last executing test programs: 3m27.906905097s ago: executing program 0 (id=505): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000) fadvise64(r1, 0x2, 0x106, 0x5) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x1000) 3m27.493877058s ago: executing program 0 (id=509): sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, 0x0, 0x2, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000060) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000020305030000000000000000000016b9080001000157a292deef9f8de86e8a15a7ff2c2d063b47220b936ff5a5d38147d7c4517e32f0f41e824ab9179b314ce51833eac60de2f2fde5fd2334587e8a417aaaf106e152d7751e49a2356f47c7254d0860446ca8653d944a58b2a844012961abaea8f2b5b678f28e5e4f4e078812b9e2c23205fa4818486ccaee2fb5fe2ba117d0555629867d27aec10ce27306aec1fc74027d897fc880a6eb46e4ebb15fb06e5880159f719f626148039903ca0b47bb54cd452f9c044d"], 0x1c}}, 0x0) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 3m27.028894975s ago: executing program 0 (id=515): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="66d01902f798c6af9f7896f62970091b3288a889d11b8d07a368f825409373a071eb177aa9294fafcbd89ea53f3e743381d3cba85918c38afad8ee93cdd5dbdebf44996b81dcb2229618288b3f34c801f4b147b5cfda41d55bf2cde4841786eb04f43b2df8", 0x65}], 0x1}}], 0x2, 0x40040) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 3m26.742589553s ago: executing program 0 (id=520): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00') 3m26.40979005s ago: executing program 0 (id=526): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000001600)="e5f5ab23505db4513673add5dd2e7c2a3bb81ace1a393d27a16ba0dda9e6b3c32ffe59645a851f76a61b2c386bc60e82c1badcabdc8889e79170141f98c5d0ef450765913561a99b", 0x0, 0x48) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000a2d000/0x3000)=nil, 0x3000}) 3m25.95867253s ago: executing program 0 (id=531): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000040000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3m25.335602666s ago: executing program 32 (id=531): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000040000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 31.267632638s ago: executing program 5 (id=2319): r0 = epoll_create1(0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x22400, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r4, 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000200)=0x400a45) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000002c0)=0x3) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f0000000300)={0x40000001}) 31.171767445s ago: executing program 5 (id=2321): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x30) 31.001911037s ago: executing program 5 (id=2325): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffb, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = dup(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) 30.654671894s ago: executing program 5 (id=2331): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020) 30.561845134s ago: executing program 5 (id=2332): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000110001002dbd7000ffdbdf2500000000", @ANYRES32=r4, @ANYBLOB="012200c86a1fb2652d1f075a88c73f43a8fe67f86d184f898c85bfa9277a0000080000"], 0x20}}, 0x40040) 30.198268268s ago: executing program 5 (id=2339): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x190, 0x80, 0x2dde1e3ad56d4950, 0x4b0, 0xffffff53, 0x1, 0x8, 0x1, {0xf, 0x3}, {0x9, 0x7}, {0xffffffff, 0x3}, {0x2, 0x1}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8, 0x7fffffff, 0x4, 0x1, 0x2, 0x6, 0x8000, 0x0, 0x100, 0x0, 0xa}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0) 29.699322671s ago: executing program 33 (id=2339): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x190, 0x80, 0x2dde1e3ad56d4950, 0x4b0, 0xffffff53, 0x1, 0x8, 0x1, {0xf, 0x3}, {0x9, 0x7}, {0xffffffff, 0x3}, {0x2, 0x1}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8, 0x7fffffff, 0x4, 0x1, 0x2, 0x6, 0x8000, 0x0, 0x100, 0x0, 0xa}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0) 9.797815061s ago: executing program 1 (id=2485): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'erspan0\x00'}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x24044800) 9.441846266s ago: executing program 1 (id=2488): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) write(r1, &(0x7f0000000040)="cb", 0xfffffdef) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 7.438627849s ago: executing program 2 (id=2505): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x280, 0x0, 0x11, 0x148, 0x0, 0x10, 0x418, 0x2a8, 0x2a8, 0x418, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0xc8, 0x130, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x11, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0xfffc, 0x0, 0x0, 'syz0\x00', 'syz1\x00', {0x9}}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 'veth1_to_hsr\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2e0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @empty=0xe0000001}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r1) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36) 7.43829772s ago: executing program 1 (id=2506): r0 = socket(0x10, 0x80002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xf23, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xc, 0x9}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x3, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 5.458703963s ago: executing program 4 (id=2523): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x48) 5.32053231s ago: executing program 4 (id=2525): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x21e}, &(0x7f00000003c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) 3.526568573s ago: executing program 6 (id=2530): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x12f4}, 0x1, 0x0, 0x0, 0x48051}, 0x240000c4) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 3.156595438s ago: executing program 6 (id=2531): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x8, 0x0) readv(r3, &(0x7f0000000300)=[{&(0x7f0000000440)=""/172, 0xac}], 0x1) rt_sigqueueinfo(r2, 0x21, &(0x7f0000000180)={0x0, 0x0, 0xfffffffb}) 3.107850539s ago: executing program 4 (id=2532): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) r1 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24004000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.194730848s ago: executing program 6 (id=2534): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd26, 0x8000002, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xff, 0x1, 0x8001}, {0x8, 0x6a6, 0xffff, 0x5, 0x2, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) 2.081209141s ago: executing program 3 (id=2535): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x6, 0x4, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 1.97471788s ago: executing program 3 (id=2536): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x3) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvfrom$unix(r3, &(0x7f0000000140)=""/263, 0x40000, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.750612745s ago: executing program 2 (id=2537): ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, &(0x7f0000000080)=0x82000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000100)="f30f1efec4a2f5adb2f647000046ffb7000000000fc777bdc7442400b7a00000c744240200205c06c7442406000000000f011424c7442400d52a287fc74424022345d956c7442406000000000f011c240f01c30f78fac4027d18d4470f07", 0x5e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.750334005s ago: executing program 4 (id=2538): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r3}, &(0x7f0000000a00), &(0x7f0000000400)=r2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f0000000880), &(0x7f00000008c0)=r2}, 0x20) 1.685163425s ago: executing program 1 (id=2539): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x70, 0x28, 0xd27, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4, {0xfff3, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x44, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7b49, 0x20000000, 0x1, 0x2, 0xcd69, {0x92, 0x2, 0x2, 0x0, 0x7, 0x8}, {0x7, 0x1, 0xffff, 0x1, 0x1000, 0x10}, 0x7, 0x0, 0x101}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x810}, 0x8c4) 1.68451558s ago: executing program 4 (id=2540): socket$netlink(0x10, 0x3, 0x14) r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x100ec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_io_uring_setup(0x58f2, &(0x7f0000000300)={0x0, 0x1000f90c, 0x10100, 0x1, 0x387}, &(0x7f0000000240), 0x0) io_uring_enter(r1, 0x47ba, 0x3, 0x0, 0x0, 0x0) 1.652547464s ago: executing program 6 (id=2541): connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) socket(0x1d, 0x2, 0x6) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000240)={0x1d, r4, 0x8000000000000002, {0x0, 0xf0, 0x4}}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4006}, 0x20008850) 1.504902971s ago: executing program 4 (id=2542): sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000001a00)=""/4099, 0x1003}], 0x1}}], 0x1003, 0x10122, 0x0) 1.417937833s ago: executing program 2 (id=2543): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x34, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) r4 = socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) 1.417091019s ago: executing program 1 (id=2544): r0 = io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x67c0, 0x80, 0x4000000}) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = dup(r1) r4 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r4, r3, 0x0, 0x8a002) close_range(r0, 0xffffffffffffffff, 0x0) 1.390344416s ago: executing program 6 (id=2545): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [], 0x6b}}) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3) 1.337414897s ago: executing program 2 (id=2546): r0 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) r2 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r3 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x98f1, 0x2a, 0x0, 0x0) mq_timedsend(r2, 0x0, 0x0, 0x6, 0x0) 1.091416221s ago: executing program 2 (id=2547): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {0x7}}, './file0\x00'}) 1.068441496s ago: executing program 1 (id=2548): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) ftruncate(r1, 0x1000006) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x1000000}) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 856.760032ms ago: executing program 3 (id=2549): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache']) 783.792271ms ago: executing program 6 (id=2550): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100) r0 = timerfd_create(0x0, 0x800) r1 = syz_io_uring_setup(0xd3, &(0x7f0000000480)={0x0, 0x6776, 0x8, 0x22, 0x335}, &(0x7f0000000080)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffff, @void, @value}, 0x94) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f000000b000)={{}, {0x0, 0x989680}}, 0x0) clock_settime(0x0, &(0x7f0000000040)={0x77359400}) 725.47438ms ago: executing program 2 (id=2551): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0x9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0xb3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x4) 490.59207ms ago: executing program 3 (id=2552): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000b00)=0x7) creat(&(0x7f00000001c0)='./file0\x00', 0x8) r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r0, 0xc0044dff, &(0x7f0000000080)=0x3ff) 363.72547ms ago: executing program 3 (id=2553): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x143) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00') pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 0s ago: executing program 3 (id=2554): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18) connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0) recvmsg$can_j1939(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/4, 0x4}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 160.882945][ T6897] loop2: detected capacity change from 0 to 7 [ 160.919114][ T6897] Dev loop2: unable to read RDB block 7 [ 160.943115][ T6897] loop2: unable to read partition table [ 160.958716][ T6897] loop2: partition table beyond EOD, truncated [ 160.969245][ T6897] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 160.976441][ T5926] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 161.216382][ T5926] usb 5-1: Using ep0 maxpacket: 8 [ 161.235996][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 161.289042][ T5926] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 161.346311][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.381013][ T5926] usb 5-1: config 0 descriptor?? [ 161.477750][ T6908] Bluetooth: MGMT ver 1.23 [ 161.716902][ T30] audit: type=1326 audit(1749915652.317:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6910 comm="syz.3.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eccb8e929 code=0x7fc00000 [ 161.770670][ T5926] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 162.029939][ T6919] netlink: 700 bytes leftover after parsing attributes in process `syz.2.329'. [ 162.048043][ T6919] netlink: 384 bytes leftover after parsing attributes in process `syz.2.329'. [ 162.110799][ T6919] netlink: 700 bytes leftover after parsing attributes in process `syz.2.329'. [ 162.150202][ T6919] netlink: 384 bytes leftover after parsing attributes in process `syz.2.329'. [ 162.162289][ T5926] usb 5-1: USB disconnect, device number 6 [ 162.397118][ T30] audit: type=1326 audit(1749915652.987:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6910 comm="syz.3.327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8eccb8e929 code=0x7fc00000 [ 162.597771][ T6937] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.727234][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.338'. [ 162.842644][ T6941] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.853162][ T6941] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.861788][ T6941] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.871717][ T6941] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.938404][ T6941] vxlan0: entered promiscuous mode [ 163.496914][ T5919] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 163.688852][ T5919] usb 4-1: config 0 has an invalid interface number: 118 but max is 0 [ 163.710670][ T5919] usb 4-1: config 0 has no interface number 0 [ 163.746474][ T5919] usb 4-1: too many endpoints for config 0 interface 118 altsetting 105: 99, using maximum allowed: 30 [ 163.771819][ T5919] usb 4-1: config 0 interface 118 altsetting 105 has 0 endpoint descriptors, different from the interface descriptor's value: 99 [ 163.796960][ T5919] usb 4-1: config 0 interface 118 has no altsetting 0 [ 163.805172][ T5919] usb 4-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 163.858669][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.893813][ T5919] usb 4-1: config 0 descriptor?? [ 164.115150][ T5919] usb 4-1: string descriptor 0 read error: -71 [ 164.152763][ T5919] usb 4-1: USB disconnect, device number 4 [ 164.393783][ T6973] netlink: 48 bytes leftover after parsing attributes in process `syz.2.352'. [ 165.320489][ T30] audit: type=1326 audit(1749915655.927:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.401294][ T30] audit: type=1326 audit(1749915655.927:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.516738][ T6992] tipc: Failed to remove unknown binding: 66,1,1/0:3739594832/3739594834 [ 165.547538][ T30] audit: type=1326 audit(1749915655.967:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.568080][ T6992] tipc: Failed to remove unknown binding: 66,1,1/0:3739594832/3739594834 [ 165.636321][ T30] audit: type=1326 audit(1749915655.967:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.703521][ T30] audit: type=1326 audit(1749915655.977:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.767496][ T30] audit: type=1326 audit(1749915655.977:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.819880][ T30] audit: type=1326 audit(1749915655.977:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.856434][ T30] audit: type=1326 audit(1749915655.977:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.882544][ T30] audit: type=1326 audit(1749915655.987:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 165.967012][ T30] audit: type=1326 audit(1749915655.987:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.2.