last executing test programs: 5m6.230973642s ago: executing program 1 (id=93): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) 5m5.924368628s ago: executing program 1 (id=98): socket$key(0xf, 0x3, 0x2) syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 5m4.198683283s ago: executing program 1 (id=110): socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xdd) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 5m3.793191625s ago: executing program 1 (id=113): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$fuse(0x0, 0x0, 0x0, 0x919009, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, r1) setpgid(0x0, r1) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, 0x0) 5m3.311937747s ago: executing program 1 (id=116): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="c3ff", 0x2}], 0x1, 0x0, 0x0, 0x40000}, 0x20004011) recvmsg(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000c00)=""/185, 0xb9}], 0x1}, 0x40000000) recvmsg$unix(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='l', 0x1}], 0x1}, 0x2404c140) write$cgroup_subtree(r1, &(0x7f0000000280)={[{0x2b, 'pids'}]}, 0x6) 5m1.975850765s ago: executing program 1 (id=119): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x5000, 0x108000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000040)="c74424005c8d0000c7442402ce5caa10c74464060000e6000000011c24f30fc7720064360f01c466b827010f00d03ec1cbf70f0fc7a6652f652fc70f82b6000000b9800000c00f3235010000000f3065660f65d1", 0x54}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5m1.461445748s ago: executing program 32 (id=119): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x5000, 0x108000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000040)="c74424005c8d0000c7442402ce5caa10c74464060000e6000000011c24f30fc7720064360f01c466b827010f00d03ec1cbf70f0fc7a6652f652fc70f82b6000000b9800000c00f3235010000000f3065660f65d1", 0x54}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m34.643165028s ago: executing program 5 (id=679): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'syzkaller0\x00', 0x400}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r3], 0x20}}, 0x0) 3m34.521486868s ago: executing program 5 (id=681): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x5, 0x0, 0x0, 0x0, 0x18}}}}}, 0x36) 3m34.31778589s ago: executing program 5 (id=684): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x32f}, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r1 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r1, 0x16) 3m32.316540497s ago: executing program 5 (id=692): r0 = socket$netlink(0x10, 0x3, 0xa) r1 = dup(r0) r2 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r2, 0x200004) sendfile(r1, r2, 0x0, 0x80001d00c0d1) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x8259, 0x400, 0x2, 0xf8}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0) 3m30.890949929s ago: executing program 5 (id=702): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x1a0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, 0x0) chdir(&(0x7f0000000280)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 3m30.764638704s ago: executing program 5 (id=704): r0 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) r1 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000140)=0x6) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f0000000140)=0x6) close(0x3) 3m15.374502945s ago: executing program 33 (id=704): r0 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x6) r1 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000140)=0x6) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f0000000140)=0x6) close(0x3) 1m22.260719486s ago: executing program 3 (id=1480): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 1m20.350035776s ago: executing program 3 (id=1488): mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x2}) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20c}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}}) 1m20.150213335s ago: executing program 3 (id=1489): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x101d0) sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) r2 = socket$kcm(0x1e, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(0x3) 1m19.965835304s ago: executing program 3 (id=1492): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 1m18.567750499s ago: executing program 3 (id=1498): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = semget$private(0x0, 0x5, 0x0) semop(r2, &(0x7f0000000000)=[{0x3, 0xfff7, 0x1000}], 0x1) semtimedop(r2, &(0x7f00000000c0)=[{0x0, 0x7}, {0x3, 0x20, 0x1000}], 0x2, &(0x7f0000000100)={0x77359400}) 1m16.324846299s ago: executing program 3 (id=1512): recvmmsg(0xffffffffffffffff, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)=""/107, 0x6b}], 0x1}, 0xe}], 0x1, 0x2120, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4040084}, 0x20002004) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[0x0], &(0x7f00000000c0), 0x0, 0x1, 0x0, 0x0, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000002c0)=[r2], &(0x7f0000000140), &(0x7f0000000800)=[r3], &(0x7f0000000100), 0x0, 0x400000000}) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) 1m15.75059278s ago: executing program 34 (id=1512): recvmmsg(0xffffffffffffffff, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)=""/107, 0x6b}], 0x1}, 0xe}], 0x1, 0x2120, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4040084}, 0x20002004) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[0x0], &(0x7f00000000c0), 0x0, 0x1, 0x0, 0x0, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000002c0)=[r2], &(0x7f0000000140), &(0x7f0000000800)=[r3], &(0x7f0000000100), 0x0, 0x400000000}) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) 16.138272422s ago: executing program 7 (id=1829): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="3801"], 0x138) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) r3 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 16.034976509s ago: executing program 7 (id=1830): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0), &(0x7f0000000200)=0x4) 15.796642866s ago: executing program 7 (id=1832): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x9, @empty, 0x2}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x7fff, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) 15.782745637s ago: executing program 7 (id=1833): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x1127057, 0x0) mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x129c51, 0x0) 15.581554973s ago: executing program 7 (id=1835): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) r3 = dup(r2) r4 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r4, 0x200004) sendfile(r3, r4, 0x0, 0x80001d00c0d1) 15.120541341s ago: executing program 7 (id=1838): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x200008c0) 14.358789066s ago: executing program 35 (id=1838): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x200008c0) 5.864666485s ago: executing program 0 (id=1871): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000200)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r2, r2, 0x0, 0x200000) 5.664145941s ago: executing program 4 (id=1872): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) symlinkat(0x0, 0xffffffffffffff9c, 0x0) r2 = syz_io_uring_setup(0x440, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 4.11290912s ago: executing program 0 (id=1874): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0x2b) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xf34) recvfrom$inet6(r0, &(0x7f00000004c0)=""/209, 0xd1, 0x100, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) syz_emit_vhci(0x0, 0xd) 3.592697793s ago: executing program 4 (id=1875): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40010001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b0808004149014006040800", 0x58}], 0x1) 3.318458816s ago: executing program 4 (id=1877): r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r2, 0x0, 0x9}, 0x18) ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f0000000040)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="0a001c008e9381064e81f7a2db44b9b545c7910006007c09", 0x18}], 0x1}, 0x40008c4) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r5}) 3.184316865s ago: executing program 2 (id=1879): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x78, 0x10}) close_range(r1, 0xffffffffffffffff, 0x0) 3.174746068s ago: executing program 4 (id=1880): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x18102) 3.167437151s ago: executing program 0 (id=1881): r0 = socket$netlink(0x10, 0x3, 0x400000000000004) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f00000000c0)=0x40, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000280)=0x20, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x0, r3}, 0x2a) writev(r0, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 3.029863582s ago: executing program 6 (id=1882): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x8000) pipe(0x0) listen(0xffffffffffffffff, 0x4000) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7000001000000008500000006000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.910905654s ago: executing program 0 (id=1883): syz_clone(0x4724c000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, 0x0, 0x24000800) gettid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'nq\x00', 0x10, 0x5, 0x11}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'wlc\x00', 0x3a, 0x3, 0x8}, 0x2c) 2.910629354s ago: executing program 2 (id=1884): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x5, @empty, 0xb055}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c) 2.797000832s ago: executing program 2 (id=1885): write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f00007be000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x2c, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f00007cf000/0x2000)=nil}) close_range(r0, 0xffffffffffffffff, 0x0) 2.756251763s ago: executing program 6 (id=1886): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.595677349s ago: executing program 6 (id=1887): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) 2.436513758s ago: executing program 2 (id=1888): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) sendmmsg(r1, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)="0281", 0x2}], 0x1}}], 0x1, 0x24001805) 2.271330393s ago: executing program 2 (id=1889): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0x4000, r1}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) 2.199603554s ago: executing program 4 (id=1890): fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') unlink(&(0x7f0000000280)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) 2.013783631s ago: executing program 0 (id=1891): socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r2, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d) 2.012125459s ago: executing program 4 (id=1892): epoll_create1(0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_emit_ethernet(0xb2, &(0x7f0000000880)={@local, @broadcast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "f84ec0", 0x7c, 0x11, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x36, 0x6, [0x8], "d7ef3d4530e40328d2d089030b0df21f9c6d54bd3b41b765f9b774a969f3c2525b025abd2e3cd2f285c14da058bfaa0627de6f9de326"}, {}, {}, {0x8, 0x88be, 0xfffffffe, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x6b}}}}}}}}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) 2.005155446s ago: executing program 6 (id=1893): r0 = timerfd_create(0x1, 0x80000) r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x5, 0xfffffffffffffffc, 0x0, 0x2, 0x8000000000000001, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x67, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x9, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x1c, 0x5, 0x3, 0x2, 0x4000000000002, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x5, 0x7ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xac18, 0x0, 0x0, 0x4000000000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1]}) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') lseek(r3, 0x3, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) getdents(r3, 0x0, 0x40) r4 = fcntl$dupfd(r0, 0x0, r2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, 0x0) 1.391390989s ago: executing program 6 (id=1894): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0xc000, 0xe, "0062ba7d8200000016001b000200f705096604"}) r1 = syz_open_pts(r0, 0x900) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000000)=0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$TCGETS(r0, 0x5401, &(0x7f0000000200)) 128.659337ms ago: executing program 2 (id=1895): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x8000) pipe(0x0) listen(0xffffffffffffffff, 0x4000) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7000001000000008500000006000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 81.417008ms ago: executing program 6 (id=1896): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x7ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x3]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x2, 0x5700000000000000, 0x9, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0x100000ba25, 0x8000fff, 0x1, 0xffeffffffffffe00], 0x10000, 0x1c0080}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x0, 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 0 (id=1897): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0xffffff9b, 0x0, 0x32}, 0x9c) kernel console output (not intermixed with test programs): _int_callback - usb_submit_urb failed with result -19 [ 168.381370][ T7267] syz.4.398 (7267) used greatest stack depth: 19864 bytes left [ 168.499824][ T7283] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 168.784633][ T7293] ref_ctr_offset mismatch. inode: 0x1c3 offset: 0x0 ref_ctr_offset(old): 0x14 ref_ctr_offset(new): 0x0 [ 169.818089][ T5910] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 169.826323][ T7317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'. [ 169.991797][ T5910] usb 3-1: Using ep0 maxpacket: 32 [ 170.051439][ T5910] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84 [ 170.109949][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 170.177564][ T5910] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16 [ 170.206231][ T5910] usb 3-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3 [ 170.234004][ T7327] netlink: 24 bytes leftover after parsing attributes in process `syz.4.415'. [ 170.249874][ T5910] usb 3-1: Product: syz [ 170.254100][ T5910] usb 3-1: Manufacturer: syz [ 170.291500][ T5910] usb 3-1: SerialNumber: syz [ 170.319044][ T5910] usb 3-1: config 0 descriptor?? [ 170.420520][ T5910] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 170.464446][ T7332] netlink: 24 bytes leftover after parsing attributes in process `syz.4.415'. [ 170.655955][ T7310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.707758][ T7310] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.766569][ T5910] usb 3-1: USB disconnect, device number 10 [ 170.807195][ T1333] usb 3-1: Failed to submit usb control message: -71 [ 170.839057][ T1333] usb 3-1: unable to send the bmi data to the device: -71 [ 170.846332][ T1333] usb 3-1: unable to get target info from device [ 170.877380][ T1333] usb 3-1: could not get target info (-71) [ 170.883980][ T1333] usb 3-1: could not probe fw (-71) [ 170.929773][ T7344] netlink: 24 bytes leftover after parsing attributes in process `syz.0.419'. [ 172.075708][ T7371] affs: No valid root block on device nullb0 [ 172.176996][ T7369] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 172.246742][ T7369] overlayfs: failed to set xattr on upper [ 172.255025][ T7369] overlayfs: ...falling back to index=off. [ 172.261003][ T7369] overlayfs: ...falling back to uuid=null. [ 173.127157][ T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 173.307167][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 173.334820][ T43] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 173.352060][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.393717][ T43] usb 4-1: config 0 descriptor?? [ 173.415535][ T43] gspca_main: sunplus-2.14.0 probing 041e:400b [ 174.147779][ T43] gspca_sunplus: reg_w_riv err -110 [ 174.153982][ T43] sunplus 4-1:0.0: probe with driver sunplus failed with error -110 [ 175.316490][ T7462] erofs (device nbd5): cannot find valid erofs superblock [ 175.529093][ T7397] syz.4.434 (7397): drop_caches: 2 [ 175.883273][ T5910] usb 4-1: USB disconnect, device number 3 [ 176.402971][ T5910] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 176.601266][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.619373][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.635546][ T5910] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 176.653860][ T5910] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 176.664095][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.692749][ T5910] usb 6-1: config 0 descriptor?? [ 176.777925][ T7498] netlink: 'syz.4.461': attribute type 4 has an invalid length. [ 177.141810][ T5910] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 177.161309][ T5910] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 177.277175][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 177.348966][ T5923] usb 6-1: USB disconnect, device number 3 [ 177.453524][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.473713][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.485386][ T9] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 177.509282][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.545724][ T9] usb 1-1: config 0 descriptor?? [ 177.791198][ T7517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.468'. [ 177.990381][ T9] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 178.025442][ T9] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 178.189440][ T9] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE [ 178.248066][ T7530] netlink: 24 bytes leftover after parsing attributes in process `syz.4.474'. [ 178.802862][ T9] cp2112 0003:10C4:EA90.0006: error reading lock byte: -71 [ 178.836659][ T9] usb 1-1: USB disconnect, device number 7 [ 179.907156][ T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 180.077456][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 180.127719][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 180.148936][ T9] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 180.156578][ T9] usb 3-1: can't read configurations, error -71 [ 180.667598][ T7583] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.493'. [ 180.687440][ T7583] netlink: 24 bytes leftover after parsing attributes in process `syz.4.493'. [ 181.524211][ T30] audit: type=1326 audit(1752717562.435:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7604 comm="syz.4.500" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb6278e929 code=0x0 [ 181.871126][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 182.145620][ T30] audit: type=1326 audit(1752717563.055:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.171983][ T30] audit: type=1326 audit(1752717563.055:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.194210][ T30] audit: type=1326 audit(1752717563.065:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.216520][ T30] audit: type=1326 audit(1752717563.065:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.244900][ T30] audit: type=1326 audit(1752717563.065:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.271567][ T30] audit: type=1326 audit(1752717563.065:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.297212][ T30] audit: type=1326 audit(1752717563.065:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.297582][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 182.323370][ T30] audit: type=1326 audit(1752717563.065:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.397885][ T30] audit: type=1326 audit(1752717563.065:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.3.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 182.443611][ T7638] serio: Serial port ptm0 [ 182.477305][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 182.485059][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 182.496328][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 182.510134][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 182.520689][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 182.533576][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.555096][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 182.564484][ T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 182.577174][ T9] usb 1-1: Manufacturer: syz [ 182.588420][ T9] usb 1-1: config 0 descriptor?? [ 183.407534][ T9] rc_core: IR keymap rc-hauppauge not found [ 183.413618][ T9] Registered IR keymap rc-empty [ 183.447354][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 183.479704][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 183.511556][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 183.535353][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input10 [ 183.961088][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.076550][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.245820][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.487493][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.605351][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.657234][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.687278][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.730526][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.768351][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.827253][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 184.849261][ T9] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 184.861356][ T9] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 184.969843][ T9] usb 1-1: USB disconnect, device number 8 [ 185.722611][ T7689] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 185.807726][ T7697] capability: warning: `syz.4.535' uses deprecated v2 capabilities in a way that may be insecure [ 186.027675][ T43] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 186.181743][ T43] usb 3-1: config 0 has no interfaces? [ 186.199735][ T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 186.246986][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.262830][ T43] usb 3-1: config 0 descriptor?? [ 186.354173][ T7707] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-61) [ 187.194808][ T5910] usb 3-1: USB disconnect, device number 13 [ 187.237203][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 187.447284][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 187.483979][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.509455][ T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 187.523899][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.536612][ T9] usb 5-1: config 0 descriptor?? [ 187.971822][ T9] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0 [ 187.997177][ T9] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0 [ 188.015899][ T9] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0 [ 188.052007][ T9] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0 [ 188.076041][ T9] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0 [ 188.113605][ T9] mcp2221 0003:04D8:00DD.0007: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 188.161973][ C0] usb 5-1: input irq status -75 received [ 188.428112][ T7719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.485777][ T7719] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.556803][ T9] usb 5-1: USB disconnect, device number 6 [ 189.105869][ T7762] fuse: root generation should be zero [ 189.154246][ T7760] mmap: syz.0.554 (7760) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 189.167607][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 189.332791][ T5910] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 189.352446][ T9] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 189.397494][ T5910] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 189.407472][ T9] usb 6-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 189.437597][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.449759][ T9] usb 6-1: config 0 descriptor?? [ 189.460735][ T9] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 189.692250][ T7758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.801613][ T7758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.087168][ T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 190.273170][ T43] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 190.298042][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.306354][ T43] usb 1-1: Product: syz [ 190.317333][ T43] usb 1-1: Manufacturer: syz [ 190.322096][ T43] usb 1-1: SerialNumber: syz [ 190.331225][ T43] usb 1-1: config 0 descriptor?? [ 190.354916][ T43] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 190.891396][ T7838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.571'. [ 191.523128][ T7846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.576'. [ 191.848847][ T43] usb 6-1: USB disconnect, device number 4 [ 192.077943][ T43] usb 1-1: USB disconnect, device number 9 [ 192.233657][ T7863] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 193.384112][ T7904] pim6reg: entered allmulticast mode [ 193.403881][ T7904] pim6reg: left allmulticast mode [ 193.612487][ T7913] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 193.797697][ T7920] netlink: 'syz.2.605': attribute type 4 has an invalid length. [ 193.827414][ T7920] netlink: 'syz.2.605': attribute type 4 has an invalid length. [ 194.301415][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.308045][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.727567][ T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 194.905840][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.931516][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.979813][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 195.027680][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 195.036892][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.389507][ T9] usb 3-1: config 0 descriptor?? [ 195.567605][ T7962] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 195.586212][ T7962] overlayfs: failed to set xattr on upper [ 195.607395][ T7962] overlayfs: ...falling back to redirect_dir=nofollow. [ 195.614576][ T7962] overlayfs: ...falling back to index=off. [ 195.658490][ T7962] overlayfs: ...falling back to uuid=null. [ 195.664721][ T7962] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 195.808628][ T7966] fuse: Unknown parameter '0x0000000000000004' [ 195.985116][ T9] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 196.067280][ T6001] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 196.164688][ T9] usb 3-1: USB disconnect, device number 14 [ 196.228916][ T6001] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 196.358142][ T6001] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 196.397126][ T6001] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 196.426108][ T6001] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.661583][ T6001] usb 1-1: usb_control_msg returned -32 [ 196.667727][ T6001] usbtmc 1-1:16.0: can't read capabilities [ 197.043229][ T7984] netlink: 'syz.2.630': attribute type 1 has an invalid length. [ 197.120917][ T7984] 8021q: adding VLAN 0 to HW filter on device bond1 [ 197.214269][ T7988] netlink: 168 bytes leftover after parsing attributes in process `syz.3.631'. [ 197.355940][ T7986] bond1: (slave veth5): Enslaving as an active interface with a down link [ 197.471941][ T7984] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 197.501452][ T7984] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 198.657422][ T5923] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 198.837960][ T43] usb 1-1: USB disconnect, device number 10 [ 198.867748][ T5923] usb 5-1: Using ep0 maxpacket: 8 [ 198.920986][ T5923] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 198.974064][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 199.083543][ T5923] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 199.132419][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 199.150920][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 199.253951][ T5923] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 199.265028][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 199.305277][ T5923] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 199.362838][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 199.400679][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 199.431194][ T5923] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 199.453597][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 199.478395][ T5923] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 199.497965][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 199.537822][ T5923] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 199.553312][ T5923] usb 5-1: string descriptor 0 read error: -22 [ 199.565282][ T5923] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 199.576034][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.594256][ T5923] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 199.801000][ T5923] usb 5-1: USB disconnect, device number 7 [ 200.741695][ T8072] cgroup: fork rejected by pids controller in /syz3 [ 200.755629][ T8076] kvm: emulating exchange as write [ 201.604564][ T8140] netlink: 'syz.4.674': attribute type 10 has an invalid length. [ 201.619357][ T8140] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.629426][ T8140] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 201.644116][ T8140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.652596][ T8140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.663860][ T8140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.671677][ T8140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.693971][ T8140] bond0: (slave batadv0): Releasing backup interface [ 201.741601][ T8143] netlink: 24 bytes leftover after parsing attributes in process `syz.5.675'. [ 205.786806][ T8213] tipc: Started in network mode [ 205.802312][ T8213] tipc: Node identity 4, cluster identity 4711 [ 205.823046][ T8213] tipc: Node number set to 4 [ 205.957668][ T5827] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 206.117887][ T5827] usb 3-1: Using ep0 maxpacket: 16 [ 206.125932][ T5827] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.140363][ T5827] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.177957][ T5827] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 206.190311][ T5827] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.212086][ T5827] usb 3-1: config 0 descriptor?? [ 206.475451][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 206.475469][ T30] audit: type=1800 audit(1752717587.385:23): pid=8230 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.710" name="file0" dev="fuse" ino=2 res=0 errno=0 [ 206.643397][ T5827] kye 0003:0458:5016.000A: control desc unexpectedly large [ 206.657459][ T5827] kye 0003:0458:5016.000A: control desc unexpectedly large [ 206.672488][ T5827] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5016.000A/input/input12 [ 206.846363][ T5827] kye 0003:0458:5016.000A: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.2-1/input0 [ 206.868754][ T5827] usb 3-1: USB disconnect, device number 15 [ 206.927160][ T6001] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 207.097876][ T6001] usb 5-1: too many configurations: 13, using maximum allowed: 8 [ 207.142918][ T6001] usb 5-1: config 0 has no interfaces? [ 207.149745][ T6001] usb 5-1: config 0 has no interfaces? [ 207.162271][ T6001] usb 5-1: config 0 has no interfaces? [ 207.178453][ T6001] usb 5-1: config 0 has no interfaces? [ 207.185077][ T6001] usb 5-1: config 0 has no interfaces? [ 207.196920][ T6001] usb 5-1: config 0 has no interfaces? [ 207.205629][ T6001] usb 5-1: config 0 has no interfaces? [ 207.213553][ T6001] usb 5-1: config 0 has no interfaces? [ 207.224167][ T6001] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 207.234365][ T6001] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.245299][ T6001] usb 5-1: Product: syz [ 207.252426][ T6001] usb 5-1: Manufacturer: syz [ 207.261015][ T6001] usb 5-1: SerialNumber: syz [ 207.272484][ T6001] usb 5-1: config 0 descriptor?? [ 207.484682][ T9] usb 5-1: USB disconnect, device number 8 [ 207.629823][ T6001] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 207.809437][ T6001] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 207.837289][ T6001] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 207.852921][ T6001] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 207.865611][ T6001] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.878706][ T8264] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 207.923151][ T6001] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 208.095909][ T8278] binder: 8277:8278 ioctl c0306201 200000000700 returned -22 [ 208.137407][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 208.174228][ T6001] usb 1-1: USB disconnect, device number 11 [ 208.310419][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 208.321618][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 208.331946][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 48, changing to 9 [ 208.343709][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 8240, setting to 1024 [ 208.346262][ T8287] netlink: 12 bytes leftover after parsing attributes in process `syz.2.728'. [ 208.369447][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 208.381338][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.407483][ T9] usb 5-1: Product: syz [ 208.632662][ T9] usb 5-1: Manufacturer: syz [ 208.640514][ T9] usb 5-1: SerialNumber: syz [ 208.675414][ T9] usb 5-1: config 0 descriptor?? [ 208.884037][ T9] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 209.022078][ T30] audit: type=1326 audit(1752717589.935:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.043388][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.074336][ T30] audit: type=1326 audit(1752717589.935:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.265045][ T30] audit: type=1326 audit(1752717589.975:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f64d338d290 code=0x7ffc0000 [ 209.287829][ T30] audit: type=1326 audit(1752717589.975:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.311998][ T9] usb 5-1: USB disconnect, device number 9 [ 209.330096][ T30] audit: type=1326 audit(1752717589.975:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.356339][ T30] audit: type=1326 audit(1752717589.975:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.382197][ T30] audit: type=1326 audit(1752717589.975:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.406758][ T30] audit: type=1326 audit(1752717589.975:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.429942][ T30] audit: type=1326 audit(1752717589.975:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 209.487491][ T43] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 209.649609][ T43] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 209.658638][ T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.697084][ T43] usb 1-1: config 0 has no interface number 0 [ 209.703260][ T43] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 209.737465][ T43] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 209.757252][ T43] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.780741][ T43] usb 1-1: config 0 interface 52 has no altsetting 0 [ 209.798524][ T43] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00 [ 209.817072][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35 [ 209.825197][ T43] usb 1-1: SerialNumber: syz [ 209.848009][ T43] usb 1-1: config 0 descriptor?? [ 210.060504][ T8299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.069770][ T8299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.100895][ T43] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 210.110334][ T43] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -5 [ 210.312757][ T5827] usb 1-1: USB disconnect, device number 12 [ 211.637431][ T30] kauditd_printk_skb: 636 callbacks suppressed [ 211.637449][ T30] audit: type=1326 audit(1752717592.545:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d33858e7 code=0x7ffc0000 [ 211.676581][ T30] audit: type=1326 audit(1752717592.545:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64d332ab19 code=0x7ffc0000 [ 211.699600][ T30] audit: type=1326 audit(1752717592.545:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 211.754072][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 211.754083][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 211.779094][ T30] audit: type=1326 audit(1752717592.545:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d33858e7 code=0x7ffc0000 [ 211.847306][ T30] audit: type=1326 audit(1752717592.545:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64d332ab19 code=0x7ffc0000 [ 211.892939][ T30] audit: type=1326 audit(1752717592.545:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 211.960653][ T30] audit: type=1326 audit(1752717592.585:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d33858e7 code=0x7ffc0000 [ 211.983552][ T30] audit: type=1326 audit(1752717592.585:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64d332ab19 code=0x7ffc0000 [ 212.047137][ T30] audit: type=1326 audit(1752717592.585:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x7ffc0000 [ 212.069489][ T30] audit: type=1326 audit(1752717592.585:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8295 comm="syz.2.731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64d33858e7 code=0x7ffc0000 [ 212.090809][ C1] vkms_vblank_simulate: vblank timer overrun [ 212.288432][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 212.687207][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 212.698622][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.753871][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.797272][ T9] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 212.884099][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.071595][ T9] usb 3-1: config 0 descriptor?? [ 213.590327][ T9] ft260 0003:0403:6030.000B: unknown main item tag 0x7 [ 213.786168][ T9] ft260 0003:0403:6030.000B: chip code: 6424 8183 [ 213.986882][ T9] ft260 0003:0403:6030.000B: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0 [ 214.188234][ T9] ft260 0003:0403:6030.000B: failed to retrieve status: -32, no wakeup [ 214.317717][ T6001] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 214.409401][ T8350] i2c i2c-1: adapter quirk: 2nd comb msg must be read (addr 0x0001, size 0, write) [ 214.422749][ T5827] usb 3-1: USB disconnect, device number 16 [ 214.481119][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.501778][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 214.529857][ T6001] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 214.549543][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.562517][ T6001] usb 5-1: config 0 descriptor?? [ 214.979996][ T6001] hid-steam 0003:28DE:1142.000C: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.4-1/input0 [ 215.067367][ T6001] hid-steam 0003:28DE:1142.000C: Steam wireless receiver connected [ 215.108088][ T6001] hid-steam 0003:28DE:1142.000D: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.4-1/input0 [ 215.190537][ T8404] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 215.217312][ T8404] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 215.231411][ T8404] overlayfs: failed to get uuid (/file1, err=-95); falling back to uuid=null. [ 215.374347][ T8408] ref_ctr increment failed for inode: 0x3a4 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88807d500000 [ 216.659455][ T8448] wg2: entered promiscuous mode [ 216.664593][ T8448] wg2: entered allmulticast mode [ 216.921075][ T9] usb 5-1: USB disconnect, device number 10 [ 217.055526][ T9] hid-steam 0003:28DE:1142.000C: Steam wireless receiver disconnected [ 217.069700][ T43] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 217.114693][ T43] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 219.271479][ T8498] bond1: (slave dummy0): Releasing active interface [ 219.283775][ T8498] dummy0: left promiscuous mode [ 219.304013][ T8498] bridge_slave_0: left allmulticast mode [ 219.333393][ T8498] bridge_slave_0: left promiscuous mode [ 219.364617][ T8498] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.408065][ T8498] bridge_slave_1: left allmulticast mode [ 219.449701][ T8498] bridge_slave_1: left promiscuous mode [ 219.464078][ T8498] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.496113][ T8498] bond0: (slave bond_slave_0): Releasing backup interface [ 219.608552][ T8498] bond0: (slave bond_slave_1): Releasing backup interface [ 219.909680][ T8498] team0: Port device team_slave_0 removed [ 219.969801][ T8498] team0: Port device team_slave_1 removed [ 221.895395][ T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 221.906295][ T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 221.923400][ T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 221.932937][ T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 221.943018][ T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 222.079287][ T8266] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.193699][ T8266] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.221186][ T8529] chnl_net:caif_netlink_parms(): no params data found [ 222.254976][ T8266] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.326909][ T8266] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.381067][ T8529] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.389229][ T8529] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.409493][ T8529] bridge_slave_0: entered allmulticast mode [ 222.422899][ T8529] bridge_slave_0: entered promiscuous mode [ 222.448167][ T8529] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.455325][ T8529] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.469236][ T8529] bridge_slave_1: entered allmulticast mode [ 222.478674][ T8529] bridge_slave_1: entered promiscuous mode [ 222.544566][ T8529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 222.560918][ T8529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 222.654190][ T8529] team0: Port device team_slave_0 added [ 222.662788][ T8266] bridge_slave_1: left allmulticast mode [ 222.669557][ T8266] bridge_slave_1: left promiscuous mode [ 222.675453][ T8266] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.698799][ T8266] bridge_slave_0: left allmulticast mode [ 222.704750][ T8266] bridge_slave_0: left promiscuous mode [ 222.711242][ T8266] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.550801][ T8266] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 223.569390][ T8266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 223.579179][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 223.579347][ T5851] Bluetooth: hci5: command 0x1003 tx timeout [ 223.601827][ T8266] bond0 (unregistering): Released all slaves [ 223.664410][ T8529] team0: Port device team_slave_1 added [ 223.673421][ T8566] netlink: 64 bytes leftover after parsing attributes in process `syz.3.831'. [ 223.882199][ T8529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.899640][ T8529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.926899][ T8529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.940563][ T8529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.947821][ T8529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.975208][ T8529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.986152][ T5844] Bluetooth: hci6: command tx timeout [ 224.047223][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 224.085801][ T8529] hsr_slave_0: entered promiscuous mode [ 224.092533][ T8529] hsr_slave_1: entered promiscuous mode [ 224.098915][ T8529] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 224.106531][ T8529] Cannot create hsr debugfs directory [ 224.142970][ T8266] hsr_slave_0: left promiscuous mode [ 224.149967][ T8266] hsr_slave_1: left promiscuous mode [ 224.155817][ T8266] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.166517][ T8266] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.175263][ T8266] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.183847][ T8266] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.207190][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 224.212977][ T8266] veth1_macvtap: left promiscuous mode [ 224.218657][ T8266] veth0_macvtap: left promiscuous mode [ 224.225509][ T8266] veth1_vlan: left promiscuous mode [ 224.231999][ T8266] veth0_vlan: left promiscuous mode [ 224.232490][ T9] usb 1-1: config index 0 descriptor too short (expected 50356, got 796) [ 224.246436][ T9] usb 1-1: config 41 has too many interfaces: 195, using maximum allowed: 32 [ 224.255585][ T9] usb 1-1: config 41 has an invalid descriptor of length 0, skipping remainder of the config [ 224.265919][ T9] usb 1-1: config 41 has 0 interfaces, different from the descriptor's value: 195 [ 224.282621][ T9] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 224.292046][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.308389][ T9] usb 1-1: Product: syz [ 224.312660][ T9] usb 1-1: Manufacturer: syz [ 224.317581][ T9] usb 1-1: SerialNumber: syz [ 224.662167][ T9] usb 1-1: USB disconnect, device number 13 [ 224.845312][ T8266] team0 (unregistering): Port device team_slave_1 removed [ 224.955785][ T8266] team0 (unregistering): Port device team_slave_0 removed [ 226.057215][ T5844] Bluetooth: hci6: command tx timeout [ 226.181013][ T8604] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 226.181675][ T5924] IPVS: starting estimator thread 0... [ 226.307538][ T8607] IPVS: using max 24 ests per chain, 57600 per kthread [ 226.655137][ T8614] cgroup: fork rejected by pids controller in /syz0 [ 227.197352][ T5910] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 227.207946][ T8529] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 227.219150][ T8529] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 227.231387][ T8529] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 227.243669][ T8529] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 227.358112][ T5910] usb 5-1: Using ep0 maxpacket: 16 [ 227.374244][ T5910] usb 5-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 227.389046][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.408448][ T5910] usb 5-1: Product: syz [ 227.417638][ T5910] usb 5-1: Manufacturer: syz [ 227.418641][ T8529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.430715][ T5910] usb 5-1: SerialNumber: syz [ 227.464687][ T8529] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.492762][ T7810] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.499997][ T7810] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.523150][ T7782] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.530474][ T7782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.096563][ T5910] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 228.137555][ T5844] Bluetooth: hci6: command tx timeout [ 228.324806][ T5910] snd-usb-audio 5-1:222.0: probe with driver snd-usb-audio failed with error -71 [ 228.356620][ T5910] usb 5-1: USB