000011 [ 364.308920][ C1] RBP: 00007f89f3db5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 364.308928][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.308936][ C1] R13: 00007f89f3db6038 R14: 00007ffea8a1e1a0 R15: 00007ffea8a1e288 [ 364.308952][ C1] [ 364.309158][ C0] CPU: 0 PID: 10427 Comm: syz.0.1585 Not tainted 6.1.148-syzkaller #0 [ 364.668024][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 364.678181][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x60 [ 364.684351][ C0] Code: 8b 15 d5 b0 81 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 83 fa 02 75 21 <48> 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc 15 00 00 48 39 [ 364.703971][ C0] RSP: 0018:ffffc9000d747dc8 EFLAGS: 00000246 [ 364.710046][ C0] RAX: ffffffff818a7b39 RBX: 0000000000000011 RCX: ffff888025bb3b80 [ 364.718029][ C0] RDX: 0000000000000002 RSI: ffffc9000d747de8 RDI: 0000000000000011 [ 364.726032][ C0] RBP: ffffc9000d747df0 R08: ffffffff8f9f3008 R09: ffffffff8f9f3018 [ 364.734017][ C0] R10: ffffffff8f9f3010 R11: ffffffff8f9f3003 R12: ffffc9000d76d048 [ 364.741998][ C0] R13: 1ffff92001aeda05 R14: 0000000000000000 R15: ffffc9000d76d000 [ 364.750066][ C0] FS: 00007f89f49566c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 364.759014][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.765697][ C0] CR2: ffffffffe0000000 CR3: 0000000059185000 CR4: 00000000003526f0 [ 364.773675][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 364.781737][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 364.789709][ C0] Call Trace: [ 364.792988][ C0] [ 364.795923][ C0] bpf_send_signal+0x9/0x20 [ 364.800449][ C0] bpf_prog_7ba5217f62dcd359+0x38/0x3c [ 364.805921][ C0] bpf_trace_run2+0x30a/0x3b0 [ 364.810628][ C0] ? bpf_trace_run2+0xda/0x3b0 [ 364.815403][ C0] ? bpf_trace_run1+0x3b0/0x3b0 [ 364.820262][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 364.826272][ C0] ? lock_chain_count+0x20/0x20 [ 364.831132][ C0] __bpf_trace_sys_enter+0x60/0x70 [ 364.836256][ C0] trace_sys_enter+0x6b/0x80 [ 364.840852][ C0] syscall_trace_enter+0xf0/0x150 [ 364.845887][ C0] do_syscall_64+0x24/0xa0 [ 364.850308][ C0] ? clear_bhb_loop+0x60/0xb0 [ 364.854987][ C0] ? clear_bhb_loop+0x60/0xb0 [ 364.859671][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 364.865586][ C0] RIP: 0033:0x7f89f3b8ebe9 [ 364.870009][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.889722][ C0] RSP: 002b:00007f89f49560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 364.898144][ C0] RAX: ffffffffffffffda RBX: 00007f89f3db6098 RCX: 00007f89f3b8ebe9 [ 364.906121][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f89f3db6098 [ 364.914101][ C0] RBP: 00007f89f3db6090 R08: 0000000000000000 R09: 0000000000000000 [ 364.922089][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.930072][ C0] R13: 00007f89f3db6128 R14: 00007ffea8a1e1a0 R15: 00007ffea8a1e288 [ 364.938064][ C0]