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 167.470595][ T7035] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 167.686681][ T3502] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 167.869069][ T3502] usb 4-1: not running at top speed; connect to a high speed hub [ 167.885826][ T3502] usb 4-1: config 1 interface 0 has no altsetting 0 [ 167.900020][ T3502] usb 4-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 167.913598][ T3502] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.925371][ T3502] usb 4-1: Product: syz [ 167.968838][ T3502] usb 4-1: Manufacturer: syz [ 167.974601][ T3502] usb 4-1: SerialNumber: syz [ 168.066662][ T7047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.391'. [ 168.087133][ T7047] netlink: 36 bytes leftover after parsing attributes in process `syz.0.391'. [ 168.138863][ T7047] bridge0: port 3(vlan2) entered blocking state [ 168.147811][ T7047] bridge0: port 3(vlan2) entered disabled state [ 168.155524][ T7047] vlan2: entered allmulticast mode [ 168.161578][ T7047] bridge0: entered allmulticast mode [ 168.178141][ T7047] vlan2: left allmulticast mode [ 168.189396][ T7047] bridge0: left allmulticast mode [ 168.244050][ T3502] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input7 [ 168.304738][ T5178] bcm5974 4-1:1.0: could not read from device [ 168.340410][ T5178] bcm5974 4-1:1.0: could not read from device [ 168.355198][ T3502] usb 4-1: USB disconnect, device number 5 [ 168.734267][ T7066] kvm: emulating exchange as write [ 169.650240][ T7090] netlink: 104 bytes leftover after parsing attributes in process `syz.3.399'. [ 173.044150][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.431'. [ 174.703578][ T7178] syz.1.435: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 174.762068][ T7178] CPU: 1 UID: 0 PID: 7178 Comm: syz.1.435 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 174.762104][ T7178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.762122][ T7178] Call Trace: [ 174.762138][ T7178] [ 174.762149][ T7178] dump_stack_lvl+0x189/0x250 [ 174.762207][ T7178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.762274][ T7178] ? __pfx__printk+0x10/0x10 [ 174.762298][ T7178] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 174.762335][ T7178] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 174.762375][ T7178] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 174.762415][ T7178] warn_alloc+0x214/0x310 [ 174.762461][ T7178] ? __pfx_warn_alloc+0x10/0x10 [ 174.762502][ T7178] ? __get_vm_area_node+0x28f/0x300 [ 174.762532][ T7178] ? vb2_vmalloc_alloc+0xef/0x340 [ 174.762559][ T7178] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 174.762621][ T7178] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 174.762658][ T7178] ? __kasan_kmalloc+0x93/0xb0 [ 174.762689][ T7178] vmalloc_user_noprof+0xad/0xf0 [ 174.762720][ T7178] ? vb2_vmalloc_alloc+0xef/0x340 [ 174.762742][ T7178] vb2_vmalloc_alloc+0xef/0x340 [ 174.762765][ T7178] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 174.762788][ T7178] __vb2_queue_alloc+0x9c2/0x15a0 [ 174.762853][ T7178] vb2_core_reqbufs+0xc31/0x1420 [ 174.762910][ T7178] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 174.762943][ T7178] ? vb2_verify_memory_type+0x1fc/0x570 [ 174.762980][ T7178] ? vb2_reqbufs+0x3a9/0x630 [ 174.763024][ T7178] v4l2_m2m_ioctl_reqbufs+0x10d/0x200 [ 174.763056][ T7178] __video_do_ioctl+0xc98/0xdb0 [ 174.763091][ T7178] ? __pfx___video_do_ioctl+0x10/0x10 [ 174.763131][ T7178] video_usercopy+0x871/0x14f0 [ 174.763167][ T7178] ? __pfx___video_do_ioctl+0x10/0x10 [ 174.763190][ T7178] ? __pfx_video_usercopy+0x10/0x10 [ 174.763211][ T7178] ? smack_file_ioctl+0x2a9/0x340 [ 174.763266][ T7178] ? __fget_files+0x2a/0x420 [ 174.763295][ T7178] ? __fget_files+0x3a0/0x420 [ 174.763330][ T7178] v4l2_ioctl+0x18d/0x1e0 [ 174.763353][ T7178] ? __pfx_v4l2_ioctl+0x10/0x10 [ 174.763374][ T7178] __se_sys_ioctl+0xf9/0x170 [ 174.763401][ T7178] do_syscall_64+0xfa/0x3b0 [ 174.763435][ T7178] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.763468][ T7178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.763490][ T7178] ? clear_bhb_loop+0x60/0xb0 [ 174.763518][ T7178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.763540][ T7178] RIP: 0033:0x7fafea78e929 [ 174.763566][ T7178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.763584][ T7178] RSP: 002b:00007fafeb594038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.763607][ T7178] RAX: ffffffffffffffda RBX: 00007fafea9b5fa0 RCX: 00007fafea78e929 [ 174.763621][ T7178] RDX: 0000200000000240 RSI: 00000000c0145608 RDI: 0000000000000003 [ 174.763635][ T7178] RBP: 00007fafea810b39 R08: 0000000000000000 R09: 0000000000000000 [ 174.763648][ T7178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.763660][ T7178] R13: 0000000000000000 R14: 00007fafea9b5fa0 R15: 00007ffddd2e2288 [ 174.763692][ T7178] [ 175.105419][ T7178] Mem-Info: [ 175.109424][ T7178] active_anon:255 inactive_anon:21042 isolated_anon:0 [ 175.109424][ T7178] active_file:15507 inactive_file:38164 isolated_file:0 [ 175.109424][ T7178] unevictable:768 dirty:140 writeback:0 [ 175.109424][ T7178] slab_reclaimable:11290 slab_unreclaimable:96687 [ 175.109424][ T7178] mapped:29354 shmem:18213 pagetables:1095 [ 175.109424][ T7178] sec_pagetables:0 bounce:0 [ 175.109424][ T7178] kernel_misc_reclaimable:0 [ 175.109424][ T7178] free:1286698 free_pcp:19223 free_cma:0 [ 175.159111][ T7178] Node 0 active_anon:1024kB inactive_anon:84172kB active_file:61828kB inactive_file:152656kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117504kB dirty:568kB writeback:0kB shmem:71316kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11672kB pagetables:4340kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 175.195538][ T7178] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 175.252358][ T7178] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 175.352275][ T7178] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 175.362499][ T7178] Node 0 DMA32 free:1241632kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1020kB inactive_anon:84132kB active_file:60060kB inactive_file:152588kB unevictable:1536kB writepending:568kB present:3129332kB managed:2561484kB mlocked:0kB bounce:0kB free_pcp:43924kB local_pcp:22624kB free_cma:0kB [ 175.406937][ T7178] lowmem_reserve[]: 0 0 1 1 1 [ 175.420437][ T7178] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1768kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 175.468963][ T7178] lowmem_reserve[]: 0 0 0 0 0 [ 175.474182][ T7178] Node 1 Normal free:3891584kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32932kB local_pcp:9440kB free_cma:0kB [ 175.530525][ T7178] lowmem_reserve[]: 0 0 0 0 0 [ 175.564258][ T7178] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 175.599838][ T7178] Node 0 DMA32: 587*4kB (UME) 348*8kB (UME) 278*16kB (ME) 216*32kB (UM) 155*64kB (UM) 78*128kB (UME) 54*256kB (UME) 19*512kB (UME) 9*1024kB (ME) 4*2048kB (UM) 284*4096kB (M) = 1240620kB [ 175.620749][ T7220] syzkaller0: entered promiscuous mode [ 175.630256][ T7220] syzkaller0: entered allmulticast mode [ 175.665401][ T7178] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 175.704755][ T7178] Node 1 Normal: 185*4kB (UE) 46*8kB (UME) 36*16kB (UME) 89*32kB (UME) 20*64kB (UME) 4*128kB (UME) 1*256kB (U) 0*512kB 2*1024kB (UM) 2*2048kB (UM) 947*4096kB (ME) = 3891636kB [ 175.745562][ T7178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 175.772152][ T7178] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 175.787282][ T7178] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 175.826450][ T7178] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 175.839277][ T7178] 71880 total pagecache pages [ 175.844319][ T7178] 0 pages in swap cache [ 175.850018][ T7178] Free swap = 124996kB [ 175.855037][ T7178] Total swap = 124996kB [ 175.876315][ T7178] 2097051 pages RAM [ 175.880437][ T7178] 0 pages HighMem/MovableOnly [ 175.885513][ T7178] 424573 pages reserved [ 175.910975][ T7178] 0 pages cma reserved [ 175.916478][ T3502] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 176.092932][ T3502] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 176.103077][ T3502] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.122960][ T3502] usb 5-1: Product: syz [ 176.136846][ T3502] usb 5-1: Manufacturer: syz [ 176.146994][ T3502] usb 5-1: SerialNumber: syz [ 176.179168][ T3502] usb 5-1: config 0 descriptor?? [ 176.443664][ T7247] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 178.409863][ T3502] usb 5-1: f81604_read: reg: 200f failed: -EPROTO [ 178.429358][ T3502] usb 5-1: USB disconnect, device number 7 [ 178.558618][ T3502] usb 5-1: f81604_read: reg: 100f failed: -ENODEV [ 178.692145][ T3502] usb 5-1: f81604_read: reg: 200f failed: -ENODEV [ 178.794651][ T7298] netlink: 'syz.0.480': attribute type 10 has an invalid length. [ 178.841340][ T7298] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.874741][ T7298] bond0: (slave team0): Enslaving as an active interface with an up link [ 179.002976][ T7305] input: syz0 as /devices/virtual/input/input8 [ 179.227258][ T7318] ======================================================= [ 179.227258][ T7318] WARNING: The mand mount option has been deprecated and [ 179.227258][ T7318] and is ignored by this kernel. Remove the mand [ 179.227258][ T7318] option from the mount to silence this warning. [ 179.227258][ T7318] ======================================================= [ 180.061569][ T7343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.498'. [ 180.087747][ T7341] Bluetooth: Invalid esc byte 0x00 [ 180.109804][ T7343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.498'. [ 180.355403][ T7348] loop3: detected capacity change from 0 to 1 [ 180.390797][ T7348] Dev loop3: unable to read RDB block 1 [ 180.405162][ T7348] loop3: unable to read partition table [ 180.433444][ T7348] loop3: partition table beyond EOD, truncated [ 180.453727][ T7348] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 181.005434][ T7367] netlink: 'syz.1.507': attribute type 39 has an invalid length. [ 181.489035][ T7382] netlink: 'syz.2.513': attribute type 1 has an invalid length. [ 181.676020][ T7382] 8021q: adding VLAN 0 to HW filter on device bond2 [ 181.770346][ T7391] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 181.922899][ T7397] netlink: 16 bytes leftover after parsing attributes in process `syz.3.519'. [ 182.080411][ T7404] input: syz0 as /devices/virtual/input/input9 [ 182.566729][ T48] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 182.719097][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.770107][ T48] usb 2-1: config 0 has no interfaces? [ 182.777069][ T48] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 182.806837][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.830257][ T48] usb 2-1: config 0 descriptor?? [ 182.910046][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.076082][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.248598][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.333425][ T7426] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 183.429252][ T3502] usb 2-1: USB disconnect, device number 6 [ 183.674934][ T49] bridge_slave_1: left allmulticast mode [ 183.696503][ T49] bridge_slave_1: left promiscuous mode [ 183.707487][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.777028][ T49] bridge_slave_0: left allmulticast mode [ 183.782916][ T49] bridge_slave_0: left promiscuous mode [ 183.814054][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.231706][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 184.255237][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 184.269119][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 184.280079][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 184.296575][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 184.317464][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 184.327537][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 184.335739][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 184.356447][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 184.369272][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 184.376825][ T48] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 184.538885][ T48] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 184.556488][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.579834][ T48] usb 2-1: config 0 descriptor?? [ 184.591987][ T48] cp210x 2-1:0.0: cp210x converter detected [ 185.073558][ T48] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 185.119654][ T48] usb 2-1: cp210x converter now attached to ttyUSB0 [ 185.181244][ T7476] netlink: 8 bytes leftover after parsing attributes in process `syz.4.552'. [ 185.453995][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.468609][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.487059][ T49] bond0 (unregistering): (slave team0): Releasing backup interface [ 185.502246][ T49] bond0 (unregistering): Released all slaves [ 185.570669][ T48] usb 2-1: USB disconnect, device number 7 [ 185.601245][ T48] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 185.673554][ T48] cp210x 2-1:0.0: device disconnected [ 186.282700][ T7500] hub 9-0:1.0: USB hub found [ 186.321822][ T7500] hub 9-0:1.0: 1 port detected [ 186.329357][ T49] hsr_slave_0: left promiscuous mode [ 186.344296][ T49] hsr_slave_1: left promiscuous mode [ 186.364856][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.393467][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.421778][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.432033][ T5849] Bluetooth: hci4: command tx timeout [ 186.444332][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.518401][ T49] veth1_macvtap: left promiscuous mode [ 186.525012][ T49] veth0_macvtap: left promiscuous mode [ 186.537940][ T49] veth1_vlan: left promiscuous mode [ 186.543873][ T49] veth0_vlan: left promiscuous mode [ 187.942365][ T48] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 188.106510][ T48] usb 3-1: Using ep0 maxpacket: 16 [ 188.118478][ T48] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 188.128050][ T48] usb 3-1: config 0 has no interface number 0 [ 188.141673][ T48] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 188.164760][ T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.174029][ T48] usb 3-1: Product: syz [ 188.180265][ T48] usb 3-1: Manufacturer: syz [ 188.185298][ T48] usb 3-1: SerialNumber: syz [ 188.198977][ T48] usb 3-1: config 0 descriptor?? [ 188.208077][ T48] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 188.217457][ T7525] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.570'. [ 188.244716][ T49] team0 (unregistering): Port device team_slave_1 removed [ 188.305592][ T49] team0 (unregistering): Port device team_slave_0 removed [ 188.508379][ T5849] Bluetooth: hci4: command tx timeout [ 189.034834][ T7457] chnl_net:caif_netlink_parms(): no params data found [ 189.418242][ T7457] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.444264][ T7457] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.468282][ T7457] bridge_slave_0: entered allmulticast mode [ 189.492414][ T7457] bridge_slave_0: entered promiscuous mode [ 189.519880][ T7457] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.545413][ T7457] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.565454][ T7457] bridge_slave_1: entered allmulticast mode [ 189.575485][ T7557] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 189.595489][ T7457] bridge_slave_1: entered promiscuous mode [ 189.634680][ T48] gspca_spca1528: reg_w err -71 [ 189.640314][ T48] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 189.664821][ T7557] xt_bpf: check failed: parse error [ 189.680852][ T48] usb 3-1: USB disconnect, device number 6 [ 189.741241][ T7457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.762925][ T7457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.909183][ T7457] team0: Port device team_slave_0 added [ 189.926165][ T7457] team0: Port device team_slave_1 added [ 190.024001][ T7457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.042878][ T7457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.098052][ T7457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.113361][ T7457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.121704][ T7457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.197604][ T7457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.372431][ T7457] hsr_slave_0: entered promiscuous mode [ 190.402167][ T7457] hsr_slave_1: entered promiscuous mode [ 190.420457][ T7457] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.451830][ T7457] Cannot create hsr debugfs directory [ 190.586781][ T5849] Bluetooth: hci4: command tx timeout [ 191.065550][ T7457] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 191.093534][ T7457] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 191.118463][ T7457] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 191.178103][ T7457] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 191.489945][ T7457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.571031][ T7457] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.588644][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.596694][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.628702][ T7629] af_packet: tpacket_rcv: packet too big, clamped from 126 to 4294967286. macoff=82 [ 191.673254][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.681520][ T999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.691980][ T5919] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 191.832974][ T7634] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 191.856353][ T5919] usb 3-1: Using ep0 maxpacket: 16 [ 191.863842][ T5919] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 191.896383][ T5919] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 191.967331][ T5919] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 191.977756][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.986167][ T5919] usb 3-1: Product: syz [ 192.000170][ T5919] usb 3-1: Manufacturer: syz [ 192.010138][ T5919] usb 3-1: SerialNumber: syz [ 192.256039][ T5919] usb 3-1: 0:2 : does not exist [ 192.274887][ T5919] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 192.350564][ T5919] usb 3-1: USB disconnect, device number 7 [ 192.415000][ T7457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.438735][ T48] kernel read not supported for file /vga_arbiter (pid: 48 comm: kworker/1:1) [ 192.666576][ T5849] Bluetooth: hci4: command tx timeout [ 193.295849][ T7457] veth0_vlan: entered promiscuous mode [ 193.330291][ T7691] netlink: 'syz.1.633': attribute type 10 has an invalid length. [ 193.347226][ T7691] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.357635][ T7691] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.377805][ T7691] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.385747][ T7691] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.396453][ T7691] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.404077][ T7691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.417991][ T7691] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 193.443694][ T7457] veth1_vlan: entered promiscuous mode [ 193.513032][ T7457] veth0_macvtap: entered promiscuous mode [ 193.548020][ T7457] veth1_macvtap: entered promiscuous mode [ 193.566459][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 193.580529][ T7457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.622755][ T7457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.645056][ T7457] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.656050][ T7457] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.670801][ T7457] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.682993][ T7457] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.740591][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 193.752923][ T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 193.775834][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.830307][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.846602][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 193.876344][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.877401][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.885357][ T24] usb 3-1: Product: syz [ 193.906759][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.920569][ T24] usb 3-1: Manufacturer: syz [ 193.925321][ T24] usb 3-1: SerialNumber: syz [ 193.981892][ T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.995212][ T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.191575][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.199681][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.371274][ T24] usb 3-1: 0:2 : does not exist [ 194.999235][ T24] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 195.096784][ T24] usb 3-1: USB disconnect, device number 8 [ 195.245216][ T7737] all (unregistering): Released all slaves [ 196.086404][ T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 196.275639][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.304149][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.327374][ T24] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 196.357725][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.390177][ T24] usb 4-1: config 0 descriptor?? [ 196.806577][ T3502] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 196.845951][ T24] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0 [ 196.874288][ T24] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 196.990757][ T3502] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 197.023057][ T3502] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 197.031723][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.671'. [ 197.048212][ T24] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE [ 197.072516][ T3502] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 197.094622][ T3502] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.121693][ T7777] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 197.143795][ T3502] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 197.356071][ T7793] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'. [ 197.391876][ T5919] usb 6-1: USB disconnect, device number 2 [ 197.764943][ T7802] net_ratelimit: 3322 callbacks suppressed [ 197.764967][ T7802] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 197.874457][ T24] usb 4-1: USB disconnect, device number 6 [ 198.466616][ T5960] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 198.646511][ T5960] usb 6-1: Using ep0 maxpacket: 8 [ 198.653363][ T5960] usb 6-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 198.653398][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.653419][ T5960] usb 6-1: Product: syz [ 198.653433][ T5960] usb 6-1: Manufacturer: syz [ 198.653449][ T5960] usb 6-1: SerialNumber: syz [ 198.664993][ T5960] usb 6-1: config 0 descriptor?? [ 198.673213][ T5960] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 199.889205][ T5960] input: sonixj as /devices/platform/dummy_hcd.5/usb6/6-1/input/input10 [ 200.090125][ T24] usb 6-1: USB disconnect, device number 3 [ 200.211734][ T7879] tipc: Started in network mode [ 200.227158][ T7879] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 200.234616][ T7879] tipc: Enabled bearer , priority 0 [ 200.331577][ T3502] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 200.367835][ T3502] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 200.486625][ T7888] netlink: 24 bytes leftover after parsing attributes in process `syz.3.711'. [ 200.690275][ T7882] hid-generic 0000:0000:0000.0004: pid 7882 passed too large report [ 200.936689][ T977] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 201.131849][ T977] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 201.149566][ T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.166846][ T977] usb 4-1: config 0 descriptor?? [ 201.177228][ T977] cp210x 4-1:0.0: cp210x converter detected [ 201.379706][ T5919] tipc: Node number set to 11578026 [ 201.396466][ T3502] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 201.586509][ T3502] usb 3-1: Using ep0 maxpacket: 8 [ 201.600842][ T977] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 201.607490][ T3502] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 201.640456][ T3502] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.663810][ T3502] usb 3-1: Product: syz [ 201.676480][ T3502] usb 3-1: Manufacturer: syz [ 201.681350][ T3502] usb 3-1: SerialNumber: syz [ 201.708575][ T3502] usb 3-1: config 0 descriptor?? [ 201.745061][ T5919] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 201.765860][ T5919] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 201.821360][ T977] cp210x 4-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 201.830728][ T977] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 201.847000][ T977] usb 4-1: cp210x converter now attached to ttyUSB0 [ 201.879542][ T977] usb 4-1: USB disconnect, device number 7 [ 201.896911][ T977] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 201.905255][ T977] cp210x 4-1:0.0: device disconnected [ 201.927981][ T3502] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 202.211849][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 202.211870][ T30] audit: type=1326 audit(1749915692.817:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 202.239345][ C0] vkms_vblank_simulate: vblank timer overrun [ 202.314051][ T30] audit: type=1326 audit(1749915692.857:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 202.385080][ T3502] usb write operation failed. (-71) [ 202.408666][ T30] audit: type=1326 audit(1749915692.857:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 202.495026][ T3502] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 202.566868][ T30] audit: type=1326 audit(1749915692.867:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610698e929 code=0x7ffc0000 [ 202.598091][ T3502] dvbdev: DVB: registering new adapter (Terratec H7) [ 202.636334][ T3502] usb 3-1: media controller created [ 202.672827][ T3502] usb read operation failed. (-71) [ 202.686936][ T3502] usb write operation failed. (-71) [ 202.696854][ T30] audit: type=1326 audit(1749915692.867:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 202.756966][ T3502] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 202.812695][ T3502] usb 3-1: USB disconnect, device number 9 [ 202.826495][ T30] audit: type=1326 audit(1749915692.867:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610698e929 code=0x7ffc0000 [ 203.033598][ T30] audit: type=1326 audit(1749915692.867:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610698e929 code=0x7ffc0000 [ 203.055365][ C0] vkms_vblank_simulate: vblank timer overrun [ 203.153530][ T30] audit: type=1326 audit(1749915692.867:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 203.175297][ C0] vkms_vblank_simulate: vblank timer overrun [ 203.335167][ T30] audit: type=1326 audit(1749915692.867:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610698e929 code=0x7ffc0000 [ 203.357596][ C0] vkms_vblank_simulate: vblank timer overrun [ 203.378754][ T30] audit: type=1326 audit(1749915692.867:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7948 comm="syz.4.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f610692ab19 code=0x7ffc0000 [ 203.662332][ T7971] netlink: 52 bytes leftover after parsing attributes in process `syz.5.746'. [ 203.675995][ T7971] unsupported nlmsg_type 40 [ 203.907152][ T5841] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 203.948237][ T5919] libceph: connect (1)[c::]:6789 error -101 [ 203.963032][ T5919] libceph: mon0 (1)[c::]:6789 connect error [ 203.980475][ T5919] libceph: connect (1)[c::]:6789 error -101 [ 203.987600][ T5919] libceph: mon0 (1)[c::]:6789 connect error [ 204.080433][ T5841] usb 3-1: Using ep0 maxpacket: 32 [ 204.093825][ T5841] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.120164][ T5841] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 204.144122][ T5841] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 204.158248][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 204.176483][ T5841] usb 3-1: Product: syz [ 204.183503][ T5841] usb 3-1: Manufacturer: syz [ 204.206312][ T5841] usb 3-1: SerialNumber: syz [ 204.231153][ T5841] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input11 [ 204.248349][ T5919] libceph: connect (1)[c::]:6789 error -101 [ 204.259489][ T5919] libceph: mon0 (1)[c::]:6789 connect error [ 204.466965][ T5919] usb 3-1: USB disconnect, device number 10 [ 204.529380][ T5919] appletouch 3-1:1.0: input: appletouch disconnected [ 204.700031][ T7981] ceph: No mds server is up or the cluster is laggy [ 204.799430][ T977] libceph: connect (1)[c::]:6789 error -101 [ 204.808873][ T977] libceph: mon0 (1)[c::]:6789 connect error [ 205.271371][ T8026] bond_slave_1: entered promiscuous mode [ 205.280663][ T8026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.768'. [ 205.391754][ T8026] bond0: (slave bond_slave_1): Releasing backup interface [ 205.409022][ T8026] bond_slave_1 (unregistering): left promiscuous mode [ 206.102762][ T8065] netlink: 12 bytes leftover after parsing attributes in process `syz.4.783'. [ 206.268368][ T8072] netlink: 'syz.3.786': attribute type 1 has an invalid length. [ 206.348846][ T8077] bond1: (slave gretap1): making interface the new active one [ 206.358124][ T8077] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 206.365746][ T8075] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 206.598916][ T8087] 9pnet: p9_errstr2errno: server reported unknown error 18446744 [ 206.899315][ T8097] kvm: apic: phys broadcast and lowest prio [ 207.201071][ T8117] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 207.413283][ T8126] mmap: syz.4.808 (8126) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 208.407070][ T8158] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 208.407570][ T5841] IPVS: starting estimator thread 0... [ 208.506554][ T8164] IPVS: using max 23 ests per chain, 55200 per kthread [ 208.538458][ T8168] Invalid ELF header magic: != ELF [ 209.109103][ T8194] fuse: Bad value for 'fd' [ 209.228917][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 209.228937][ T30] audit: type=1326 audit(1749915699.837:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8196 comm="syz.5.835" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fca3858e929 code=0x0 [ 209.557332][ T8211] binder: 8210:8211 ioctl c0306201 200000000640 returned -22 [ 210.306302][ T5919] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 210.338916][ T30] audit: type=1800 audit(1749915700.947:103): pid=8232 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.850" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 210.478740][ T5919] usb 3-1: Using ep0 maxpacket: 32 [ 210.486686][ T5919] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 210.506459][ T5919] usb 3-1: config 0 has no interface number 0 [ 210.522741][ T5919] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 210.566309][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.591578][ T5919] usb 3-1: Product: syz [ 210.595845][ T5919] usb 3-1: Manufacturer: syz [ 210.624888][ T5919] usb 3-1: SerialNumber: syz [ 210.657858][ T5919] usb 3-1: config 0 descriptor?? [ 210.683869][ T5919] smsc95xx v2.0.0 [ 211.082484][ T5919] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 211.107445][ T977] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 211.128496][ T5919] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 211.298838][ T977] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 211.330545][ T977] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 211.376284][ T977] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 211.396830][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.420223][ T8244] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 211.432846][ T977] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 211.666820][ T5841] usb 2-1: USB disconnect, device number 8 [ 211.884420][ T977] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 211.970606][ T5919] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 212.003949][ T5919] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 212.026540][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 212.036804][ T5919] usb 3-1: USB disconnect, device number 11 [ 212.064127][ T977] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 212.084884][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.106436][ T977] usb 4-1: Product: syz [ 212.110680][ T977] usb 4-1: Manufacturer: syz [ 212.115407][ T977] usb 4-1: SerialNumber: syz [ 212.144788][ T8261] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 212.154465][ T977] usb 4-1: config 0 descriptor?? [ 212.169367][ T977] ch341 4-1:0.0: ch341-uart converter detected [ 212.196449][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 212.210970][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 212.241227][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 212.281415][ T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 212.303375][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.321965][ T24] usb 6-1: Product: syz [ 212.332389][ T24] usb 6-1: Manufacturer: syz [ 212.350425][ T24] usb 6-1: SerialNumber: syz [ 212.575837][ T24] usb 6-1: 0:2 : does not exist [ 212.594056][ T24] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 212.629615][ T24] usb 6-1: USB disconnect, device number 4 [ 212.696688][ T5841] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 212.860545][ T5841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.871987][ T5841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.882674][ T5841] usb 2-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00 [ 212.900324][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.919519][ T5841] usb 2-1: config 0 descriptor?? [ 213.019195][ T8284] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 213.208701][ T977] usb 4-1: ch341-uart converter now attached to ttyUSB0 [ 213.232066][ T8288] overlayfs: failed to clone upperpath [ 213.345800][ T5841] ntrig 0003:1B96:000F.0006: unknown main item tag 0x0 [ 213.368802][ T5841] ntrig 0003:1B96:000F.0006: hidraw0: USB HID v0.00 Device [HID 1b96:000f] on usb-dummy_hcd.1-1/input0 [ 213.432313][ T977] usb 4-1: USB disconnect, device number 8 [ 213.447482][ T977] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 213.461876][ T977] ch341 4-1:0.0: device disconnected [ 213.551425][ T5841] ntrig 0003:1B96:000F.0006: Firmware version: 5.10.12.37.6 (a9eb a68c) [ 213.772544][ T5919] usb 2-1: USB disconnect, device number 9 [ 215.591383][ T8356] netlink: 'syz.3.904': attribute type 10 has an invalid length. [ 215.641117][ T8360] netlink: 28 bytes leftover after parsing attributes in process `syz.4.906'. [ 215.651139][ T8360] netlink: 'syz.4.906': attribute type 7 has an invalid length. [ 215.653130][ T8356] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 215.660884][ T8360] netlink: 'syz.4.906': attribute type 8 has an invalid length. [ 215.731927][ T8360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.906'. [ 217.016733][ T5896] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 217.186431][ T5896] usb 2-1: Using ep0 maxpacket: 32 [ 217.194948][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.211375][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.222999][ T5896] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 217.276293][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.293879][ T5896] usb 2-1: config 0 descriptor?? [ 217.306774][ T5896] hub 2-1:0.0: USB hub found [ 217.518918][ T5896] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 217.749941][ T5896] hid-generic 0003:046D:C31C.0007: item fetching failed at offset 0/1 [ 217.768083][ T5896] hid-generic 0003:046D:C31C.0007: probe with driver hid-generic failed with error -22 [ 218.067203][ T48] usb 2-1: USB disconnect, device number 10 [ 218.244184][ T8428] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 218.439853][ T8437] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 218.447485][ T8437] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 218.639949][ T8445] vlan2: entered promiscuous mode [ 218.652899][ T8448] ptrace attach of "./syz-executor exec"[7457] was attempted by "\x09   syzkaller0"[8448] [ 218.700222][ T8445] bridge0: entered promiscuous mode [ 218.705716][ T8445] vlan2: entered allmulticast mode [ 218.741268][ T8445] bridge0: entered allmulticast mode [ 218.882485][ T8452] bridge_slave_0: left allmulticast mode [ 218.908959][ T8452] bridge_slave_0: left promiscuous mode [ 218.915261][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.938951][ T8452] bridge_slave_1: left allmulticast mode [ 218.946717][ T8452] bridge_slave_1: left promiscuous mode [ 218.956144][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.004849][ T8452] bond0: (slave bond_slave_0): Releasing backup interface [ 219.067640][ T8452] bond0: (slave bond_slave_1): Releasing backup interface [ 219.161897][ T8452] team0: Port device team_slave_0 removed [ 219.215186][ T8452] team0: Port device team_slave_1 removed [ 219.239294][ T8452] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.262204][ T8452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.282775][ T8452] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 219.296676][ T8452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 219.351240][ T8452] bond1: (slave ip6gre1): Releasing backup interface [ 219.371893][ T8452] ip6gre1: left promiscuous mode [ 219.413121][ T12] tipc: Resetting bearer [ 220.009271][ T8487] netlink: 4 bytes leftover after parsing attributes in process `syz.5.954'. [ 220.463373][ T8502] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 220.621657][ T8487] team0 (unregistering): Port device team_slave_0 removed [ 220.655643][ T8511] netlink: 8 bytes leftover after parsing attributes in process `syz.1.963'. [ 220.662928][ T8487] team0 (unregistering): Port device team_slave_1 removed [ 220.812687][ T8515] netlink: 24 bytes leftover after parsing attributes in process `syz.3.967'. [ 221.176352][ T48] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 221.246961][ T5919] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 221.331850][ T48] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 221.341620][ T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.352465][ T48] usb 4-1: Product: syz [ 221.358228][ T48] usb 4-1: Manufacturer: syz [ 221.363352][ T48] usb 4-1: SerialNumber: syz [ 221.380345][ T48] usb 4-1: config 0 descriptor?? [ 221.397124][ T48] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 221.413583][ T5919] usb 2-1: config 0 has an invalid interface number: 47 but max is 0 [ 221.432421][ T5919] usb 2-1: config 0 has no interface number 0 [ 221.446326][ T5919] usb 2-1: config 0 interface 47 has no altsetting 0 [ 221.459681][ T5919] usb 2-1: New USB device found, idVendor=7d15, idProduct=31b2, bcdDevice=57.4b [ 221.476748][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.488985][ T5919] usb 2-1: config 0 descriptor?? [ 221.498224][ T5919] usb-storage 2-1:0.47: USB Mass Storage device detected [ 221.607135][ T8536] overlayfs: failed to clone upperpath [ 221.803011][ T24] usb 2-1: USB disconnect, device number 11 [ 222.608290][ T48] gspca_sunplus: reg_r err -71 [ 222.613697][ T48] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 222.633331][ T48] usb 4-1: USB disconnect, device number 9 [ 222.846745][ T5919] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 223.028502][ T5919] usb 2-1: config 0 has an invalid interface number: 93 but max is 0 [ 223.047764][ T5919] usb 2-1: config 0 has no interface number 0 [ 223.080895][ T5919] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 223.101077][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.126263][ T5919] usb 2-1: Product: syz [ 223.134732][ T5919] usb 2-1: Manufacturer: syz [ 223.147178][ T5919] usb 2-1: SerialNumber: syz [ 223.167556][ T5919] usb 2-1: config 0 descriptor?? [ 223.426856][ T5919] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 223.460101][ T5919] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 223.499722][ T5919] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 223.521458][ T5919] usb 2-1: media controller created [ 223.553989][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 223.616474][ T48] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 223.762718][ T5919] DVB: Unable to find symbol dib7000p_attach() [ 223.774969][ T5919] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 223.795573][ T5919] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 223.808281][ T5919] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 223.828484][ T5919] usb 2-1: media controller created [ 223.828754][ T48] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 223.847406][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 223.876414][ T48] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 223.897121][ T5919] dib0700: the master dib7090 has to be initialized first [ 223.904344][ T5919] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 223.920630][ T48] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 223.941387][ T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 223.975830][ T48] usb 4-1: SerialNumber: syz [ 224.080720][ T5919] rc_core: IR keymap rc-dib0700-rc5 not found [ 224.087944][ T5919] Registered IR keymap rc-empty [ 224.102624][ T5919] dvb-usb: could not initialize remote control. [ 224.120449][ T5919] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 224.164444][ T5919] usb 2-1: USB disconnect, device number 12 [ 224.245922][ T48] usb 4-1: 0:2 : does not exist [ 224.303856][ T48] usb 4-1: USB disconnect, device number 10 [ 224.378561][ T5919] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 225.131911][ T8609] netlink: 'syz.2.1003': attribute type 10 has an invalid length. [ 225.140111][ T8609] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1003'. [ 225.257205][ T8609] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 225.311628][ T8609] team0: Failed to send options change via netlink (err -105) [ 225.375272][ T8609] team0: Port device geneve0 added [ 225.636936][ T8626] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1010'. [ 225.773865][ T8629] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 226.149161][ T8645] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1017'. [ 226.658773][ T5841] libceph: connect (1)[c::]:6789 error -101 [ 226.665083][ T5841] libceph: mon0 (1)[c::]:6789 connect error [ 226.678210][ T8660] ceph: No mds server is up or the cluster is laggy [ 226.699545][ T48] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 226.857086][ T48] usb 4-1: Using ep0 maxpacket: 16 [ 226.879054][ T48] usb 4-1: New USB device found, idVendor=10b9, idProduct=8000, bcdDevice=c0.fa [ 226.916681][ T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.924778][ T48] usb 4-1: Product: syz [ 226.954984][ T48] usb 4-1: Manufacturer: syz [ 226.975526][ T48] usb 4-1: SerialNumber: syz [ 227.011196][ T48] usb 4-1: config 0 descriptor?? [ 227.518977][ T48] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 227.534041][ T48] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 227.548348][ T48] usb 4-1: USB disconnect, device number 11 [ 227.954572][ T8680] netlink: 'syz.1.1030': attribute type 5 has an invalid length. [ 228.002237][ T8680] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1030'. [ 228.943417][ T8714] fuse: Bad value for 'fd' [ 229.383175][ T8733] tipc: Started in network mode [ 229.393007][ T8733] tipc: Node identity 5f4144434241ac00403a, cluster identity 4711 [ 229.553294][ T8745] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1060'. [ 230.110876][ T8761] kvm: Disabled LAPIC found during irq injection [ 230.584149][ T8782] overlayfs: failed to clone upperpath [ 232.045625][ T8831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1096'. [ 233.173772][ T8876] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 234.700461][ T8901] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1119'. [ 235.204861][ T8905] overlayfs: failed to clone upperpath [ 235.633727][ T8926] netlink: 'syz.5.1130': attribute type 1 has an invalid length. [ 235.757515][ T8930] bond1: (slave gretap1): making interface the new active one [ 235.801785][ T8930] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 235.904926][ T8930] syz.5.1130 (8930) used greatest stack depth: 20040 bytes left [ 236.019879][ T8940] bridge: RTM_NEWNEIGH with invalid ether address [ 237.087887][ T30] audit: type=1326 audit(1749915727.697:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8970 comm="syz.5.1150" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fca3858e929 code=0x0 [ 238.433842][ T3502] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 238.627611][ T3502] usb 6-1: Using ep0 maxpacket: 8 [ 238.650570][ T3502] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 238.687443][ T3502] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 238.719786][ T3502] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 238.743427][ T3502] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 238.768718][ T3502] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 238.803663][ T3502] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 238.901191][ T3502] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.914524][ T3502] usb 6-1: config 0 descriptor?? [ 238.934521][ T5849] Bluetooth: hci5: urb ffff888034b9d900 submission failed (90) [ 239.227000][ T977] usb 6-1: USB disconnect, device number 5 [ 240.795418][ T5960] kernel write not supported for file [eventfd] (pid: 5960 comm: kworker/0:7) [ 240.897304][ T9036] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1172'. [ 240.949905][ T9036] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1172'. [ 243.287612][ T9077] nbd5: detected capacity change from 0 to 12 [ 243.297238][ T9079] block nbd5: NBD_DISCONNECT [ 243.315038][ T9079] block nbd5: Send disconnect failed -89 [ 243.345746][ T9084] block nbd5: Send control failed (result -89) [ 243.359332][ T9084] block nbd5: Request send failed, requeueing [ 243.372542][ T9084] block nbd5: Disconnected due to user request. [ 243.385363][ T11] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.396879][ T11] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.408121][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.417959][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.427241][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.436871][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.445301][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.455883][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.464644][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.474892][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.484240][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.496667][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.507962][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.533674][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.543660][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.571045][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.583619][ T9084] ldm_validate_partition_table(): Disk read failed. [ 243.594022][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.606033][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.619263][ T9084] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 243.630833][ T9084] Buffer I/O error on dev nbd5, logical block 0, async page read [ 243.644103][ T9084] Dev nbd5: unable to read RDB block 0 [ 243.655990][ T9094] tipc: Resetting bearer [ 243.683840][ T9084] nbd5: unable to read partition table [ 243.692168][ T9084] nbd5: partition table beyond EOD, truncated [ 244.136765][ T5841] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 244.300428][ T3502] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 244.326394][ T5841] usb 2-1: Using ep0 maxpacket: 8 [ 244.335086][ T5841] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 244.354535][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.405835][ T5841] usb 2-1: config 0 descriptor?? [ 244.487819][ T3502] usb 6-1: Using ep0 maxpacket: 32 [ 244.523862][ T3502] usb 6-1: unable to get BOS descriptor or descriptor too short [ 244.578942][ T3502] usb 6-1: config 20 