disconnect, device number 11 [ 228.787719][ T8529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.549694][ T8698] ALSA: seq fatal error: cannot create timer (-22) [ 230.217445][ T5844] Bluetooth: hci6: command tx timeout [ 230.346758][ T8529] veth0_vlan: entered promiscuous mode [ 230.385758][ T8529] veth1_vlan: entered promiscuous mode [ 230.620297][ T8715] netlink: 'syz.2.863': attribute type 20 has an invalid length. [ 230.862869][ T8529] veth0_macvtap: entered promiscuous mode [ 231.059035][ T8529] veth1_macvtap: entered promiscuous mode [ 231.171058][ T8529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.203871][ T8529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.305231][ T8529] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.336752][ T8529] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.370356][ T8529] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.380422][ T8529] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.619405][ T8735] netlink: 4 bytes leftover after parsing attributes in process `syz.0.869'. [ 232.304512][ T8266] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.326729][ T8266] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.426487][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.479643][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.331204][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 233.331223][ T30] audit: type=1804 audit(1752717614.245:687): pid=8763 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.878" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0 [ 235.953614][ T8802] Bluetooth: MGMT ver 1.23 [ 236.131471][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.895'. [ 236.537658][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 236.538630][ T5851] Bluetooth: hci3: command 0x1003 tx timeout [ 236.722610][ T8823] netlink: 8 bytes leftover after parsing attributes in process `syz.6.902'. [ 237.247521][ T8844] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input14 [ 237.377504][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 237.567303][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 237.579612][ T9] usb 5-1: New USB device found, idVendor=10b9, idProduct=8000, bcdDevice=c0.fa [ 237.594389][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.816743][ T9] usb 5-1: Product: syz [ 237.824694][ T9] usb 5-1: Manufacturer: syz [ 237.830451][ T9] usb 5-1: SerialNumber: syz [ 237.843514][ T9] usb 5-1: config 0 descriptor?? [ 238.058761][ T9] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 238.093717][ T9] dvb_usb_af9015 5-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 238.145692][ T9] usb 5-1: USB disconnect, device number 12 [ 238.705029][ T30] audit: type=1326 audit(1752717619.615:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8867 comm="syz.6.918" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f077a18e929 code=0x0 [ 239.053785][ T8877] hfs: unable to load iocharset "io#harset" [ 239.131276][ T8882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 239.777383][ T8898] netlink: 148 bytes leftover after parsing attributes in process `syz.2.929'. [ 239.787404][ T8898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'. [ 242.457189][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 243.236285][ T8957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.952'. [ 244.924396][ T8976] netlink: 8 bytes leftover after parsing attributes in process `syz.2.958'. [ 245.639099][ T5924] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 245.952282][ T5924] usb 7-1: Using ep0 maxpacket: 8 [ 245.976664][ T5924] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.025512][ T5924] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 246.069952][ T5924] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 246.129857][ T5924] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 246.167104][ T5924] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.175267][ T5924] usb 7-1: Product: syz [ 246.181061][ T5924] usb 7-1: Manufacturer: syz [ 246.185775][ T5924] usb 7-1: SerialNumber: syz [ 246.219472][ T5924] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 246.238066][ T5924] usbtest 7-1:1.0: couldn't get endpoints, -22 [ 246.254745][ T5924] usbtest 7-1:1.0: probe with driver usbtest failed with error -22 [ 246.277225][ T5910] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 246.451891][ T5924] usb 7-1: USB disconnect, device number 2 [ 246.487765][ T5910] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 246.518395][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.549078][ T5910] usb 1-1: config 0 descriptor?? [ 246.767850][ T5910] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 248.391512][ T5910] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 248.406108][ T5910] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 248.429298][ T5910] asix 1-1:0.0: probe with driver asix failed with error -71 [ 248.446762][ T5910] usb 1-1: USB disconnect, device number 14 [ 248.977178][ T5923] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 249.138639][ T5923] usb 5-1: Using ep0 maxpacket: 8 [ 249.172825][ T5923] usb 5-1: config 162 has an invalid interface number: 251 but max is 1 [ 249.181386][ T5923] usb 5-1: config 162 has an invalid interface number: 209 but max is 1 [ 249.190007][ T5923] usb 5-1: config 162 has no interface number 0 [ 249.196347][ T5923] usb 5-1: config 162 has no interface number 1 [ 249.437441][ T5923] usb 5-1: config 162 interface 251 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 249.455523][ T5923] usb 5-1: config 162 interface 209 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 249.466760][ T5923] usb 5-1: config 162 interface 209 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 249.490485][ T5923] usb 5-1: config 162 interface 209 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 249.502554][ T5923] usb 5-1: config 162 interface 209 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 249.515780][ T5923] usb 5-1: config 162 interface 209 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 249.529407][ T5923] usb 5-1: config 162 interface 251 has no altsetting 0 [ 249.536540][ T5923] usb 5-1: config 162 interface 209 has no altsetting 0 [ 249.621879][ T5923] usb 5-1: New USB device found, idVendor=1608, idProduct=0010, bcdDevice=4f.88 [ 249.632724][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.651217][ T5923] usb 5-1: Product: syz [ 249.671432][ T5923] usb 5-1: Manufacturer: syz [ 249.727230][ T5923] usb 5-1: SerialNumber: syz [ 249.992758][ T5923] io_edgeport 5-1:162.251: required endpoints missing [ 250.257509][ T5923] io_edgeport 5-1:162.209: Edgeport 2 port adapter converter detected [ 250.653075][ T5923] usb 5-1: у detected [ 250.881656][ T5923] usb 5-1: Edgeport 2 port adapter converter now attached to ttyUSB0 [ 250.930815][ T5923] usb 5-1: Edgeport 2 port adapter converter now attached to ttyUSB1 [ 251.007339][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.997'. [ 251.113033][ T9] usb 5-1: USB disconnect, device number 13 [ 251.113184][ C1] usb 5-1: edge_interrupt_callback - Error -19 submitting control urb [ 251.141073][ T9] edgeport_2 ttyUSB0: Edgeport 2 port adapter converter now disconnected from ttyUSB0 [ 251.175020][ T9] edgeport_2 ttyUSB1: Edgeport 2 port adapter converter now disconnected from ttyUSB1 [ 251.200400][ T9] io_edgeport 5-1:162.209: device disconnected [ 252.185800][ T9117] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 252.517327][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 252.627114][ T5910] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 252.687845][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 252.699273][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.717902][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.737587][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 252.767154][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.804681][ T9] usb 4-1: config 0 descriptor?? [ 252.987164][ T5910] usb 7-1: Using ep0 maxpacket: 32 [ 253.060351][ T5910] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 253.089672][ T5910] usb 7-1: config 0 has no interfaces? [ 253.115358][ T5910] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 253.137581][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.196133][ T5910] usb 7-1: config 0 descriptor?? [ 253.636357][ T9] savu 0003:1E7D:2D5A.000F: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 253.664482][ T9131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.775348][ T9129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.795789][ T9129] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 253.864284][ T5923] usb 4-1: USB disconnect, device number 4 [ 253.918193][ T5924] usb 7-1: USB disconnect, device number 3 [ 254.717228][ T5940] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 254.899604][ T5940] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 254.915540][ T5940] usb 5-1: config 1 has no interface number 0 [ 254.930438][ T5940] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.959154][ T5940] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 254.980312][ T5940] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 20911, setting to 1024 [ 255.046810][ T5940] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 255.492007][ T5940] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 255.517071][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.542985][ T5940] usb 5-1: Product: syz [ 255.565408][ T5940] usb 5-1: Manufacturer: syz [ 255.591619][ T5940] usb 5-1: SerialNumber: syz [ 255.741497][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.747987][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.821941][ T9134] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 256.462376][ T9134] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 256.472439][ T5940] cdc_ncm 5-1:1.1: bind() failure [ 256.737715][ T5940] usb 5-1: USB disconnect, device number 14 [ 259.906833][ T9191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1032'. [ 260.473757][ T9196] syz.0.1034 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 261.062737][ T30] audit: type=1326 audit(1752717641.975:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.6.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a18e929 code=0x7fc00000 [ 261.097201][ T5940] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 261.283007][ T30] audit: type=1326 audit(1752717641.975:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.6.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a18e929 code=0x7fc00000 [ 261.283741][ T9204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1037'. [ 261.336125][ T30] audit: type=1326 audit(1752717642.145:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.6.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a18e929 code=0x7fc00000 [ 261.401544][ T9193] syz.2.1033 (9193): drop_caches: 2 [ 261.410813][ T5940] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 261.422965][ T5940] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 261.440567][ T5940] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 261.456604][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.480068][ T9195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 261.534769][ T5940] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 261.762170][ T5940] usb 1-1: USB disconnect, device number 15 [ 261.819678][ T30] audit: type=1326 audit(1752717642.735:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9199 comm="syz.6.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a18e929 code=0x7fc00000 [ 261.915680][ T9213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1041'. [ 262.039756][ T9214] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1041'. [ 263.807304][ T6001] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 263.991401][ T6001] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.018211][ T6001] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 264.037150][ T6001] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 264.050787][ T6001] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.082767][ T6001] usb 7-1: config 0 descriptor?? [ 264.110326][ T6001] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 264.118355][ T6001] dvb-usb: bulk message failed: -22 (3/0) [ 264.132840][ T6001] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 264.143489][ T6001] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 264.162691][ T6001] usb 7-1: media controller created [ 264.176246][ T6001] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 264.201787][ T6001] dvb-usb: bulk message failed: -22 (6/0) [ 264.210444][ T6001] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 264.222167][ T6001] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input15 [ 264.236191][ T6001] dvb-usb: schedule remote query interval to 150 msecs. [ 264.243484][ T6001] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 264.399491][ T5940] dvb-usb: bulk message failed: -22 (1/0) [ 264.406076][ T5940] dvb-usb: error while querying for an remote control event. [ 264.577125][ T6001] dvb-usb: bulk message failed: -22 (1/0) [ 264.585312][ T6001] dvb-usb: error while querying for an remote control event. [ 264.695080][ T6001] usb 7-1: USB disconnect, device number 4 [ 264.724172][ T6001] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 266.371114][ T9319] uprobe: syz.2.1076:9319 failed to unregister, leaking uprobe [ 266.441717][ T9322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1077'. [ 266.681864][ T9332] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1080'. [ 266.740506][ T9332] 8021q: adding VLAN 0 to HW filter on device bond1 [ 266.772331][ T9332] macvlan0: entered promiscuous mode [ 266.777953][ T9332] macvlan0: entered allmulticast mode [ 266.784739][ T9332] bond1: entered promiscuous mode [ 266.790714][ T9332] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 267.004976][ T9332] bond1: left promiscuous mode [ 268.335011][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1085'. [ 269.190203][ T9390] syz_tun: entered allmulticast mode [ 269.266060][ T9388] syz_tun: left allmulticast mode [ 272.277122][ T5923] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 272.587379][ T5923] usb 7-1: Using ep0 maxpacket: 16 [ 272.594677][ T5923] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 272.766946][ T9405] kexec: Could not allocate control_code_buffer [ 272.786239][ T5923] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 272.817218][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.861349][ T5923] usb 7-1: Product: syz [ 272.876121][ T5923] usb 7-1: Manufacturer: syz [ 272.899582][ T5923] usb 7-1: SerialNumber: syz [ 272.950667][ T5923] usb 7-1: config 0 descriptor?? [ 272.973029][ T5923] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 273.049035][ T5923] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 273.310508][ T9467] binder: BINDER_SET_CONTEXT_MGR already set [ 273.371147][ T9467] binder: 9466:9467 ioctl 4018620d 200000000040 returned -16 [ 273.400902][ T9469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1107'. [ 273.437504][ T9469] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 273.508208][ T9469] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 273.609466][ T5923] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 274.029424][ T5923] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 274.059637][ T5923] em28xx 7-1:0.0: board has no eeprom [ 274.347078][ T5923] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 274.355060][ T5923] em28xx 7-1:0.0: dvb set to bulk mode. [ 274.387358][ T5924] em28xx 7-1:0.0: Binding DVB extension [ 274.415493][ T5923] usb 7-1: USB disconnect, device number 5 [ 274.506478][ T9498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.522665][ T5924] em28xx 7-1:0.0: Registering input extension [ 274.561861][ T5923] em28xx 7-1:0.0: Disconnecting em28xx [ 274.568244][ T5923] em28xx 7-1:0.0: Closing input extension [ 274.612024][ T9498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.614363][ T5923] em28xx 7-1:0.0: Freeing device [ 275.073431][ T9511] netlink: 1276 bytes leftover after parsing attributes in process `syz.0.1119'. [ 275.467124][ T5940] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 275.642279][ T5940] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 275.656270][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.675008][ T5940] usb 3-1: Product: syz [ 275.688786][ T5940] usb 3-1: Manufacturer: syz [ 275.706913][ T5940] usb 3-1: SerialNumber: syz [ 275.724728][ T5940] usb 3-1: config 0 descriptor?? [ 275.739660][ T5940] ch341 3-1:0.0: ch341-uart converter detected [ 275.957460][ T5940] usb 3-1: failed to receive control message: -121 [ 275.966651][ T5940] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 276.103997][ T9536] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 276.141443][ T9536] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 276.159821][ T9515] comedi comedi1: 8255: I/O port conflict (0xfffffffffffffffb,4) [ 276.185347][ T9515] comedi comedi1: 8255: I/O port conflict (0x3,4) [ 276.207363][ T9515] comedi comedi1: 8255: I/O port conflict (0x8f,4) [ 276.236415][ T9515] comedi comedi1: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 276.280962][ T9515] comedi comedi1: 8255: I/O port conflict (0x2,4) [ 276.291256][ T9515] comedi comedi1: 8255: I/O port conflict (0x8,4) [ 276.304796][ T5923] usb 3-1: USB disconnect, device number 17 [ 276.315286][ T5923] ch341 3-1:0.0: device disconnected [ 276.386067][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1133'. [ 276.739654][ T9558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1136'. [ 276.772437][ T9549] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105) [ 276.784492][ T9549] team0 (unregistering): Port device team_slave_0 removed [ 276.980913][ T9549] team0 (unregistering): Failed to send options change via netlink (err -105) [ 276.990974][ T9549] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 277.120473][ T9549] team0 (unregistering): Port device team_slave_1 removed [ 277.452131][ T9567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1140'. [ 277.631310][ T9575] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 277.705990][ T9575] syzkaller0: entered promiscuous mode [ 277.911747][ T9575] syzkaller0: entered allmulticast mode [ 279.070395][ T5923] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 279.230802][ T5923] usb 7-1: Using ep0 maxpacket: 32 [ 279.240235][ T5923] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.327117][ T5923] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.590800][ T5923] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 279.617308][ T5923] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.641131][ T5923] usb 7-1: config 0 descriptor?? [ 280.062654][ T5923] ft260 0003:0403:6030.0010: unknown main item tag 0x7 [ 280.271710][ T5923] ft260 0003:0403:6030.0010: chip code: 6424 8183 [ 280.472411][ T5923] ft260 0003:0403:6030.0010: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0 [ 280.677217][ T5923] ft260 0003:0403:6030.0010: failed to retrieve status: -32, no wakeup [ 280.973995][ T5910] usb 7-1: USB disconnect, device number 6 [ 281.537226][ T43] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 281.611865][ T9624] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input17 [ 281.667813][ T5844] Bluetooth: hci6: link tx timeout [ 281.681028][ T5844] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 281.703657][ T43] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 281.717204][ T43] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 281.727479][ T43] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 281.736600][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.756718][ T9613] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 281.775038][ T43] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 281.981551][ T43] usb 3-1: USB disconnect, device number 18 [ 282.257413][ T5910] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 282.468599][ T5910] usb 7-1: Using ep0 maxpacket: 16 [ 282.533571][ T5910] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.733845][ T5910] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 282.890133][ T5910] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 283.029619][ T5910] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 283.209899][ T5910] usb 7-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 283.311952][ T5910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.341284][ T5910] usb 7-1: Product: syz [ 283.345519][ T5910] usb 7-1: Manufacturer: syz [ 283.392409][ T5910] usb 7-1: SerialNumber: syz [ 283.421004][ T5910] usb 7-1: config 0 descriptor?? [ 283.577312][ T5910] rc_core: IR keymap rc-xbox-dvd not found [ 283.583369][ T5910] Registered IR keymap rc-empty [ 283.611405][ T5910] rc rc0: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 283.679262][ T5910] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input18 [ 283.740935][ T5844] Bluetooth: hci6: command 0x0406 tx timeout [ 283.901268][ T5923] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 284.082010][ T5923] usb 5-1: config 0 has no interfaces? [ 284.113923][ T43] usb 7-1: USB disconnect, device number 7 [ 284.113947][ C0] xbox_remote 7-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 284.132721][ T5923] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 284.164521][ T9677] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 284.244250][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.253208][ T5923] usb 5-1: Product: syz [ 284.259157][ T5923] usb 5-1: Manufacturer: syz [ 284.263919][ T5923] usb 5-1: SerialNumber: syz [ 284.274447][ T5923] usb 5-1: config 0 descriptor?? [ 284.511435][ T9662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.522131][ T9662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.542280][ T30] audit: type=1800 audit(1752717665.455:693): pid=9686 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1180" name="/" dev="fuse" ino=1 res=0 errno=0 [ 284.936660][ T9696] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 285.134659][ T9706] input: syz1 as /devices/virtual/input/input19 [ 285.147219][ T5923] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 285.305880][ T9710] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 285.329776][ T5923] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 285.343364][ T5923] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 285.420905][ T5923] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 285.441414][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.456933][ T9693] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 285.469029][ T5923] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 285.680602][ T5923] usb 4-1: USB disconnect, device number 5 [ 285.817750][ T5851] Bluetooth: hci6: command 0x0406 tx timeout [ 285.910154][ T9721] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input20 [ 286.036517][ T9727] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1196'. [ 286.716694][ T6001] usb 5-1: USB disconnect, device number 15 [ 286.744634][ T9734] netlink: 'syz.6.1198': attribute type 1 has an invalid length. [ 287.049580][ T9734] netlink: 136 bytes leftover after parsing attributes in process `syz.6.1198'. [ 287.059301][ T9734] netlink: 'syz.6.1198': attribute type 2 has an invalid length. [ 287.067491][ T9734] netlink: 'syz.6.1198': attribute type 1 has an invalid length. [ 287.597425][ T6001] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 287.757231][ T6001] usb 1-1: Using ep0 maxpacket: 8 [ 287.779647][ T6001] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 287.789297][ T6001] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.808085][ T6001] usb 1-1: Product: syz [ 287.812546][ T6001] usb 1-1: Manufacturer: syz [ 287.845854][ T6001] usb 1-1: SerialNumber: syz [ 287.862799][ T6001] usb 1-1: config 0 descriptor?? [ 287.972452][ T9754] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1205'. [ 287.982465][ T9754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1205'. [ 288.388655][ T6001] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 289.107687][ T6001] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 289.124604][ T6001] usb 1-1: USB disconnect, device number 16 [ 289.290315][ T9766] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input21 [ 289.364224][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1211'. [ 289.550027][ T9776] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1212'. [ 289.591424][ T9771] team0 (unregistering): Port device team_slave_0 removed [ 289.633462][ T9771] team0 (unregistering): Port device team_slave_1 removed [ 289.808272][ T5923] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 289.890349][ T9784] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 289.969706][ T5923] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 290.002790][ T5923] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 290.057705][ T5923] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 290.079651][ T5923] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.111250][ T9777] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 290.133215][ T5923] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 290.388799][ T5923] usb 7-1: USB disconnect, device number 8 [ 290.737086][ T5940] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 290.925323][ T5940] usb 5-1: Using ep0 maxpacket: 32 [ 290.957234][ T5940] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.997101][ T5940] usb 5-1: config 0 has no interfaces? [ 291.002673][ T5940] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 291.035795][ T5940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.053979][ T9803] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1224'. [ 291.071371][ T5940] usb 5-1: config 0 descriptor?? [ 291.116726][ T9805] tipc: Started in network mode [ 291.122468][ T9805] tipc: Node identity 5228e525fb9e, cluster identity 4711 [ 291.131872][ T9805] tipc: Enabled bearer , priority 0 [ 291.221741][ T9805] syzkaller0: entered promiscuous mode [ 291.227412][ T9805] syzkaller0: entered allmulticast mode [ 291.233848][ T9805] tipc: Resetting bearer [ 291.275860][ T9804] tipc: Resetting bearer [ 291.337489][ T5923] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 291.465539][ T5940] usb 5-1: USB disconnect, device number 16 [ 291.509435][ T5923] usb 4-1: Using ep0 maxpacket: 8 [ 291.525474][ T5923] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 291.538634][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.556951][ T5923] usb 4-1: Product: syz [ 291.562015][ T5923] usb 4-1: Manufacturer: syz [ 291.566654][ T5923] usb 4-1: SerialNumber: syz [ 291.585009][ T5923] usb 4-1: config 0 descriptor?? [ 291.805970][ T5923] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 292.142482][ T43] tipc: Node number set to 2847335717 [ 293.444764][ T5923] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 293.459309][ T5923] usb 4-1: USB disconnect, device number 6 [ 293.576620][ T9804] tipc: Disabling bearer [ 293.589325][ T9816] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 293.947124][ T6001] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 294.098589][ T6001] usb 5-1: Using ep0 maxpacket: 8 [ 294.100688][ T6001] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.100757][ T6001] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 294.100780][ T6001] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 294.105752][ T49] Bluetooth: hci3: Frame reassembly failed (-84) [ 294.115459][ T6001] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 294.115486][ T6001] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.115506][ T6001] usb 5-1: Product: syz [ 294.115520][ T6001] usb 5-1: Manufacturer: syz [ 294.115534][ T6001] usb 5-1: SerialNumber: syz [ 294.136694][ T6001] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 294.142875][ T6001] usbtest 5-1:1.0: couldn't get endpoints, -22 [ 294.142963][ T6001] usbtest 5-1:1.0: probe with driver usbtest failed with error -22 [ 294.379529][ T6001] usb 5-1: USB disconnect, device number 17 [ 294.855357][ T30] audit: type=1804 audit(1752717675.765:694): pid=9845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1238" name="/newroot/254/file0" dev="tmpfs" ino=1351 res=1 errno=0 [ 295.286439][ T9855] input: syz1 as /devices/virtual/input/input22 [ 296.137508][ T5844] Bluetooth: hci3: command 0x1003 tx timeout [ 296.145780][ T5851] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 296.861461][ T9894] binder: 9892:9894 ioctl c0306201 200000000180 returned -22 [ 297.155339][ T30] audit: type=1326 audit(1752717678.065:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.192323][ T30] audit: type=1326 audit(1752717678.065:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.197788][ T6001] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 297.428223][ T30] audit: type=1326 audit(1752717678.095:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.428368][ T6001] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 297.450150][ T30] audit: type=1326 audit(1752717678.095:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.450198][ T30] audit: type=1326 audit(1752717678.095:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.450237][ T30] audit: type=1326 audit(1752717678.095:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.599264][ T6001] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 297.665354][ T6001] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 297.675055][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.687111][ T9897] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 297.696559][ T6001] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 297.745953][ T9914] syz_tun: entered allmulticast mode [ 297.762909][ T30] audit: type=1326 audit(1752717678.545:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 297.815491][ T9913] syz_tun: left allmulticast mode [ 298.044096][ T43] usb 5-1: USB disconnect, device number 18 [ 298.127406][ T30] audit: type=1326 audit(1752717679.035:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 298.818457][ T30] audit: type=1326 audit(1752717679.605:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9900 comm="syz.3.