has an invalid interface number: 100 but max is 0 [ 244.607780][ T3502] usb 6-1: config 20 has no interface number 0 [ 244.614123][ T3502] usb 6-1: config 20 interface 100 has no altsetting 0 [ 244.667476][ T3502] usb 6-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=53.13 [ 244.706277][ T3502] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.735025][ T3502] usb 6-1: Product: syz [ 244.758587][ T3502] usb 6-1: Manufacturer: syz [ 244.768102][ T3502] usb 6-1: SerialNumber: syz [ 244.998862][ T3502] ftdi_sio 6-1:20.100: FTDI USB Serial Device converter detected [ 245.020589][ T3502] ftdi_sio ttyUSB0: unknown device type: 0x5313 [ 245.040147][ T3502] usb 6-1: USB disconnect, device number 6 [ 245.056152][ T3502] ftdi_sio 6-1:20.100: device disconnected [ 245.412895][ T9151] syz_tun: entered allmulticast mode [ 245.442851][ T9150] syz_tun: left allmulticast mode [ 246.061200][ T5841] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 246.087182][ T5841] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 246.111435][ T5841] asix 2-1:0.0: probe with driver asix failed with error -71 [ 246.179956][ T9179] overlayfs: failed to clone upperpath [ 246.181953][ T5841] usb 2-1: USB disconnect, device number 13 [ 246.871293][ T9210] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1243'. [ 246.883088][ T9206] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 246.902835][ T9206] overlayfs: failed to set xattr on upper [ 246.919833][ T9206] overlayfs: ...falling back to redirect_dir=nofollow. [ 246.940445][ T9206] overlayfs: ...falling back to uuid=null. [ 247.273954][ T9225] netlink: 'syz.1.1252': attribute type 4 has an invalid length. [ 247.318473][ T9227] netlink: 'syz.4.1254': attribute type 12 has an invalid length. [ 247.347805][ T9229] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1253'. [ 247.378295][ T9229] bond0: invalid ARP target 0.0.0.0 specified for addition [ 247.393311][ T9229] bond0: option arp_ip_target: invalid value (0) [ 247.539526][ T9235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1257'. [ 247.841199][ T9245] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1260'. [ 247.945523][ T9250] overlayfs: failed to clone upperpath [ 248.114090][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1260'. [ 248.560865][ T9267] netlink: 'syz.1.1270': attribute type 6 has an invalid length. [ 249.301280][ T9293] 9pnet_fd: Insufficient options for proto=fd [ 249.844343][ T9307] overlayfs: failed to clone upperpath [ 250.259337][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.274318][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.282976][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.294960][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.303146][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.316644][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.327017][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.345714][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.355888][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.366493][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 250.493293][ T9320] macvlan2: entered allmulticast mode [ 250.529365][ T9320] bond0: entered allmulticast mode [ 250.555470][ T9320] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 250.610537][ T9320] team0: Port device macvlan2 added [ 250.800972][ T9336] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1296'. [ 250.857473][ T3502] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 250.897984][ T3502] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 251.561713][ T9364] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 251.716380][ T5960] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 251.754271][ T9372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1311'. [ 251.896518][ T5960] usb 6-1: Using ep0 maxpacket: 8 [ 251.917334][ T5960] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 251.935028][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.943413][ T5960] usb 6-1: Product: syz [ 251.953535][ T5960] usb 6-1: Manufacturer: syz [ 251.958949][ T5960] usb 6-1: SerialNumber: syz [ 251.968258][ T5960] usb 6-1: config 0 descriptor?? [ 251.994212][ T5960] gspca_main: sq930x-2.14.0 probing 2770:930c [ 252.200040][ T5960] gspca_sq930x: reg_r 001f failed -71 [ 252.211370][ T5960] sq930x 6-1:0.0: probe with driver sq930x failed with error -71 [ 252.230669][ T5960] usb 6-1: USB disconnect, device number 7 [ 252.498596][ T9381] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 252.546703][ T9381] overlayfs: failed to set xattr on upper [ 252.557622][ T9381] overlayfs: ...falling back to redirect_dir=nofollow. [ 252.578293][ T9381] overlayfs: ...falling back to uuid=null. [ 255.636431][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.643112][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.838744][ T9540] netlink: 'syz.5.1373': attribute type 12 has an invalid length. [ 259.886133][ T9540] netlink: 'syz.5.1373': attribute type 29 has an invalid length. [ 259.928325][ T9540] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1373'. [ 259.943975][ T9540] netlink: 'syz.5.1373': attribute type 1 has an invalid length. [ 259.971978][ T9540] netlink: 'syz.5.1373': attribute type 2 has an invalid length. [ 259.983180][ T9540] netlink: 39 bytes leftover after parsing attributes in process `syz.5.1373'. [ 260.216865][ T5841] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 260.397750][ T5841] usb 3-1: Using ep0 maxpacket: 8 [ 260.438481][ T5841] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 260.456097][ T5841] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.472029][ T5841] usb 3-1: config 0 has no interfaces? [ 260.496403][ T5841] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 260.526511][ T5841] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.563565][ T5841] usb 3-1: config 0 descriptor?? [ 260.803951][ T24] usb 3-1: USB disconnect, device number 12 [ 261.094220][ T9593] tipc: Resetting bearer [ 261.193139][ T9593] net_ratelimit: 22 callbacks suppressed [ 261.193164][ T9593] A link change request failed with some changes committed already. Interface macvlan2 may have been left with an inconsistent configuration, please check. [ 263.396834][ T9648] fuse: Bad value for 'fd' [ 263.906801][ T30] audit: type=1326 audit(1749915754.497:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68c5d2ab19 code=0x7ffc0000 [ 263.992056][ T30] audit: type=1326 audit(1749915754.497:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 264.095307][ T30] audit: type=1326 audit(1749915754.497:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 264.116942][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.137086][ T30] audit: type=1326 audit(1749915754.497:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68c5d2ab19 code=0x7ffc0000 [ 264.172066][ T30] audit: type=1326 audit(1749915754.497:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 264.388575][ T30] audit: type=1326 audit(1749915754.497:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68c5d2ab19 code=0x7ffc0000 [ 264.418775][ T30] audit: type=1326 audit(1749915754.497:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68c5d2ab19 code=0x7ffc0000 [ 264.442399][ T9665] tipc: Failed to remove unknown binding: 66,1,1/11578026:2135710634/2135710636 [ 264.476578][ T30] audit: type=1326 audit(1749915754.497:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 264.500248][ T30] audit: type=1326 audit(1749915754.497:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68c5d2ab19 code=0x7ffc0000 [ 264.528872][ T30] audit: type=1326 audit(1749915754.497:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.2.1417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 264.550381][ C0] vkms_vblank_simulate: vblank timer overrun [ 266.379813][ T9707] input: syz0 as /devices/virtual/input/input13 [ 266.466949][ T9710] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1437'. [ 267.074115][ T9728] 9pnet: p9_errstr2errno: server reported unknown error @΂(@ [ 267.622244][ T9745] ref_ctr_offset mismatch. inode: 0x2c9 offset: 0x0 ref_ctr_offset(old): 0x3070 ref_ctr_offset(new): 0x0 [ 267.645436][ T9752] 9pnet_fd: Insufficient options for proto=fd [ 268.205242][ T9770] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1463'. [ 268.243285][ T9770] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1463'. [ 271.674657][ T9860] bridge0: entered promiscuous mode [ 271.696569][ T9860] macsec1: entered promiscuous mode [ 271.718389][ T9860] bridge0: port 3(macsec1) entered blocking state [ 271.739396][ T9860] bridge0: port 3(macsec1) entered disabled state [ 271.752830][ T9860] macsec1: entered allmulticast mode [ 271.765860][ T9860] bridge0: entered allmulticast mode [ 271.871579][ T9860] macsec1: left allmulticast mode [ 271.898041][ T9860] bridge0: left allmulticast mode [ 271.930601][ T9860] bridge0: left promiscuous mode [ 272.692647][ T9880] overlayfs: failed to clone upperpath [ 273.204286][ T9897] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1516'. [ 274.004750][ T9923] sctp: [Deprecated]: syz.5.1525 (pid 9923) Use of int in max_burst socket option deprecated. [ 274.004750][ T9923] Use struct sctp_assoc_value instead [ 274.641628][ T9947] hsr0: entered promiscuous mode [ 274.794435][ T9952] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1534'. [ 275.956332][ T5960] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 275.978491][ T30] kauditd_printk_skb: 244 callbacks suppressed [ 275.978514][ T30] audit: type=1800 audit(1749915766.577:359): pid=9987 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1547" name="bus" dev="tmpfs" ino=834 res=0 errno=0 [ 276.116677][ T5960] usb 3-1: device descriptor read/64, error -71 [ 276.366255][ T5960] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 276.519818][ T5960] usb 3-1: device descriptor read/64, error -71 [ 276.656948][ T5960] usb usb3-port1: attempt power cycle [ 276.989352][T10028] netlink: 'syz.3.1565': attribute type 4 has an invalid length. [ 277.026278][ T5960] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 277.090371][T10028] netlink: 'syz.3.1565': attribute type 4 has an invalid length. [ 277.127535][ T5960] usb 3-1: device descriptor read/8, error -71 [ 277.376272][ T5960] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 277.410738][ T5960] usb 3-1: device descriptor read/8, error -71 [ 277.537542][ T5960] usb usb3-port1: unable to enumerate USB device [ 277.822136][T10050] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1574'. [ 277.862183][T10048] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 278.982177][T10078] ubi31: attaching mtd0 [ 279.059189][T10078] ubi31: scanning is finished [ 279.066016][T10078] ubi31: empty MTD device detected [ 279.652323][T10078] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 279.662255][T10078] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 279.679008][T10078] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 279.686142][T10078] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 279.770238][T10078] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 279.830488][T10078] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 279.841069][T10078] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2880966474 [ 279.879320][T10078] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 279.926357][T10080] ubi31: background thread "ubi_bgt31d" started, PID 10080 [ 279.976291][ T24] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 280.203467][ T24] usb 6-1: config 1 interface 0 has no altsetting 0 [ 280.266603][ T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 280.275745][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.332714][ T24] usb 6-1: Product: syz [ 280.356636][ T24] usb 6-1: Manufacturer: syz [ 280.361325][ T24] usb 6-1: SerialNumber: syz [ 280.652535][T10111] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1598'. [ 281.005627][ T24] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 281.096448][ T977] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 281.149254][T10124] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1604'. [ 281.261942][ T977] usb 3-1: Using ep0 maxpacket: 16 [ 281.273845][ T977] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 281.299266][ T977] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 281.315625][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.324803][ T977] usb 3-1: Product: syz [ 281.329579][ T977] usb 3-1: Manufacturer: syz [ 281.334327][ T977] usb 3-1: SerialNumber: syz [ 281.342207][ T977] usb 3-1: config 0 descriptor?? [ 281.352671][ T977] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 281.362280][ T977] usb 3-1: Detected FT232R [ 282.474966][ T977] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 282.608988][T10143] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1612'. [ 282.689406][ T977] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 282.726575][ T5960] usb 6-1: USB disconnect, device number 8 [ 282.748293][ T5960] usblp0: removed [ 282.805683][T10152] tipc: Started in network mode [ 282.814525][T10152] tipc: Node identity 7f000001, cluster identity 4711 [ 282.824379][T10152] tipc: Enabled bearer , priority 10 [ 282.905690][ T977] usb 3-1: USB disconnect, device number 17 [ 282.919967][ T30] audit: type=1326 audit(1749915773.527:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10157 comm="syz.3.1617" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8eccb8e929 code=0x0 [ 282.943712][ T977] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 282.954904][ T977] ftdi_sio 3-1:0.0: device disconnected [ 283.816538][ T5960] tipc: Node number set to 2130706433 [ 284.279203][T10187] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1629'. [ 285.686680][ T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 285.882238][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.898660][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.935061][ T24] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 285.946582][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.959367][ T24] usb 3-1: config 0 descriptor?? [ 286.390642][ T24] sony 0003:054C:024B.0009: unexpected long global item [ 286.414767][ T24] sony 0003:054C:024B.0009: parse failed [ 286.425627][ T24] sony 0003:054C:024B.0009: probe with driver sony failed with error -22 [ 286.466819][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1639'. [ 286.624578][ T5960] usb 3-1: USB disconnect, device number 18 [ 286.732373][T10223] overlayfs: failed to clone upperpath [ 286.786913][ T30] audit: type=1804 audit(1749915777.387:361): pid=10225 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1644" name="file1" dev="ramfs" ino=29666 res=1 errno=0 [ 287.225244][ T30] audit: type=1326 audit(1749915777.827:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.3.1654" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8eccb8e929 code=0x0 [ 288.051132][T10273] batadv_slave_0: entered promiscuous mode [ 288.893815][T10271] batadv_slave_0: left promiscuous mode [ 289.008876][T10285] overlayfs: failed to clone lowerpath [ 289.028700][T10285] overlayfs: failed to clone lowerpath [ 289.237054][T10295] netlink: 'syz.2.1674': attribute type 4 has an invalid length. [ 289.298912][T10298] netlink: 'syz.2.1674': attribute type 4 has an invalid length. [ 289.727305][T10315] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1683'. [ 290.903627][T10339] overlayfs: failed to clone upperpath [ 291.034535][T10342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1694'. [ 291.651026][ T3502] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 291.847536][ T3502] usb 6-1: Using ep0 maxpacket: 8 [ 291.865200][ T3502] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 291.879326][ T3502] usb 6-1: config 0 has no interface number 0 [ 291.895805][ T3502] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 291.916923][ T3502] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 291.926800][ T3502] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.939065][ T3502] usb 6-1: config 0 descriptor?? [ 291.966825][ T3502] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 292.667457][ T5919] usb 6-1: USB disconnect, device number 9 [ 292.809745][T10381] xt_hashlimit: size too large, truncated to 1048576 [ 295.867477][T10422] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1723'. [ 295.911617][T10424] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1724'. [ 296.099499][T10429] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1725'. [ 296.681484][T10446] capability: warning: `syz.4.1732' uses 32-bit capabilities (legacy support in use) [ 297.036521][ T5841] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 297.197434][ T5841] usb 3-1: Using ep0 maxpacket: 16 [ 297.211847][ T5841] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 297.243431][ T5841] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 297.280384][ T5841] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 297.300020][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.325628][ T5841] usb 3-1: Product: syz [ 297.330291][ T5841] usb 3-1: Manufacturer: syz [ 297.334943][ T5841] usb 3-1: SerialNumber: syz [ 297.359476][ T5841] usb 3-1: config 0 descriptor?? [ 297.379708][ T5841] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 297.396533][ T5841] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 297.845496][T10481] overlayfs: failed to clone upperpath [ 297.991381][ T5841] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 298.001492][ T5841] em28xx 3-1:0.0: Config register raw data: 0x2f [ 298.012679][ T5841] em28xx 3-1:0.0: I2S Audio (1 sample rate(s)) [ 298.026430][ T5841] em28xx 3-1:0.0: No AC97 audio processor [ 298.687928][T10503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1754'. [ 298.698235][T10503] netlink: 'syz.3.1754': attribute type 15 has an invalid length. [ 298.708132][T10503] netlink: 'syz.3.1754': attribute type 18 has an invalid length. [ 298.727115][T10503] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.735874][T10503] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.745252][T10503] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.754153][T10503] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 298.767120][T10503] vxlan0: entered promiscuous mode [ 298.808183][ T5841] usb 3-1: USB disconnect, device number 19 [ 299.574403][T10517] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1761'. [ 300.637431][T10548] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1774'. [ 300.666997][T10548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1774'. [ 300.736879][T10551] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 300.744417][T10551] overlayfs: failed to set xattr on upper [ 300.754818][T10551] overlayfs: ...falling back to redirect_dir=nofollow. [ 300.762217][T10551] overlayfs: ...falling back to index=off. [ 301.368609][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1783'. [ 302.205696][ T30] audit: type=1326 audit(1749915792.807:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10568 comm="syz.1.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafea78e929 code=0x7fc00000 [ 303.035317][ T30] audit: type=1326 audit(1749915793.627:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca3858e929 code=0x7ffc0000 [ 303.146316][ T30] audit: type=1326 audit(1749915793.627:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca3852ab19 code=0x7ffc0000 [ 303.265139][ T30] audit: type=1326 audit(1749915793.627:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca3852ab19 code=0x7ffc0000 [ 303.380241][ T30] audit: type=1326 audit(1749915793.627:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca3858e929 code=0x7ffc0000 [ 303.482259][ T30] audit: type=1326 audit(1749915793.627:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca3852ab19 code=0x7ffc0000 [ 303.582403][ T30] audit: type=1326 audit(1749915793.627:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca3852ab19 code=0x7ffc0000 [ 303.715085][ T30] audit: type=1326 audit(1749915793.627:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca3858e929 code=0x7ffc0000 [ 303.904159][ T30] audit: type=1326 audit(1749915793.627:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca3858e929 code=0x7ffc0000 [ 304.028428][ T30] audit: type=1326 audit(1749915793.627:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10617 comm="syz.5.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fca3852ab19 code=0x7ffc0000 [ 304.069603][T10644] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1809'. [ 304.431098][T10653] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.1812'. [ 304.482707][T10653] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.1812'. [ 304.507847][T10653] netlink: 584 bytes leftover after parsing attributes in process `syz.5.1812'. [ 304.733283][T10664] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 304.742788][ T5919] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 304.919139][ T5919] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.935960][ T5919] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 304.947533][ T5919] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 304.957286][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 304.965438][ T5919] usb 6-1: SerialNumber: syz [ 305.184849][ T5919] usb 6-1: 0:2 : does not exist [ 305.190506][ T5919] usb 6-1: unit 255 not found! [ 305.200383][ T5919] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5) [ 305.224788][ T5919] usb 6-1: 5:0: cannot get min/max values for control 4 (id 5) [ 305.266554][ T5919] usb 6-1: USB disconnect, device number 10 [ 305.458987][T10692] tipc: Failed to remove unknown binding: 66,1,1/11578026:2358813403/2358813405 [ 305.472298][T10692] tipc: Failed to remove unknown binding: 66,1,1/11578026:2358813403/2358813405 [ 305.481719][T10692] tipc: Failed to remove unknown binding: 66,1,1/11578026:2358813403/2358813405 [ 305.883253][T10709] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000007 [ 306.261955][T10724] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1840'. [ 307.181125][T10759] xt_hashlimit: size too large, truncated to 1048576 [ 307.349163][T10765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1851'. [ 308.049407][T10776] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1857'. [ 308.643711][T10788] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1861'. [ 308.817763][T10792] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1863'. [ 308.906570][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 309.530093][T10816] netlink: 'syz.5.1873': attribute type 12 has an invalid length. [ 309.542658][T10816] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1873'. [ 309.827529][T10829] overlayfs: failed to clone upperpath [ 310.969922][T10856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1886'. [ 313.192391][T10914] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1914'. [ 313.356338][ T977] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 313.516288][ T977] usb 6-1: Using ep0 maxpacket: 32 [ 313.523906][ T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.542057][ T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.570359][ T977] usb 6-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 313.592978][ T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.616047][ T977] usb 6-1: config 0 descriptor?? [ 313.850001][ T30] kauditd_printk_skb: 189 callbacks suppressed [ 313.850021][ T30] audit: type=1326 audit(1749915804.457:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.1.1920" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafea78e929 code=0x0 [ 313.960842][T10932] overlayfs: failed to clone upperpath [ 314.042382][ T977] aquacomputer_d5next 0003:0C70:F0B6.000A: unknown main item tag 0x0 [ 314.066636][ T977] aquacomputer_d5next 0003:0C70:F0B6.000A: unknown main item tag 0x0 [ 314.087758][ T977] aquacomputer_d5next 0003:0C70:F0B6.000A: unknown main item tag 0x0 [ 314.097208][T10937] syzkaller1: entered promiscuous mode [ 314.115979][ T977] aquacomputer_d5next 0003:0C70:F0B6.000A: hidraw0: USB HID vff.fc Device [HID 0c70:f0b6] on usb-dummy_hcd.5-1/input0 [ 314.131224][T10937] syzkaller1: entered allmulticast mode [ 314.253114][ T977] usb 6-1: USB disconnect, device number 11 [ 314.553902][ T30] audit: type=1326 audit(1749915805.157:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10947 comm="syz.2.1928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 314.671270][ T30] audit: type=1326 audit(1749915805.157:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10947 comm="syz.2.1928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 314.698786][ T30] audit: type=1326 audit(1749915805.287:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10947 comm="syz.2.1928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 314.727152][ T30] audit: type=1326 audit(1749915805.287:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10947 comm="syz.2.1928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 314.753750][ T30] audit: type=1326 audit(1749915805.287:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10947 comm="syz.2.1928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c5d8e929 code=0x7ffc0000 [ 314.964925][T10959] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1932'. [ 315.116544][ T977] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 315.409051][ T977] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 315.427603][ T977] usb 3-1: config 1 interface 0 has no altsetting 0 [ 315.437812][ T977] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 315.447589][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.455783][ T977] usb 3-1: Product: syz [ 315.460137][ T977] usb 3-1: Manufacturer: syz [ 315.464799][ T977] usb 3-1: SerialNumber: syz [ 315.685303][ T977] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input14 [ 315.716055][ T977] usb 3-1: USB disconnect, device number 20 [ 315.722143][ C0] pxrc 3-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 315.731485][ T5178] pxrc 3-1:1.0: pxrc_open - usb_submit_urb failed, error: -19 [ 316.091388][ T30] audit: type=1326 audit(1749915806.697:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10987 comm="syz.1.1944" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafea78e929 code=0x0 [ 316.213219][T10991] netlink: 'syz.1.1944': attribute type 39 has an invalid length. [ 317.072209][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.078872][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.122167][T11021] kvm: MONITOR instruction emulated as NOP! [ 317.193711][T11026] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1960'. [ 317.390736][T11030] sch_tbf: burst 511 is lower than device veth7 mtu (1514) ! [ 318.008588][T11052] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1968'. [ 318.289298][T11059] overlayfs: failed to clone upperpath [ 318.617004][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.730279][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.739303][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.756818][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.767858][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.786499][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.793956][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.817635][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.836334][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 318.843700][T11071] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 319.475534][T11090] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1983'. [ 320.099230][ T5960] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 320.191656][T11114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1994'. [ 320.206440][T11114] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.215510][T11114] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.258496][ T5960] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 320.268383][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.289546][ T5960] usb 6-1: config 0 descriptor?? [ 320.881755][T11134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2000'. [ 321.514248][T11148] overlayfs: failed to clone upperpath [ 322.028958][ T5960] usb 6-1: Cannot set autoneg [ 322.034836][ T5960] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 322.051200][ T5960] usb 6-1: USB disconnect, device number 12 [ 322.235785][ T977] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 322.397150][ T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.416250][ T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.426101][ T977] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 322.458927][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.479162][ T977] usb 2-1: config 0 descriptor?? [ 322.608228][T11157] pimreg: entered allmulticast mode [ 322.948031][ T8865] pimreg (unregistering): left allmulticast mode [ 323.577873][T11194] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2023'. [ 323.587626][ T977] uclogic 0003:256C:006D.000B: interface is invalid, ignoring [ 323.607612][ T977] usb 2-1: USB disconnect, device number 14 [ 324.470091][T10698] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 324.521420][T11229] netlink: 'syz.2.2037': attribute type 1 has an invalid length. [ 324.540532][T11229] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2037'. [ 324.647130][T10698] usb 6-1: Using ep0 maxpacket: 16 [ 324.663727][T10698] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.686251][T10698] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.714526][T10698] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 324.731739][T10698] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.752628][T10698] usb 6-1: config 0 descriptor?? [ 324.999142][T10698] usbhid 6-1:0.0: can't add hid device: -71 [ 325.015833][T10698] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 325.037950][T10698] usb 6-1: USB disconnect, device number 13 [ 325.536566][T11268] netlink: 'syz.3.2053': attribute type 4 has an invalid length. [ 325.579800][T11268] netlink: 'syz.3.2053': attribute type 4 has an invalid length. [ 325.971234][T11282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2060'. [ 327.050994][T11298] overlayfs: failed to clone upperpath [ 328.162334][T11316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.393777][T11330] netlink: 'syz.1.2078': attribute type 1 has an invalid length. [ 328.480634][T11330] bond1: entered promiscuous mode [ 328.485753][T11330] bond1: entered allmulticast mode [ 328.498154][T11332] geneve2: entered allmulticast mode [ 328.507654][T11332] bond1: (slave geneve2): making interface the new active one [ 328.515703][T11332] geneve2: entered promiscuous mode [ 328.527852][T11332] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 329.580034][T10699] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 329.719730][T11361] netlink: 'syz.5.2089': attribute type 21 has an invalid length. [ 329.731873][T11361] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2089'. [ 330.206538][ C0] vcan0: j1939_tp_rxtimer: 0xffff888059a91400: rx timeout, send abort [ 330.218831][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888059a91400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 330.246973][T10699] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 330.298558][T10699] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.327423][T10699] usb 2-1: Product: syz [ 330.331677][T10699] usb 2-1: Manufacturer: syz [ 330.365717][T10699] usb 2-1: SerialNumber: syz [ 330.400503][T10699] usb 2-1: config 0 descriptor?? [ 330.566213][T11365] overlayfs: failed to clone upperpath [ 330.872647][T10699] airspy 2-1:0.0: Board ID: 00 [ 330.880315][T10699] airspy 2-1:0.0: Firmware version: [ 332.037155][T10699] airspy 2-1:0.0: Registered as swradio24 [ 332.043078][T10699] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 332.176643][T10699] usb 2-1: USB disconnect, device number 15 [ 332.711054][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 332.711099][ T5849] Bluetooth: hci5: command 0x1003 tx timeout [ 333.533234][ T5960] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 333.718115][ T5960] usb 2-1: config 0 has an invalid interface number: 69 but max is 0 [ 333.727916][ T5960] usb 2-1: config 0 has no interface number 0 [ 333.754231][ T5960] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 