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7efe1ed8e929 code=0x7ffc0000 [ 298.900061][ T9926] syzkaller1: entered promiscuous mode [ 298.912334][ T9926] syzkaller1: entered allmulticast mode [ 299.608141][ T9944] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1275'. [ 299.651346][ T9944] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.660620][ T9944] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.669469][ T9944] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.678202][ T9944] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.720693][ T9944] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.729715][ T9944] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.739602][ T9944] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.750359][ T9944] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 301.035593][ T9971] netlink: 2028 bytes leftover after parsing attributes in process `syz.6.1284'. [ 301.047532][ T9971] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1284'. [ 301.807133][ T6001] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 302.049603][ T6001] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.077196][ T6001] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.097066][ T6001] usb 1-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 302.106127][ T6001] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.128101][ T6001] usb 1-1: config 0 descriptor?? [ 302.607133][ T6001] usbhid 1-1:0.0: can't add hid device: -71 [ 302.615555][ T6001] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 302.633533][ T6001] usb 1-1: USB disconnect, device number 17 [ 303.977242][T10021] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 303.993074][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 303.993091][ T30] audit: type=1326 audit(1752717684.905:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10022 comm="syz.2.1305" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64d338e929 code=0x0 [ 304.423939][ T5851] Bluetooth: hci1: unexpected event for opcode 0x200f [ 306.153739][T10051] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (288 ns). Using initial count to start timer. [ 306.354121][T10052] kvm: pic: non byte write [ 308.125400][T10069] uprobe: syz.0.1321:10069 failed to unregister, leaking uprobe [ 308.459251][ T5851] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 308.468872][ T5851] Bluetooth: hci1: Injecting HCI hardware error event [ 308.477829][ T5851] Bluetooth: hci1: hardware error 0x00 [ 309.703418][T10094] netlink: 'syz.0.1329': attribute type 1 has an invalid length. [ 309.760473][T10096] sctp: [Deprecated]: syz.6.1328 (pid 10096) Use of struct sctp_assoc_value in delayed_ack socket option. [ 309.760473][T10096] Use struct sctp_sack_info instead [ 309.810577][T10101] bond2: (slave veth7): Enslaving as an active interface with a down link [ 310.028928][T10094] bond2: (slave veth9): Enslaving as an active interface with a down link [ 310.618074][ T5851] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 312.176350][T10149] netlink: 'syz.4.1346': attribute type 1 has an invalid length. [ 312.552349][T10151] bond2: (slave veth9): Enslaving as an active interface with a down link [ 312.789334][T10154] bond2: (slave veth11): Enslaving as an active interface with a down link [ 312.803070][T10158] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 315.217822][ T43] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 315.589427][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 315.627481][ T43] usb 1-1: config 0 has an invalid interface number: 145 but max is 0 [ 315.702969][ T43] usb 1-1: config 0 has no interface number 0 [ 315.723207][ T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 315.740740][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.759302][ T43] usb 1-1: Product: syz [ 315.763525][ T43] usb 1-1: Manufacturer: syz [ 315.787081][ T43] usb 1-1: SerialNumber: syz [ 315.812617][ T43] usb 1-1: config 0 descriptor?? [ 315.835419][ T43] hub 1-1:0.145: bad descriptor, ignoring hub [ 315.857521][ T43] hub 1-1:0.145: probe with driver hub failed with error -5 [ 315.892781][ T43] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.145/input/input23 [ 316.388591][ T6001] usb 1-1: USB disconnect, device number 18 [ 316.677509][ T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 316.854459][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 316.864674][ T43] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 316.907098][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.915167][ T43] usb 4-1: Product: syz [ 316.944642][ T43] usb 4-1: Manufacturer: syz [ 316.949365][ T43] usb 4-1: SerialNumber: syz [ 316.965555][ T43] usb 4-1: config 0 descriptor?? [ 317.184224][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.285063][ T43] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 318.016344][T10224] syz_tun: entered allmulticast mode [ 318.190890][T10230] loop2: detected capacity change from 0 to 7 [ 318.216207][T10230] loop2: [ 318.221211][T10230] loop2: partition table partially beyond EOD, truncated [ 318.691227][ T43] gspca_sunplus: reg_r err -71 [ 318.698084][ T43] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 318.713198][T10244] ALSA: mixer_oss: invalid OSS volume '' [ 318.730096][T10244] ALSA: mixer_oss: invalid OSS volume 'ͪ"QfF+&)17' [ 318.812739][ T43] usb 4-1: USB disconnect, device number 7 [ 320.118421][T10271] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.1387'. [ 320.137177][T10271] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1387'. [ 320.246899][T10277] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 320.253691][T10277] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 320.266731][T10277] vhci_hcd vhci_hcd.0: Device attached [ 320.518226][T10278] vhci_hcd: connection closed [ 320.521447][ T8173] vhci_hcd: stop threads [ 320.534565][ T8173] vhci_hcd: release socket [ 320.537310][ T6001] usb 38-1: SetAddress Request (2) to port 0 [ 320.553530][ T8173] vhci_hcd: disconnect device [ 320.568792][ T6001] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 320.597257][ T6001] usb 38-1: enqueue for inactive port 0 [ 321.009757][ T6001] usb usb38-port1: attempt power cycle [ 321.267146][ T5924] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 321.441940][ T5924] usb 3-1: Using ep0 maxpacket: 32 [ 321.458642][ T5924] usb 3-1: config 0 interface 0 has no altsetting 0 [ 321.472529][ T5924] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 321.489548][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.504768][ T5924] usb 3-1: config 0 descriptor?? [ 321.587266][ T6001] usb usb38-port1: unable to enumerate USB device [ 321.730064][ T43] delete_channel: no stack [ 321.815444][ T30] audit: type=1800 audit(1752717702.725:709): pid=10317 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1404" name="/" dev="fuse" ino=1 res=0 errno=0 [ 322.068163][ T5924] usbhid 3-1:0.0: can't add hid device: -71 [ 322.116561][ T5924] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 322.132882][ T5924] usb 3-1: USB disconnect, device number 19 [ 322.140803][T10328] input: syz1 as /devices/virtual/input/input24 [ 322.667214][ T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 322.688666][T10346] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 323.042363][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 323.098350][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.129656][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 323.183719][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 323.203886][ T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 323.238706][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 323.295631][ T43] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 323.323336][ T43] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 323.345662][ T43] usb 5-1: Manufacturer: syz [ 323.370008][ T43] usb 5-1: config 0 descriptor?? [ 324.508889][ T43] rc_core: IR keymap rc-hauppauge not found [ 324.526045][ T43] Registered IR keymap rc-empty [ 324.537941][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 324.605208][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 324.708154][ T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 324.736982][ T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input25 [ 324.802818][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 324.867250][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 324.927199][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 324.963087][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.037183][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.037266][ T6001] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 325.059904][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.098651][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.157129][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.187409][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.219127][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 325.290692][ T43] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 325.417602][ T43] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 325.665482][ T43] usb 5-1: USB disconnect, device number 19 [ 326.377614][ T6001] usb 1-1: new low-speed USB device number 20 using dummy_hcd [ 326.627686][ T6001] usb 1-1: config 0 has no interfaces? [ 326.706056][ T6001] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 326.735579][ T6001] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.775586][ T6001] usb 1-1: config 0 descriptor?? [ 326.991578][ T30] audit: type=1804 audit(1752717707.905:710): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1437" name="/newroot/318/file0" dev="tmpfs" ino=1762 res=1 errno=0 [ 326.993262][T10410] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 327.085222][T10410] ref_ctr increment failed for inode: 0x6e2 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88807e6f1e00 [ 327.287760][ T6001] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 327.457088][ T6001] usb 5-1: Using ep0 maxpacket: 32 [ 327.475031][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.494396][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 327.504543][ T6001] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 327.537096][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.557900][ T6001] usb 5-1: config 0 descriptor?? [ 327.568917][ T6001] hub 5-1:0.0: USB hub found [ 327.768472][ T6001] hub 5-1:0.0: 1 port detected [ 328.428002][ T5940] hub 5-1:0.0: activate --> -90 [ 328.830761][ T43] usb 5-1: USB disconnect, device number 20 [ 328.952438][ T6001] usb 1-1: USB disconnect, device number 20 [ 328.978804][ T5910] kernel write not supported for file /snd/midiC2D0 (pid: 5910 comm: kworker/0:4) [ 329.057297][ T5940] usb 5-1-port1: config error [ 330.903782][T10475] syzkaller1: entered promiscuous mode [ 330.926357][T10475] syzkaller1: entered allmulticast mode [ 331.794627][T10486] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 332.687138][ T5923] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 333.027438][ T5923] usb 5-1: Using ep0 maxpacket: 32 [ 333.036314][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.100600][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.130308][ T5923] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 333.147344][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.168786][ T5923] usb 5-1: config 0 descriptor?? [ 334.097376][ T5923] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 334.154642][ T5923] usb 5-1: USB disconnect, device number 21 [ 334.701476][T10541] input: syz1 as /devices/virtual/input/input26 [ 335.347284][ T6001] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 335.616872][ T6001] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.638219][ T6001] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 335.651481][ T6001] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.664545][ T6001] usb 3-1: config 0 descriptor?? [ 336.090591][ T6001] keytouch 0003:0926:3333.0012: fixing up Keytouch IEC report descriptor [ 336.126103][ T6001] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0012/input/input27 [ 336.333797][ T6001] keytouch 0003:0926:3333.0012: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 336.835867][T10568] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=7 (14 ns) > initial count (10 ns). Using initial count to start timer. [ 336.886562][T10568] kvm: pic: non byte write [ 337.101680][ T5940] usb 3-1: USB disconnect, device number 20 [ 338.432747][ T30] audit: type=1804 audit(1752717719.345:711): pid=10591 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.1500" name="/newroot/114/file0" dev="tmpfs" ino=639 res=1 errno=0 [ 338.984773][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1503'. [ 339.464978][T10615] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 340.184823][ T7798] bridge_slave_1: left allmulticast mode [ 340.197073][ T7798] bridge_slave_1: left promiscuous mode [ 340.214891][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.342705][ T7798] bridge_slave_0: left allmulticast mode [ 340.352104][ T7798] bridge_slave_0: left promiscuous mode [ 340.373234][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.334509][T10649] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 341.366101][T10649] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 341.408256][T10649] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 341.464578][T10649] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 341.700563][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 341.717571][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 341.737734][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 341.757635][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 341.771016][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 341.932899][ T7798] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 341.959150][ T7798] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 342.000088][ T7798] bond0 (unregistering): Released all slaves [ 342.628765][ T7798] hsr_slave_0: left promiscuous mode [ 342.652031][ T7798] hsr_slave_1: left promiscuous mode [ 342.812808][T10679] trusted_key: syz.0.1521 sent an empty control message without MSG_MORE. [ 343.041946][T10681] kvm: requested 9219 ns i8254 timer period limited to 200000 ns [ 343.899837][ T5844] Bluetooth: hci2: command tx timeout [ 344.513249][T10689] tipc: Enabling of bearer rejected, failed to enable media [ 344.864125][ T5923] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 344.911679][T10653] chnl_net:caif_netlink_parms(): no params data found [ 345.047103][ T5923] usb 5-1: Using ep0 maxpacket: 16 [ 345.061259][ T5923] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 345.079288][ T5923] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 345.097537][ T5923] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 345.114084][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.123307][ T5923] usb 5-1: Product: syz [ 345.127905][ T5923] usb 5-1: Manufacturer: syz [ 345.132782][ T5923] usb 5-1: SerialNumber: syz [ 345.141952][ T5923] usb 5-1: config 0 descriptor?? [ 345.171079][ T5923] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 345.193996][ T5923] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 345.256026][T10724] binder: 10723:10724 unknown command 0 [ 345.262898][T10724] binder: 10723:10724 ioctl c0306201 200000000080 returned -22 [ 345.303555][T10653] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.331632][T10653] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.342187][T10653] bridge_slave_0: entered allmulticast mode [ 345.354663][T10653] bridge_slave_0: entered promiscuous mode [ 345.367171][T10653] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.390039][T10653] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.403548][T10653] bridge_slave_1: entered allmulticast mode [ 345.435114][T10653] bridge_slave_1: entered promiscuous mode [ 345.707038][T10736] binder: 10735:10736 unknown command 0 [ 345.713632][T10736] binder: 10735:10736 ioctl c0306201 200000000080 returned -22 [ 345.760312][T10653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.791575][ T5923] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 345.800314][ T5923] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 345.813740][T10653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.947537][T10653] team0: Port device team_slave_0 added [ 345.963636][T10653] team0: Port device team_slave_1 added [ 345.988109][ T5844] Bluetooth: hci2: command tx timeout [ 346.026447][T10653] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 346.033861][T10653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.075377][T10653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 346.096886][T10653] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 346.104572][T10653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.160843][T10653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 