333.832434][ T5960] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 333.869888][ T5960] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 333.890396][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.921631][ T5960] usb 2-1: Product: syz [ 333.925887][ T5960] usb 2-1: Manufacturer: syz [ 333.950009][ T5960] usb 2-1: SerialNumber: syz [ 333.969347][ T5960] usb 2-1: config 0 descriptor?? [ 334.014427][T11428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 334.042726][ T5960] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 334.089980][ T5960] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 334.306557][ C0] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22 [ 334.566642][ T5919] usb 2-1: USB disconnect, device number 16 [ 334.599215][ T5919] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 334.656488][ T5919] cyberjack 2-1:0.69: device disconnected [ 335.418858][T11480] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2138'. [ 335.558014][T11480] bond2: entered promiscuous mode [ 335.563149][T11480] bond2: entered allmulticast mode [ 335.656795][T11487] geneve2: entered promiscuous mode [ 335.682148][T11487] geneve2: entered allmulticast mode [ 335.688099][T11487] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 335.743988][T11492] bond2 (unregistering): (slave geneve2): Releasing backup interface [ 335.775208][T11492] geneve2: left promiscuous mode [ 335.789272][T11492] geneve2: left allmulticast mode [ 335.819224][T11492] bond2 (unregistering): Released all slaves [ 336.530363][T11524] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 339.775611][ T5960] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 339.958285][ T5960] usb 6-1: Using ep0 maxpacket: 32 [ 339.967561][ T5960] usb 6-1: config 0 interface 0 has no altsetting 0 [ 339.980532][ T5960] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 339.998533][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.013676][ T5960] usb 6-1: Product: syz [ 340.025862][ T5960] usb 6-1: Manufacturer: syz [ 340.047389][ T5960] usb 6-1: SerialNumber: syz [ 340.058558][ T5960] usb 6-1: config 0 descriptor?? [ 340.069851][T11596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2179'. [ 340.523529][ T5960] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 340.747623][ T5960] gs_usb 6-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 340.775303][ T5960] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -32 [ 340.818325][ T5960] usb 6-1: USB disconnect, device number 14 [ 342.924803][T11677] xt_CT: No such helper "snmp" [ 343.077405][T11689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2200'. [ 343.730794][T11706] overlayfs: failed to clone upperpath [ 343.827187][T10698] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 343.987403][T10698] usb 2-1: Using ep0 maxpacket: 8 [ 343.994506][T10698] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 344.007971][T10698] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 344.051330][T10698] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 344.147410][T10698] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.178289][T10698] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 344.221483][T10698] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.518359][T10698] usb 2-1: GET_CAPABILITIES returned 0 [ 344.546282][T10698] usbtmc 2-1:16.0: can't read capabilities [ 344.749000][T10698] usb 2-1: USB disconnect, device number 17 [ 345.419559][ T5896] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 345.725353][ T5896] usb 3-1: Using ep0 maxpacket: 16 [ 345.735080][ T5896] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 345.754092][ T5896] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 345.867690][ T5896] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 345.877763][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.892311][ T5896] usb 3-1: Product: syz [ 345.901411][ T5896] usb 3-1: Manufacturer: syz [ 345.912586][ T5896] usb 3-1: SerialNumber: syz [ 346.003123][T11742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2222'. [ 346.162231][ T5896] usb 3-1: 0:2 : does not exist [ 346.182920][ T5896] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 346.491554][ T5896] usb 3-1: USB disconnect, device number 21 [ 347.444047][T11774] loop3: detected capacity change from 0 to 1 [ 347.472694][T11774] loop3: [POWERTEC] p1 p2 [ 347.477312][T11774] loop3: p1 size 536870912 extends beyond EOD, truncated [ 347.529416][T11774] loop3: p2 start 1886744434 is beyond EOD, truncated [ 347.610766][ T5896] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 347.687179][T11779] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 347.786816][T11782] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 347.797294][ T5896] usb 3-1: Using ep0 maxpacket: 32 [ 347.807316][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0 [ 347.826490][ T5896] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 347.844068][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.870624][ T5896] usb 3-1: config 0 descriptor?? [ 347.886200][ T5896] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 347.907700][ T5896] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 347.919576][ T5896] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 347.927743][ T5896] usb 3-1: media controller created [ 347.972576][ T5896] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.992727][T11790] macvlan2: entered allmulticast mode [ 348.001365][T11790] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 348.101683][T11772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.129670][T11772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.144322][ T5896] set interface failed [ 348.144800][ T5896] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 348.159983][ T5896] error writing reg: 0xff, val: 0x00 [ 348.206633][ T5896] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 348.235128][ T5896] usb 3-1: USB disconnect, device number 22 [ 348.952472][T11802] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2248'. [ 349.514072][ T5896] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 349.713279][ T5896] usb 6-1: config 0 has no interfaces? [ 349.718976][ T5896] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 349.736124][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.762780][ T5896] usb 6-1: config 0 descriptor?? [ 350.426770][T10697] usb 6-1: USB disconnect, device number 15 [ 350.859519][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2261'. [ 351.126404][T11847] netlink: 'syz.5.2263': attribute type 10 has an invalid length. [ 351.324375][T11847] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 351.760494][ T30] audit: type=1804 audit(1749915840.366:569): pid=11863 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2269" name="/newroot/368/file0" dev="tmpfs" ino=1958 res=1 errno=0 [ 352.047073][T10697] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 352.242316][T10697] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 352.278221][T10697] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.321970][T10697] usb 2-1: Product: syz [ 352.332298][T10697] usb 2-1: Manufacturer: syz [ 352.344199][T10697] usb 2-1: SerialNumber: syz [ 352.359882][T10697] usb 2-1: config 0 descriptor?? [ 352.630545][T10697] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 353.483136][T11904] overlayfs: failed to clone lowerpath [ 353.502050][T11904] overlayfs: failed to clone upperpath [ 353.540787][T11906] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2286'. [ 353.643110][T11908] netlink: 'syz.4.2288': attribute type 1 has an invalid length. [ 353.772424][T11908] bond2: (slave veth11): Enslaving as an active interface with a down link [ 353.881015][T11911] bond2: (slave veth13): Enslaving as an active interface with a down link [ 353.942954][T10697] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 353.973146][T10697] usb 2-1: USB disconnect, device number 18 [ 355.388442][T11943] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 355.443526][T11943] overlayfs: failed to set xattr on upper [ 355.464631][T11943] overlayfs: ...falling back to redirect_dir=nofollow. [ 355.490134][T11943] overlayfs: ...falling back to index=off. [ 355.526295][T11943] overlayfs: ...falling back to uuid=null. [ 355.583794][T11946] cgroup: fork rejected by pids controller in /syz4 [ 355.741317][T11983] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 355.884419][T11988] overlayfs: failed to clone upperpath [ 356.192716][T11999] overlayfs: failed to clone upperpath [ 356.482845][ T5896] page_pool_release_retry() stalled pool shutdown: id 67, 2 inflight 60 sec [ 357.598321][ C1] vcan0: j1939_tp_rxtimer: 0xffff888034313000: rx timeout, send abort [ 357.607084][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034313000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 357.714076][T12048] ip6gretap0: entered promiscuous mode [ 358.234191][T12068] netlink: 124 bytes leftover after parsing attributes in process `syz.2.2335'. [ 358.403501][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2340'. [ 358.419374][T12076] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2340'. [ 358.433769][T12076] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 359.494415][T12091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2346'. [ 359.506872][T12092] netlink: 'syz.2.2345': attribute type 10 has an invalid length. [ 359.520679][T12092] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 359.531343][T12092] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 359.543927][T12092] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 359.674236][T12094] netlink: 'syz.3.2347': attribute type 11 has an invalid length. [ 359.703941][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 359.723503][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 359.736417][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 359.754171][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 359.763249][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 360.440434][T12109] overlayfs: failed to clone upperpath [ 360.492696][T12095] chnl_net:caif_netlink_parms(): no params data found [ 360.727856][T12115] tipc: Failed to remove unknown binding: 66,1,1/2130706433:9040662/9040664 [ 360.784800][T11632] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.974016][T11632] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.192742][T11632] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.478166][T11632] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.584814][T12095] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.592074][T12095] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.612327][T12095] bridge_slave_0: entered allmulticast mode [ 361.630141][T12095] bridge_slave_0: entered promiscuous mode [ 361.665978][T12095] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.677386][T12095] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.694777][T12095] bridge_slave_1: entered allmulticast mode [ 361.721932][T12095] bridge_slave_1: entered promiscuous mode [ 361.753514][T12135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2363'. [ 362.005907][ T51] Bluetooth: hci4: command tx timeout [ 362.135537][T12095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.260150][T12095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.486965][T12095] team0: Port device team_slave_0 added [ 362.541614][T12095] team0: Port device team_slave_1 added [ 362.887020][T12095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 362.894047][T12095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.992174][T12095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.011027][T12095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 363.023065][T12095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.053908][T12149] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2367'. [ 363.063527][T12095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.078206][T11632] bridge_slave_1: left allmulticast mode [ 363.083928][T11632] bridge_slave_1: left promiscuous mode [ 363.107644][T11632] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.143531][T11632] bridge_slave_0: left allmulticast mode [ 363.149431][T11632] bridge_slave_0: left promiscuous mode [ 363.173424][T11632] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.299029][ T30] audit: type=1326 audit(1749915851.171:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12142 comm="syz.1.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafea78e929 code=0x7fc00000 [ 363.723954][T11632] bond1 (unregistering): (slave gretap1): Releasing active interface [ 364.142107][T11632] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.155942][T11632] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.170326][T11632] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 364.179124][ T51] Bluetooth: hci4: command tx timeout [ 364.197306][T11632] bond0 (unregistering): Released all slaves [ 364.219682][T11632] bond1 (unregistering): Released all slaves [ 364.431512][T11632] tipc: Left network mode [ 364.444787][T12095] hsr_slave_0: entered promiscuous mode [ 364.463984][T12095] hsr_slave_1: entered promiscuous mode [ 364.493665][T12095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 364.511933][T12095] Cannot create hsr debugfs directory [ 365.412122][T11632] hsr_slave_0: left promiscuous mode [ 365.418497][T11632] hsr_slave_1: left promiscuous mode [ 365.433252][T11632] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.455899][T11632] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.491442][T11632] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.511357][T11632] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.583960][T11632] veth1_macvtap: left promiscuous mode [ 365.601447][T11632] veth0_macvtap: left promiscuous mode [ 365.607427][T11632] veth1_vlan: left promiscuous mode [ 365.643048][T11632] veth0_vlan: left promiscuous mode [ 365.762837][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2377'. [ 366.410751][ T51] Bluetooth: hci4: command tx timeout [ 367.378020][T12176] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.395259][T12180] batman_adv: batadv0: Adding interface: dummy0 [ 367.402767][T12180] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.448293][T12180] batman_adv: batadv0: Interface activated: dummy0 [ 367.471164][T12181] batadv0: mtu less than device minimum [ 367.485800][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.498325][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.510385][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.522429][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.534128][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.545741][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.557542][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.569530][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.581063][T12181] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.649147][T12195] bond1: (slave dummy0): Releasing active interface [ 367.669173][T12195] batman_adv: batadv0: Adding interface: dummy0 [ 367.701353][T12195] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.736124][T12195] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 367.973141][T12095] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 368.018790][T12095] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 368.046058][T12095] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 368.075224][T12095] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 368.269093][T12095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 368.340782][T12095] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.364605][ T1001] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.371925][ T1001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.417598][ T1001] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.424934][ T1001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.625955][ T51] Bluetooth: hci4: command tx timeout [ 369.573139][T12095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.620227][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2402'. [ 