346.415007][T10653] hsr_slave_0: entered promiscuous mode [ 346.424858][T10653] hsr_slave_1: entered promiscuous mode [ 346.437605][ T5923] em28xx 5-1:0.0: AC97 command still being executed: not handled properly! [ 346.453336][ T5923] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 346.615793][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 346.625142][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 346.632476][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 346.655454][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 346.671583][ T5923] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 346.754002][ T5923] usb 5-1: USB disconnect, device number 22 [ 347.158285][T10653] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 347.215628][T10653] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 347.290414][T10653] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 347.300587][T10759] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1546'. [ 347.351182][T10653] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 347.656611][T10653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.746225][T10653] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.774824][ T7803] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.782062][ T7803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.762127][ T7803] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.769338][ T7803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.787260][ T5844] Bluetooth: hci2: command tx timeout [ 348.851066][T10787] bridge: RTM_NEWNEIGH with invalid ether address [ 349.307573][T10653] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 349.318614][T10653] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 350.137151][ T6001] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 350.262160][T10653] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.319316][ T6001] usb 1-1: Using ep0 maxpacket: 16 [ 350.331133][ T6001] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 350.357587][ T6001] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 350.369709][ T5923] IPVS: starting estimator thread 0... [ 350.388339][ T6001] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 350.402317][ T6001] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.427316][ T6001] usb 1-1: Product: syz [ 350.431635][ T6001] usb 1-1: Manufacturer: syz [ 350.436275][ T6001] usb 1-1: SerialNumber: syz [ 350.445572][ T6001] usb 1-1: config 0 descriptor?? [ 350.455860][ T6001] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 350.467422][ T6001] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 350.487527][T10819] IPVS: using max 26 ests per chain, 62400 per kthread [ 350.850743][T10653] veth0_vlan: entered promiscuous mode [ 350.859312][ T5851] Bluetooth: hci2: command tx timeout [ 350.921911][T10653] veth1_vlan: entered promiscuous mode [ 350.989279][T10653] veth0_macvtap: entered promiscuous mode [ 351.012948][T10653] veth1_macvtap: entered promiscuous mode [ 351.063290][T10653] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.075787][T10653] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.081652][ T6001] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 351.087780][T10653] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.102596][ T6001] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 351.124647][T10653] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.138877][T10653] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.148148][T10653] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.289238][ T7791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.304930][ T7791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.345986][ T7798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.357142][ T7798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.898567][ T5851] Bluetooth: hci3: command 0x1003 tx timeout [ 351.907518][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 352.365582][ T6001] em28xx 1-1:0.0: Unknown AC97 audio processor detected! [ 352.547239][ T6001] em28xx 1-1:0.0: couldn't setup AC97 register 2 [ 352.569110][ T6001] em28xx 1-1:0.0: couldn't setup AC97 register 4 [ 352.638066][ T6001] em28xx 1-1:0.0: couldn't setup AC97 register 6 [ 352.697443][ T6001] em28xx 1-1:0.0: couldn't setup AC97 register 54 [ 352.724733][ T6001] em28xx 1-1:0.0: couldn't setup AC97 register 56 [ 352.740851][ T6001] usb 1-1: USB disconnect, device number 21 [ 353.021104][T10856] binder: 10855:10856 unknown command 0 [ 353.057351][T10856] binder: 10855:10856 ioctl c0306201 200000000080 returned -22 [ 353.983967][T10873] bridge_slave_0: left allmulticast mode [ 354.028220][T10873] bridge_slave_0: left promiscuous mode [ 354.088068][T10873] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.186149][T10873] bridge_slave_1: left allmulticast mode [ 354.222283][T10873] bridge_slave_1: left promiscuous mode [ 354.233917][T10873] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.417257][ T6001] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 354.487922][T10873] bond0: (slave bond_slave_0): Releasing backup interface [ 354.607786][ T6001] usb 8-1: Using ep0 maxpacket: 16 [ 354.622290][T10873] bond0: (slave bond_slave_1): Releasing backup interface [ 354.650736][ T6001] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.697931][ T6001] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 354.749741][T10873] team0: Port device team_slave_0 removed [ 354.755594][ T6001] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.796519][T10873] team0: Port device team_slave_1 removed [ 354.807588][ T6001] usb 8-1: config 0 descriptor?? [ 354.826385][T10873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.865920][T10873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.899644][T10873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.925289][T10873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.233748][ T6001] usbhid 8-1:0.0: can't add hid device: -71 [ 355.240352][ T6001] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 355.269029][ T6001] usb 8-1: USB disconnect, device number 2 [ 355.329682][T10891] Driver unsupported XDP return value 0 on prog (id 291) dev N/A, expect packet loss! [ 357.249583][T10921] overlayfs: upper fs does not support tmpfile. [ 357.647877][ T6001] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 357.807178][ T6001] usb 8-1: Using ep0 maxpacket: 8 [ 357.825201][ T6001] usb 8-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 357.868911][ T6001] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.898444][ T6001] usb 8-1: Product: syz [ 357.902880][ T6001] usb 8-1: Manufacturer: syz [ 357.921185][ T6001] usb 8-1: SerialNumber: syz [ 357.948367][ T6001] usb 8-1: config 0 descriptor?? [ 357.970408][ T6001] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 358.940718][T10953] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1609'. [ 358.968039][T10953] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1609'. [ 359.249184][T10960] binder: BINDER_SET_CONTEXT_MGR already set [ 359.255288][T10960] binder: 10958:10960 ioctl 4018620d 200000000040 returned -16 [ 359.485735][T10967] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1615'. [ 359.486416][T10966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1616'. [ 360.237629][ T5910] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 360.457313][ T6001] gspca_sonixj: reg_w1 err -71 [ 360.469827][ T6001] sonixj 8-1:0.0: probe with driver sonixj failed with error -71 [ 360.506032][ T6001] usb 8-1: USB disconnect, device number 3 [ 360.530809][ T5910] usb 3-1: config 0 has an invalid interface number: 161 but max is 0 [ 360.552433][ T5910] usb 3-1: config 0 has no interface number 0 [ 360.569247][ T5910] usb 3-1: New USB device found, idVendor=067b, idProduct=331a, bcdDevice=4a.31 [ 360.660100][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.714332][ T5910] usb 3-1: Product: syz [ 360.744677][ T5910] usb 3-1: Manufacturer: syz [ 360.775630][ T5910] usb 3-1: SerialNumber: syz [ 360.823290][ T5910] usb 3-1: config 0 descriptor?? [ 361.225908][ T5910] pl2303 3-1:0.161: required endpoints missing [ 361.253332][ T5910] usb 3-1: USB disconnect, device number 21 [ 363.918873][T11017] netdevsim netdevsim7 netdevsim0: entered promiscuous mode [ 364.066058][T11019] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 365.545840][T11035] syz_tun: entered allmulticast mode [ 365.615280][T11035] syz_tun: left allmulticast mode [ 366.485103][T11050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 366.669865][T11056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 366.812168][T11055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.410571][T11090] tipc: Started in network mode [ 369.425175][T11090] tipc: Node identity 4af4eb8e23aa, cluster identity 4711 [ 369.433947][T11090] tipc: Enabled bearer , priority 0 [ 369.569119][T11090] syzkaller0: entered promiscuous mode [ 369.574880][T11090] syzkaller0: entered allmulticast mode [ 369.581007][T11095] kvm: pic: non byte read [ 369.585830][T11095] kvm: pic: level sensitive irq not supported [ 369.585943][T11095] kvm: pic: non byte read [ 369.589469][T11090] tipc: Resetting bearer [ 369.605967][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1659'. [ 369.628173][T11095] kvm: pic: level sensitive irq not supported [ 369.628240][T11095] kvm: pic: non byte read [ 369.641693][T11095] kvm: pic: level sensitive irq not supported [ 369.641758][T11095] kvm: pic: non byte read [ 369.688547][T11089] tipc: Resetting bearer [ 370.528118][ T9] tipc: Node number set to 1767828366 [ 371.565335][T11131] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1671'. [ 371.587212][T11131] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1671'. [ 371.596387][T11131] netlink: 584 bytes leftover after parsing attributes in process `syz.4.1671'. [ 371.857127][ T5910] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 372.018775][ T5910] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 372.029445][ T5910] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 372.044256][ T5910] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 372.103163][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 372.113776][ T5910] usb 5-1: SerialNumber: syz [ 372.335087][ T5910] usb 5-1: 0:2 : does not exist [ 372.354101][ T5910] usb 5-1: unit 255 not found! [ 372.374455][ T5910] usb 5-1: 5:0: cannot get min/max values for control 1 (id 5) [ 372.436082][ T5910] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 372.475057][ T5910] usb 5-1: USB disconnect, device number 23 [ 372.584482][ T30] audit: type=1800 audit(1752717753.495:712): pid=11145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1675" name="file1" dev="overlay" ino=1872 res=0 errno=0 [ 372.767103][T11089] tipc: Disabling bearer [ 373.430514][T11152] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1677'. [ 373.676741][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1683'. [ 374.423209][T11185] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1692'. [ 374.431439][ T30] audit: type=1800 audit(1752717755.345:713): pid=11180 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1691" name="bus" dev="overlay" ino=1830 res=0 errno=0 [ 376.401662][T11208] : entered promiscuous mode [ 377.879332][T11241] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1708'. [ 377.938603][T11241] netlink: 'syz.0.1708': attribute type 6 has an invalid length. [ 377.946680][T11241] netlink: 'syz.0.1708': attribute type 5 has an invalid length. [ 377.973478][T11241] netlink: 'syz.0.1708': attribute type 4 has an invalid length. [ 378.622281][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.681656][T11255] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1712'. [ 380.531527][T11289] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 381.495442][T11308] netlink: 'syz.0.1730': attribute type 1 has an invalid length. [ 381.566477][T11308] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.1730'. [ 388.241160][ T6001] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 388.556987][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.597079][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.655318][ T6001] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 388.723032][ T6001] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.750267][ T6001] usb 7-1: config 0 descriptor?? [ 389.400701][ T6001] usb 7-1: string descriptor 0 read error: -22 [ 390.071797][ T5910] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 391.065026][ T6001] uclogic 0003:256C:006D.0013: failed retrieving string descriptor #100: -71 [ 391.121579][ T6001] uclogic 0003:256C:006D.0013: failed retrieving pen parameters: -71 [ 391.143528][ T6001] uclogic 0003:256C:006D.0013: failed probing pen v1 parameters: -71 [ 391.171793][ T6001] uclogic 0003:256C:006D.0013: failed probing parameters: -71 [ 391.181698][ T6001] uclogic 0003:256C:006D.0013: probe with driver uclogic failed with error -71 [ 391.195033][ T6001] usb 7-1: USB disconnect, device number 9 [ 391.220029][ T5910] usb 3-1: Using ep0 maxpacket: 16 [ 391.246535][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 391.271889][ T5910] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 391.298359][T11429] blktrace: Concurrent blktraces are not allowed on loop8 [ 391.309573][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.319973][ T5910] usb 3-1: Product: syz [ 391.328734][ T5910] usb 3-1: Manufacturer: syz [ 391.337213][ T5910] usb 3-1: SerialNumber: syz [ 391.363185][ T5910] usb 3-1: config 0 descriptor?? [ 391.396287][ T5910] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 391.455010][ T5910] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 392.483884][ T5910] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 393.035450][ T5910] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 393.093831][ T5910] em28xx 3-1:0.0: board has no eeprom [ 393.175899][ T5910] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 393.198765][ T5910] em28xx 3-1:0.0: dvb set to bulk mode. [ 393.204545][ T6001] em28xx 3-1:0.0: Binding DVB extension [ 393.268799][ T5910] usb 3-1: USB disconnect, device number 22 [ 393.376889][ T5910] em28xx 3-1:0.0: Disconnecting em28xx [ 393.485551][ T6001] em28xx 3-1:0.0: Registering input extension [ 393.523545][ T5910] em28xx 3-1:0.0: Closing input extension [ 393.571293][ T5910] em28xx 3-1:0.0: Freeing device [ 393.900211][T11471] netlink: 'syz.0.1786': attribute type 27 has an invalid length. [ 394.057443][ T5923] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 394.137446][ T5910] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 394.220524][T11474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.227422][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 394.243783][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.268273][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.291875][T11474] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.312013][ T5923] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 394.345368][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.372102][ T5910] usb 7-1: Using ep0 maxpacket: 8 [ 394.377482][T11474] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 394.388327][ T5923] usb 3-1: config 0 descriptor?? [ 394.415094][ T5923] hub 3-1:0.0: USB hub found [ 394.420819][ T5910] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 394.420848][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.451189][ T5910] usb 7-1: config 0 descriptor?? [ 394.640540][ T5923] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 394.670350][ T5923] usbhid 3-1:0.0: can't add hid device: -71 [ 394.676463][ T5923] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 