370.674988][T12256] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2401'. [ 370.772022][T12095] veth0_vlan: entered promiscuous mode [ 370.786494][T12095] veth1_vlan: entered promiscuous mode [ 370.866281][T12095] veth0_macvtap: entered promiscuous mode [ 370.888016][T12095] veth1_macvtap: entered promiscuous mode [ 370.928787][T12095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 370.956975][T12095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 370.971434][T12095] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.980648][T12095] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.994397][T12095] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.006737][T12095] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.124897][ T1001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.141390][ T1001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.173125][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.185425][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.626581][T12284] overlayfs: failed to clone upperpath [ 372.638215][T12314] tipc: Enabling of bearer rejected, failed to enable media [ 372.762606][ T5896] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 372.936314][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.997559][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.040411][ T5896] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 373.104647][ T5896] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.113801][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.180250][ T5896] usb 3-1: config 0 descriptor?? [ 373.530683][T12331] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2431'. [ 373.666432][ T5896] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 373.699965][ T5896] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 374.554703][T12341] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2435'. [ 375.133802][T12357] overlayfs: failed to clone upperpath [ 375.207585][T12359] netlink: 168 bytes leftover after parsing attributes in process `syz.6.2441'. [ 375.884064][T10698] usb 3-1: USB disconnect, device number 23 [ 377.047632][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2474'. [ 377.145594][T12435] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 377.252056][T10698] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 377.432478][T10698] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 377.455364][T10698] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.468517][T10698] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 377.478467][T10698] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.583811][T10698] usb 3-1: config 0 descriptor?? [ 378.253041][T10698] usb 3-1: string descriptor 0 read error: -22 [ 378.627439][T10698] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000D/input/input15 [ 378.654504][T10698] uclogic 0003:256C:006D.000D: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 378.787133][T12465] netlink: 'syz.1.2485': attribute type 1 has an invalid length. [ 378.809534][T10698] usb 3-1: USB disconnect, device number 24 [ 378.886825][T12465] 8021q: adding VLAN 0 to HW filter on device bond2 [ 378.901030][T12467] erspan0: entered allmulticast mode [ 378.930773][T12467] bond2: (slave erspan0): making interface the new active one [ 378.966653][T12467] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 379.525530][T12484] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2492'. [ 379.534853][T10698] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 379.550253][T12484] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2492'. [ 379.568197][T12484] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2492'. [ 379.577727][T12484] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2492'. [ 379.714843][T10698] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 379.724709][T10698] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.744669][T12494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2496'. [ 379.748663][T10698] usb 7-1: config 0 descriptor?? [ 380.834230][T12515] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2504'. [ 380.850853][T10698] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 380.874254][T10698] asix 7-1:0.0: probe with driver asix failed with error -71 [ 380.893547][T10698] usb 7-1: USB disconnect, device number 2 [ 380.965922][T12516] vxlan0: left promiscuous mode [ 381.330043][T12529] overlayfs: failed to clone upperpath [ 381.701132][ C0] vcan0: j1939_tp_rxtimer: 0xffff888059c8c400: rx timeout, send abort [ 381.709984][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888059c8c400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 382.483808][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.490491][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 386.917993][T12625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2539'. [ 386.958005][T12630] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2541'. [ 500.801757][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 500.808799][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5835/1:b..l [ 500.817293][ C1] rcu: (detected by 1, t=10502 jiffies, g=57337, q=158 ncpus=2) [ 500.825047][ C1] task:syz-executor state:R running task stack:21352 pid:5835 tgid:5835 ppid:5825 task_flags:0x400140 flags:0x00004002 [ 500.839510][ C1] Call Trace: [ 500.842830][ C1] [ 500.845813][ C1] __schedule+0x16a2/0x4cb0 [ 500.850363][ C1] ? __lock_acquire+0xab9/0xd20 [ 500.855396][ C1] ? __lock_acquire+0xab9/0xd20 [ 500.860300][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 500.865639][ C1] ? __pfx___schedule+0x10/0x10 [ 500.870535][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 500.875793][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 500.881042][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 500.886386][ C1] preempt_schedule_irq+0xb5/0x150 [ 500.891557][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 500.897318][ C1] ? __kernel_text_address+0xd/0x40 [ 500.902558][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 500.908403][ C1] irqentry_exit+0x6f/0x90 [ 500.912853][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 500.918866][ C1] RIP: 0010:lock_acquire+0x175/0x360 [ 500.924191][ C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 2b 7e fb 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 500.943821][ C1] RSP: 0018:ffffc900042ef198 EFLAGS: 00000206 [ 500.949929][ C1] RAX: 77ebd37829818900 RBX: 0000000000000000 RCX: 77ebd37829818900 [ 500.957924][ C1] RDX: 0000000000000000 RSI: ffffffff8db59f69 RDI: ffffffff8be1b380 [ 500.965918][ C1] RBP: ffffffff81728af5 R08: 0000000000000000 R09: ffffffff81728af5 [ 500.973918][ C1] R10: ffffc900042ef358 R11: ffffffff81ace5a0 R12: 0000000000000002 [ 500.981914][ C1] R13: ffffffff8e13ed60 R14: 0000000000000000 R15: 0000000000000246 [ 500.989913][ C1] ? unwind_next_frame+0xa5/0x2390 [ 500.995059][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 501.001239][ C1] ? unwind_next_frame+0xa5/0x2390 [ 501.006409][ C1] ? unwind_next_frame+0xa5/0x2390 [ 501.011559][ C1] ? free_unref_folios+0xcd2/0x1570 [ 501.016791][ C1] ? unwind_next_frame+0xa5/0x2390 [ 501.021940][ C1] unwind_next_frame+0xc2/0x2390 [ 501.026911][ C1] ? unwind_next_frame+0xa5/0x2390 [ 501.032059][ C1] ? unwind_next_frame+0xa5/0x2390 [ 501.037207][ C1] ? __reset_page_owner+0x71/0x1f0 [ 501.042388][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 501.048602][ C1] arch_stack_walk+0x11c/0x150 [ 501.053427][ C1] ? free_unref_folios+0xcd2/0x1570 [ 501.058664][ C1] stack_trace_save+0x9c/0xe0 [ 501.063384][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 501.068792][ C1] save_stack+0xf7/0x1f0 [ 501.073064][ C1] ? __pfx_save_stack+0x10/0x10 [ 501.077935][ C1] ? free_unref_folios+0xcd2/0x1570 [ 501.083173][ C1] ? page_ext_put+0x97/0xc0 [ 501.087716][ C1] __reset_page_owner+0x71/0x1f0 [ 501.092684][ C1] free_unref_folios+0xcd2/0x1570 [ 501.097759][ C1] folios_put_refs+0x559/0x640 [ 501.102563][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 501.107881][ C1] ? folio_batch_remove_exceptionals+0x18c/0x1f0 [ 501.114248][ C1] shmem_undo_range+0x49e/0x14b0 [ 501.119234][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 501.124628][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 501.129910][ C1] ? stack_trace_save+0x9c/0xe0 [ 501.134868][ C1] shmem_evict_inode+0x272/0xa70 [ 501.139884][ C1] ? inode_wait_for_writeback+0xf9/0x290 [ 501.145561][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 501.151055][ C1] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 501.157172][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 501.162404][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 501.167894][ C1] evict+0x504/0x9c0 [ 501.171829][ C1] ? __pfx_evict+0x10/0x10 [ 501.176357][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 501.181596][ C1] ? _raw_spin_unlock+0x28/0x50 [ 501.186495][ C1] ? iput+0x6d8/0x9d0 [ 501.190524][ C1] do_unlinkat+0x3a1/0x560 [ 501.194982][ C1] ? __pfx_do_unlinkat+0x10/0x10 [ 501.199959][ C1] ? getname_flags+0x1e5/0x540 [ 501.204769][ C1] __x64_sys_unlink+0x47/0x50 [ 501.209481][ C1] do_syscall_64+0xfa/0x3b0 [ 501.214025][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.219261][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.225352][ C1] ? clear_bhb_loop+0x60/0xb0 [ 501.230070][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.236011][ C1] RIP: 0033:0x7f8eccb8ded7 [ 501.240475][ C1] RSP: 002b:00007ffcd2139998 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 501.248930][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8eccb8ded7 [ 501.256947][ C1] RDX: 00007ffcd21399c0 RSI: 00007ffcd2139a50 RDI: 00007ffcd2139a50 [ 501.264944][ C1] RBP: 00007ffcd2139a50 R08: 0000000000000000 R09: 0000000000000000 [ 501.272940][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffcd213aae0 [ 501.280940][ C1] R13: 00007f8eccc10925 R14: 000000000005db63 R15: 00007ffcd213ab20 [ 501.288962][ C1] [ 501.292003][ C1] rcu: rcu_preempt kthread starved for 10498 jiffies! g57337 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 501.303215][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 501.313208][ C1] rcu: RCU grace-period kthread stack dump: [ 501.319115][ C1] task:rcu_preempt state:R running task stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 501.332674][ C1] Call Trace: [ 501.335970][ C1] [ 501.338924][ C1] __schedule+0x16a2/0x4cb0 [ 501.343481][ C1] ? schedule+0x165/0x360 [ 501.347843][ C1] ? __pfx___schedule+0x10/0x10 [ 501.352747][ C1] ? schedule+0x91/0x360 [ 501.357025][ C1] schedule+0x165/0x360 [ 501.361221][ C1] schedule_timeout+0x12b/0x270 [ 501.366102][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 501.371504][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 501.377434][ C1] ? __pfx_process_timeout+0x10/0x10 [ 501.382768][ C1] ? prepare_to_swait_event+0x341/0x380 [ 501.388346][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 501.393247][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.398480][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 501.404673][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 501.409991][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 501.415229][ C1] ? finish_swait+0xcd/0x1f0 [ 501.419852][ C1] rcu_gp_kthread+0x99/0x390 [ 501.424475][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 501.429712][ C1] ? __kthread_parkme+0x7b/0x200 [ 501.434687][ C1] ? __kthread_parkme+0x1a1/0x200 [ 501.439756][ C1] kthread+0x70e/0x8a0 [ 501.443858][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 501.449088][ C1] ? __pfx_kthread+0x10/0x10 [ 501.453714][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 501.458947][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.464184][ C1] ? __pfx_kthread+0x10/0x10 [ 501.468819][ C1] ret_from_fork+0x3fc/0x770 [ 501.473449][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 501.478605][ C1] ? __switch_to_asm+0x39/0x70 [ 501.483391][ C1] ? __switch_to_asm+0x33/0x70 [ 501.488180][ C1] ? __pfx_kthread+0x10/0x10 [ 501.492796][ C1] ret_from_fork_asm+0x1a/0x30 [ 501.497603][ C1] [ 501.500641][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 501.506999][ C1] CPU: 1 UID: 0 PID: 12656 Comm: syz.6.2550 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 501.519087][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 501.529181][ C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 501.535893][ C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 50 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 fb 73 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 e0 73 0b [ 501.555527][ C1] RSP: 0018:ffffc900035075a0 EFLAGS: 00000293 [ 501.561626][ C1] RAX: ffffffff81b4d760 RBX: ffff8880b873c9c0 RCX: ffff888057f50000 [ 501.569620][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 501.577627][ C1] RBP: ffffc90003507700 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 501.585623][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: 1ffff110170c868d [ 501.593628][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8643468 [ 501.601625][ C1] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 501.610583][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 501.617190][ C1] CR2: 000000110c3a6ca6 CR3: 000000000df38000 CR4: 00000000003526f0 [ 501.625211][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144 [ 501.633221][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 501.641226][ C1] Call Trace: [ 501.644541][ C1] [ 501.647515][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 501.653909][ C1] ? kernel_text_address+0xa5/0xe0 [ 501.659064][ C1] ? __kernel_text_address+0xd/0x40 [ 501.664297][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 501.670487][ C1] ? rcu_is_watching+0x15/0xb0 [ 501.675291][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 501.680518][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 501.685672][ C1] flush_tlb_mm_range+0x6b1/0x12c0 [ 501.690824][ C1] ? free_pgd_range+0x144b/0x14c0 [ 501.695885][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 501.701467][ C1] tlb_flush_mmu+0x1a7/0x680 [ 501.706102][ C1] tlb_finish_mmu+0xc3/0x1d0 [ 501.710731][ C1] ? free_pgd_range+0x144b/0x14c0 [ 501.715810][ C1] free_ldt_pgtables+0x17b/0x320 [ 501.720788][ C1] ? __pfx_free_ldt_pgtables+0x10/0x10 [ 501.726312][ C1] ? down_read+0x1ad/0x2e0 [ 501.730764][ C1] exit_mmap+0x17c/0xb50 [ 501.735045][ C1] ? uprobe_clear_state+0x20f/0x290 [ 501.740285][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 501.745078][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 501.750766][ C1] ? __pfx_exit_aio+0x10/0x10 [ 501.755488][ C1] ? uprobe_clear_state+0x274/0x290 [ 501.760718][ C1] ? mm_update_next_owner+0xa7/0x870 [ 501.766036][ C1] __mmput+0x118/0x420 [ 501.770141][ C1] exit_mm+0x1da/0x2c0 [ 501.774244][ C1] ? __pfx_exit_mm+0x10/0x10 [ 501.778864][ C1] ? rcu_is_watching+0x15/0xb0 [ 501.783667][ C1] do_exit+0x640/0x22e0 [ 501.787861][ C1] ? preempt_schedule_common+0x83/0xd0 [ 501.793362][ C1] ? preempt_schedule+0xae/0xc0 [ 501.798245][ C1] ? __pfx_do_exit+0x10/0x10 [ 501.802873][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 501.808284][ C1] do_group_exit+0x21c/0x2d0 [ 501.812998][ C1] __x64_sys_exit_group+0x3f/0x40 [ 501.818049][ C1] x64_sys_call+0x21ba/0x21c0 [ 501.822748][ C1] do_syscall_64+0xfa/0x3b0 [ 501.827285][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.832527][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.838626][ C1] ? clear_bhb_loop+0x60/0xb0 [ 501.843331][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.849259][ C1] RIP: 0033:0x7f4b0b38e929 [ 501.853699][ C1] Code: Unable to access opcode bytes at 0x7f4b0b38e8ff. [ 501.860750][ C1] RSP: 002b:00007ffe4b154798 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 501.869188][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b0b38e929 [ 501.877206][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 501.885200][ C1] RBP: 00007ffe4b1547fc R08: 000000094b15488f R09: 00000000000927c0 [ 501.893198][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000001f [ 501.901189][ C1] R13: 00000000000927c0 R14: 000000000005d94d R15: 00007ffe4b154850 [ 501.909206][ C1]