394.728271][ T5923] usb 3-1: USB disconnect, device number 23 [ 396.405069][ T5910] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 396.420487][ T5910] asix 7-1:0.0: probe with driver asix failed with error -71 [ 396.433078][ T5910] usb 7-1: USB disconnect, device number 10 [ 396.657129][ T5923] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 397.018256][ T5923] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 397.050535][ T5923] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 397.077022][ T5923] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 397.086810][ T5923] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 397.447222][ T5923] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 397.456325][ T5923] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.522647][ T5923] usb 8-1: config 0 descriptor?? [ 398.176344][ T5923] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 399.058650][T11556] binder: 11555:11556 unknown command 0 [ 399.084488][T11556] binder: 11555:11556 ioctl c0306201 200000000080 returned -22 [ 399.975330][ T5923] usb 8-1: USB disconnect, device number 4 [ 400.709420][ T5940] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 400.730130][T11588] sctp: [Deprecated]: syz.7.1830 (pid 11588) Use of int in maxseg socket option. [ 400.730130][T11588] Use struct sctp_assoc_value instead [ 400.867248][ T5940] usb 3-1: Using ep0 maxpacket: 16 [ 400.879487][ T5940] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.894045][ T5940] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 400.908589][ T5940] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 400.918213][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.926335][ T5940] usb 3-1: Product: syz [ 400.930939][ T5940] usb 3-1: Manufacturer: syz [ 400.935560][ T5940] usb 3-1: SerialNumber: syz [ 401.201327][ T5940] usb 3-1: 0:2 : does not exist [ 401.218234][ T5940] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 401.272674][ T5940] usb 3-1: USB disconnect, device number 24 [ 401.783772][ T36] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.916826][ T36] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.009030][ T36] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.268624][ T36] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.376787][T11608] veth1_to_bond: entered allmulticast mode [ 402.503667][T11608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1840'. [ 402.909964][T11608] bond0: (slave bond_slave_1): Releasing backup interface [ 403.477858][T11619] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1843'. [ 403.488077][T11619] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 404.126731][ T36] bridge_slave_1: left allmulticast mode [ 404.147369][ T36] bridge_slave_1: left promiscuous mode [ 404.154964][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.248826][ T36] bridge_slave_0: left allmulticast mode [ 404.286712][ T36] bridge_slave_0: left promiscuous mode [ 404.307777][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.501493][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 404.517701][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 404.525945][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 404.538691][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 404.548875][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 405.325815][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.346126][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 406.087048][ T36] bond0 (unregistering): Released all slaves [ 406.397027][ T36] tipc: Left network mode [ 406.541468][T11655] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 406.599564][T11655] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 406.611429][T11655] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 406.623830][T11655] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 406.632132][ T5851] Bluetooth: hci2: command tx timeout [ 406.727625][T11655] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 406.846275][T11655] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 406.866899][T11655] kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 406.947431][T11655] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 406.955462][T11655] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 407.148696][T11655] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 407.583882][ T36] hsr_slave_0: left promiscuous mode [ 407.594410][ T36] hsr_slave_1: left promiscuous mode [ 407.625081][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.672835][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.721564][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.784289][T11672] kvm: pic: non byte write [ 407.794896][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.894283][ T36] veth1_macvtap: left promiscuous mode [ 407.901411][ T36] veth0_macvtap: left promiscuous mode [ 407.909247][ T36] veth1_vlan: left promiscuous mode [ 407.914878][ T36] veth0_vlan: left promiscuous mode [ 408.222518][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1861'. [ 408.726078][ T5851] Bluetooth: hci2: command tx timeout [ 410.329808][ T36] team0 (unregistering): Port device team_slave_1 removed [ 410.382307][ T36] team0 (unregistering): Port device team_slave_0 removed [ 410.412594][T11656] IPVS: starting estimator thread 0... [ 410.515667][T11711] IPVS: using max 41 ests per chain, 98400 per kthread [ 410.784445][ T5851] Bluetooth: hci2: command tx timeout [ 411.426042][T11636] chnl_net:caif_netlink_parms(): no params data found [ 412.185531][T11636] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.207260][T11636] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.214566][T11636] bridge_slave_0: entered allmulticast mode [ 412.241187][T11636] bridge_slave_0: entered promiscuous mode [ 412.268207][T11636] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.277211][T11636] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.285592][T11636] bridge_slave_1: entered allmulticast mode [ 412.294682][T11636] bridge_slave_1: entered promiscuous mode [ 412.414671][T11636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.489741][T11636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.609856][T11636] team0: Port device team_slave_0 added [ 412.628625][T11636] team0: Port device team_slave_1 added [ 412.695270][T11733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1874'. [ 412.860895][ T5851] Bluetooth: hci2: command tx timeout [ 412.868557][T11733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1874'. [ 413.035776][T11636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.057363][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.134923][T11636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.166864][T11636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.206153][T11636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.333379][T11636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.539855][T11636] hsr_slave_0: entered promiscuous mode [ 413.549586][T11636] hsr_slave_1: entered promiscuous mode [ 414.258029][T11636] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 414.291530][T11636] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 414.311101][T11636] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 414.325977][T11636] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 414.473215][T11783] overlayfs: failed to clone upperpath [ 415.284972][T11636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.495810][T11636] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.544456][ T7798] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.551641][ T7798] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.634595][ T7798] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.641872][ T7798] bridge0: port 2(bridge_slave_1) entered forwarding state [ 416.546105][ T51] Bluetooth: hci6: command 0x0406 tx timeout [ 416.597372][T11636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 416.713629][T11804] ------------[ cut here ]------------ [ 416.719374][T11804] Please remove unsupported % in format string [ 416.727423][T11804] WARNING: CPU: 0 PID: 11804 at lib/vsprintf.c:2724 format_decode+0x965/0xe30 [ 416.736350][T11804] Modules linked in: [ 416.741244][T11804] CPU: 0 UID: 0 PID: 11804 Comm: syz.2.1895 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 416.754035][T11804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 416.764327][T11804] RIP: 0010:format_decode+0x965/0xe30 [ 416.770007][T11804] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 b4 04 00 00 41 0f b6 34 24 48 c7 c7 c0 0d b9 8c e8 cc a5 1f f6 90 <0f> 0b 90 90 e9 6b fc ff ff e8 ad c2 5b f6 48 89 dd e9 55 fa ff ff [ 416.789972][T11804] RSP: 0018:ffffc9000e85f8f0 EFLAGS: 00010246 [ 416.796099][T11804] RAX: e747e5387f957f00 RBX: 0000000000000000 RCX: 0000000000080000 [ 416.804505][T11804] RDX: ffffc9000bd6a000 RSI: 000000000007be03 RDI: 000000000007be04 [ 416.812639][T11804] RBP: ffffc9000e85faeb R08: 0000000000000003 R09: 0000000000000004 [ 416.820686][T11804] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: ffffc9000e85faec [ 416.828738][T11804] R13: ffffffff8cb908c0 R14: 0000000000000406 R15: 0000000000000200 [ 416.836803][T11804] FS: 00007f64d42986c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000 [ 416.846384][T11804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 416.853423][T11804] CR2: 000055558b089808 CR3: 000000006ba04000 CR4: 00000000003526f0 [ 416.861911][T11804] DR0: 000000000000004b DR1: 0000000000000000 DR2: 0000000000000000 [ 416.869970][T11804] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 416.878240][T11804] Call Trace: [ 416.881563][T11804] [ 416.884545][T11804] bstr_printf+0xd0/0xb70 [ 416.888987][T11804] bpf_trace_printk+0x10e/0x190 [ 416.894531][T11804] ? lockdep_hardirqs_on+0x9c/0x150 [ 416.899922][T11804] ? __pfx_bpf_trace_printk+0x10/0x10 [ 416.905332][T11804] ? migrate_enable+0x29c/0x3c0 [ 416.911301][T11804] ? __pfx_read_tsc+0x10/0x10 [ 416.916073][T11804] ? ktime_get_mono_fast_ns+0x122/0x2d0 [ 416.921717][T11804] ? read_tsc+0x9/0x20 [ 416.925830][T11804] ? prandom_u32_state+0x1c/0x170 [ 416.930936][T11804] bpf_prog_a343b6dd85f2a454+0x41/0x4c [ 416.936425][T11804] bpf_flow_dissect+0x132/0x400 [ 416.941516][T11804] bpf_prog_test_run_flow_dissector+0x37c/0x5c0 [ 416.948217][T11804] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 416.955012][T11804] ? __fget_files+0x2a/0x420 [ 416.960214][T11804] ? __fget_files+0x2a/0x420 [ 416.964855][T11804] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 416.972062][T11804] bpf_prog_test_run+0x2c7/0x340 [ 416.977212][T11804] __sys_bpf+0x4a4/0x860 [ 416.981516][T11804] ? __pfx___sys_bpf+0x10/0x10 [ 416.986354][T11804] ? rcu_is_watching+0x15/0xb0 [ 416.991210][T11804] __x64_sys_bpf+0x7c/0x90 [ 416.995673][T11804] do_syscall_64+0xfa/0x3b0 [ 417.000292][T11804] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.005540][T11804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.011725][T11804] ? clear_bhb_loop+0x60/0xb0 [ 417.016466][T11804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.022608][T11804] RIP: 0033:0x7f64d338e929 [ 417.027098][T11804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.047813][T11804] RSP: 002b:00007f64d4298038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 417.056849][T11804] RAX: ffffffffffffffda RBX: 00007f64d35b5fa0 RCX: 00007f64d338e929 [ 417.065250][T11804] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 417.073444][T11804] RBP: 00007f64d3410ca1 R08: 0000000000000000 R09: 0000000000000000 [ 417.081482][T11804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.089592][T11804] R13: 0000000000000000 R14: 00007f64d35b5fa0 R15: 00007ffd3e965198 [ 417.097785][T11804] [ 417.100831][T11804] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 417.108132][T11804] CPU: 0 UID: 0 PID: 11804 Comm: syz.2.1895 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 417.120218][T11804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 417.130295][T11804] Call Trace: [ 417.133603][T11804] [ 417.136608][T11804] dump_stack_lvl+0x99/0x250 [ 417.141250][T11804] ? __asan_memcpy+0x40/0x70 [ 417.145889][T11804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 417.151136][T11804] ? __pfx__printk+0x10/0x10 [ 417.155781][T11804] panic+0x2db/0x790 [ 417.159725][T11804] ? __pfx_panic+0x10/0x10 [ 417.164172][T11804] __warn+0x31b/0x4b0 [ 417.168169][T11804] ? format_decode+0x965/0xe30 [ 417.172954][T11804] ? format_decode+0x965/0xe30 [ 417.177734][T11804] report_bug+0x2be/0x4f0 [ 417.182092][T11804] ? format_decode+0x965/0xe30 [ 417.186881][T11804] ? format_decode+0x965/0xe30 [ 417.191668][T11804] ? format_decode+0x967/0xe30 [ 417.196475][T11804] handle_bug+0x84/0x160 [ 417.200764][T11804] exc_invalid_op+0x1a/0x50 [ 417.205308][T11804] asm_exc_invalid_op+0x1a/0x20 [ 417.210184][T11804] RIP: 0010:format_decode+0x965/0xe30 [ 417.215588][T11804] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 b4 04 00 00 41 0f b6 34 24 48 c7 c7 c0 0d b9 8c e8 cc a5 1f f6 90 <0f> 0b 90 90 e9 6b fc ff ff e8 ad c2 5b f6 48 89 dd e9 55 fa ff ff [ 417.235308][T11804] RSP: 0018:ffffc9000e85f8f0 EFLAGS: 00010246 [ 417.241404][T11804] RAX: e747e5387f957f00 RBX: 0000000000000000 RCX: 0000000000080000 [ 417.249417][T11804] RDX: ffffc9000bd6a000 RSI: 000000000007be03 RDI: 000000000007be04 [ 417.257513][T11804] RBP: ffffc9000e85faeb R08: 0000000000000003 R09: 0000000000000004 [ 417.265521][T11804] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: ffffc9000e85faec [ 417.273522][T11804] R13: ffffffff8cb908c0 R14: 0000000000000406 R15: 0000000000000200 [ 417.281628][T11804] bstr_printf+0xd0/0xb70 [ 417.286084][T11804] bpf_trace_printk+0x10e/0x190 [ 417.290948][T11804] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.296167][T11804] ? __pfx_bpf_trace_printk+0x10/0x10 [ 417.301571][T11804] ? migrate_enable+0x29c/0x3c0 [ 417.306440][T11804] ? __pfx_read_tsc+0x10/0x10 [ 417.311141][T11804] ? ktime_get_mono_fast_ns+0x122/0x2d0 [ 417.316707][T11804] ? read_tsc+0x9/0x20 [ 417.320794][T11804] ? prandom_u32_state+0x1c/0x170 [ 417.325839][T11804] bpf_prog_a343b6dd85f2a454+0x41/0x4c [ 417.331316][T11804] bpf_flow_dissect+0x132/0x400 [ 417.336204][T11804] bpf_prog_test_run_flow_dissector+0x37c/0x5c0 [ 417.342476][T11804] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 417.349279][T11804] ? __fget_files+0x2a/0x420 [ 417.353878][T11804] ? __fget_files+0x2a/0x420 [ 417.358479][T11804] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 417.365266][T11804] bpf_prog_test_run+0x2c7/0x340 [ 417.370232][T11804] __sys_bpf+0x4a4/0x860 [ 417.374496][T11804] ? __pfx___sys_bpf+0x10/0x10 [ 417.379288][T11804] ? rcu_is_watching+0x15/0xb0 [ 417.384075][T11804] __x64_sys_bpf+0x7c/0x90 [ 417.388592][T11804] do_syscall_64+0xfa/0x3b0 [ 417.393121][T11804] ? lockdep_hardirqs_on+0x9c/0x150 [ 417.398442][T11804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.404535][T11804] ? clear_bhb_loop+0x60/0xb0 [ 417.409237][T11804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.415152][T11804] RIP: 0033:0x7f64d338e929 [ 417.419582][T11804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.439201][T11804] RSP: 002b:00007f64d4298038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 417.447635][T11804] RAX: ffffffffffffffda RBX: 00007f64d35b5fa0 RCX: 00007f64d338e929 [ 417.455622][T11804] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 417.463606][T11804] RBP: 00007f64d3410ca1 R08: 0000000000000000 R09: 0000000000000000 [ 417.471588][T11804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.479567][T11804] R13: 0000000000000000 R14: 00007f64d35b5fa0 R15: 00007ffd3e965198 [ 417.487666][T11804] [ 417.491054][T11804] Kernel Offset: disabled [ 417.495381][T11804] Rebooting in 86400 seconds..